docs: Change API key docs to Kibana UI

[bmorelli25]

Motivation/summary

This PR updates API key documentation to use the Kibana UI instead of ES APIs or APM Server tools.

Let me see it

• Create an API key for agent/server comms
• Grant access to ES resources with API keys

Related issues

Closes elastic/observability-docs#965.

[bmorelli25]

Question for reviewers. Are these permissions correct for a publishing user? I didn't change anything here, but I did notice that our Grant privileges and roles needed for writing events documentation shows different req'd privs.

These docs	Privilege docs
Cluster: monitor + read_ilm	Cluster: none
Index (apm-*): view_index_metadata + create_doc	Index (apm-*): create_index + create_doc

[simitt]

Good catch! The linked docs have a NOTE at the beginning that the setup role is separated from the writer role to minimize the privileges required during writing. That's why the dedicated writer role has less privileges. But even with that, there are still discrepancies.

I'd only put a minimal example here, using the same privileges as documented for the writer role, and add a note that this assumes previous setup and link to the privileges docs for more details on that. Otherwise I am certain we will diverge again.

I did not explicitly test the privileges again, but remember that we did extensive testing when overhauling the privileges docs, so I think we can rely on them.

[bmorelli25]

I'd only put a minimal example here, using the same privileges as documented for the writer role, and add a note that this assumes previous setup and link to the privileges docs for more details on that. Otherwise I am certain we will diverge again.

Makes sense! I'll get that fixed.

but remember that we did extensive testing when overhauling the privileges docs, so I think we can rely on them.

💯

Thanks!

[bmorelli25]

Same question here. What we had is different from what we show in Grant privileges and roles needed for monitoring.

These docs	Privilege docs
Cluster: monitor	Cluster: none
Index (.monitoring-beats-*): create_index + create_doc	Index (.monitoring-beats-*): create_index + create_doc

[simitt]

Same as above, let's rely on the privilege docs.

[apmmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2021-08-23T21:29:15.708+0000

• Duration: 42 min 17 sec

• Commit: bf16de4

Test stats 🧪

Test	Results
Failed	0
Passed	5936
Skipped	14
Total	5950

Trends 🧪

[simitt]

leftover?

[bmorelli25]

leftover 😬

[simitt]

Good catch! The linked docs have a NOTE at the beginning that the setup role is separated from the writer role to minimize the privileges required during writing. That's why the dedicated writer role has less privileges. But even with that, there are still discrepancies.

I'd only put a minimal example here, using the same privileges as documented for the writer role, and add a note that this assumes previous setup and link to the privileges docs for more details on that. Otherwise I am certain we will diverge again.

I did not explicitly test the privileges again, but remember that we did extensive testing when overhauling the privileges docs, so I think we can rely on them.

[simitt]

Same as above, let's rely on the privilege docs.