-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Telemetry] Pull Kibana usage stats on-demand if Monitoring is not enabled. #21241
Comments
This will |
This is blocked on Security team creating a "Summary Client" that can return a callCluster function that is authenticated for querying anonymous, summary-only usage data from all the Spaces in .kibana. How it will work securely: the live stats can be pulled through the |
@kobelb and I chatted and we've come to a 2-part solution CollectionWhen Monitoring is disabled:
[*] Why we check the user potentially could read monitoring data: If the user is someone who should not be able to personally view Kibana-wide stats, then they should not be able to pull the stats live. Essentially, the solution is to simulate a TransmissionWe're putting reliance on a superuser being logged in so they'll be able to collect the Kibana stats. We will remove the 5-minute timer that delays transmission of the telemetry data to Elastic servers. The 5-minute timer was added to give a user time to read the "opt out" message when you had to opt-out to keep stats from sending. The behavior is opt-in now, so if telemetry is enabled in the browser, we know the user is already opted in. If a superuser is logged in, they might not stay on the page for very long, so there shouldn't be a delay on collecting and transmitting stats to Elastic servers. |
I'm not sure we need this security check, tbh - when we originally implemented the ES side of "live" telemetry collection, we agonized over the same thing, and chose to collect the monitoring data from ES with the |
I'm taking assignment of this issue to get the change in as an enhancement in 6.6 @pickypg would you be available to review the changes? |
@tsullivan Yep! |
I don't feel comfortable removing the authorization entirely; however, I do feel comfortable with ensuring that the user has access to read all saved objects across all spaces via the Kibana application privileges or through having read-only access to the When users opted into telemetry, they opted into reporting the anonymous statistic to Elastic itself, and I don't feel that the disclosure of this information to end-users was explicit. There are a few things that we talked about during our Security sync today that a few members of the @elastic/kibana-platform team also attended that can improve this situation. We can explore using asymmetric encryption to report these statistics so that end-users aren't able to view these statistics themselves. Additionally, we can also explore having the Kibana server itself report this telemetry when it's able to. I'm sure there were others ideas floated that I'm missing as well, and elaboration upon these is likely required; however, it feels out of scope for the current issue at hand. |
Meeting summary: In the short-term we're alright continuing the model that we've implemented for the Elasticsearch stats collection and allow any authenticated user to live-pull this information. In the not-long-term but not-blocking-this-effort-term, we'd like to prioritize sending all telemetry stats using public/private key encryption to prevent the relaying user from being able to sniff or augment the payload (edited) It's worth having a discussion regarding which team will be implementing the asymmetric encryption solution, since platform will technically be owning telemetry long-term. |
PR for fix is ready for review: #26496 |
Historically, the Telemetry feature was a part of monitoring and it had to be opted-into through code that existed in the monitoring plugin. That coupling has been separated and Telemetry is now a feature of the
xpack_main
"meta" plugin. Telemetry even works if Monitoring is disabled - instead of querying for usage data in.monitoring-
indices, there are modules inx-pack/plugins/xpack_main/server/lib/telemetry/local
that pull the usage data "live" from Elasticsearch. Live pulling is limited to Elasticsearch because at the time it was originally implemented, there was no way to pull usage data from other parts of the stack like Kibana, Beats or Logstash.Now with the usage service in Kibana under
src/server/usage
, a live-puller does have an interface to call and get the registered Kibana usage collectors to fetch data:server.usage.collectorSet.bulkFetchUsage()
. That call can be integrated in some module inx-pack/plugins/xpack_main/server/lib/telemetry/local
and telemetry payload would be able to include Kibana stats when Monitoring is disabled.cc @jinmu03
The text was updated successfully, but these errors were encountered: