Private monitor management locations MVP #475
Comments
andrewvc
added
enhancement
|
For users entering through the Elastic Synthetics page, should we disable the ability to add integrations directly and navigate them to MM?
Test now functionality should also be disabled. |
UpdateI added some designs for the Private location flyout to the issue description based on a session with @shahzad31 and @dominiqueclarke. I made these pretty quickly based on Shahzad's work. I'm hoping these are relatively small improvements we can get in, but I certainly don't want to block this feature from getting into the next release. Let me know if there are any areas we can simplify. Other feedback
Remove the map marker icon and just say "Private locations".
Change text to "This policy is managed externally", or even better / if possible, "This policy can be managed in the Uptime application". Also, use the tooltips
I understand we can only control the bottom portion of this page, but as is, this is pretty confusing and it feels like there is a lot of unnecessary content on the page. If possible, can we use a single callout with a link to Uptime, and not show any of the form inputs since they are not editable? |
SetupTesting this feature requires Fleet server and You can choose to either set up Fleet server and elastic-agent manually or automated using Via
|
| Kibana permission | Fleet | all |
| Kibana permission | Integrations | all |
| Kibana permissions | Uptime | all |
| Cluster permission | manage_own_api_keys | |
| Index permission | synthetics-* | all |
Uptime user
| Kibana permissions | Uptime | all |
| Cluster permission | manage_own_api_keys | |
| Index permission | synthetics-* | all |
Fleet user - Cloud
Setup:
- Add the following keys to Kibana.yml. This will cause Kibana to run under a cloud context: https://p.elstc.co/paste/4evUZg9W#RQNLl3iVTsPUVpfPlhH8U4CWM007ONUcgIr+VXWm9Aa
| When | I first visit Monitor Management | I see an enabled prompt with legal text implying that my use means acceptance of T&C | |
| When | I first enable Monitor Management | I see an empty monitor list, the Add Monitor button is enabled, and the Private Locations button is Visible | |
| When | I click on the Private Locations button | A flyout appears with a prompt to add my first location | |
| When | I click add location | if I have existing agent policies | I am prompted to add the location name and select an agent |
| When | I click add location | if I don't have existing agent policies | I see a prompt directing me to add an agent by redirecting to Fleet |
| When | I add a location | It's added to the locations list | I cannot edit it |
| When | I click Add monitor | I see the newly added location in the locations list | It has a Private label |
| When | I have a monitor configured for a private location | I cannot delete that private location until all monitors for that location are removed | |
| When | I have no monitors for a given location | I can delete that private location | |
| When | I save a monitor with a private location | The data should appear in Uptime overview list, and the location for the check should be marked with the correct location name | |
| When | I visit the associated Agent Policy page in Fleet for a given location | Any integrations made from private locations are not able to be deleted | |
| When | I visit the associated Agent Policy page in Fleet for a given location | When I click edit integration | I'm redirected to a read-only view where I can navigate to monitor management. |
| When | I create monitors with the same name in different spaces | I do not get any errors | |
| When | I delete an agent policy tied to a private location | My private location displays as invalid | I can edit existing monitors to remove the invalid location |
Uptime only user - Cloud
Setup:
- Add the following keys to Kibana.yml. This will cause Kibana to run under a cloud context: https://p.elstc.co/paste/4evUZg9W#RQNLl3iVTsPUVpfPlhH8U4CWM007ONUcgIr+VXWm9Aa
Prerequisites
- Ensure monitor management is already enabled by the admin user
| When | I click on the Private Locations button | A permissions disclaimer is displayed | I cannot add or delete private locations |
| When | I click Add monitor | I see public and private locations | Private locations are disabled |
| When | I visit the monitor list | the edit and delete buttons are disabled for monitors with private locations | the edit and delete buttons are enabled for monitors with public locations |
| When | I click the api key button | I see a prompt notifying me that my permissions are insufficient to use private locations | I can still create an api key |
Fleet user - On Prem
Setup
- REMOVE the following keys to Kibana.yml. This will cause Kibana to run under an on-prem context. Ensure no other
x-pack.uptime.servicekeys are defined https://p.elstc.co/paste/4evUZg9W#RQNLl3iVTsPUVpfPlhH8U4CWM007ONUcgIr+VXWm9Aa
