Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Give Auditbeat k8s Clusterrole job permissions #36703

Merged
merged 2 commits into from
Oct 13, 2023
Merged

Give Auditbeat k8s Clusterrole job permissions #36703

merged 2 commits into from
Oct 13, 2023

Conversation

mjwolf
Copy link
Contributor

@mjwolf mjwolf commented Sep 28, 2023

Proposed commit message

Update the Auditbeat Kubernetes cluster role to add read permissions on jobs/cronjobs. These permissions were added to other Cluster Role permissions previously, but was missed on auditbeat.

Checklist

  • My code follows the style guidelines of this project
  • [] I have commented my code, particularly in hard-to-understand areas
  • [] I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

This was tested by running the auditbeat daemonset on a GKE cluster with a cronjob running. The original failed to list *v1.Job: jobs.batch is forbidden error was not seen in auditbeat logs, and auditbeat process events were enriched with orchatrator information:

{
  "_index": ".ds-auditbeat-8.10.2-2023.09.25-000001",
  "_id": "uhUL3YoBpJN1dyjWXk92",
  "_score": 1,
  "fields": {
    "orchestrator.cluster.name": [
      "cluster1"
    ],
    "event.category": [
      "process"
    ],
    "agent.type": [
      "auditbeat"
    ],
    "orchestrator.cluster.url": [
      "https://192.168.0.2"
    ],
    "event.action": [
      "process_started"
    ],
    "event.type": [
      "start"
    ],
    "event.dataset": [
      "process"
    ],
...
  }
}

Related issues

@mjwolf
Give Auditbeat k8s Clusterrole job permissions
7dcdf2b 
Add Cluster role permission to auditbeat that allows gathering infomation for
jobs/cronjobs.
@mjwolf mjwolf added the bug label Sep 28, 2023
@mjwolf mjwolf requested review from a team as code owners September 28, 2023 18:57
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Sep 28, 2023
@mjwolf mjwolf added the Team:Security-Linux Platform Linux Platform Team in Security Solution label Sep 28, 2023
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Sep 28, 2023
@mergify mergify bot assigned mjwolf Sep 28, 2023
@mergify
Copy link
Contributor

mergify bot commented Sep 28, 2023

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @mjwolf? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 28, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-09-28T18:59:12.302+0000

  • Duration: 46 min 58 sec

Test stats 🧪

Test Results
Failed 0
Passed 3
Skipped 0
Total 3

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@andrewkroh andrewkroh added the Team:Elastic-Agent Label for the Agent team label Oct 6, 2023
@mjwolf mjwolf merged commit ee455fc into elastic:main Oct 13, 2023
6 checks passed
@mjwolf mjwolf deleted the auditbeat-cronjob branch October 13, 2023 19:09
Scholar-Li pushed a commit to Scholar-Li/beats that referenced this pull request Feb 5, 2024
@mjwolf @Scholar-Li
Give Auditbeat k8s Clusterrole job permissions (elastic#36703)
41c01f2 
Update the Auditbeat Kubernetes cluster role to add read permissions on jobs/cronjobs. These permissions were added to other Cluster Role permissions previously, but was missed on auditbeat.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

@rdner rdner rdner approved these changes

@faec faec Awaiting requested review from faec faec is a code owner automatically assigned from elastic/elastic-agent-data-plane

@ChrsMark ChrsMark Awaiting requested review from ChrsMark ChrsMark was automatically assigned from elastic/obs-cloudnative-monitoring

@MichaelKatsoulis MichaelKatsoulis Awaiting requested review from MichaelKatsoulis MichaelKatsoulis was automatically assigned from elastic/obs-cloudnative-monitoring

Assignees

@mjwolf mjwolf

Labels
bug Team:Elastic-Agent Label for the Agent team Team:Security-Linux Platform Linux Platform Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Auditbeat] Kubernetes enrichment not working without cronjob metadata
4 participants
@mjwolf @elasticmachine @rdner @andrewkroh