Object level security for Application Privilege Actions #31987
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Replace "ClusterPrivilegePolicy" with "ConditionalClusterPrivileges" that just contains utility methods, and place the condional privileges directly on to RoleDescriptor
# Conflicts: # x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/permission/Role.java # x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java
tvernum
added
>feature
review
:Security/Authorization
|
Pinging @elastic/es-security |
tvernum
commented
Jul 12, 2018
| /** | ||
| * @deprecated Use {@link #cluster(Set, Iterable)} | ||
| */ | ||
| @Deprecated |
There was a problem hiding this comment.
I'll have a follow up PR to remove the uses of this method (which are all in tests)
|
Actually, don't review this PR. I'll leave this open for now so I can check the CI results. |
|
I raised #31998 instead. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note: We've haven't reached a definitive agreement on what the JSON looks like for this, but I think it's worth getting the review started while we keep thinking about that.
This introduces "conditional cluster privileges" to the X-Pack permissions model.
From a pure authz point of view (
RoleandAuthorizationService), the change is simply the addition of aTransportRequestparameter toClusterPermission.This means that a permission is able to consider both the action name and the request content in order to decide whether a particular action should be allowed.
At the
RoleDescriptorlevel, the change introduces a newConditionalClusterPrivilegeinterface, alongside the existingStringaction-name cluster-privileges.Logically these could be combined, but the separation allows for easy backwards compatibility in the the JSON API (and index format) for name based privileges. Traditional, action-name cluster privileges are still described by a
cluster: []element in the JSON, while conditional privileges are described in apolicy: {}element (the name is subject to change).For the roles API, and builtin roles providers (native + file) the only supported conditional privilege is
ManageApplicationPrivilegesrepresented in JSON as:which restricts the use of the Get/Put/Delete Privileges actions to those that act upon the specified application names ("my-app", "app-*")
It is possible for custom role providers to provide additional conditional privileges (documentation and examples for this will be added in a later PR).