diff --git a/x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts b/x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts index d0fb5a5d70f5e..f454cd553c14c 100644 --- a/x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts +++ b/x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts @@ -66,7 +66,7 @@ describe('Session index', () => { name: indexTemplateName, }); expect(mockElasticsearchClient.indices.exists).toHaveBeenCalledWith({ - index: getSessionIndexSettings({ indexName, aliasName }).index, + index: aliasName, }); } @@ -96,7 +96,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.deleteTemplate).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.putIndexTemplate).not.toHaveBeenCalled(); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); + expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.create).not.toHaveBeenCalled(); }); @@ -116,7 +116,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.deleteTemplate).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.deleteIndexTemplate).not.toHaveBeenCalled(); - expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.indices.getMapping).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.putMapping).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.create).toHaveBeenCalledWith( @@ -140,7 +140,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.deleteTemplate).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.deleteIndexTemplate).not.toHaveBeenCalled(); - expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.indices.getMapping).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.putMapping).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.create).toHaveBeenCalledWith( @@ -162,7 +162,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.create).toHaveBeenCalledWith( getSessionIndexSettings({ indexName, aliasName }) ); - expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); }); it('deletes legacy & modern index templates if needed and creates index if it does not exist', async () => { @@ -182,7 +182,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.create).toHaveBeenCalledWith( getSessionIndexSettings({ indexName, aliasName }) ); - expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); }); it('deletes modern index template if needed and creates index if it does not exist', async () => { @@ -197,7 +197,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.deleteIndexTemplate).toHaveBeenCalledWith({ name: indexTemplateName, }); - expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.indices.create).toHaveBeenCalledWith( getSessionIndexSettings({ indexName, aliasName }) ); @@ -216,11 +216,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.deleteIndexTemplate).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.create).not.toHaveBeenCalled(); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledWith({ - index: indexName, - name: aliasName, - }); + expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); }); it('updates mappings for existing index without version in the meta', async () => { @@ -241,16 +237,13 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.deleteIndexTemplate).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.create).not.toHaveBeenCalled(); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledWith({ - index: indexName, - name: aliasName, - }); + expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledWith({ index: indexName }); + expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledWith({ index: aliasName }); expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledWith({ - index: indexName, + index: aliasName, ...getSessionIndexSettings({ indexName, aliasName }).mappings, }); }); @@ -273,16 +266,13 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.deleteIndexTemplate).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.create).not.toHaveBeenCalled(); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledWith({ - index: indexName, - name: aliasName, - }); + expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledWith({ index: indexName }); + expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledWith({ index: aliasName }); expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledWith({ - index: indexName, + index: aliasName, ...getSessionIndexSettings({ indexName, aliasName }).mappings, }); }); @@ -305,13 +295,10 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.deleteIndexTemplate).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.create).not.toHaveBeenCalled(); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledWith({ - index: indexName, - name: aliasName, - }); + expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledWith({ index: indexName }); + expect(mockElasticsearchClient.indices.getMapping).toHaveBeenCalledWith({ index: aliasName }); expect(mockElasticsearchClient.indices.putMapping).not.toHaveBeenCalled(); }); @@ -325,7 +312,7 @@ describe('Session index', () => { assertExistenceChecksPerformed(); expect(mockElasticsearchClient.indices.deleteTemplate).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.deleteIndexTemplate).not.toHaveBeenCalled(); - expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.indices.getMapping).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.putMapping).not.toHaveBeenCalled(); expect(mockElasticsearchClient.indices.create).toHaveBeenCalledWith( @@ -462,7 +449,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.exists).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.indices.create).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.search).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.bulk).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.closePointInTime).toHaveBeenCalledTimes(1); // since we attempted to delete sessions, we still refresh the index @@ -1445,7 +1432,7 @@ describe('Session index', () => { expect(mockElasticsearchClient.indices.exists).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.indices.create).toHaveBeenCalledTimes(1); - expect(mockElasticsearchClient.indices.putAlias).not.toHaveBeenCalled(); + expect(mockElasticsearchClient.indices.putAlias).toHaveBeenCalledTimes(1); expect(mockElasticsearchClient.create).toHaveBeenCalledTimes(2); expect(mockElasticsearchClient.create).toHaveBeenNthCalledWith( diff --git a/x-pack/platform/plugins/shared/security/server/session_management/session_index.ts b/x-pack/platform/plugins/shared/security/server/session_management/session_index.ts index 1dc4ecc1ec4a9..c266d76c03677 100644 --- a/x-pack/platform/plugins/shared/security/server/session_management/session_index.ts +++ b/x-pack/platform/plugins/shared/security/server/session_management/session_index.ts @@ -633,7 +633,7 @@ export class SessionIndex { let indexExists = false; try { indexExists = await this.options.elasticsearchClient.indices.exists({ - index: this.indexName, + index: this.aliasName, }); } catch (err) { this.options.logger.error(`Failed to check if session index exists: ${err.message}`); @@ -662,6 +662,20 @@ export class SessionIndex { } } + // Prior to https://github.com/elastic/kibana/pull/134900, sessions would be written directly against the session index. + // Now, we write sessions against a new session index alias. This call ensures that the alias exists, and is attached to the index. + // This operation is safe to repeat, even if the alias already exists. This seems safer than retrieving the index details, and inspecting + // it to see if the alias already exists. + try { + await this.options.elasticsearchClient.indices.putAlias({ + index: this.indexName, + name: this.aliasName, + }); + } catch (err) { + this.options.logger.error(`Failed to attach alias to session index: ${err.message}`); + throw err; + } + return; } @@ -669,26 +683,11 @@ export class SessionIndex { 'Session index already exists. Attaching alias to the index and ensuring up-to-date mappings...' ); - // Prior to https://github.com/elastic/kibana/pull/134900, sessions would be written directly against the session index. - // Now, we write sessions against a new session index alias. This call ensures that the alias exists, and is attached to the index. - // This operation is safe to repeat, even if the alias already exists. This seems safer than retrieving the index details, and inspecting - // it to see if the alias already exists. - try { - await this.options.elasticsearchClient.indices.putAlias({ - index: this.indexName, - name: this.aliasName, - }); - } catch (err) { - this.options.logger.error(`Failed to attach alias to session index: ${err.message}`); - throw err; - } - let indexMappingsVersion: string | undefined; try { const indexMappings = await this.options.elasticsearchClient.indices.getMapping({ - index: this.indexName, + index: this.aliasName, }); - indexMappingsVersion = indexMappings[this.indexName]?.mappings?._meta?.[ SESSION_INDEX_MAPPINGS_VERSION_META_FIELD_NAME @@ -706,7 +705,7 @@ export class SessionIndex { ); try { await this.options.elasticsearchClient.indices.putMapping({ - index: this.indexName, + index: this.aliasName, ...sessionIndexSettings.mappings, }); this.options.logger.debug('Successfully updated session index mappings.');