Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution RBAC: update API call permissions #145865

Closed
wants to merge 1 commit into from
Closed

[Security Solution RBAC: update API call permissions #145865

wants to merge 1 commit into from

Conversation

gergoabraham
Copy link
Contributor

@gergoabraham gergoabraham commented Nov 21, 2022
edited
Loading

Summary

🚧 WIP

This is a reminder to enable the needed APIs for All privilege for:

after this PR is merged:

Checklist

Delete any items that are not applicable to this PR.

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

Risk Probability Severity Mitigation/Notes
Multiple Spaces—unexpected behavior in non-default Kibana Space. Low High Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces.
Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. High Low Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure.
Code should gracefully handle cases when feature X or plugin Y are disabled. Medium High Unit tests will verify that any feature flag or plugin combination still results in our service operational.
See more potential risk examples

For maintainers

@gergoabraham gergoabraham added release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.7.0 labels Nov 21, 2022
@gergoabraham gergoabraham self-assigned this Nov 21, 2022
@kibana-ci
Copy link
Collaborator

kibana-ci commented Nov 21, 2022
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Jest Integration Tests #3 / checking migration metadata changes on all registered SO types detecting migration related changes in registered types
  • [job] [logs] Jest Integration Tests #1 / Fleet preconfiguration reset Reset all policy Works and reset all preconfigured policies
  • [job] [logs] Jest Integration Tests #1 / Fleet preconfiguration reset Reset one preconfigured policy Works and reset one preconfigured policies if the policy is already deleted (with a ghost package policy)
  • [job] [logs] Jest Integration Tests #1 / Fleet preconfiguration reset Reset one preconfigured policy Works and reset one preconfigured policies if the policy was deleted with a preconfiguration deletion record
  • [job] [logs] Jest Integration Tests #1 / Fleet preconfiguration reset Reset one preconfigured policy Works if the preconfigured policies already exists with a missing package policy
  • [job] [logs] Jest Integration Tests #1 / Fleet setup preconfiguration with multiple instances Kibana preconfiguration setup sets up Fleet correctly when multiple Kibana instaces are started in serial
  • [job] [logs] Jest Integration Tests #1 / Fleet setup preconfiguration with multiple instances Kibana preconfiguration setup sets up Fleet correctly when multiple Kibana instances are started at the same time
  • [job] [logs] Jest Integration Tests #1 / Fleet setup preconfiguration with multiple instances Kibana preconfiguration setup sets up Fleet correctly with single Kibana instance
  • [job] [logs] Jest Integration Tests #3 / incompatible_cluster_routing_allocation retries the INIT action with a descriptive message when cluster settings are incompatible
  • [job] [logs] Jest Integration Tests #3 / migrating from 7.3.0-xpack which used v1 migrations copies all the document of the previous index to the new one
  • [job] [logs] Jest Integration Tests #3 / migrating from 7.3.0-xpack which used v1 migrations creates the new index and the correct aliases
  • [job] [logs] Jest Integration Tests #3 / migrating from 7.3.0-xpack which used v1 migrations migrates the documents to the highest version
  • [job] [logs] Jest Integration Tests #3 / migrating from the same Kibana version that used v1 migrations copies the documents from the previous index to the new one
  • [job] [logs] Jest Integration Tests #3 / migrating from the same Kibana version that used v1 migrations creates the new index and the correct aliases
  • [job] [logs] Jest Integration Tests #3 / migrating from the same Kibana version that used v1 migrations migrates the documents to the highest version
  • [job] [logs] Jest Integration Tests #3 / migration from 7.13 to 7.14+ with many failed action_tasks filters out all outdated action_task_params and action tasks
  • [job] [logs] Jest Integration Tests #3 / migration from 7.7.2-xpack with 100k objects copies all the document of the previous index to the new one
  • [job] [logs] Jest Integration Tests #3 / migration v2 completes the migration even when a full batch would exceed ES http.max_content_length
  • [job] [logs] Jest Integration Tests #3 / migration v2 fails with a descriptive message when a single document exceeds maxBatchSizeBytes
  • [job] [logs] Jest Integration Tests #3 / migration v2 fails with a descriptive message when maxBatchSizeBytes exceeds ES http.max_content_length
  • [job] [logs] Jest Integration Tests #3 / migration v2 migrates the documents to the highest version
  • [job] [logs] Jest Integration Tests #3 / migration v2 with corrupt saved object documents collects corrupt saved object documents across batches
  • [job] [logs] Jest Integration Tests #3 / SO type registrations does not remove types from registrations without updating excludeOnUpgradeQuery
  • [job] [logs] Jest Integration Tests #1 / upgrade agent policy schema version with package installed with outdated schema version should correctly upgrade schema version
  • [job] [logs] Jest Integration Tests #1 / Uprade package install version with package installed with a previous format install version should upgrade package install version for outdated packages

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @gergoabraham

@gergoabraham gergoabraham changed the title [Security Solution] Trusted Application RBAC: update API call permissions [Security Solution RBAC: update API call permissions Nov 23, 2022
@gergoabraham
Copy link
Contributor Author

I close this because #145361 should handle it actually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@gergoabraham gergoabraham

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gergoabraham @kibana-ci