Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BACKPORT] Types removal security index template (#39705) #39731

Merged
merged 1 commit into from
Mar 6, 2019
Merged

[BACKPORT] Types removal security index template (#39705) #39731

merged 1 commit into from
Mar 6, 2019

Conversation

bizybot
Copy link
Contributor

@bizybot bizybot commented Mar 6, 2019

As we are moving to single type indices,
we need to address this change in security-related indexes.
To address this, we are

  • updating index templates to use preferred type name _doc
  • updating the API calls to use preferred type name _doc

Upgrade impact:-
In case of an upgrade from 6.x, the security index has type
doc and this will keep working as there is a single type and _doc
works as an alias to an existing type. The change is handled in the
SecurityIndexManager when we load mappings and settings from
the template. Previously, we used to do a PutIndexTemplateRequest
with the mapping source JSON with the type name. This has been
modified to remove the type name from the source.
So in the case of an upgrade, the doc type is updated
whereas for fresh installs _doc is updated. This happens as
backend handles _doc as an alias to the existing type name.

An optional step is to reindex security index and update the
type to _doc.

Since we do not support the security audit log index,
that template has been deleted.

Relates: #38637

@bizybot bizybot added >enhancement v7.0.0 :Security/Security Security issues without another label backport labels Mar 6, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@bizybot
Types removal security index template (elastic#39705)
b6c24c9 
As we are moving to single type indices,
we need to address this change in security-related indexes.
To address this, we are
- updating index templates to use preferred type name `_doc`
- updating the API calls to use preferred type name `_doc`

Upgrade impact:-
In case of an upgrade from 6.x, the security index has type
`doc` and this will keep working as there is a single type and `_doc`
works as an alias to an existing type. The change is handled in the
`SecurityIndexManager` when we load mappings and settings from
the template. Previously, we used to do a `PutIndexTemplateRequest`
with the mapping source JSON with the type name. This has been
modified to remove the type name from the source.
So in the case of an upgrade, the `doc` type is updated
whereas for fresh installs `_doc` is updated. This happens as
backend handles `_doc` as an alias to the existing type name.

An optional step is to `reindex` security index and update the
type to `_doc`.

Since we do not support the security audit log index,
that template has been deleted.

Relates: elastic#38637
@bizybot bizybot force-pushed the security-index-template-type-removal-70-backport branch from d6028cd to b6c24c9 Compare March 6, 2019 06:25
@bizybot bizybot merged commit 82540d2 into elastic:7.0 Mar 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport >enhancement :Security/Security Security issues without another label v7.0.0-rc2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bizybot @elasticmachine @jakelandis