elasticsearchmachine
commented
4 months ago Pinging @elastic/es-security (Team:Security)
Open albertzaharovits opened 4 months ago
elasticsearchmachine
commented
4 months ago Pinging @elastic/es-security (Team:Security)
We've discussed and agreed in this week's Security team meeting that when we update or delete a role, and the subsequent cache clearing operation fails, e.g. https://github.com/elastic/elasticsearch/blob/b7d9ccbeb4df657b7db64bc6de0fba05e9da7748/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java#L515 we have to return some sort of 5xx error indicating that a manual role cache clearing is in order.
We should ensure this is indeed the behavior (it looks like it is), and also write tests covering it, so that we "enshrine" it (today, with no tests, it almost implies a fuzzy behavior that we should avoid).