Skip to content

Commit

Permalink
Allow read_slm to call GET /_slm/status (elastic#108333)
Browse files Browse the repository at this point in the history
Add the ability to access the SLM status api to 
the read_slm privilege.
  • Loading branch information
parkertimmins authored May 9, 2024
1 parent 6ecb295 commit ff20164
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 2 deletions.
5 changes: 5 additions & 0 deletions docs/changelog/108333.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pr: 108333
summary: Allow `read_slm` to call GET /_slm/status
area: ILM+SLM
type: bug
issues: []
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
import org.elasticsearch.xpack.core.security.action.user.ProfileHasPrivilegesAction;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.support.Automatons;
import org.elasticsearch.xpack.core.slm.action.GetSLMStatusAction;
import org.elasticsearch.xpack.core.slm.action.GetSnapshotLifecycleAction;

import java.util.Collection;
Expand Down Expand Up @@ -165,7 +166,11 @@ public class ClusterPrivilegeResolver {
ILMActions.STOP.name(),
GetStatusAction.NAME
);
private static final Set<String> READ_SLM_PATTERN = Set.of(GetSnapshotLifecycleAction.NAME, GetStatusAction.NAME);
private static final Set<String> READ_SLM_PATTERN = Set.of(
GetSLMStatusAction.NAME,
GetSnapshotLifecycleAction.NAME,
GetStatusAction.NAME
);

private static final Set<String> MANAGE_SEARCH_APPLICATION_PATTERN = Set.of("cluster:admin/xpack/application/search_application/*");
private static final Set<String> MANAGE_SEARCH_QUERY_RULES_PATTERN = Set.of("cluster:admin/xpack/query_rules/*");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -460,7 +460,12 @@ public void testSlmPrivileges() {
}

{
verifyClusterActionAllowed(ClusterPrivilegeResolver.READ_SLM, "cluster:admin/slm/get", "cluster:admin/ilm/operation_mode/get");
verifyClusterActionAllowed(
ClusterPrivilegeResolver.READ_SLM,
"cluster:admin/slm/get",
"cluster:admin/slm/status",
"cluster:admin/ilm/operation_mode/get"
);
verifyClusterActionDenied(
ClusterPrivilegeResolver.READ_SLM,
"cluster:admin/slm/delete",
Expand Down

0 comments on commit ff20164

Please sign in to comment.