Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Add support for Elasticsearch privileges in data stream manifest #109047

Closed
Tracked by #203
axw opened this issue Aug 18, 2021 · 3 comments · Fixed by #112397
Closed
Tracked by #203

[Fleet] Add support for Elasticsearch privileges in data stream manifest #109047

axw opened this issue Aug 18, 2021 · 3 comments · Fixed by #112397
Assignees
@hop-dev
Labels
Feature:EPM Fleet team's Elastic Package Manager (aka Integrations) project Team:Fleet Team label for Observability Data Collection Fleet team v7.16.0

Comments

@axw
Copy link
Member

axw commented Aug 18, 2021

Per elastic/package-spec#203 (comment), update Fleet/EPM to take Elasticsearch privileges defined in data stream manifests into account when generating agent API Keys.

When taking privileges from a package's data stream manifest, Fleet must ensure those privileges are restricted to the following set: auto_configure, create_doc, maintenance, monitor, read, read_cross_cluster. If any other privileges are defined, they should either be ignored or lead to an error.

The default privileges should remain as: auto_configure, create_doc.
@axw axw added Feature:EPM Fleet team's Elastic Package Manager (aka Integrations) project Team:Fleet Team label for Observability Data Collection Fleet team v7.16.0 labels Aug 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Feature:EPM)

@axw axw mentioned this issue Aug 18, 2021
Closed
3 tasks
@hop-dev
Copy link
Contributor

hop-dev commented Sep 9, 2021

Useful links:

PR for adding the field to APM: https://github.com/elastic/apm-server/pull/6139/files
PR for adding the field to the registry: https://github.com/elastic/package-registry/pull/713/files

@hop-dev hop-dev mentioned this issue Sep 16, 2021
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hop-dev hop-dev

Labels
Feature:EPM Fleet team's Elastic Package Manager (aka Integrations) project Team:Fleet Team label for Observability Data Collection Fleet team v7.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Fleet] Allow packages to specify index privileges hop-dev/kibana
3 participants
@axw @hop-dev @elasticmachine