[APM] Update script with new roles/users #72599

sorenlouv · 2020-07-21T09:58:49Z

Updates the script for creating APM-specific roles and users:

Users:

apm_read_user: read access to APM only
kibana_read_user: read access to all apps
kibana_write_user: read/write access to all apps

elasticmachine · 2020-07-21T09:58:57Z

Pinging @elastic/apm-ui (Team:apm)

sorenlouv · 2020-07-21T10:11:52Z

x-pack/plugins/apm/scripts/kibana-security/setup-custom-kibana-user-role.ts

-    path.join(__filename, '../../../../../../config/kibana.dev.yml'),
-    'utf8'
-  )
-);


Removed the magic around reading creds from the existing kibana.yml file. Now everything must be passed in as cli args. A little more tedious but a lot more clear what happens

cauemarcondes · 2020-07-21T10:33:21Z

@sqren Shouldn't we have a user that doesn't have read/write permissions to any indices, like kibana_write_user Apps: read/write. Indices: None.

sorenlouv · 2020-07-21T10:48:42Z

@sqren Shouldn't we have a user that doesn't have read/write permissions to any indices, like kibana_write_user Apps: read/write. Indices: None.

Maybe. I want to keep the number of users we test with to a minimum to keep the process as simple as possible.
What would you use such a user for?

apmmachine · 2020-07-21T11:05:52Z

💔 Tests Failed

Expand to view the summary

Build stats

Build Cause: [Pull request #72599 updated]
Start Time: 2020-07-21T10:45:41.681+0000
Duration: 24 min 0 sec

Test stats 🧪

Test	Results
Failed	4
Passed	5
Skipped	0
Total	9

Test errors

Expand to view the tests failures

Name: RUM Dashboard Rum page filters (example #1) – Rum page filters (example #1)
- Age: 2
- Duration: 0
- Error Details: Snapshot difference. To update, delete snapshot and rerun test. "8 " => "7 "
Name: RUM Dashboard Rum page filters (example #2) – Rum page filters (example #2)
- Age: 2
- Duration: 0
- Error Details: Snapshot difference. To update, delete snapshot and rerun test. "28 " => "7 "
Name: RUM Dashboard Service name filter – Service name filter
- Age: 2
- Duration: 0
- Error Details: Timed out retrying: expected '<p.euiTitle.euiTitle--small.euiStat__title>' to have text '7 ', but the text was '8 '
Name: RUM Dashboard Client metrics – Client metrics
- Age: 3
- Duration: 0
- Error Details: Timed out retrying: expected '<p.euiTitle.euiTitle--small.euiStat__title>' to have text '55 ', but the text was '54 '

Steps errors

Expand to view the steps failures

Name: Shell Script
- Description: 4P0+vIKc0PTOvWC8xrzgzOT8nv0gvODO3ICfVoyQ3xy+/JNU2Yj/Tagmf50wMjD4M7CWJ6SCJEgYhn6zEskT9nMS8dP3gkqLMvHT
- Duration: 14 min 56 sec
- Start Time: 2020-07-21T10:55:35.000+0000
- log
Name: Notifies GitHub of the status of a Pull Request
- Description: script returned exit code 1
- Duration: 0 min 2 sec
- Start Time: 2020-07-21T11:09:38.361+0000
- log

