Skip to content
This repository has been archived by the owner on Aug 16, 2022. It is now read-only.

Patching a role with "add" operation is replacing the tenant patterns #450

Closed
JohnMops opened this issue Mar 22, 2021 · 6 comments
Closed

Patching a role with "add" operation is replacing the tenant patterns #450

JohnMops opened this issue Mar 22, 2021 · 6 comments

Comments

@JohnMops
Copy link

Hi everyone,

I am trying to implement an API call to add tenant patterns to a specific role that is mapped to multiple users and then remove it once the troubleshooting is done.

When sending a request to https://localhost:9200/_opendistro/_security/api/roles/somerole?pretty with the body of:

`[
  {
    "op": "add", "path": "/tenant_permissions/0/tenant_patterns", "value": ["test"]
  }
]`

The tenant patterns are changing from:

` "tenant_permissions" : [
      {
        "tenant_patterns" : [
          "global_tenant"
        ],
        "allowed_actions" : [
          "kibana_all_write"
        ]
      }
    ],`

To this :

` "tenant_permissions" : [
      {
        "tenant_patterns" : [
          "test"
        ],
        "allowed_actions" : [
          "kibana_all_write"
        ]
      }
    ],`

Expected: I would expect the call to add the new pattern to the list instead of acting the same way as the "replace" operation.
Appreciate any help.
@JohnMops
Copy link
Author

IS there anyone that can help ?

@aetter aetter mentioned this issue Mar 24, 2021
Closed
@aetter
Copy link
Contributor

aetter commented Mar 24, 2021
edited
Loading

Hi @JohnMops, thanks for reporting. This looks like a bug to me. I've reported it over at the security repository as https://github.com/opendistro-for-elasticsearch/security/issues/1099.

For the time being, I think the best solution (even though it's obviously suboptimal) is to first GET the current configuration, append on the client side, and then send the updated permissions either through a PATCH or just a PUT (since they unfortunately do the same thing at the moment).

@aetter aetter closed this as completed Mar 24, 2021
@JohnMops
Copy link
Author

Any news on this one? @aetter

@aetter aetter reopened this Apr 19, 2021
@aetter
Copy link
Contributor

aetter commented Apr 19, 2021

Hi @JohnMops, nothing to report. I'm reopening this issue so that we can fix the link (which now 404s) whenever the security team finishes their housekeeping, though.

@JohnMops
Copy link
Author

Hi @JohnMops, nothing to report. I'm reopening this issue so that we can fix the link (which now 404s) whenever the security team finishes their housekeeping, though.

Thank you very much

@aetter
Copy link
Contributor

aetter commented Apr 21, 2021

Hi @JohnMops, I'm going to close this out again in favor of opensearch-project/security#1099

@aetter aetter closed this as completed Apr 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aetter @JohnMops