Skip to content

Give kibana user privileges to create APM agent config index #46765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 17, 2019
Merged

Give kibana user privileges to create APM agent config index #46765

merged 5 commits into from
Sep 17, 2019

Conversation

ogupte
Copy link
Contributor

@ogupte ogupte commented Sep 16, 2019
edited
Loading

Addresses elastic/kibana#45610 by giving the kibana user reserved role privileges on .apm-agent-configuration to create APM agent config index in Kibana.

@ogupte ogupte added the :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC label Sep 16, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@ogupte ogupte mentioned this pull request Sep 16, 2019
Closed
@ogupte
Copy link
Contributor Author

ogupte commented Sep 17, 2019

@elasticmachine merge upstream

@ogupte ogupte requested review from sorenlouv and kobelb September 17, 2019 04:08
sorenlouv
sorenlouv approved these changes Sep 17, 2019
View reviewed changes
Copy link
Member

@sorenlouv sorenlouv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Probably needs a 👍 from @kobelb as well.

@kobelb kobelb requested a review from a team September 17, 2019 14:33
kobelb
kobelb approved these changes Sep 17, 2019
View reviewed changes
Copy link
Contributor

@kobelb kobelb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - but we'll need approval from an ES team member, as this changes their code.

@ogupte ogupte added the blocker label Sep 17, 2019
@ogupte
Copy link
Contributor Author

ogupte commented Sep 17, 2019

@elasticmachine merge upstream

jkakavas
jkakavas approved these changes Sep 17, 2019
View reviewed changes
Copy link
Member

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ogupte ogupte merged commit 82462df into elastic:master Sep 17, 2019
@jkakavas
Copy link
Member

@ogupte you would need to open the relevant PRs for 7.x and 7.4 too. Let us know if you need any help with that

ogupte added a commit to ogupte/elasticsearch that referenced this pull request Sep 17, 2019
@ogupte
Give kibana user privileges to create APM agent config index (elastic…
65e4a5e 
…#46765)

* Give kibana user reserved role privileges on .apm-* to create APM agent configuration index.

* fixed test to include checking all .apm-* permissions

* changed pattern from ".apm-*" to the more specific ".apm-agent-configuration"
@ogupte ogupte mentioned this pull request Sep 17, 2019
Closed
@sorenlouv
Copy link
Member

sorenlouv commented Sep 17, 2019
edited
Loading

@ogupte backport --upstream elastic/elasticsearch --branch 7.x --branch 7.4 should do the trick.

(Docs: https://github.com/sqren/backport)

@sorenlouv
Copy link
Member

sorenlouv commented Sep 17, 2019
edited
Loading

When I get someone convinced to merge this it will be possible to simply run backport ;)

ogupte added a commit to ogupte/elasticsearch that referenced this pull request Sep 17, 2019
@ogupte
Give kibana user privileges to create APM agent config index (elastic…
30afa14 
…#46765)

* Give kibana user reserved role privileges on .apm-* to create APM agent configuration index.

* fixed test to include checking all .apm-* permissions

* changed pattern from ".apm-*" to the more specific ".apm-agent-configuration"
@ogupte ogupte mentioned this pull request Sep 17, 2019
Merged
ogupte added a commit to ogupte/elasticsearch that referenced this pull request Sep 17, 2019
@ogupte
Give kibana user privileges to create APM agent config index (elastic…
d48c015 
…#46765)

* Give kibana user reserved role privileges on .apm-* to create APM agent configuration index.

* fixed test to include checking all .apm-* permissions

* changed pattern from ".apm-*" to the more specific ".apm-agent-configuration"
@ogupte ogupte mentioned this pull request Sep 17, 2019
Merged
ogupte added a commit that referenced this pull request Sep 17, 2019
@ogupte
Give kibana user privileges to create APM agent config index (#46765) (
85ce1c7 
…#46793)

* Give kibana user reserved role privileges on .apm-* to create APM agent configuration index.

* fixed test to include checking all .apm-* permissions

* changed pattern from ".apm-*" to the more specific ".apm-agent-configuration"
ogupte added a commit that referenced this pull request Sep 17, 2019
@ogupte
Give kibana user privileges to create APM agent config index (#46765) (
cbd58d3 
…#46792)

* Give kibana user reserved role privileges on .apm-* to create APM agent configuration index.

* fixed test to include checking all .apm-* permissions

* changed pattern from ".apm-*" to the more specific ".apm-agent-configuration"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sorenlouv sorenlouv sorenlouv approved these changes

@kobelb kobelb kobelb approved these changes

@jkakavas jkakavas jkakavas approved these changes

Assignees
No one assigned
Labels
blocker >bug :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v7.4.0 v8.0.0-alpha1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ogupte @elasticmachine @jkakavas @sorenlouv @kobelb @jakelandis