Log output

Expand to view the last 100 lines of log output

[2020-07-21T11:09:42.239Z] + '[' -e /tmp/tmp.myObWxmwMu/step.log ']'
[2020-07-21T11:09:42.239Z] ++ head -c 100 /tmp/tmp.myObWxmwMu/step.log
[2020-07-21T11:09:42.239Z] + new='script returned exit code 1'
[2020-07-21T11:09:42.239Z] + jq --arg id 141 --arg new 'script returned exit code 1' '(.[] | select(.result=="FAILURE" and .displayDescription==null and .id==$id) | .displayDescription) |= $new' steps-errors.json
[2020-07-21T11:09:42.239Z] + mv /tmp/tmp.myObWxmwMu/step.log steps-errors.json
[2020-07-21T11:09:42.239Z] + normaliseSteps steps-info.json
[2020-07-21T11:09:42.239Z] + file=steps-info.json
[2020-07-21T11:09:42.239Z] + jqAppend https://apm-ci.elastic.co/ 'map(with_entries(select(.key != "_links")) + ( .url = $a + ._links.self.href + "log"))' steps-info.json
[2020-07-21T11:09:42.239Z] + argument=https://apm-ci.elastic.co/
[2020-07-21T11:09:42.239Z] + query='map(with_entries(select(.key != "_links")) + ( .url = $a + ._links.self.href + "log"))'
[2020-07-21T11:09:42.239Z] + file=steps-info.json
[2020-07-21T11:09:42.239Z] ++ mktemp
[2020-07-21T11:09:42.239Z] + tmp=/tmp/tmp.sNA9GqNT8r
[2020-07-21T11:09:42.239Z] + jq --arg a https://apm-ci.elastic.co/ 'map(with_entries(select(.key != "_links")) + ( .url = $a + ._links.self.href + "log"))' steps-info.json
[2020-07-21T11:09:42.239Z] + mv /tmp/tmp.sNA9GqNT8r steps-info.json
[2020-07-21T11:09:42.239Z] + jqEdit 'map(del(._links))' steps-info.json
[2020-07-21T11:09:42.239Z] + query='map(del(._links))'
[2020-07-21T11:09:42.239Z] + file=steps-info.json
[2020-07-21T11:09:42.239Z] ++ mktemp
[2020-07-21T11:09:42.239Z] + tmp=/tmp/tmp.6VWNx2s0Cx
[2020-07-21T11:09:42.239Z] + jq 'map(del(._links))' steps-info.json
[2020-07-21T11:09:42.239Z] + mv /tmp/tmp.6VWNx2s0Cx steps-info.json
[2020-07-21T11:09:42.239Z] + jqEdit 'map(del(._class))' steps-info.json
[2020-07-21T11:09:42.239Z] + query='map(del(._class))'
[2020-07-21T11:09:42.239Z] + file=steps-info.json
[2020-07-21T11:09:42.239Z] ++ mktemp
[2020-07-21T11:09:42.239Z] + tmp=/tmp/tmp.UYkWKnBcd9
[2020-07-21T11:09:42.239Z] + jq 'map(del(._class))' steps-info.json
[2020-07-21T11:09:42.239Z] + mv /tmp/tmp.UYkWKnBcd9 steps-info.json
[2020-07-21T11:09:42.239Z] + jqEdit 'map(del(.actions))' steps-info.json
[2020-07-21T11:09:42.239Z] + query='map(del(.actions))'
[2020-07-21T11:09:42.239Z] + file=steps-info.json
[2020-07-21T11:09:42.239Z] ++ mktemp
[2020-07-21T11:09:42.239Z] + tmp=/tmp/tmp.5rRnIF1AjG
[2020-07-21T11:09:42.239Z] + jq 'map(del(.actions))' steps-info.json
[2020-07-21T11:09:42.490Z] + mv /tmp/tmp.5rRnIF1AjG steps-info.json
[2020-07-21T11:09:42.490Z] + normaliseSteps steps-errors.json
[2020-07-21T11:09:42.490Z] + file=steps-errors.json
[2020-07-21T11:09:42.490Z] + jqAppend https://apm-ci.elastic.co/ 'map(with_entries(select(.key != "_links")) + ( .url = $a + ._links.self.href + "log"))' steps-errors.json
[2020-07-21T11:09:42.490Z] + argument=https://apm-ci.elastic.co/
[2020-07-21T11:09:42.490Z] + query='map(with_entries(select(.key != "_links")) + ( .url = $a + ._links.self.href + "log"))'
[2020-07-21T11:09:42.490Z] + file=steps-errors.json
[2020-07-21T11:09:42.490Z] ++ mktemp
[2020-07-21T11:09:42.490Z] + tmp=/tmp/tmp.rbD8r2yYJ6
[2020-07-21T11:09:42.490Z] + jq --arg a https://apm-ci.elastic.co/ 'map(with_entries(select(.key != "_links")) + ( .url = $a + ._links.self.href + "log"))' steps-errors.json
[2020-07-21T11:09:42.490Z] + mv /tmp/tmp.rbD8r2yYJ6 steps-errors.json
[2020-07-21T11:09:42.490Z] + jqEdit 'map(del(._links))' steps-errors.json
[2020-07-21T11:09:42.490Z] + query='map(del(._links))'
[2020-07-21T11:09:42.490Z] + file=steps-errors.json
[2020-07-21T11:09:42.490Z] ++ mktemp
[2020-07-21T11:09:42.490Z] + tmp=/tmp/tmp.sKNVxiMEmU
[2020-07-21T11:09:42.490Z] + jq 'map(del(._links))' steps-errors.json
[2020-07-21T11:09:42.490Z] + mv /tmp/tmp.sKNVxiMEmU steps-errors.json
[2020-07-21T11:09:42.490Z] + jqEdit 'map(del(._class))' steps-errors.json
[2020-07-21T11:09:42.490Z] + query='map(del(._class))'
[2020-07-21T11:09:42.490Z] + file=steps-errors.json
[2020-07-21T11:09:42.490Z] ++ mktemp
[2020-07-21T11:09:42.490Z] + tmp=/tmp/tmp.XdcO7PynZG
[2020-07-21T11:09:42.490Z] + jq 'map(del(._class))' steps-errors.json
[2020-07-21T11:09:42.490Z] + mv /tmp/tmp.XdcO7PynZG steps-errors.json
[2020-07-21T11:09:42.490Z] + jqEdit 'map(del(.actions))' steps-errors.json
[2020-07-21T11:09:42.490Z] + query='map(del(.actions))'
[2020-07-21T11:09:42.490Z] + file=steps-errors.json
[2020-07-21T11:09:42.490Z] ++ mktemp
[2020-07-21T11:09:42.490Z] + tmp=/tmp/tmp.e30cTlC2Qw
[2020-07-21T11:09:42.490Z] + jq 'map(del(.actions))' steps-errors.json
[2020-07-21T11:09:42.490Z] + mv /tmp/tmp.e30cTlC2Qw steps-errors.json
[2020-07-21T11:09:42.490Z] + fetchAndDefaultTestsErrors tests-errors.json 'https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED' '[ ]'
[2020-07-21T11:09:42.490Z] + file=tests-errors.json
[2020-07-21T11:09:42.490Z] + url='https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED'
[2020-07-21T11:09:42.490Z] + default='[ ]'
[2020-07-21T11:09:42.490Z] + fetchAndDefault tests-errors.json 'https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED' '[ ]'
[2020-07-21T11:09:42.490Z] + file=tests-errors.json
[2020-07-21T11:09:42.490Z] + url='https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED'
[2020-07-21T11:09:42.490Z] + default='[ ]'
[2020-07-21T11:09:42.490Z] + fetch tests-errors.json 'https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED'
[2020-07-21T11:09:42.490Z] + file=tests-errors.json
[2020-07-21T11:09:42.490Z] + url='https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED'
[2020-07-21T11:09:42.490Z] + echo 'INFO: curl https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED -o tests-errors.json'
[2020-07-21T11:09:42.490Z] INFO: curl https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED -o tests-errors.json
[2020-07-21T11:09:42.490Z] + [[ -n https://apm-ci.elastic.co/ ]]
[2020-07-21T11:09:42.490Z] + [[ -e /usr/local/bin/bash_standard_lib.sh ]]
[2020-07-21T11:09:42.490Z] + retry 3 curlCommand tests-errors.json 'https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED'
[2020-07-21T11:09:42.490Z] + local retries=3
[2020-07-21T11:09:42.490Z] + shift
[2020-07-21T11:09:42.490Z] + local count=0
[2020-07-21T11:09:42.490Z] + curlCommand tests-errors.json 'https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED'
[2020-07-21T11:09:42.490Z] + curl --silent --max-time 600 --connect-timeout 30 -o tests-errors.json 'https://apm-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/apm-ui/apm-ui-e2e-tests-mbp/PR-72599/runs/3/tests/?status=FAILED'
[2020-07-21T11:09:42.490Z] + return 0
[2020-07-21T11:09:42.490Z] + '[' '!' -e tests-errors.json ']'
[2020-07-21T11:09:42.490Z] + '[' '!' -s tests-errors.json ']'
[2020-07-21T11:09:42.490Z] + jq -e 'select(.code==404)' tests-errors.json
[2020-07-21T11:09:42.491Z] + normaliseTests tests-errors.json
[2020-07-21T11:09:42.491Z] + file=tests-errors.json
[2020-07-21T11:09:42.491Z] + jqEdit 'map(del(._links))' tests-errors.json
[2020-07-21T11:09:42.491Z] + query='map(del(._links))'
[2020-07-21T11:09:42.491Z] + file=tests-errors.json
[2020-07-21T11:09:42.491Z] ++ mktemp
[2020-07-21T11:09:42.491Z] + tmp=/tmp/tmp.G1AseqZnwA
[2020-07-21T11:09:42.491Z] + jq 'map(del(._links))' tests-errors.json