| When | I first visit Monitor Management | I see an enabled prompt with legal text implying that my use means accepted of T&C | |
| When | I first enable Monitor Management | I see a prompt directing me to create my first location | |
| When | I don't have any private locations | The add monitor button is disabled | |
| When | I click on the Private Locations button | A flyout appears with a prompt to add my first location | |
| When | I click add location | if I have existing agent policies | I am prompted to add the location name and select an agent |
| When | I click add location | if I don't have existing agent policies | I see a prompt directing me to add an agent by redirecting to Fleet |
| When | I add a location | It's added to the locations list | I cannot edit it |
| When | I click Add monitor | I see the newly added location in the locations list | It has a Private label |
| When | I have a monitor configured for a private location | I cannot delete that private location until all monitors for that location are removed | |
| When | I have no monitors for a given location | I can delete that private location | |
| When | I save a monitor with a private location | The data should appear in Uptime overview list, and the location for the check should be marked with the correct location name | |
| When | I visit the associated Agent Policy page in Fleet for a given location | Any integrations made from private locations are not able to be deleted | |
| When | I visit the associated Agent Policy page in Fleet for a given location | When I click edit integration | I'm redirected to a read-only view where I can navigate to monitor management. |
| When | I create monitors with the same name in different spaces | I do not get any errors | |
| When | I delete an agent policy tied to a private location | My private location displays as invalid | I can edit existing monitors to remove the invalid location |
Uptime only user - On Prem
Setup
Setup
- REMOVE the following keys to Kibana.yml. This will cause Kibana to run under an on-prem context. Ensure no other
x-pack.uptime.servicekeys are defined https://p.elstc.co/paste/4evUZg9W#RQNLl3iVTsPUVpfPlhH8U4CWM007ONUcgIr+VXWm9Aa
Prerequisites
- Ensure monitor management is already enabled by the admin user
| When | I click on the Private Locations button | A permissions disclaimer is displayed | I cannot add or delete private locations |
| When | I visit the monitor list | the Add Monitor Button is Disabled | |
| When | I visit the monitor list | the edit and delete buttons are disabled | |
| When | I click the api key button | I see a prompt notifying me that my permissions are insufficient to use private locations | I can still create an api key |
Fleet user - Project Monitors
Setup
- In Kibana, sign into the Fleet user and generate an api key from the API Keys button. Note: (In order to use private locations, you must generate the api key from a user with Fleet permissions, so ensure you create a new api key instead of using an old one)
- In Kibana, ensure you have private locations configured by clicking the Private Locations button and adding a location
- Check out the main branch of the
syntheticsrepo. - Run npm run build
- cd
./examples/todos.
Example command (You can assign private locations by the location's name)
node ../../dist/cli.js push --url [YOUR_KIBANA_URL] --project test-project --auth [YOUR_API_KEY] --schedule 3 --privateLocations "[YOUR LOCATION NAME]"
Example dsl (You can assign private locations by the location's name)
journey('check if input placeholder is correct', ({ page, params }) => {
monitor.use({
schedule: 5,
privateLocations: ["YOUR LOCATION NAME"]
})
step('launch app', async () => {
await page.goto(params.url);
});
});
In Kibana
| When | I click on the API key button in Kibana | I can create an API key with Uptime and Fleet permissions |
From the command line
| When | I define a default private location via --privateLocations and do not define privateLocations via monitor.use |
The monitor is created with that location | |
| When | I define a private location via monitor.use({ privateLocations: [...] }) |
The monitor is created with that location | |
| When | I update a monitor that has an assigned private location | The monitor is updated | The associated integration policy is updated |
| When | I delete a location by removing it from monitor.use re-push |
The monitor is updated to remove that location | The associated Integration policy is deleted |
| When | I delete a monitor and re-push | The monitor | The associated Integration policy is deleted |
Uptime user - Project Monitors
Setup
- In Kibana, sign into the Uptime user and generate an api key from the API Keys button. Note: (This api key will have limited permissions, causing errors)
- In Kibana, ensure you have private locations configured by clicking the Private Locations button and adding a location
- Check out the main branch of the
syntheticsrepo. - Run npm run build
- cd
./examples/todos.
