Security BWC tests with more complex cluster topologies · elastic/elasticsearch#30109

(3 comments) (0 reactions) (0 assignees)Java (76,700 stars) (25,882 forks)batch import

:Security/Security>testTeam:Securityhelp wanted

Description

Original comment by @tvernum:

The change to introduce the _xpack_security system user (LINK REDACTED) seems to have had a couple of different BWC issues that weren't picked up by our tests.

If a new node, tried to load security data from an old node, it would try to use the new user and fail because the old node didn't recognise the _xpack_security system user. (Fixed in LINK REDACTED) LINK REDACTED
If an old node tried to load security data from a new node, it would try to use the old user and fail because the older user no longer has permission to read security data. (Also fixed in LINK REDACTED) LINK REDACTED

It would be helpful to have some security tests that run with the sorts of more complex cluster setups (dedicated coordinating nodes, dedicated master nodes) that pull out these issues.

Contributor guide

Tech stack: java
Domain: testingsecurity
Issue type: test
Difficulty: 4
Estimated time: over 1 week
Activity status: stale
Clarity: mostly clear
Prerequisites: Understanding of Elasticsearch securityKnowledge of BWC testingJava programming
Newbie friendliness: 15
Research direction: Review the linked fixes in the issue description to understand the two BWC problems. Examine existing security test suites in the Elasticsearch codebase, particularly those related to system users and cluster topology. The comments may provide additional context. Focus on designing tests that simulate cluster topologies with dedicated coordinating and master nodes to reproduce the described issues.