Home Explore Help
Register Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Allow read_slm to call GET /_slm/status (#108333)

Add the ability to access the SLM status api to 
the read_slm privilege.
Parker Timmins 1 year ago
parent
6ecb295ff1
commit
ff201646f0
3 changed files with 17 additions and 2 deletions
Split View Show Diff Stats
  1. 5 0
      docs/changelog/108333.yaml
  2. 6 1
      x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java
  3. 6 1
      x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java

+ 5 - 0
docs/changelog/108333.yaml
View File 

@@ -0,0 +1,5 @@
 
+pr: 108333
 
+summary: Allow `read_slm` to call GET /_slm/status
 
+area: ILM+SLM
 
+type: bug
 
+issues: []

+ 6 - 1
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java
View File 

@@ -53,6 +53,7 @@ import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesAction;
 
 import org.elasticsearch.xpack.core.security.action.user.ProfileHasPrivilegesAction;
 
 import org.elasticsearch.xpack.core.security.authc.Authentication;
 
 import org.elasticsearch.xpack.core.security.support.Automatons;
 
+import org.elasticsearch.xpack.core.slm.action.GetSLMStatusAction;
 
 import org.elasticsearch.xpack.core.slm.action.GetSnapshotLifecycleAction;
 
 
 import java.util.Collection;
 
@@ -165,7 +166,11 @@ public class ClusterPrivilegeResolver {
 
         ILMActions.STOP.name(),
 
         GetStatusAction.NAME
 
     );
 
-    private static final Set<String> READ_SLM_PATTERN = Set.of(GetSnapshotLifecycleAction.NAME, GetStatusAction.NAME);
 
+    private static final Set<String> READ_SLM_PATTERN = Set.of(
 
+        GetSLMStatusAction.NAME,
 
+        GetSnapshotLifecycleAction.NAME,
 
+        GetStatusAction.NAME
 
+    );
 
 
     private static final Set<String> MANAGE_SEARCH_APPLICATION_PATTERN = Set.of("cluster:admin/xpack/application/search_application/*");
 
     private static final Set<String> MANAGE_SEARCH_QUERY_RULES_PATTERN = Set.of("cluster:admin/xpack/query_rules/*");

+ 6 - 1
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/privilege/PrivilegeTests.java
View File 

@@ -460,7 +460,12 @@ public class PrivilegeTests extends ESTestCase {
 
         }
 
 
         {
 
-            verifyClusterActionAllowed(ClusterPrivilegeResolver.READ_SLM, "cluster:admin/slm/get", "cluster:admin/ilm/operation_mode/get");
 
+            verifyClusterActionAllowed(
 
+                ClusterPrivilegeResolver.READ_SLM,
 
+                "cluster:admin/slm/get",
 
+                "cluster:admin/slm/status",
 
+                "cluster:admin/ilm/operation_mode/get"
 
+            );
 
             verifyClusterActionDenied(
 
                 ClusterPrivilegeResolver.READ_SLM,
 
                 "cluster:admin/slm/delete",