Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Additional datastreams permissions API #210452

Merged
merged 30 commits into from
Feb 14, 2025
Merged

[Fleet] Additional datastreams permissions API #210452

merged 30 commits into from
Feb 14, 2025

Conversation

nchaulet
Copy link
Member

@nchaulet nchaulet commented Feb 10, 2025
edited
Loading

Summary

Related to #203585

Add a new additional_datastreams_permissions properties to the fleet package policies API

POST kbn:/api/fleet/package_policies
{
 ...,
 "additional_datastreams_permissions": ["logs-test-default", "metrics-test-*"]

}

That property allow to define extra permissions that will be added to the generated agent policy. This is usefull for user using the reroute processor in their ingest pipeline.

Tests

I added API integration tests.

Working on adding a e2e test with a reroute processor.

You can test by creating a package policy with additional_datastreams_permissions and check the permission are in the generated policy

nchaulet and others added 15 commits February 10, 2025 14:02
@nchaulet
[Fleet] Additional datastreams permissions API
b48f099
@nchaulet
add validation
3fa53b5
@nchaulet
add create tests
33b7e77
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/check_mappings_upda…
cf24faa 
…te --fix'
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/capture_oas_snapsho…
c087119 
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --include-path /api/dashboards --update'
@kibanamachine
[CI] Auto-commit changed files from 'make api-docs'
e695b0b
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/jest_integration -u…
602f3e6 
… src/core/server/integration_tests/ci_checks'
@nchaulet
Merge branch 'main' of github.com:elastic/kibana into feature-additio…
cfc4c91 
…nnal-datastream-permissions-api
@nchaulet
Merge branch 'feature-additionnal-datastream-permissions-api' of gith…
68e6358 
…ub.com:nchaulet/kibana into feature-additionnal-datastream-permissions-api
@nchaulet
fix tests
04e8c3c
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/capture_oas_snapsho…
5bbaeea 
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --include-path /api/dashboards --update'
@nchaulet
add tests
6f05adb
@nchaulet
Merge branch 'feature-additionnal-datastream-permissions-api' of gith…
d77ea63 
…ub.com:nchaulet/kibana into feature-additionnal-datastream-permissions-api
@kibanamachine
[CI] Auto-commit changed files from 'make api-docs'
5a89ee0
@nchaulet
add validation
2983360
@nchaulet nchaulet marked this pull request as ready for review February 12, 2025 15:35
@nchaulet nchaulet requested review from a team as code owners February 12, 2025 15:35
@nchaulet
Merge branch 'feature-additionnal-datastream-permissions-api' of gith…
d22795d 
…ub.com:nchaulet/kibana into feature-additionnal-datastream-permissions-api
@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Feb 12, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@jeramysoucy jeramysoucy self-requested a review February 12, 2025 15:40
@nchaulet nchaulet added release_note:skip Skip the PR/issue when compiling release notes backport:prev-minor Backport to (9.0) the previous minor version (i.e. one version back from main) backport:skip This commit does not require backporting and removed backport:prev-minor Backport to (9.0) the previous minor version (i.e. one version back from main) labels Feb 12, 2025
jeramysoucy
jeramysoucy approved these changes Feb 12, 2025
View reviewed changes
Copy link
Contributor

@jeramysoucy jeramysoucy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kibana Security changes LGTM. No changes to encrypted saved object types.

@juliaElastic
Copy link
Contributor

Tested locally, looks good:

image

nchaulet and others added 6 commits February 13, 2025 08:23
@nchaulet @juliaElastic
Update x-pack/platform/plugins/shared/fleet/server/types/models/packa…
4f9eb05 
…ge_policy.ts

Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>
@nchaulet
Merge branch 'feature-additionnal-datastream-permissions-ui' of githu…
7a340a4 
…b.com:nchaulet/kibana into feature-additionnal-datastream-permissions-api
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/capture_oas_snapsho…
3ae8ac7 
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --include-path /api/dashboards --update'
@kibanamachine
[CI] Auto-commit changed files from 'make api-docs'
b1248e1
@nchaulet
fix after review
bd227d9
@nchaulet
Merge branch 'feature-additionnal-datastream-permissions-api' of gith…
9087566 
…ub.com:nchaulet/kibana into feature-additionnal-datastream-permissions-api
nchaulet and others added 6 commits February 13, 2025 10:30
@nchaulet @juliaElastic
Update x-pack/platform/plugins/shared/fleet/server/services/agent_pol…
c7d389b 
…icies/package_policies_to_agent_permissions.test.ts

Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>
@nchaulet
add tests
9071c6f
@nchaulet
Merge branch 'feature-additionnal-datastream-permissions-api' of gith…
c65b76f 
…ub.com:nchaulet/kibana into feature-additionnal-datastream-permissions-api
@nchaulet
add tests
1d9b6b3
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/capture_oas_snapsho…
d5e185c 
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --include-path /api/dashboards --update'
@kibanamachine
[CI] Auto-commit changed files from 'make api-docs'
5a0ae07
@elasticmachine
Copy link
Contributor

elasticmachine commented Feb 13, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with multiple policy templates (aka integrations) returns errors for invalid package policy
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with multiple policy templates (aka integrations) returns errors for invalid package policy
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns errors for invalid package policy
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns errors for invalid package policy
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors for disabled inputs
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors for disabled inputs
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors for packages with no inputs
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors for packages with no inputs
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors for packages with no package policies
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors for packages with no package policies
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors for valid package policy
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors for valid package policy
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors when required field is present but empty
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns no errors when required field is present but empty
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns only package policy and input-level errors for disabled streams
  • [job] [logs] Jest Tests #8 / Fleet - validatePackagePolicy() works for packages with single policy template (aka no integrations) returns only package policy and input-level errors for disabled streams
  • [job] [logs] Jest Tests #20 / SolutionFilter when the owner is a single solution should call onChange with selected solution id when no option selected yet
  • [job] [logs] Jest Tests #9 / StepDefinePackagePolicy default API response should display namespace from agent policy when there's no package policy namespace
  • [job] [logs] Jest Tests #9 / StepDefinePackagePolicy default API response should display namespace from agent policy when there's no package policy namespace
  • [job] [logs] Jest Tests #9 / StepDefinePackagePolicy default API response should fallback to the default namespace when namespace is not set in package policy and there's no agent policy
  • [job] [logs] Jest Tests #9 / StepDefinePackagePolicy default API response should fallback to the default namespace when namespace is not set in package policy and there's no agent policy

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
fleet 1324 1327 +3

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
fleet 1.7MB 1.7MB +1.2KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
fleet 174.7KB 175.3KB +683.0B
Unknown metric groups

API count

id before after diff
fleet 1451 1454 +3

History

@nchaulet nchaulet mentioned this pull request Feb 13, 2025
Merged
juliaElastic
juliaElastic approved these changes Feb 14, 2025
View reviewed changes
Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nchaulet nchaulet merged commit 6ecb66d into elastic:main Feb 14, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jloleysens jloleysens jloleysens approved these changes

@juliaElastic juliaElastic juliaElastic approved these changes

@jeramysoucy jeramysoucy jeramysoucy approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v9.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@nchaulet @elasticmachine @juliaElastic @jloleysens @jeramysoucy @kibanamachine