Deprecate and remove plugins.security.privileges_evaluation.use_legacy_impl
feature flag
#5013
Labels
enhancement
New feature or request
triaged
Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Opening up this issue to track the full release for Optimized Privilege Evaluation that contains 2 major improvements:
This PR also makes many data structures immutable for additional performance and safety gains.
Because of the large nature of this change, a decision has been made to introduce a feature flag (
plugins.security.privileges_evaluation.use_legacy_impl
) when backporting to 2.x to give more control to operators to choose to use this new style of authorization or whether to continue using the style of authorization performed in all previous releases based on iterating through roles. (See Backport 2.x PR). This backport only includes the improvements introduced by 1), but not by 2) because of the complexity in maintaining this feature flag for the improvements introduced by 2)This issue should remain open until
plugins.security.privileges_evaluation.use_legacy_impl
is fully removed and all benefits provided by #4380 are fully included in an official release.As of the opening of this issue, the current plan is to include #4998 in the upcoming 2.19 release. Since there are 2 code paths for authorization, maintainers of this repo may need to doubly implement authorization logic for new features under both code paths in order for the feature to work regardless of the value of the
plugins.security.privileges_evaluation.use_legacy_impl
setting.Ideally, this feature flag is kept for a couple of minor versions. Given that there is a proposal for the 2.19 release to be the last 2.x release, it may be necessary to forward port #4998 to the 3.x branch after 3.x has been cut to include it in the initial 3.x release(s) before it can be fully removed.
The text was updated successfully, but these errors were encountered: