-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CCR exception on retention lease renewal #61308
Labels
>bug
:Distributed/CCR
Issues around the Cross Cluster State Replication features
:Security/Authorization
Roles, Privileges, DLS/FLS, RBAC/ABAC
Team:Distributed
Meta label for distributed team
Team:Security
Meta label for security team
Comments
ywangd
added
>bug
:Distributed/CCR
Issues around the Cross Cluster State Replication features
:Security/Authorization
Roles, Privileges, DLS/FLS, RBAC/ABAC
labels
Aug 19, 2020
Pinging @elastic/es-distributed (:Distributed/CCR) |
Pinging @elastic/es-security (:Security/Authorization) |
elasticmachine
added
Team:Distributed
Meta label for distributed team
Team:Security
Meta label for security team
labels
Aug 19, 2020
DaveCTurner
added a commit
to DaveCTurner/elasticsearch
that referenced
this issue
Feb 28, 2022
Today the `ShardFollowTasksExecutor` enters system context before renewing a retention lease, but then makes the remote call using a client which replaces the thread context with a non-system one again. This commit removes this no-op code to clarify the security model in this area. Relates elastic#61308, elastic#84006, elastic#84156
ywangd
added a commit
to ywangd/elasticsearch
that referenced
this issue
Mar 1, 2022
CCR user on the leader cluster needs more privileges than what are documented (elastic#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with elastic#61308. Resolves: elastic#84156
We discussed this issue recently and considered it a bug that should be fixed in phases:
|
ywangd
added a commit
that referenced
this issue
Mar 1, 2022
CCR user on the leader cluster needs more privileges than what are documented (#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with #61308. Resolves: #84156
ywangd
added a commit
to ywangd/elasticsearch
that referenced
this issue
Mar 1, 2022
…ic#84467) CCR user on the leader cluster needs more privileges than what are documented (elastic#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with elastic#61308. Resolves: elastic#84156
elasticsearchmachine
pushed a commit
that referenced
this issue
Mar 1, 2022
… (#84471) CCR user on the leader cluster needs more privileges than what are documented (#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with #61308. Resolves: #84156 Co-authored-by: Elastic Machine <[email protected]>
DaveCTurner
added a commit
that referenced
this issue
Mar 3, 2022
Today the `ShardFollowTasksExecutor` enters system context before renewing a retention lease, but then makes the remote call using a client which replaces the thread context with a non-system one again. This commit removes this no-op code to clarify the security model in this area. Relates #61308, #84006, #84156
ywangd
added a commit
to ywangd/elasticsearch
that referenced
this issue
Mar 31, 2022
…ic#84467) CCR user on the leader cluster needs more privileges than what are documented (elastic#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with elastic#61308. Resolves: elastic#84156
elasticsearchmachine
pushed a commit
that referenced
this issue
Mar 31, 2022
… (#85514) CCR user on the leader cluster needs more privileges than what are documented (#61308). Specifically it needs to renew the retention lease at a fixed time interval. This PR fixes it by granting the "manage" index privilege to the CCR user on the leader cluster. Note we still want to revisit privileges required CCR or at least fix our documentation. This will be tracked with #61308. Resolves: #84156
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
>bug
:Distributed/CCR
Issues around the Cross Cluster State Replication features
:Security/Authorization
Roles, Privileges, DLS/FLS, RBAC/ABAC
Team:Distributed
Meta label for distributed team
Team:Security
Meta label for security team
Based on the doc, the CCR on the remote/leader cluster can be configured using an user with a role like the follows:
However, an exception about renewing retention lease will be thrown due to missing of
indices:admin/seq_no/renew_retention_lease
privilege. This behaviour seems to exist for a long while now (I tested with v7.6.2 to v7.9). I am surprised that no one has reported it. Given the retention lease renewal seems to be an implementation details, the potential solution is probably executing it under system context.Here is the stacktrace shown in the log of the local/follower cluster (the exception actually happens on the remote/leader cluster, but it gets passed across the wire and only shows up in the local/follower cluster).
The text was updated successfully, but these errors were encountered: