From 85c55c332c8018b1f5e8c1842429cb437b94569c Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Fri, 29 Apr 2022 20:03:45 +0200 Subject: [PATCH 1/7] Add elasticsearch.privileges.allow_routing flag --- .../validator/testdata/limits/data_stream/foo/manifest.yml | 1 + test/packages/good/data_stream/foo/manifest.yml | 1 + .../missing_required_fields/data_stream/foo/manifest.yml | 1 + versions/1/integration/changelog.yml | 3 +++ versions/1/integration/data_stream/manifest.spec.yml | 5 +++++ 5 files changed, 11 insertions(+) diff --git a/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml b/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml index 7b2aa77a2..9eafa5162 100644 --- a/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml +++ b/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml @@ -33,3 +33,4 @@ elasticsearch.index_template.mappings: b: 1 elasticsearch.index_template.ingest_pipeline.name: foobar elasticsearch.privileges.indices: [auto_configure, create_doc, monitor] +elasticsearch.privileges.allow_routing: true diff --git a/test/packages/good/data_stream/foo/manifest.yml b/test/packages/good/data_stream/foo/manifest.yml index 7b2aa77a2..9eafa5162 100644 --- a/test/packages/good/data_stream/foo/manifest.yml +++ b/test/packages/good/data_stream/foo/manifest.yml @@ -33,3 +33,4 @@ elasticsearch.index_template.mappings: b: 1 elasticsearch.index_template.ingest_pipeline.name: foobar elasticsearch.privileges.indices: [auto_configure, create_doc, monitor] +elasticsearch.privileges.allow_routing: true diff --git a/test/packages/missing_required_fields/data_stream/foo/manifest.yml b/test/packages/missing_required_fields/data_stream/foo/manifest.yml index 7b2aa77a2..9eafa5162 100644 --- a/test/packages/missing_required_fields/data_stream/foo/manifest.yml +++ b/test/packages/missing_required_fields/data_stream/foo/manifest.yml @@ -33,3 +33,4 @@ elasticsearch.index_template.mappings: b: 1 elasticsearch.index_template.ingest_pipeline.name: foobar elasticsearch.privileges.indices: [auto_configure, create_doc, monitor] +elasticsearch.privileges.allow_routing: true diff --git a/versions/1/integration/changelog.yml b/versions/1/integration/changelog.yml index 1c5b293ab..da39052e5 100644 --- a/versions/1/integration/changelog.yml +++ b/versions/1/integration/changelog.yml @@ -10,6 +10,9 @@ - description: Add Kibana/osquery-saved-query type: enhancement link: https://github.com/elastic/package-spec/pull/321 + - description: Add "elasticsearch.privileges.allow_routing" to data stream manifest + type: enhancement + link: https://github.com/elastic/package-spec/pull/326 - version: 1.7.0 changes: - description: Add kibana/osquery-pack-asset diff --git a/versions/1/integration/data_stream/manifest.spec.yml b/versions/1/integration/data_stream/manifest.spec.yml index 826e9f56e..51eab6a53 100644 --- a/versions/1/integration/data_stream/manifest.spec.yml +++ b/versions/1/integration/data_stream/manifest.spec.yml @@ -212,5 +212,10 @@ spec: type: array items: type: string + allow_routing: + description: When set to true, the integration is granted data stream privileges for all datasets and namespaces of its type + type: boolean + items: + type: string required: - title From a765a8725b3bcf19589fff9c367364252a237157 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Fri, 29 Apr 2022 20:10:08 +0200 Subject: [PATCH 2/7] Fix PR number --- versions/1/integration/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/1/integration/changelog.yml b/versions/1/integration/changelog.yml index da39052e5..48612de04 100644 --- a/versions/1/integration/changelog.yml +++ b/versions/1/integration/changelog.yml @@ -12,7 +12,7 @@ link: https://github.com/elastic/package-spec/pull/321 - description: Add "elasticsearch.privileges.allow_routing" to data stream manifest type: enhancement - link: https://github.com/elastic/package-spec/pull/326 + link: https://github.com/elastic/package-spec/pull/327 - version: 1.7.0 changes: - description: Add kibana/osquery-pack-asset From 45fd7c4067d63cc14bc557b6f2582c4edeaa6800 