Skip to content

Allow kibana_system user to manage .reindexed-v8-internal.alerts indices#118959

Merged
ymao1 merged 6 commits intoelastic:mainfrom
ymao1:reindexed-alerts
Jan 2, 2025
Merged

Allow kibana_system user to manage .reindexed-v8-internal.alerts indices#118959
ymao1 merged 6 commits intoelastic:mainfrom
ymao1:reindexed-alerts

Conversation

@ymao1
Copy link
Contributor

@ymao1 ymao1 commented Dec 18, 2024
edited
Loading

Existing built-in roles can manage .internal.alerts* and .internal.preview.alerts* indices. If created in 7.x, these indices will be reindexed for the 9.0 upgrade and receive the .reindexed-v8 prefix so adding those patterns to the same roles.
@ymao1 ymao1 self-assigned this Dec 18, 2024
@ymao1 ymao1 added >enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC auto-backport Automatically create backport pull requests when merged v8.18.0 labels Dec 18, 2024
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Dec 18, 2024

Hi @ymao1, I've created a changelog YAML for you.
@ymao1 ymao1 changed the title Adding reindexed alerts as data backing index prefixes Dec 18, 2024
ymao1
ymao1 commented Dec 18, 2024
View reviewed changes
@ymao1 ymao1 marked this pull request as ready for review December 18, 2024 17:45
@ymao1 ymao1 requested review from a team as code owners December 18, 2024 17:45
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Dec 18, 2024
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Dec 18, 2024

Pinging @elastic/es-security (Team:Security)
@jakelandis
Copy link
Contributor

jakelandis commented Dec 18, 2024

If created in 7.x, these indices will be reindexed for the 9.0 upgrade

Shouldn't the result of the re-indexing via the Kibana upgrade assistant introduce an alias with the old name, which should allow continued access by the old name (without needing to add a new privilege) ?
@ymao1
Copy link
Contributor Author

ymao1 commented Dec 18, 2024

If created in 7.x, these indices will be reindexed for the 9.0 upgrade

Shouldn't the result of the re-indexing via the Kibana upgrade assistant introduce an alias with the old name, which should allow continued access by the old name (without needing to add a new privilege) ?

Yes, for the most part this works. There is a specific portion of our code that uses the alias to retrieve all the concrete backing indices and directly updates the mappings on these backing indices and this is the issue we're trying to address.
jakelandis
jakelandis approved these changes Dec 18, 2024
View reviewed changes
Copy link
Contributor

@jakelandis jakelandis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
@jakelandis jakelandis mentioned this pull request Dec 19, 2024
Merged
@ymao1 ymao1 merged commit dd02f74 into elastic:main Jan 2, 2025
@ymao1 ymao1 deleted the reindexed-alerts branch January 2, 2025 14:25
@ymao1 ymao1 mentioned this pull request Jan 2, 2025
Merged
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Jan 2, 2025

💚 Backport successful

Status Branch Result
8.x
ymao1 added a commit to ymao1/elasticsearch that referenced this pull request Jan 2, 2025
@ymao1 @ersin-erdal
Allow kibana_system user to manage .reindexed-v8-internal.alerts
f278373 
…indices (elastic#118959)

* Adding reindexed alerts as data backing index prefixes

* Update docs/changelog/118959.yaml

* Update docs/changelog/118959.yaml

---------

Co-authored-by: Ersin Erdal <92688503+ersin-erdal@users.noreply.github.com>
elasticsearchmachine pushed a commit that referenced this pull request Jan 2, 2025
@ymao1 @ersin-erdal
Allow kibana_system user to manage .reindexed-v8-internal.alerts
4dd1b87 
…indices (#118959) (#119461)

* Adding reindexed alerts as data backing index prefixes

* Update docs/changelog/118959.yaml

* Update docs/changelog/118959.yaml

---------

Co-authored-by: Ersin Erdal <92688503+ersin-erdal@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

auto-backport Automatically create backport pull requests when merged >enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.18.0 v9.0.0

5 participants

@ymao1 @elasticsearchmachine @jakelandis @azasypkin @ersin-erdal