Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add delete privilege to kibana_system for APM #85085

Merged
merged 6 commits into from
Mar 22, 2022
Merged

Conversation

axw
Copy link
Member

@axw axw commented Mar 18, 2022

Extend the kibana_system privileges to allow deletion of all APM indices.

This is a followup to #81811. Delete phases were added to all APM data stream ILM policies in 8.0.

Closes elastic/kibana#128014 elastic/apm-server#7568

@axw axw added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team auto-backport-and-merge v8.2.0 v8.0.2 v8.1.2 labels Mar 18, 2022
@elasticsearchmachine elasticsearchmachine added the external-contributor Pull request authored by a developer outside the Elasticsearch team label Mar 18, 2022
@axw axw force-pushed the fleet-apm-delete branch from 693b7b0 to fe2e8c4 Compare March 18, 2022 01:14
@axw axw marked this pull request as ready for review March 18, 2022 02:21
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@axw axw requested a review from joshdover March 18, 2022 02:21
@axw axw added the >bug label Mar 18, 2022
@elasticsearchmachine
Copy link
Collaborator

Hi @axw, I've created a changelog YAML for you.

axw added 3 commits March 18, 2022 15:33
(To ensure we match future APM data streams as well.)
@axw axw requested a review from simitt March 18, 2022 08:06
@axw
Copy link
Member Author

axw commented Mar 18, 2022

@elasticmachine run elasticsearch-ci/part-1

Copy link
Contributor

@joshdover joshdover left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit on the index pattern, other LGTM

@ywangd
Copy link
Member

ywangd commented Mar 20, 2022

Ping @elastic/kibana-security for awareness

Copy link

@jportner jportner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ping @elastic/kibana-security for awareness

Thanks! I reviewed the issues and the changes make sense to me.
Approving this with a LGTM for posterity 👍

Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@axw
Copy link
Member Author

axw commented Mar 22, 2022

Thanks all!

@axw axw merged commit e9f36d4 into elastic:master Mar 22, 2022
@axw axw deleted the fleet-apm-delete branch March 22, 2022 00:41
@elasticsearchmachine
Copy link
Collaborator

💔 Backport failed

The backport operation could not be completed due to the following error:

An unhandled error occurred. Please consult the logs

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 85085

@axw
Copy link
Member Author

axw commented Mar 22, 2022

💚 All backports created successfully

Status Branch Result
8.0

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

axw added a commit to axw/elasticsearch that referenced this pull request Mar 22, 2022
* Add delete privilege to kibana_system for APM

* Update docs/changelog/85085.yaml

* Loosen APM data stream wildcards

(To ensure we match future APM data streams as well.)

* Fix trailing comma

* Fix linting

* Make data stream patterns more specific

(cherry picked from commit e9f36d4)
@axw axw removed the v8.0.2 label Mar 22, 2022
axw added a commit that referenced this pull request Mar 22, 2022
* Add delete privilege to kibana_system for APM (#85085)

* Add delete privilege to kibana_system for APM

* Update docs/changelog/85085.yaml

* Loosen APM data stream wildcards

(To ensure we match future APM data streams as well.)

* Fix trailing comma

* Fix linting

* Make data stream patterns more specific

* Update docs/changelog/85199.yaml

* Delete 85199.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
>bug external-contributor Pull request authored by a developer outside the Elasticsearch team :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.1.2 v8.2.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[fleet] Integration ILM Policies have insufficient permissions to perform some actions
7 participants