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Mon, 2 May 2022 16:03:38 +0200 Subject: [PATCH 3/7] Move allow_routing to top level --- .../testdata/limits/data_stream/foo/manifest.yml | 2 +- test/packages/good/data_stream/foo/manifest.yml | 2 +- .../data_stream/foo/manifest.yml | 2 +- versions/1/integration/changelog.yml | 2 +- versions/1/integration/data_stream/manifest.spec.yml | 10 +++++----- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml b/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml index 9eafa5162..aee720107 100644 --- a/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml +++ b/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml @@ -1,5 +1,6 @@ title: Nginx access logs type: logs +allow_routing: true streams: - input: logfile vars: @@ -33,4 +34,3 @@ elasticsearch.index_template.mappings: b: 1 elasticsearch.index_template.ingest_pipeline.name: foobar elasticsearch.privileges.indices: [auto_configure, create_doc, monitor] -elasticsearch.privileges.allow_routing: true diff --git a/test/packages/good/data_stream/foo/manifest.yml b/test/packages/good/data_stream/foo/manifest.yml index 9eafa5162..aee720107 100644 --- a/test/packages/good/data_stream/foo/manifest.yml +++ b/test/packages/good/data_stream/foo/manifest.yml @@ -1,5 +1,6 @@ title: Nginx access logs type: logs +allow_routing: true streams: - input: logfile vars: @@ -33,4 +34,3 @@ elasticsearch.index_template.mappings: b: 1 elasticsearch.index_template.ingest_pipeline.name: foobar elasticsearch.privileges.indices: [auto_configure, create_doc, monitor] -elasticsearch.privileges.allow_routing: true diff --git a/test/packages/missing_required_fields/data_stream/foo/manifest.yml b/test/packages/missing_required_fields/data_stream/foo/manifest.yml index 9eafa5162..aee720107 100644 --- a/test/packages/missing_required_fields/data_stream/foo/manifest.yml +++ b/test/packages/missing_required_fields/data_stream/foo/manifest.yml @@ -1,5 +1,6 @@ title: Nginx access logs type: logs +allow_routing: true streams: - input: logfile vars: @@ -33,4 +34,3 @@ elasticsearch.index_template.mappings: b: 1 elasticsearch.index_template.ingest_pipeline.name: foobar elasticsearch.privileges.indices: [auto_configure, create_doc, monitor] -elasticsearch.privileges.allow_routing: true diff --git a/versions/1/integration/changelog.yml b/versions/1/integration/changelog.yml index 48612de04..dc48ba8a2 100644 --- a/versions/1/integration/changelog.yml +++ b/versions/1/integration/changelog.yml @@ -10,7 +10,7 @@ - description: Add Kibana/osquery-saved-query type: enhancement link: https://github.com/elastic/package-spec/pull/321 - - description: Add "elasticsearch.privileges.allow_routing" to data stream manifest + - description: Add "allow_routing" to data stream manifest type: enhancement link: https://github.com/elastic/package-spec/pull/327 - version: 1.7.0 diff --git a/versions/1/integration/data_stream/manifest.spec.yml b/versions/1/integration/data_stream/manifest.spec.yml index 51eab6a53..5c03e8b4f 100644 --- a/versions/1/integration/data_stream/manifest.spec.yml +++ b/versions/1/integration/data_stream/manifest.spec.yml @@ -143,6 +143,11 @@ spec: hidden: description: Specifies if a data stream is hidden type: boolean + allow_routing: + description: When set to true, the integration is granted data stream privileges for all datasets and namespaces of its type + type: boolean + items: + type: string streams: description: Streams offered by data stream. type: array @@ -212,10 +217,5 @@ spec: type: array items: type: string - allow_routing: - description: When set to true, the integration is granted data stream privileges for all datasets and namespaces of its type - type: boolean - items: - type: string required: - title From f0ea0354b56c560710f2c530576dd2bfe12c9474 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Wed, 4 May 2022 10:32:23 +0200 Subject: [PATCH 4/7] Apply suggestions from review --- .../validator/testdata/limits/data_stream/foo/manifest.yml | 1 - .../missing_required_fields/data_stream/foo/manifest.yml | 1 - versions/1/integration/data_stream/manifest.spec.yml | 4 +--- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml b/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml index aee720107..7b2aa77a2 100644 --- a/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml +++ b/code/go/pkg/validator/testdata/limits/data_stream/foo/manifest.yml @@ -1,6 +1,5 @@ title: Nginx access logs type: logs -allow_routing: true streams: - input: logfile vars: diff --git a/test/packages/missing_required_fields/data_stream/foo/manifest.yml b/test/packages/missing_required_fields/data_stream/foo/manifest.yml index aee720107..7b2aa77a2 100644 --- a/test/packages/missing_required_fields/data_stream/foo/manifest.yml +++ b/test/packages/missing_required_fields/data_stream/foo/manifest.yml @@ -1,6 +1,5 @@ title: Nginx access logs type: logs -allow_routing: true streams: - input: logfile vars: diff --git a/versions/1/integration/data_stream/manifest.spec.yml b/versions/1/integration/data_stream/manifest.spec.yml index 5c03e8b4f..4c30f2e20 100644 --- a/versions/1/integration/data_stream/manifest.spec.yml +++ b/versions/1/integration/data_stream/manifest.spec.yml @@ -144,10 +144,8 @@ spec: description: Specifies if a data stream is hidden type: boolean allow_routing: - description: When set to true, the integration is granted data stream privileges for all datasets and namespaces of its type + description: When set to true, the package is granted data stream privileges for all datasets and namespaces of its type type: boolean - items: - type: string streams: description: Streams offered by data stream. type: array From b6daaf06598d514dd71e64a60d2416c974ed2cc4 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Wed, 4 May 2022 21:38:36 +0200 Subject: [PATCH 5/7] Apply suggestions from code review Co-authored-by: Josh Dover <1813008+joshdover@users.noreply.github.com> --- versions/1/integration/data_stream/manifest.spec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions/1/integration/data_stream/manifest.spec.yml b/versions/1/integration/data_stream/manifest.spec.yml index 4c30f2e20..14dae34b8 100644 --- a/versions/1/integration/data_stream/manifest.spec.yml +++ b/versions/1/integration/data_stream/manifest.spec.yml @@ -144,7 +144,7 @@ spec: description: Specifies if a data stream is hidden type: boolean allow_routing: - description: When set to true, the package is granted data stream privileges for all datasets and namespaces of its type + description: When set to true, agents running this integration are granted data stream privileges for all datasets and namespaces of its type type: boolean streams: description: Streams offered by data stream. From 7ac2d247cb3b313e110a5c3eab215b9391a31197 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Wed, 16 Nov 2022 09:33:10 +0100 Subject: [PATCH 6/7] Rename flag to dynamic_dataset/dynamic_namespace Also moves to elasticsearch.privileges --- spec/changelog.yml | 2 +- spec/integration/data_stream/manifest.spec.yml | 9 ++++++--- test/packages/good/data_stream/foo/manifest.yml | 3 ++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/spec/changelog.yml b/spec/changelog.yml index 906cdfac3..d50b73124 100644 --- a/spec/changelog.yml +++ b/spec/changelog.yml @@ -7,7 +7,7 @@ - description: Prepare for next version type: enhancement link: https://github.com/elastic/package-spec/pull/442 - - description: Add "allow_routing" to data stream manifest + - description: Add "elasticsearch.privileges.dynamic_dataset" and "elasticsearch.privileges.dynamic_namespace" to data stream manifest type: enhancement link: https://github.com/elastic/package-spec/pull/327 - version: 2.1.0 diff --git a/spec/integration/data_stream/manifest.spec.yml b/spec/integration/data_stream/manifest.spec.yml index 2ed8e4567..cfd19b4c6 100644 --- a/spec/integration/data_stream/manifest.spec.yml +++ b/spec/integration/data_stream/manifest.spec.yml @@ -149,9 +149,6 @@ spec: hidden: description: Specifies if a data stream is hidden type: boolean - allow_routing: - description: When set to true, agents running this integration are granted data