Skip to content

Always use create op_type with ES 7.5+#13936

Merged
urso merged 1 commit intoelastic:masterfrom
urso:always-create-with-es75
Oct 14, 2019
Merged

Always use create op_type with ES 7.5+#13936
urso merged 1 commit intoelastic:masterfrom
urso:always-create-with-es75

Conversation

@urso
Copy link
Copy Markdown

@urso urso commented Oct 7, 2019
edited
Loading

Elasticsearch introduces the create_doc privilege, which always
requires the op_type to be create. We would like to take advantage of
this, in order to reduces the privileges Beats users have to set for
Beats.

In the future Elasticsearch will support op_type == create if
documents without ID are indexed, but older Elasticsearch versions
don't.

This change always uses op_type == create when the Elasticsearch
version is 7.5+.

Related ES changes:

@urso urso requested a review from a team October 7, 2019 12:16
@bizybot bizybot mentioned this pull request Oct 7, 2019
Merged
@cwurm cwurm mentioned this pull request Oct 8, 2019
Merged
Always use create op_type with ES 7.5+
f0e52a8 
Elasticsearch introduces the `create_doc` privilege, which always
requires the op_type to be `create`. We would like to take advantage of
this, in order to reduces the privileges Beats users have to set for
Beats.

In the future Elasticsearch will support `op_type == create` if
documents without ID are indexed, but older Elasticsearch versions
don't.

This change always uses `op_type == create` when the Elasticsearch
version is 7.5+.
@urso urso force-pushed the always-create-with-es75 branch from 262d12f to f0e52a8 Compare October 11, 2019 12:17
ph
ph approved these changes Oct 11, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@ph ph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@urso urso merged commit a428d4d into elastic:master Oct 14, 2019
@cwurm cwurm mentioned this pull request Oct 14, 2019
Closed
@urso urso added the v7.5.0 label Oct 22, 2019
@cwurm
Copy link
Copy Markdown
Contributor

cwurm commented Oct 29, 2019

@urso Can we add this for publishing monitoring events as well? Even with this change, that still requires a create privilege.

@cwurm cwurm mentioned this pull request Oct 29, 2019
Merged
@urso
Copy link
Copy Markdown
Author

urso commented Oct 29, 2019

@cwurm Not sure. The internal monitoring approach pushes to a special X-Pack endpoint, that is provided by a plugin in Elasticsearch. Some logic for creating indices and such is in the plugin, not on the Beats side.

@cwurm
Copy link
Copy Markdown
Contributor

cwurm commented Oct 29, 2019

@urso I think since #9260 we ship monitoring data directly using the standard _bulk endpoint?

@urso
Copy link
Copy Markdown
Author

urso commented Oct 29, 2019

#9260 selects the bulk API based on configuration. Didn't notice that it uses another API as is modified here.

@ycombinator can you follow up on the monitoring output?

@ycombinator
Copy link
Copy Markdown
Contributor

ycombinator commented Oct 29, 2019

Yes, thanks for the ping. I will follow up with a PR to make the necessary changes for the monitoring output.

@ycombinator ycombinator mentioned this pull request Oct 29, 2019
Merged
@ycombinator
Copy link
Copy Markdown
Contributor

ycombinator commented Oct 29, 2019

PR for the analogous change in the libbeat monitoring ES client is up: #14313

@ycombinator ycombinator mentioned this pull request Jan 15, 2020
Closed
@urso urso deleted the always-create-with-es75 branch February 10, 2020 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ph ph ph approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

libbeat :Outputs review v7.5.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@urso @cwurm @ycombinator @ph