Skip to content

Update kibana_system privileges with access to .apm-source-map #92160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 9, 2022
Merged

Update kibana_system privileges with access to .apm-source-map #92160

merged 4 commits into from
Dec 9, 2022

Conversation

@sorenlouv
Copy link
Member

@sorenlouv sorenlouv commented Dec 6, 2022
edited
Loading

In elastic/kibana#146367 Kibana will create a system index .apm-source-map at startup. All access to the index (creation, indexing, reading) will happen through the system user (kibana_system). kibana_system already has access to .apm-agent-configuration and .apm-custom-link. Following this pattern the role should also be granted access to .apm-source-map.

@elasticsearchmachine elasticsearchmachine added the needs:triage Requires assignment of a team area label label Dec 6, 2022
@elasticsearchmachine
Copy link
Collaborator

@sqren please enable the option "Allow edits and access to secrets by maintainers" on your PR. For more information, see the documentation.

@elasticsearchmachine elasticsearchmachine added v8.7.0 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Dec 6, 2022
@sorenlouv sorenlouv mentioned this pull request Dec 6, 2022
Closed
@sorenlouv sorenlouv added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC and removed external-contributor Pull request authored by a developer outside the Elasticsearch team labels Dec 6, 2022
@elasticsearchmachine elasticsearchmachine added Team:Security Meta label for security team and removed needs:triage Requires assignment of a team area label labels Dec 6, 2022
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@ywangd
Copy link
Member

ywangd commented Dec 7, 2022

Ping @elastic/kibana-security for awareness

@sqren Could you please add a test for the change? It can simply just be adding the new index name after this line.

@ywangd
Copy link
Member

ywangd commented Dec 8, 2022

@tvernum apply spotless (pretty please)

@azasypkin
Copy link
Member

Ping https://github.com/orgs/elastic/teams/kibana-security for awareness

Thanks for the ping! The change looks good from the Kibana perspective.

ywangd
ywangd approved these changes Dec 8, 2022
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sorenlouv sorenlouv merged commit 74a5a9f into main Dec 9, 2022
@sorenlouv sorenlouv deleted the add-source-map-privileges branch December 9, 2022 01:00
@kruskall kruskall mentioned this pull request Dec 13, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ywangd ywangd ywangd approved these changes

@williamrandolph williamrandolph Awaiting requested review from williamrandolph

Assignees

No one assigned

Labels

>enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.7.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sorenlouv @elasticsearchmachine @ywangd @azasypkin @tvernum