mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
# Backport This will backport the following commits from `main` to `8.9`: - [[Profiling] fixing user privileges (#161269)](https://github.com/elastic/kibana/pull/161269) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Cauê Marcondes","email":"55978943+cauemarcondes@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-07-06T14:44:30Z","message":"[Profiling] fixing user privileges (#161269)\n\nThis PR adds the `.profiling-*` to the profiling-reader role.","sha":"0c03f1010ea5cf7ebac6bc99bc1753a001c3259e","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v8.9.0","v8.10.0"],"number":161269,"url":"https://github.com/elastic/kibana/pull/161269","mergeCommit":{"message":"[Profiling] fixing user privileges (#161269)\n\nThis PR adds the `.profiling-*` to the profiling-reader role.","sha":"0c03f1010ea5cf7ebac6bc99bc1753a001c3259e"}},"sourceBranch":"main","suggestedTargetBranches":["8.9"],"targetPullRequestStates":[{"branch":"8.9","label":"v8.9.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/161269","number":161269,"mergeCommit":{"message":"[Profiling] fixing user privileges (#161269)\n\nThis PR adds the `.profiling-*` to the profiling-reader role.","sha":"0c03f1010ea5cf7ebac6bc99bc1753a001c3259e"}}]}] BACKPORT--> Co-authored-by: Cauê Marcondes <55978943+cauemarcondes@users.noreply.github.com>
This commit is contained in:
Kibana Machine
GitHub
parent
2d9104caf9
commit
a6545e77f5
2 changed files with 38 additions and 23 deletions
|
|
@ -9,15 +9,17 @@ import { ProfilingSetupOptions } from './types';
|
|||
import { PartialSetupState } from '../../../common/setup';
|
||||
|
||||
const PROFILING_READER_ROLE_NAME = 'profiling-reader';
|
||||
const METADATA_VERSION = 1;
|
||||
|
||||
export async function validateSecurityRole({
|
||||
client,
|
||||
}: ProfilingSetupOptions): Promise<PartialSetupState> {
|
||||
const esClient = client.getEsClient();
|
||||
const roles = await esClient.security.getRole();
|
||||
const profilingRole = roles[PROFILING_READER_ROLE_NAME];
|
||||
return {
|
||||
permissions: {
|
||||
configured: PROFILING_READER_ROLE_NAME in roles,
|
||||
configured: !!profilingRole && profilingRole.metadata.version === METADATA_VERSION,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
|
@ -28,10 +30,13 @@ export async function setSecurityRole({ client }: ProfilingSetupOptions) {
|
|||
name: PROFILING_READER_ROLE_NAME,
|
||||
indices: [
|
||||
{
|
||||
names: ['profiling-*'],
|
||||
names: ['profiling-*', '.profiling-*'],
|
||||
privileges: ['read', 'view_index_metadata'],
|
||||
},
|
||||
],
|
||||
cluster: ['monitor'],
|
||||
metadata: {
|
||||
version: METADATA_VERSION,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -58,6 +58,11 @@ export function registerSetupRoute({
|
|||
request,
|
||||
useDefaultAuth: true,
|
||||
});
|
||||
const clientWithProfilingAuth = createProfilingEsClient({
|
||||
esClient,
|
||||
request,
|
||||
useDefaultAuth: false,
|
||||
});
|
||||
|
||||
const setupOptions: ProfilingSetupOptions = {
|
||||
client: clientWithDefaultAuth,
|
||||
|
|
@ -84,7 +89,10 @@ export function registerSetupRoute({
|
|||
});
|
||||
}
|
||||
|
||||
state.data.available = await hasProfilingData(setupOptions);
|
||||
state.data.available = await hasProfilingData({
|
||||
...setupOptions,
|
||||
client: clientWithProfilingAuth,
|
||||
});
|
||||
if (state.data.available) {
|
||||
return response.ok({
|
||||
body: {
|
||||
|
|
@ -163,31 +171,33 @@ export function registerSetupRoute({
|
|||
});
|
||||
}
|
||||
|
||||
const verifyFunctions = [
|
||||
isApmPackageInstalled,
|
||||
validateApmPolicy,
|
||||
validateCollectorPackagePolicy,
|
||||
validateMaximumBuckets,
|
||||
validateResourceManagement,
|
||||
validateSecurityRole,
|
||||
validateSymbolizerPackagePolicy,
|
||||
];
|
||||
const partialStates = await Promise.all(verifyFunctions.map((fn) => fn(setupOptions)));
|
||||
const partialStates = await Promise.all(
|
||||
[
|
||||
isApmPackageInstalled,
|
||||
validateApmPolicy,
|
||||
validateCollectorPackagePolicy,
|
||||
validateMaximumBuckets,
|
||||
validateResourceManagement,
|
||||
validateSecurityRole,
|
||||
validateSymbolizerPackagePolicy,
|
||||
].map((fn) => fn(setupOptions))
|
||||
);
|
||||
const mergedState = mergePartialSetupStates(state, partialStates);
|
||||
|
||||
if (areResourcesSetup(mergedState)) {
|
||||
const executeFunctions = [
|
||||
...(mergedState.packages.installed ? [] : [installLatestApmPackage]),
|
||||
...(mergedState.policies.apm.installed ? [] : [updateApmPolicy]),
|
||||
...(mergedState.policies.collector.installed ? [] : [createCollectorPackagePolicy]),
|
||||
...(mergedState.policies.symbolizer.installed ? [] : [createSymbolizerPackagePolicy]),
|
||||
...(mergedState.resource_management.enabled ? [] : [enableResourceManagement]),
|
||||
...(mergedState.permissions.configured ? [] : [setSecurityRole]),
|
||||
...(mergedState.settings.configured ? [] : [setMaximumBuckets]),
|
||||
];
|
||||
|
||||
if (!executeFunctions.length) {
|
||||
return response.ok();
|
||||
}
|
||||
|
||||
const executeFunctions = [
|
||||
installLatestApmPackage,
|
||||
updateApmPolicy,
|
||||
createCollectorPackagePolicy,
|
||||
createSymbolizerPackagePolicy,
|
||||
enableResourceManagement,
|
||||
setSecurityRole,
|
||||
setMaximumBuckets,
|
||||
];
|
||||
await Promise.all(executeFunctions.map((fn) => fn(setupOptions)));
|
||||
|
||||
// We return a status code of 202 instead of 200 because enabling
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue