Skip to content

Commit

Permalink
Move default cluster permissions out of getPackagePermissions
Browse files Browse the repository at this point in the history
  • Loading branch information
Alejandro Fernández Gómez committed Apr 14, 2021
1 parent b6b1337 commit fb90525
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 5 deletions.
4 changes: 2 additions & 2 deletions x-pack/plugins/fleet/common/types/models/epm.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,8 +286,8 @@ export interface RegistryDataStreamPermissions {
}

export interface PackagePermissions {
cluster: string[];
indices: Array<{ names: string[]; privileges: string[] }>;
cluster?: string[];
indices?: Array<{ names: string[]; privileges: string[] }>;
}

export type RegistryVarType = 'integer' | 'bool' | 'password' | 'text' | 'yaml' | 'string';
Expand Down
3 changes: 3 additions & 0 deletions x-pack/plugins/fleet/server/services/agent_policy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -779,6 +779,9 @@ class AgentPolicyService {
)
)
);
permissions._elastic_agent_checks = {
cluster: DEFAULT_PERMISSIONS.cluster,
};
} else {
permissions = {
_fallback: DEFAULT_PERMISSIONS,
Expand Down
4 changes: 1 addition & 3 deletions x-pack/plugins/fleet/server/services/epm/packages/permissions.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,6 @@ export async function getPackagePermissions(
const indices: PackagePermissions['indices'] = pkg.data_streams!.map((ds) => {
if (ds.permissions?.cluster) {
ds.permissions.cluster.forEach((p) => clusterPermissions.add(p));
} else {
clusterPermissions.add('monitor');
}

let index = `${ds.type}-${ds.dataset}-${namespace}`;
Expand All @@ -45,7 +43,7 @@ export async function getPackagePermissions(
});

return {
cluster: Array.from(clusterPermissions),
cluster: clusterPermissions.size > 0 ? Array.from(clusterPermissions) : undefined,
indices,
};
}

0 comments on commit fb90525

Please sign in to comment.