Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Give output API key the correct privileges #60094

Merged
merged 1 commit into from
Mar 13, 2020
Merged

[Fleet] Give output API key the correct privileges #60094

merged 1 commit into from
Mar 13, 2020

Conversation

nchaulet
Copy link
Member

Description

The output API key, that is used by elastic agents to send data to ES need the permission to create indices.

Add the created_index permission to create logs-*, metrics-*, ...

@nchaulet nchaulet added release_note:skip Skip the PR/issue when compiling release notes Feature:EPM Fleet team's Elastic Package Manager (aka Integrations) project Feature:Fleet Fleet team's agent central management project labels Mar 13, 2020
@nchaulet nchaulet requested review from michalpristas and a team March 13, 2020 11:43
@elasticmachine
Copy link
Contributor

Pinging @elastic/ingest-management (Feature:EPM)

@nchaulet nchaulet added the v7.8 label Mar 13, 2020
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@nchaulet nchaulet merged commit 4f0dd99 into elastic:master Mar 13, 2020
@nchaulet nchaulet deleted the fix-fleet-api-key-privileges-2 branch March 13, 2020 17:14
@nchaulet nchaulet mentioned this pull request Mar 13, 2020
Merged
@jen-huang jen-huang added v7.7.0 and removed v7.8 labels Mar 13, 2020
@jen-huang
Copy link
Contributor

@nchaulet I changed this label to v7.7.0. I know we are not anticipating this project to be released until 7.8, but for the purposes of our current PR tagging it should be 7.7 as that's the next release that will be cut from the 7.x branch.

nchaulet added a commit that referenced this pull request Mar 13, 2020
@nchaulet
[Fleet] Give output API key the correct privileges (#60094) (#60131)
fb5a88e
ruflin
ruflin reviewed Mar 16, 2020
View reviewed changes
x-pack/plugins/ingest_manager/server/services/api_keys/index.ts
@@ -22,8 +22,8 @@ export async function generateOutputApiKey(
cluster: ['monitor'],
index: [
{
names: ['logs-*', 'metrics-*'],
privileges: ['write'],
names: ['logs-*', 'metrics-*', 'events-*', 'metricbeat*'],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nchaulet What is metricbeat* doing in the list here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to add it while demoing the agent last friday, the agent was sending some data to metricbeat* I am going to check which index in details

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michalpristas @ph ? ^

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nothing should be sent to metricbeat*, i will check, maybe some stale metricbeat binary i gave you

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

defaultIndex for elasticsearch output is in form beat-version-yyyy-mm-dd if no index is specified. i need to figure out why metricbeat sends data to this index but filebeat is not, configuration of output is the same for both

@nchaulet nchaulet mentioned this pull request Mar 16, 2020
Merged
@jen-huang jen-huang added the Team:Fleet Team label for Observability Data Collection Fleet team label Mar 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin left review comments

@jfsiii jfsiii jfsiii approved these changes

@michalpristas michalpristas Awaiting requested review from michalpristas

Assignees

@nchaulet nchaulet

Labels
Feature:EPM Fleet team's Elastic Package Manager (aka Integrations) project Feature:Fleet Fleet team's agent central management project release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v7.7.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@nchaulet @elasticmachine @kibanamachine @jen-huang @jfsiii @ruflin @michalpristas