stream privileges for all datasets and namespaces of its type - type: boolean streams: description: Streams offered by data stream. type: array @@ -241,6 +238,12 @@ spec: type: array items: type: string + dynamic_dataset: + description: When set to true, agents running this integration are granted data stream privileges for all datasets of its type + type: boolean + dynamic_namespace: + description: When set to true, agents running this integration are granted data stream privileges for all namespaces of its type + type: boolean source_mode: description: |- Source mode to use. This configures how the document source (`_source`) is stored diff --git a/test/packages/good/data_stream/foo/manifest.yml b/test/packages/good/data_stream/foo/manifest.yml index aee720107..2d598fa96 100644 --- a/test/packages/good/data_stream/foo/manifest.yml +++ b/test/packages/good/data_stream/foo/manifest.yml @@ -1,6 +1,5 @@ title: Nginx access logs type: logs -allow_routing: true streams: - input: logfile vars: @@ -34,3 +33,5 @@ elasticsearch.index_template.mappings: b: 1 elasticsearch.index_template.ingest_pipeline.name: foobar elasticsearch.privileges.indices: [auto_configure, create_doc, monitor] +elasticsearch.privileges.dynamic_dataset: true +elasticsearch.privileges.dynamic_namespace: true From deda84b7997310fa5469dd70fcc81fb744966474 Mon Sep 17 00:00:00 2001 From: Felix Barnsteiner Date: Wed, 16 Nov 2022 09:35:21 +0100 Subject: [PATCH 7/7] Move to elasticsearch (from elasticsearch.privileges) --- spec/changelog.yml | 2 +- spec/integration/data_stream/manifest.spec.yml | 12 ++++++------ test/packages/good/data_stream/foo/manifest.yml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/spec/changelog.yml b/spec/changelog.yml index d50b73124..fe83d09ea 100644 --- a/spec/changelog.yml +++ b/spec/changelog.yml @@ -7,7 +7,7 @@ - description: Prepare for next version type: enhancement link: https://github.com/elastic/package-spec/pull/442 - - description: Add "elasticsearch.privileges.dynamic_dataset" and "elasticsearch.privileges.dynamic_namespace" to data stream manifest + - description: Add "elasticsearch.dynamic_dataset" and "elasticsearch.dynamic_namespace" to data stream manifest type: enhancement link: https://github.com/elastic/package-spec/pull/327 - version: 2.1.0 diff --git a/spec/integration/data_stream/manifest.spec.yml b/spec/integration/data_stream/manifest.spec.yml index cfd19b4c6..47ca52913 100644 --- a/spec/integration/data_stream/manifest.spec.yml +++ b/spec/integration/data_stream/manifest.spec.yml @@ -238,12 +238,6 @@ spec: type: array items: type: string - dynamic_dataset: - description: When set to true, agents running this integration are granted data stream privileges for all datasets of its type - type: boolean - dynamic_namespace: - description: When set to true, agents running this integration are granted data stream privileges for all namespaces of its type - type: boolean source_mode: description: |- Source mode to use. This configures how the document source (`_source`) is stored @@ -258,5 +252,11 @@ spec: - "synthetic" examples: - "synthetic" + dynamic_dataset: + description: When set to true, agents running this integration are granted data stream privileges for all datasets of its type + type: boolean + dynamic_namespace: + description: When set to true, agents running this integration are granted data stream privileges for all namespaces of its type + type: boolean required: - title diff --git a/test/packages/good/data_stream/foo/manifest.yml b/test/packages/good/data_stream/foo/manifest.yml index 2d598fa96..4007ac9f6 100644 --- a/test/packages/good/data_stream/foo/manifest.yml +++ b/test/packages/good/data_stream/foo/manifest.yml @@ -33,5 +33,5 @@ elasticsearch.index_template.mappings: b: 1 elasticsearch.index_template.ingest_pipeline.name: foobar elasticsearch.privileges.indices: [auto_configure, create_doc, monitor] -elasticsearch.privileges.dynamic_dataset: true -elasticsearch.privileges.dynamic_namespace: true +elasticsearch.dynamic_dataset: true +elasticsearch.dynamic_namespace: true