Example command (You can assign private locations by the location's name)
node ../../dist/cli.js push --url [YOUR_KIBANA_URL] --project test-project --auth [YOUR_API_KEY] --schedule 3 --privateLocations "[YOUR LOCATION NAME]"
Example dsl (You can assign private locations by the location's name)
journey('check if input placeholder is correct', ({ page, params }) => {
monitor.use({
schedule: 5,
privateLocations: ["YOUR LOCATION NAME"]
})
step('launch app', async () => {
await page.goto(params.url);
});
});
In Kibana
| When | I click on the API key button in Kibana | I see a disclaimer stating that I cannot use private locations | I can still create an api key |
From the command line
| When | I define a default private location via --privateLocations and do not define privateLocations via monitor.use and push |
I receive an error stating that I do not have permissions | |
| When | I define a private location via monitor.use({ privateLocations: [...] }) and push |
I receive an error stating that I do not have permissions | |
| When | I attempt to update a monitor that has an assigned private location | I receive an error stating that I do not have permissions | |
| When | I delete a location by removing it from monitor.use re-push |
I receive an error stating that I do not have permissions | |
| When | I delete a monitor and re-push | I receive an error stating that I do not have permissions |
|
It took me quite a bit of time to set things up due to https://github.com/elastic/synthetics-service/issues/685. So I had to fix that locally before proceeding. Also, setting up a remote OBLT cluster was not possible because of the I ended up testing this locally against the elastic stack with the change which allows the service to disable SSL on dev mode. Will post feedback for the other flows in a bit. (click to links to see images) Fleet user
FeedbackStep 5: It's not immediately obvious what the user should do because there are two primary buttons. Should they click the one on the bottom or the one on the top? This is confusing IMO. |
|
@lucasfcosta Please see elastic/kibana#137526 for the fix to the critical issue. It isn't related to the issue with the beta status label at all, though I will ping you seperately about that
cc: @hbharding for final decision
Done
I haven't addressed this as of yet. @hbharding what do you think? |
|
@dominiqueclarke I'm in the process of running on-prem checks, just wanted to make sure, fleet user should not have permission to enable Monitor Management right? There's a explanatory note for uptime user but nor for fleet, so I'm not sure what the expectation is here. (Ignore this comment, it's the same @lucasfcosta posted above) |
|
@dominiqueclarke qq about lightweight checks. I've noticed |
|
About these two:
Found a race condition where if Kibana takes long to respond, it's actually possible to remove a private location with monitors configured. They appear as Here's the recording |
@emilioalvap That is not intended. Good catch! Please pull down the fix from this PR and retest. Testing instructions included elastic/integrations#3925 |
Yes, we do not currently support run once for private locations
Unfortunately, this is where we are at for MVP. We don't have as much control over those two fields, as they are controlled by the Fleet UI codebase. In the future, we can make improvements, but for MVP we ran out of time to improve this through contributions on the Fleet side.
I agree. This has been discussed, and again came down to running out of time. Might be able to get it in as a bug fix, but this change wasn't prioritized.
On the agent policy page on the Settings tab, there should be a Delete button at the bottom. You may need to unenroll the agent attached to the policy first. @lucasfcosta , we don't want to disable generation, particularly on cloud, because we don't know if the user intends to use private locations or not. Highlighting the warning better is a good idea. @hbharding thoughts? Disabling it entirely when the user does not have fleet permissions on-prem would make sense. When the user doesn't have the proper permissions for UI monitors with private locations, they aren't able to add them at all from the UI. However, with project monitors, if the user tries to create a project monitor with a private location via push with a limited permission API key, they will receive a helpful error message reported back in the CLI. |
Project monitorsOn cloud with fleet
On cloud with uptime user |
@lucasfcosta I'm assuming this is for an Uptime only user. Did you remove this key in your Kibana.yml file? |
|
@dominiqueclarke that was it, thank you! Removing it did disable the button. Everything else seems fine still. Thank you very much! |
|
Closing this one and actually moving straight to "Done Done" as recommended by @shahzad31 on Slack. |
This takes over for #441 which has grown long and unwieldy.
This issue defines ACs for an initial implementation of private locations for monitor management in the Uptime app. The locations are
to be implemented atop fleet continuing the work in @shahzad31 's POC
ACs
Design
Flyout
Flyout is 540px wide.
When private locations exist
When no locations exist
Add location form
Condition when no agent policies exist
Uptime
your data will leave this stacktext is still clearly visible in monitor managementMonitor Management
This should be added to the following screen, below the existing text
Fleet UI
The text was updated successfully, but these errors were encountered: