Skip to content

[8.19] Bugfix: Prevent invalid privileges in manage roles privilege (#128532) #128626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: 8.19
Choose a base branch
from

Conversation

gmjehovich
Copy link
Contributor

Backports the following commits to 8.19:

…#128532)

This PR addresses the bug reported in
[elastic#127496](elastic#127496)

**Changes:** - Added validation logic in `ConfigurableClusterPrivileges`
to ensure privileges defined for a global cluster manage role privilege
are valid  - Added unit test to `ManageRolePrivilegesTest` to ensure
invalid privilege is caught during role creation - Updated
`BulkPutRoleRestIT` to assert that an error is thrown and that the role
is not created.

Both existing and new unit/integration tests passed locally.
@gmjehovich gmjehovich added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC >bug auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport Team:Security Meta label for security team labels May 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport >bug :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.19.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants