[Session Management] Fix session index creation and update #208244
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SiddharthMantri
changed the title
SiddharthMantri
added
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
SiddharthMantri
added
backport
backport:prev-minor
|
@azasypkin Adding you as an optional extra reviewer here. |
|
ACK: reviewing... |
azasypkin
reviewed
Jan 27, 2025
| index: this.aliasName, | ||
| }); | ||
| const indexNameExists = await this.options.elasticsearchClient.indices.exists({ |
There was a problem hiding this comment.
issue: We shouldn’t check if the index exists if aliasNameExists is true, so let’s try to skip making the second call if possible.
There was a problem hiding this comment.
Makes sense. Done in 0113bd6
| /** | ||
| * Creates the session index if it doesn't already exist. | ||
| */ | ||
| private async ensureSessionIndexExists() { | ||
| // Check if required index exists. | ||
| let indexExists = false; | ||
| try { | ||
| indexExists = await this.options.elasticsearchClient.indices.exists({ | ||
| const aliasNameExists = await this.options.elasticsearchClient.indices.exists({ |
There was a problem hiding this comment.
question: I see docs claim that the method supports array of strings: https://www.elastic.co/docs/api/doc/elasticsearch/v8/operation/operation-indices-exists - would it be possible to for us to check both in a single call (not sure how that's supposed to work under the hood though... if it returns true only if all indices exist then it wouldn't work for our use case I guess)?
There was a problem hiding this comment.
@azasypkin The exists API returns true only if all the targets are present. If any is missing, it returns false.
| index: this.indexName, | ||
| }); | ||
|
|
||
| indexExists = aliasNameExists || indexNameExists; |
There was a problem hiding this comment.
question: Would you mind clarifying in the code comment which case we’re handling here and why?
question: Do we need this change in main or it'd be sufficient to have this change only in 8.x considering that it's not possible to use 7.x data with 9.0 directly without going through UA? Is there any benefits in having this change in main that I'm missing?
There was a problem hiding this comment.
I wasn't too comfortable with having this difference between 8.x and 9.0 as it felt "significant" enough. What do you recommend?
There was a problem hiding this comment.
Code comment added in 0113bd6
azasypkin
reviewed
Jan 28, 2025
| /** | ||
| * Creates the session index if it doesn't already exist. | ||
| */ | ||
| private async ensureSessionIndexExists() { | ||
| // Check if required index exists. | ||
| let indexExists = false; | ||
| let indexNameExists = false; |
There was a problem hiding this comment.
nit: How about this?
// It is possible for users to migrate from older versions of Kibana where the session index was created without
// an alias (pre-8.4). In this case, we need to check if the index exists under the alias name, or the index name.
// If the index exists under the alias name, we can assume that the alias is already attached.
let indexExists = false;
try {
indexExists =
(await this.options.elasticsearchClient.indices.exists({ index: this.aliasName })) ||
(await this.options.elasticsearchClient.indices.exists({ index: this.indexName }));
} catch (err) {
this.options.logger.error(`Failed to check if session index exists: ${err.message}`);
throw err;
}There was a problem hiding this comment.
Done in 689dd48
| @@ -96,7 +96,10 @@ describe('Session index', () => { | |||
|
|
|||
There was a problem hiding this comment.
note: Would you mind adding a couple of tests (or adjusting the existing ones) to validate that we call exists only once if the alias exists and is called with the alias name, and twice if the alias doesn’t exist and is called with both the alias and index names?
There was a problem hiding this comment.
Added in 689dd48
azasypkin
approved these changes
Jan 29, 2025
x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts
Outdated
Show resolved
Hide resolved
x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts
Outdated
Show resolved
Hide resolved
x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts
Outdated
Show resolved
Hide resolved
x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts
Outdated
Show resolved
Hide resolved
x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts
Outdated
Show resolved
Hide resolved
|
@elasticmachine merge upstream |
|
Starting backport for target branches: 8.x |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
|
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 29, 2025
…08244) Closes elastic#208243 ## Summary [This PR](elastic#204097) introduced an unintended issue for users running 8.x with a 7.x archive. This has been fixed by correctly searching for existing index by both name and alias. ### To test: You can follow the same steps as the above PR: elastic#204097 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... (cherry picked from commit 449ac98)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jan 29, 2025
…8244) (#208780) # Backport This will backport the following commits from `main` to `8.x`: - [[Session Management] Fix session index creation and update (#208244)](#208244) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Sid","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-29T15:28:30Z","message":"[Session Management] Fix session index creation and update (#208244)\n\nCloses https://github.com/elastic/kibana/issues/208243\r\n\r\n## Summary\r\n\r\n[This PR](#204097) introduced an\r\nunintended issue for users running 8.x with a 7.x archive. This has been\r\nfixed by correctly searching for existing index by both name and alias.\r\n\r\n\r\n### To test:\r\nYou can follow the same steps as the above PR:\r\nhttps://github.com//pull/204097\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n- [ ] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...","sha":"449ac985723f561d7dc02303c194fc21c7e2cb02","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","v9.0.0","Feature:Security/Session Management","backport:prev-minor"],"title":"[Session Management] Fix session index creation and update","number":208244,"url":"https://github.com/elastic/kibana/pull/208244","mergeCommit":{"message":"[Session Management] Fix session index creation and update (#208244)\n\nCloses https://github.com/elastic/kibana/issues/208243\r\n\r\n## Summary\r\n\r\n[This PR](#204097) introduced an\r\nunintended issue for users running 8.x with a 7.x archive. This has been\r\nfixed by correctly searching for existing index by both name and alias.\r\n\r\n\r\n### To test:\r\nYou can follow the same steps as the above PR:\r\nhttps://github.com//pull/204097\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n- [ ] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...","sha":"449ac985723f561d7dc02303c194fc21c7e2cb02"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/208244","number":208244,"mergeCommit":{"message":"[Session Management] Fix session index creation and update (#208244)\n\nCloses https://github.com/elastic/kibana/issues/208243\r\n\r\n## Summary\r\n\r\n[This PR](#204097) introduced an\r\nunintended issue for users running 8.x with a 7.x archive. This has been\r\nfixed by correctly searching for existing index by both name and alias.\r\n\r\n\r\n### To test:\r\nYou can follow the same steps as the above PR:\r\nhttps://github.com//pull/204097\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n- [ ] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...","sha":"449ac985723f561d7dc02303c194fc21c7e2cb02"}}]}] BACKPORT--> Co-authored-by: Sid <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #208243
Summary
This PR introduced an unintended issue for users running 8.x with a 7.x archive. This has been fixed by correctly searching for existing index by both name and alias.
To test:
You can follow the same steps as the above PR: #204097
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesIdentify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.