Open rurus9 opened 3 months ago
What is the bug? OpenSearch 2.12.0, OpenSearch Dashboards 2.12.0 When Backend role contains a comma "," - filter_by_backend_roles does not work because the comma is treated as delimiter.
Do you have any additional context?
GET _cluster/settings { "persistent": { "cluster": { "routing": { "allocation": { "enable": "all" } } }, "plugins": { "index_state_management": { "metadata_migration": { "status": "1" }, "template_migration": { "control": "-1" } } } }, "transient": { "plugins": { "alerting": { "filter_by_backend_roles": "true" } } } }
User definition:
GET _plugins/_security/api/internalusers/test-alerts { "test-alerts": { "hash": "", "reserved": false, "hidden": false, "backend_roles": [ "CN=logs-userUnit-alerts,OU=logs,OU=SpecialUnit,OU=Groups,OU=inf,DC=my,DC=company,DC=name", "CN=logs-userUnit,OU=logs,OU=SpecialUnit,OU=Groups,OU=inf,DC=my,DC=company,DC=name" ], "attributes": {}, "opendistro_security_roles": [], "static": false } }
So, user has only two backend_roles, but the created monitor looks like this:
curl -k --cert ./admin.pem --key ./admin-key.pem -XGET 'https://localhost:9200/.opendistro-alerting-config/_doc/uwShhI4BembK9OYwELw7' | jq { "_index": ".opendistro-alerting-config", "_id": "uwShhI4BembK9OYwELw7", "_version": 5, "_seq_no": 113, "_primary_term": 5, "found": true, "_source": { "monitor": { "type": "monitor", "schema_version": 8, "name": "test-alert", "monitor_type": "query_level_monitor", "user": { "name": "test-alerts", "backend_roles": [ "CN=logs-userUnit", "OU=logs", "OU=SpecialUnit", "OU=Groups", "OU=inf", "DC=my", "DC=company", "DC=name", "CN=logs-userUnit-alerts" ], (...)
Two groups were divided into nine (commas...), in this situation the filter filter_by_backend_roles does not work...
Looking into it
What is the bug? OpenSearch 2.12.0, OpenSearch Dashboards 2.12.0 When Backend role contains a comma "," - filter_by_backend_roles does not work because the comma is treated as delimiter.
Do you have any additional context?
User definition:
So, user has only two backend_roles, but the created monitor looks like this:
Two groups were divided into nine (commas...), in this situation the filter filter_by_backend_roles does not work...