-
Notifications
You must be signed in to change notification settings - Fork 524
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: clarify the usage of the server information endpoint #11881
Conversation
This pull request does not have a backport label. Could you fix it @rodrigc? 🙏
NOTE: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for sending the PR @rodrigc! I can't see your support case, but I guess there was some miscommunication: the endpoint's response body shouldn't differ based on whether it's a GET or POST method, what matters is whether the client is authorized. This is to minimise leaking information about the service to unauthorized (and potentially malicious) clients.
@rodrigc sorry, could you please sign your commit and force push again? |
Discussed in [case 01501264](https://support.elastic.co/cases/5008X00002UnA9UQAV) Signed-off-by: Craig Rodrigues <[email protected]>
Head branch was pushed to by a user without write access
Done |
@axw can you trigger the docs CI? I'm not sure, but I think something like: @elasticsearchmachine run elasticsearch-ci/docs is required |
/run elasticsearch-ci/docs |
/run elasticsearch-ci/docs |
@axw Thanks for the review and merge of this PR. I have one question. Would it be possible to include a default role in the apm-server code which is similar to That way, the end user would not need to worry so much about creating a role |
@rodrigc we could predefine a role in Elasticsearch (not in apm-server), but you would still need to create/assign a user that role, so it doesn't seem entirely ideal either. I think the long-term vision is that this should be built into a standard, but broader, role like "editor". The idea being that you have users that are admins, viewers, or editors; admins and editors should be able to create API Keys for agents, whereas viewers should not. If you wanted a more fine-grained role, then you would still have the option to create one. Does that sound sensible to you? |
That seems like a reasonable approach. I agree that more thought needs to be put into this. |
@rodrigc I've opened elastic/apm#831 to track this |
Discussed in case 01501264
Signed-off-by: Craig Rodrigues [email protected]
Motivation/summary
I found the existing documentation for the server information endpoint to be a bit confusing.
I didn't understand that GET and POST behave differently.
Checklist
apmpackage
have been made)For functional changes, consider:
How to test these changes
Related issues