[CCR] Make auto follow patterns work with security #33501
Conversation
martijnvg
added
review
v7.0.0
:Distributed Indexing/CCR
|
Pinging @elastic/es-distributed |
| @@ -404,7 +404,9 @@ void start( | |||
| final AtomicReferenceArray<Object> responses = new AtomicReferenceArray<>(followIndexMetadata.getNumberOfShards()); | |||
| Map<String, String> filteredHeaders = threadPool.getThreadContext().getHeaders().entrySet().stream() | |||
| .filter(e -> ShardFollowTask.HEADER_FILTERS.contains(e.getKey())) | |||
| .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));for (int i = 0; i < numShards; i++) { | |||
| .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)); | |||
There was a problem hiding this comment.
just added a new lines here for readability.
|
In a follow up PR, I like integrate the has_privileges api into the put auto follow patterns api, so that we can validate whether the user in the leader cluster has sufficient privileges to follow indices specified in the auto follow pattern's leader index patterns. The |
|
@martijnvg Would you merge master into this and resolve the conflicts? |
|
@jasontedor I merged it in |
| @@ -105,12 +116,14 @@ public boolean isCcrAllowed() { | |||
| */ | |||
| public <T> void checkRemoteClusterLicenseAndFetchClusterState( | |||
| final Client client, | |||
| final Map<String, String> headers, | |||
There was a problem hiding this comment.
I'm not super happy with the changes made to this file. Maybe the caller should provide the leaderClient? So that headers and clusterAlias does not need to be provided?
There was a problem hiding this comment.
As we discussed offline, this is okay for now, we can always refactor this later. The implementation is fine, we just want to take a step back and look at how ML uses the remote license checker too (multiple clusters) which has kind of forced how we implement this.
| @@ -168,6 +182,33 @@ public void onFailure(final Exception e) { | |||
| }); | |||
| } | |||
|
|
|||
| public static Client wrapClient(Client client, Map<String, String> headers) { | |||
There was a problem hiding this comment.
Moved it here, because I did not want that this code depends on ccr action code.
* master: (43 commits) [HLRC][ML] Add ML put datafeed API to HLRC (elastic#33603) Update AWS SDK to 1.11.406 in repository-s3 (elastic#30723) Expose CCR stats to monitoring (elastic#33617) [Docs] Update match-query.asciidoc (elastic#33610) TEST: Adjust rollback condition when shard is empty [CCR] Improve shard follow task's retryable error handling (elastic#33371) Forbid negative `weight` in Function Score Query (elastic#33390) Clarify context suggestions filtering and boosting (elastic#33601) Disable CCR REST endpoints if CCR disabled (elastic#33619) Lower version on full cluster restart settings test Upgrade remote cluster settings (elastic#33537) NETWORKING: http.publish_host Should Contain CNAME (elastic#32806) Add test coverage for global checkpoint listeners Reset replica engine to global checkpoint on promotion (elastic#33473) HLRC: ML Delete Forecast API (elastic#33526) Remove debug logging in full cluster restart tests (elastic#33612) Expose CCR to the transport client (elastic#33608) Mute testIndexDeletionWhenNodeRejoins SQL: Make Literal a NamedExpression (elastic#33583) [DOCS] Adds missing built-in user information (elastic#33585) ...
|
Jenkins, run sample packaging tests |
Relates to #33007