Skip to content

Check TooComplex exception for HasPrivileges body #128870

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 4, 2025
Merged

Check TooComplex exception for HasPrivileges body #128870

merged 4 commits into from
Jun 4, 2025

Conversation

tvernum
Copy link
Contributor

@tvernum tvernum commented Jun 4, 2025

The index pattern provided in the body of _has_privileges can trigger a TooComplexToDeterminizeException which is then bubbled up (badly).

This change catches that exception and provides a better message
@tvernum
Check TooComplex exception for HasPrivileges body
41141a5 
The index pattern provided in the body of `_has_privileges` can trigger a `TooComplexToDeterminizeException` which is then bubbled up (badly). This change catches that exception and provides a better message
@tvernum tvernum requested a review from slobodanadamovic June 4, 2025 01:44
@tvernum tvernum added >enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v8.19.0 v9.1.0 labels Jun 4, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Jun 4, 2025
@elasticsearchmachine
Copy link
Collaborator

Hi @tvernum, I've created a changelog YAML for you.
slobodanadamovic
slobodanadamovic approved these changes Jun 4, 2025
View reviewed changes
Copy link
Contributor

@slobodanadamovic slobodanadamovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍
@tvernum tvernum added the auto-backport Automatically create backport pull requests when merged label Jun 4, 2025
@tvernum tvernum merged commit fb87484 into elastic:main Jun 4, 2025
23 checks passed
@tvernum tvernum deleted the has-privileges-automaton-validation branch June 4, 2025 11:55
@tvernum tvernum mentioned this pull request Jun 4, 2025
Merged
@elasticsearchmachine
Copy link
Collaborator

💚 Backport successful

Status Branch Result
8.19
elasticsearchmachine pushed a commit that referenced this pull request Jun 5, 2025
@tvernum
[8.19] Check TooComplex exception for HasPrivileges body (#128870) (#…
d097bf0 
…128892) * Check TooComplex exception for HasPrivileges body (#128870) The index pattern provided in the body of `_has_privileges` can trigger a `TooComplexToDeterminizeException` which is then bubbled up (badly). This change catches that exception and provides a better message * Change test to reflect high work load limit in 8.x
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

auto-backport Automatically create backport pull requests when merged >enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.19.0 v9.1.0

3 participants

@tvernum @elasticsearchmachine @slobodanadamovic