-
Notifications
You must be signed in to change notification settings - Fork 8.3k
/
monitoring_permissions.ts
100 lines (89 loc) · 2.68 KB
/
monitoring_permissions.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { SavedObjectsClientContract } from '@kbn/core/server';
import { getPackageInfo, getInstallation } from '../epm/packages';
import {
PACKAGE_POLICY_DEFAULT_INDEX_PRIVILEGES,
AGENT_POLICY_DEFAULT_MONITORING_DATASETS,
} from '../../constants';
import type { FullAgentPolicyOutputPermissions } from '../../../common/types';
import { FLEET_ELASTIC_AGENT_PACKAGE } from '../../../common';
import { dataTypes } from '../../../common/constants';
import { getDataStreamPrivileges } from './package_policies_to_agent_permissions';
function buildDefault(enabled: { logs: boolean; metrics: boolean }, namespace: string) {
let names: string[] = [];
if (enabled.logs) {
names = names.concat(
AGENT_POLICY_DEFAULT_MONITORING_DATASETS.map((dataset) => `logs-${dataset}-${namespace}`)
);
}
if (enabled.metrics) {
names = names.concat(
AGENT_POLICY_DEFAULT_MONITORING_DATASETS.map((dataset) => `metrics-${dataset}-${namespace}`)
);
}
if (names.length === 0) {
return {
_elastic_agent_monitoring: {
indices: [],
},
};
}
return {
_elastic_agent_monitoring: {
indices: [
{
names,
privileges: PACKAGE_POLICY_DEFAULT_INDEX_PRIVILEGES,
},
],
},
};
}
export async function getMonitoringPermissions(
soClient: SavedObjectsClientContract,
enabled: { logs: boolean; metrics: boolean },
namespace: string
): Promise<FullAgentPolicyOutputPermissions> {
const installation = await getInstallation({
savedObjectsClient: soClient,
pkgName: FLEET_ELASTIC_AGENT_PACKAGE,
});
if (!installation) {
return buildDefault(enabled, namespace);
}
const pkg = await getPackageInfo({
savedObjectsClient: soClient,
pkgName: installation.name,
pkgVersion: installation.version,
});
if (!pkg.data_streams || pkg.data_streams.length === 0) {
return buildDefault(enabled, namespace);
}
return {
_elastic_agent_monitoring: {
indices: pkg.data_streams
.map((ds) => {
if (ds.type === dataTypes.Logs && !enabled.logs) {
return;
}
if (ds.type === dataTypes.Metrics && !enabled.metrics) {
return;
}
return getDataStreamPrivileges(ds, namespace);
})
.filter(
(
i
): i is {
names: string[];
privileges: string[];
} => typeof i !== 'undefined'
),
},
};
}