Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BACKPORT 7.x] Support roles with application privileges against wildcard applications #40675

Merged
merged 1 commit into from
Apr 2, 2019
Merged

[BACKPORT 7.x] Support roles with application privileges against wildcard applications #40675

merged 1 commit into from
Apr 2, 2019

Conversation

tvernum
Copy link
Contributor

@tvernum tvernum commented Apr 1, 2019
edited
Loading

This commit introduces 2 changes to application privileges:

  • The validation rules now accept a wildcard in the "suffix" of an application name.
    Wildcards were always accepted in the application name, but the "valid filename" check
    for the suffix incorrectly prevented the use of wildcards there.

  • A role may now be defined against a wildcard application (e.g. kibana-*) and this will
    be correctly treated as granting the named privileges against all named applications.
    This does not allow wildcard application names in the body of a "has-privileges" check, but the
    "has-privileges" check can test concrete application names against roles with wildcards.

Backport of: #40398

@tvernum
Support roles with application privileges against wildcard applications
0fbd63a 
This commit introduces 2 changes to application privileges:

- The validation rules now accept a wildcard in the "suffix" of an application name.
  Wildcards were always accepted in the application name, but the "valid filename" check
  for the suffix incorrectly prevented the use of wildcards there.

- A role may now be defined against a wildcard application (e.g. kibana-*) and this will
  be correctly treated as granting the named privileges against all named applications.
  This does not allow wildcard application names in the body of a "has-privileges" check, but the
  "has-privileges" check can test concrete application names against roles with wildcards.

Backport of: elastic#40398
@tvernum tvernum merged commit 7bdd413 into elastic:7.x Apr 2, 2019
@tvernum tvernum deleted the backport/7.x/40398-Support-roles-with-application branch April 3, 2019 05:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tvernum