Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.17] Resolve/cluster should mark remotes as not connected when a security exception is thrown (#119793) #119865

Merged
merged 1 commit into from
Jan 9, 2025
Merged

[8.17] Resolve/cluster should mark remotes as not connected when a security exception is thrown (#119793) #119865

merged 1 commit into from
Jan 9, 2025
+55 −25

Conversation

quux00
Copy link
Contributor

@quux00 quux00 commented Jan 9, 2025

Backports the following commits to 8.17:

@quux00
Resolve/cluster should mark remotes as not connected when a security …
c69c4ba 
…exception is thrown (elastic#119793)

Fixes two bugs in _resolve/cluster.

First, the code that detects older clusters versions and does a fallback to the _resolve/index
endpoint was using an outdated string match for error detection. That has been adjusted.

Second, upon security exceptions, the _resolve/cluster endpoint was marking the clusters as connected: true,
under the assumption that all security exceptions related to cross cluster calls and remote index access were
coming from the remote cluster, but that is not always the case. Some cross-cluster security violations can
be detected on the local querying cluster after issuing the remoteClient.execute call but before the transport
layer actually sends the request remotely. So we now mark the connected status as false for all ElasticsearchSecurityException cases. End user docs have been updated with this information.
@quux00 quux00 added :Search Foundations/CCS >bug auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport Team:Search Foundations Meta label for the Search Foundations team in Elasticsearch labels Jan 9, 2025
@elasticsearchmachine elasticsearchmachine mentioned this pull request Jan 9, 2025
Merged
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 9, 2025

Documentation preview:

@elasticsearchmachine elasticsearchmachine merged commit 03231d2 into elastic:8.17 Jan 9, 2025
16 checks passed
@quux00 quux00 deleted the backport/8.17/pr-119793 branch January 9, 2025 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport >bug :Search Foundations/CCS Team:Search Foundations Meta label for the Search Foundations team in Elasticsearch v8.17.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@quux00 @elasticsearchmachine