[RAM] Add missing privilege to alerting read operations #166603
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
umbopepato
added
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
💛 Build succeeded, but was flaky
Failed CI StepsTest FailuresMetrics [docs]
History
To update your PR or re-run it, just comment with: |
XavierM
approved these changes
Sep 21, 2023
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 22, 2023
Closes elastic#158957 ## Summary Adds the missing `getActionErrorLog` privilege. With the updated privileges, users with a custom Role including full access to "Actions and Connectors", "Rule Settings" and "Stack Rules" can successfully inspect errored actions' logs:  ## To Test - Create a Role with `All` privileges granted in `Actions and Connectors`, `Rules Settings`, `Stack Rules` (under Kibana > Management) and assign it to a user - Log in with that user - Create a rule with a failing action (i.e. an Email Connector with wrong addresses) - Wait for the rule to execute (or execute it manually) - In the rule page, under `History` click the number under `Errored actions` in one of the rows of the logs table - Check that error logs are visible in the flyout (cherry picked from commit 0eda41a)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 22, 2023
Closes elastic#158957 ## Summary Adds the missing `getActionErrorLog` privilege. With the updated privileges, users with a custom Role including full access to "Actions and Connectors", "Rule Settings" and "Stack Rules" can successfully inspect errored actions' logs:  ## To Test - Create a Role with `All` privileges granted in `Actions and Connectors`, `Rules Settings`, `Stack Rules` (under Kibana > Management) and assign it to a user - Log in with that user - Create a rule with a failing action (i.e. an Email Connector with wrong addresses) - Wait for the rule to execute (or execute it manually) - In the rule page, under `History` click the number under `Errored actions` in one of the rows of the logs table - Check that error logs are visible in the flyout (cherry picked from commit 0eda41a)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Sep 22, 2023
…) (#167001) # Backport This will backport the following commits from `main` to `8.10`: - [[RAM] Add missing privilege to alerting read operations (#166603)](#166603) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Umberto Pepato","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-09-22T07:23:13Z","message":"[RAM] Add missing privilege to alerting read operations (#166603)\n\nCloses #158957\r\n\r\n## Summary\r\n\r\nAdds the missing `getActionErrorLog` privilege. With the updated\r\nprivileges, users with a custom Role including full access to \"Actions\r\nand Connectors\", \"Rule Settings\" and \"Stack Rules\" can successfully\r\ninspect errored actions' logs:\r\n\r\n\r\n\r\n## To Test\r\n\r\n- Create a Role with `All` privileges granted in `Actions and\r\nConnectors`, `Rules Settings`, `Stack Rules` (under Kibana > Management)\r\nand assign it to a user\r\n- Log in with that user\r\n- Create a rule with a failing action (i.e. an Email Connector with\r\nwrong addresses)\r\n- Wait for the rule to execute (or execute it manually)\r\n- In the rule page, under `History` click the number under `Errored\r\nactions` in one of the rows of the logs table\r\n- Check that error logs are visible in the flyout","sha":"0eda41a46da91ba3b4fd90a8478e1aecb03154f0","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:ResponseOps","v8.10.0","v8.11.0","v8.9.3"],"number":166603,"url":"https://github.com/elastic/kibana/pull/166603","mergeCommit":{"message":"[RAM] Add missing privilege to alerting read operations (#166603)\n\nCloses #158957\r\n\r\n## Summary\r\n\r\nAdds the missing `getActionErrorLog` privilege. With the updated\r\nprivileges, users with a custom Role including full access to \"Actions\r\nand Connectors\", \"Rule Settings\" and \"Stack Rules\" can successfully\r\ninspect errored actions' logs:\r\n\r\n\r\n\r\n## To Test\r\n\r\n- Create a Role with `All` privileges granted in `Actions and\r\nConnectors`, `Rules Settings`, `Stack Rules` (under Kibana > Management)\r\nand assign it to a user\r\n- Log in with that user\r\n- Create a rule with a failing action (i.e. an Email Connector with\r\nwrong addresses)\r\n- Wait for the rule to execute (or execute it manually)\r\n- In the rule page, under `History` click the number under `Errored\r\nactions` in one of the rows of the logs table\r\n- Check that error logs are visible in the flyout","sha":"0eda41a46da91ba3b4fd90a8478e1aecb03154f0"}},"sourceBranch":"main","suggestedTargetBranches":["8.10","8.9"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/166603","number":166603,"mergeCommit":{"message":"[RAM] Add missing privilege to alerting read operations (#166603)\n\nCloses #158957\r\n\r\n## Summary\r\n\r\nAdds the missing `getActionErrorLog` privilege. With the updated\r\nprivileges, users with a custom Role including full access to \"Actions\r\nand Connectors\", \"Rule Settings\" and \"Stack Rules\" can successfully\r\ninspect errored actions' logs:\r\n\r\n\r\n\r\n## To Test\r\n\r\n- Create a Role with `All` privileges granted in `Actions and\r\nConnectors`, `Rules Settings`, `Stack Rules` (under Kibana > Management)\r\nand assign it to a user\r\n- Log in with that user\r\n- Create a rule with a failing action (i.e. an Email Connector with\r\nwrong addresses)\r\n- Wait for the rule to execute (or execute it manually)\r\n- In the rule page, under `History` click the number under `Errored\r\nactions` in one of the rows of the logs table\r\n- Check that error logs are visible in the flyout","sha":"0eda41a46da91ba3b4fd90a8478e1aecb03154f0"}},{"branch":"8.9","label":"v8.9.3","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Umberto Pepato <[email protected]>
|
@umbopepato - this PR broke main, something was not right about it. https://buildkite.com/elastic/kibana-on-merge/builds/35725#018abbc7-685d-4bdd-8ef1-7699150ad9b1 |
delanni
added a commit
that referenced
this pull request
Sep 22, 2023
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 22, 2023
…167026) ## Summary There was an accidental race-condition on a variable re-name and usage between elastic#166032 & elastic#166603. This PR intends to correct that. (cherry picked from commit e2a7157)
This was referenced Oct 1, 2023
kibanamachine
added
the
backport missing
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
2 similar comments
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
cnasikas
removed
backport missing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #158957
Summary
Adds the missing
getActionErrorLogprivilege. With the updated privileges, users with a custom Role including full access to "Actions and Connectors", "Rule Settings" and "Stack Rules" can successfully inspect errored actions' logs:To Test
Allprivileges granted inActions and Connectors,Rules Settings,Stack Rules(under Kibana > Management) and assign it to a userHistoryclick the number underErrored actionsin one of the rows of the logs table