-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Monitoring] Improve permissions required around setup mode #50421
[Monitoring] Improve permissions required around setup mode #50421
Conversation
…rs without the necessary permissions, and change one query to relax the privilege requirements
Pinging @elastic/stack-monitoring (Team:Monitoring) |
💔 Build Failed |
@elasticmachine merge upstream |
💔 Build Failed |
x-pack/legacy/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
Show resolved
Hide resolved
x-pack/legacy/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
Outdated
Show resolved
Hide resolved
💔 Build Failed |
💔 Build Failed |
💔 Build Failed |
I encountered an error when testing this. I set up the permissions as described and then navigated to the Stack Monitoring application. From there, I attempted to click to launch Metricbeat-based setup. As expected, I received an error. (Yay!) However, when I return to try setup via internal collection, I receive a second set of errors. I have recorded a small demo of the scenario: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes requested. Details in the a comment in the main thread of this PR.
@cachedout This should be the same behavior as on master. If the logged in user does not have the necessary permissions to enable monitoring, they will see errors like it. Assuming we confirm this, do you think we should not attempt to handle that differently in this PR? I do agree we should handle that better though. |
💚 Build Succeeded |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good 👍
I also agree this #50421 (comment) should be handled in a different PR
@chrisronline Yup, sounds like we should handle this separately from this PR. Shall I go ahead and file an issue or did you file one already? |
@elasticmachine merge upstream |
@cachedout I'll defer that to you - I'm not exactly sure what should be done in this scenario, considering the goal to deprecate internal monitoring in 8.0 |
💚 Build Succeeded |
…50421) * Add error messages when setup mode is not enabled, disable it for users without the necessary permissions, and change one query to relax the privilege requirements * Fix default value * PR feedback * Forgot to update this part * Fix tests
…50421) * Add error messages when setup mode is not enabled, disable it for users without the necessary permissions, and change one query to relax the privilege requirements * Fix default value * PR feedback * Forgot to update this part * Fix tests
…50918) * Add error messages when setup mode is not enabled, disable it for users without the necessary permissions, and change one query to relax the privilege requirements * Fix default value * PR feedback * Forgot to update this part * Fix tests
…50919) * Add error messages when setup mode is not enabled, disable it for users without the necessary permissions, and change one query to relax the privilege requirements * Fix default value * PR feedback * Forgot to update this part * Fix tests
…-fallback * 'master' of github.com:elastic/kibana: (116 commits) [Maps] move apply global filter settting from layer to source (elastic#50523) [SIEM] Fix: Empty `Source` / `Destination` shown when only ports are populated (elastic#50843) [Maps] Delay vector tile layer syncing until spritesheet is loaded (elastic#48955) [Maps] prevent users from overflowing URL when filtering by shape (elastic#50747) [DOCS] Mark Beats central management as discontinued (elastic#49423) [page_objects/common_page] convert to ts (elastic#50771) [NP Kibana Migrations ] kibana plugin home (elastic#50444) [DOCS] Shareables naming convention (elastic#50497) [ML] DF Analytics - auto-populate model_memory_limit (elastic#50714) Increase alerting test stability and reduce flakiness (elastic#50246) [ML] Remaning new_job_new folder (elastic#50917) [Telemetry] Show opt-in changes for OSS users (elastic#50831) [ML] Fix lat_long anomalies table links menu and value formatting (elastic#50916) [Dev] Fix serialising a really big string (elastic#50915) Better explanation about the Prettier recommendation (extension vs. NPM module) (elastic#50629) [Monitoring] Use a basic monitoring user for tests (elastic#47865) [Monitoring] Gracefully handle issue with filebeat indices (elastic#48929) [Monitoring] Improve permissions required around setup mode (elastic#50421) Additional validation for elasticsearch username (elastic#48247) Revert changes to use_kibana_ui_setting (elastic#50877) ... # Conflicts: # src/legacy/core_plugins/console/server/request.test.ts
Resolves #50327
This PR does three things:
_cat/indices
inget_collection_status
, we are going to change the logic to make a terms agg query against the_index
field (which is how most other areas of Kibana do this)Testing
kibana_user
andmonitoring_user
roles