Skip to content

[Security Solution] allows kibana_system user to manage .reindexed-v8-* Security Solution indices #119054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 3, 2025
Merged

[Security Solution] allows kibana_system user to manage .reindexed-v8-* Security Solution indices #119054

merged 5 commits into from
Jan 3, 2025

Conversation

vitaliidm
Copy link
Contributor

@vitaliidm vitaliidm commented Dec 19, 2024
edited
Loading

@vitaliidm vitaliidm requested review from a team as code owners December 19, 2024 10:36
@vitaliidm vitaliidm self-assigned this Dec 19, 2024
@vitaliidm vitaliidm added >enhancement auto-backport Automatically create backport pull requests when merged v9.0.0 v8.18.0 labels Dec 19, 2024
@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label external-contributor Pull request authored by a developer outside the Elasticsearch team labels Dec 19, 2024
@vitaliidm vitaliidm added the Team:Security Meta label for security team label Dec 19, 2024
@elasticsearchmachine elasticsearchmachine removed the Team:Security Meta label for security team label Dec 19, 2024
@vitaliidm vitaliidm added the :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC label Dec 19, 2024
@elasticsearchmachine elasticsearchmachine added Team:Security Meta label for security team and removed needs:triage Requires assignment of a team area label labels Dec 19, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine
Copy link
Collaborator

Hi @vitaliidm, I've created a changelog YAML for you.

jakelandis
jakelandis approved these changes Dec 19, 2024
View reviewed changes
Copy link
Contributor

@jakelandis jakelandis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same question here as: #118959 (comment)

Shouldn't the result of the re-indexing via the Kibana upgrade assistant introduce an alias with the old name, which should allow continued access by the old name (without needing to add a new privilege) ?

Assuming the same answer, then LGTM

@azasypkin
Copy link
Member

@vitaliidm can you please answer Jake's question in #119054 (review)?

@vitaliidm
Copy link
Contributor Author

@azasypkin

Answer basically is the same as to #118959 (comment)
We have internal logic that interacts with underlying indices on behalf of kibana_system user and this prefix prevents it.

Two examples:

  1. https://github.com/elastic/security-team/issues/11414#issuecomment-2551641279 when we move list indices to data streams
  2. https://github.com/elastic/security-team/issues/11440#issuecomment-2553772936 when we create .alerts-security* index and old siem index exists

@vitaliidm vitaliidm enabled auto-merge (squash) January 3, 2025 13:27
@vitaliidm vitaliidm merged commit 0ab59bb into elastic:main Jan 3, 2025
21 checks passed
@vitaliidm vitaliidm mentioned this pull request Jan 3, 2025
Merged
@elasticsearchmachine
Copy link
Collaborator

💚 Backport successful

Status Branch Result
8.x

vitaliidm added a commit to vitaliidm/elasticsearch that referenced this pull request Jan 3, 2025
@vitaliidm
[Security Solution] allows kibana_system user to manage .reindexed-v8…
695eb54 
…-* Security Solution indices (elastic#119054)

* [Security Solution] allows kibana_system user to manage reindexed Security Solution indices

* fix code

* Update docs/changelog/119054.yaml
elasticsearchmachine pushed a commit that referenced this pull request Jan 3, 2025
@vitaliidm
[Security Solution] allows kibana_system user to manage .reindexed-v8…
46ec08f 
…-* Security Solution indices (#119054) (#119511)

* [Security Solution] allows kibana_system user to manage reindexed Security Solution indices

* fix code

* Update docs/changelog/119054.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakelandis jakelandis jakelandis approved these changes

@azasypkin azasypkin azasypkin approved these changes

Assignees

@vitaliidm vitaliidm

Labels
auto-backport Automatically create backport pull requests when merged >enhancement external-contributor Pull request authored by a developer outside the Elasticsearch team :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.18.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vitaliidm @elasticsearchmachine @azasypkin @jakelandis