Skip to content

[8.15] Fix remote cluster credential secure settings reload (#111535)#111738

Merged
elasticsearchmachine merged 3 commits intoelastic:8.15from
n1v0lg:backport/8.15/pr-111535
Sep 17, 2024
Merged

[8.15] Fix remote cluster credential secure settings reload (#111535)#111738
elasticsearchmachine merged 3 commits intoelastic:8.15from
n1v0lg:backport/8.15/pr-111535

Conversation

@n1v0lg
Copy link
Copy Markdown
Contributor

@n1v0lg n1v0lg commented Aug 9, 2024

Backports the following commits to 8.15:

@n1v0lg
Fix remote cluster credential secure settings reload (elastic#111535)
3b6831d 
Due to the `cluster:admin/xpack/security` action name prefix, the
internal action
`cluster:admin/xpack/security/remote_cluster_credentials/reload` to
reload remote cluster credentials fails for users that have the `manage`
cluster privilege. This does not align with our documentation and the
overall permission requirements for reloading secure settings.  

This PR renames the action to match the `manage` privilege. Since this
is a local-only action there are no BWC concerns with this rename. 

Fixes: elastic#111543
@n1v0lg n1v0lg added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC >bug auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport Team:Security Meta label for security team test-update-serverless labels Aug 9, 2024
@elasticsearchmachine elasticsearchmachine mentioned this pull request Aug 9, 2024
Merged
@n1v0lg n1v0lg self-assigned this Aug 9, 2024
@n1v0lg n1v0lg removed auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) test-update-serverless labels Aug 9, 2024
@n1v0lg
Copy link
Copy Markdown
Contributor Author

n1v0lg commented Sep 16, 2024

@elasticmachine update branch

@n1v0lg
Copy link
Copy Markdown
Contributor Author

n1v0lg commented Sep 17, 2024

@elasticmachine update branch

@n1v0lg n1v0lg added the auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) label Sep 17, 2024
@elasticsearchmachine elasticsearchmachine merged commit dc32b36 into elastic:8.15 Sep 17, 2024
@n1v0lg n1v0lg deleted the backport/8.15/pr-111535 branch September 17, 2024 09:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@n1v0lg n1v0lg

Labels

auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport >bug :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.15.2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@n1v0lg @elasticsearchmachine @elasticmachine