-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] RBAC - Make agents write APIs space aware - 4/4 #191277
[Fleet] RBAC - Make agents write APIs space aware - 4/4 #191277
Conversation
/ci |
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
Hey @nchaulet - this PR should be ready for first review - I've detailed the changes in the description to help with the review. I'm still looking if I can figure out tests for queries in batches as these have proven unstable, otherwise I think this is everything. |
x-pack/test/fleet_api_integration/apis/space_awareness/agents.ts
Outdated
Show resolved
Hide resolved
/ci |
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#6810[✅] x-pack/test/fleet_api_integration/config.space_awareness.ts: 200/200 tests passed. |
Pinging @elastic/fleet (Team:Fleet) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@elasticmachine merge upstream |
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code LGTM 🚀 renaming namespace
=> spaceId
remove a lot of confusion that's great
Summary
Closes #185040
Followup to:
#188507
#189519
#190069
This PR contains the last required changed for making Fleet agents write APIs space aware:
POST /agents/{agentId}/unenroll
POST /agents/{agentId}/request_diagnostics
POST /agents/bulk_unenroll
POST /agents/bulk_request_diagnostics
POST /agents/bulk_update_agent_tags
where the space id was not passed.namespaces
property when creating agent actions when the space id is known.currentNamespace
tocurrentSpaceId
where appropriate (see comment below).⚠️ At the time of writing, I would like there to be more tests covering bulk query processing in batches, which are currently lacking. I have experienced difficulties getting those tests to pass consistently.Filed followup issue for those.A note on terminology
As pointed out in #191083 (comment), it seems that the terms "namespace" and "space id" are occasionally used interchangeably in some parts of the codebase to refer to a Kibana space. For instance, documents in Fleet indices (agents, agent policies, agent actions...) possess a
namespaces
property to track the spaces they belong to. The current space id is also returned using the Saved Object client'sgetCurrentNamespace
function.However, "namespace" is also a datastream property. In the Agent policy settings UI, the "Spaces" property (which will be linked to the saved object's
namespaces
property) is above the "Default namespace" property, which relates to the integration's data streams:This should not be a source of major issues, but is best clarified for future reference. In this PR, I've replaced some occurrences of
namespace
withspaceId
where appropriate to try to maximise the use of the latter.Testing
Checklist