cauemarcondes · 2020-07-21T11:15:57Z

Maybe. I want to keep the number of users we test with to a minimum to keep the process as simple as possible.
What would you use such a user for?

Right now nothing, but it was useful to test the missing permission page, but since we removed that we might not need it anymore.

kibanamachine · 2020-07-21T12:25:29Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 810d25c

Build metrics

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cauemarcondes

LGTM

* master: [Security Solution][Timeline] Add Empty view to the Timelines page (elastic#72576) [Security Solution][Resolver] Show process detail panel when clicking a process node (elastic#72563) Move manifest packageConfig mocks into security_solution plugin (elastic#72527) [QA][Code Coverage] Fixup Team Assignment (elastic#72467) [docs] remove references to tile map visualization in supported aggregations (elastic#72493) [ci][apm-ui] fix argument name for disabling pr comments (elastic#72633) Only check that the event ids are the same in arrays (elastic#72624) Add doc titles to ES UI apps (elastic#71045) Add Upgrade Assistant API integration test to ensure the reindex operation saved object can handle immense error messages (elastic#72347) [APM] Disable flaky rum e2e’s (elastic#72614) Applying tiny fix from 72532 to main branch (elastic#72533) [APM] Update script with new roles/users (elastic#72599) [Security Solution] Add margin (elastic#72542) Migrated fixed_scroll karma tests to jest (elastic#72258) [ML] Handling data recognizer saved object errors (elastic#72447) [Monitoring] Fix the messaging around needing TLS enabled (elastic#72310) [Task Manager] Batches the update operations in Task Manager (elastic#71470)

…feature-privileges * alerting/consumer-based-rbac: [Security Solution][Timeline] Add Empty view to the Timelines page (elastic#72576) [Security Solution][Resolver] Show process detail panel when clicking a process node (elastic#72563) renamed variable to make it clear the SO client is unsecured Move manifest packageConfig mocks into security_solution plugin (elastic#72527) [QA][Code Coverage] Fixup Team Assignment (elastic#72467) [docs] remove references to tile map visualization in supported aggregations (elastic#72493) [ci][apm-ui] fix argument name for disabling pr comments (elastic#72633) Only check that the event ids are the same in arrays (elastic#72624) includes hidden params type in SO client Add doc titles to ES UI apps (elastic#71045) Add Upgrade Assistant API integration test to ensure the reindex operation saved object can handle immense error messages (elastic#72347) [APM] Disable flaky rum e2e’s (elastic#72614) Applying tiny fix from 72532 to main branch (elastic#72533) [APM] Update script with new roles/users (elastic#72599) [Security Solution] Add margin (elastic#72542) Migrated fixed_scroll karma tests to jest (elastic#72258) [ML] Handling data recognizer saved object errors (elastic#72447) [Monitoring] Fix the messaging around needing TLS enabled (elastic#72310) [Task Manager] Batches the update operations in Task Manager (elastic#71470)

kibanamachine · 2020-07-23T13:58:45Z

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create backports run node scripts/backport --pr 72599 or prevent reminders by adding the backport:skip label.

[APM] Update script with new roles/users

36c71ec

sorenlouv requested a review from a team as a code owner July 21, 2020 09:58

botelastic bot added the Team:APM All issues that need APM UI Team support label Jul 21, 2020

sorenlouv commented Jul 21, 2020

View reviewed changes

sorenlouv added release_note:skip Skip the PR/issue when compiling release notes v8.0.0 labels Jul 21, 2020

sorenlouv added 2 commits July 21, 2020 12:41

add log

4f98e91

Add validation for http prefix

810d25c

cauemarcondes approved these changes Jul 21, 2020

View reviewed changes

sorenlouv merged commit 2fc7112 into elastic:master Jul 21, 2020

sorenlouv deleted the change-setup-users-script branch July 21, 2020 13:55

kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jul 23, 2020

sorenlouv added the backport:skip This commit does not require backporting label Jul 23, 2020

kibanamachine removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jul 23, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[APM] Update script with new roles/users #72599

[APM] Update script with new roles/users #72599

sorenlouv commented Jul 21, 2020 •

edited

Loading

elasticmachine commented Jul 21, 2020

sorenlouv Jul 21, 2020

cauemarcondes commented Jul 21, 2020

sorenlouv commented Jul 21, 2020

apmmachine commented Jul 21, 2020 •

edited

Loading

Build stats

Test stats 🧪

cauemarcondes commented Jul 21, 2020

kibanamachine commented Jul 21, 2020

cauemarcondes left a comment

kibanamachine commented Jul 23, 2020

[APM] Update script with new roles/users #72599

[APM] Update script with new roles/users #72599

Conversation

sorenlouv commented Jul 21, 2020 • edited Loading

elasticmachine commented Jul 21, 2020

sorenlouv Jul 21, 2020

Choose a reason for hiding this comment

cauemarcondes commented Jul 21, 2020

sorenlouv commented Jul 21, 2020

apmmachine commented Jul 21, 2020 • edited Loading

💔 Tests Failed

Build stats

Test stats 🧪

Test errors

Steps errors

Log output

cauemarcondes commented Jul 21, 2020

kibanamachine commented Jul 21, 2020

💚 Build Succeeded

Build metrics

cauemarcondes left a comment

Choose a reason for hiding this comment

kibanamachine commented Jul 23, 2020

sorenlouv commented Jul 21, 2020 •

edited

Loading

apmmachine commented Jul 21, 2020 •

edited

Loading