search

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
181 stars 264 forks source link

[BUG] When changing user backend role, get an error that there are no matching fields. #4393

Open 10000-ki opened 1 month ago

10000-ki commented 1 month ago

What is the bug?

https://opensearch.org/docs/latest/security/access-control/api/#patch-user

I want to change the backend role of a specific user by following the guide above. but it doesn't work well

GET _plugins/_security/api/internalusers/

{
  "testadmin": {
    "hash": "",
    "reserved": true,
    "hidden": false,
    "backend_roles": [],
    "attributes": {},
    "description": "Maps admin user 'osfarm_admin' custom role",
    "opendistro_security_roles": [
      "osfarm_admin",
      "internal_index_manager",
      "security_rest_api_full_access"
    ],
    "static": false
  },
  "kibanaserver": {
    "hash": "",
    "reserved": true,
    "hidden": false,
    "backend_roles": [],
    "attributes": {},
    "description": "Demo OpenSearch Dashboards user",
    "opendistro_security_roles": [],
    "static": false
  }
}

PATCH User

/_plugins/_security/api/internalusers/testadmin

[
  {
    "op": "replace", "path": "/backend_roles", "value": ["admin"]
  }
]

Error Occured

스크린샷 2024-06-03 오후 4 15 38

What is your host/environment?

all

10000-ki commented 1 month ago

Should the operation be add if there is no existing value?

willyborankin commented 1 month ago

I can confirm that the issue exists faced with the same problem for other configuration entities. I will assign it to me.

scrawfor99 commented 1 month ago

[Triage] Hi @10000-ki thanks for filing this issue. Looks like @willyborankin is already taking a look. I will go ahead and mark this as triaged.