Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Fix bulk GET agent policies permissions #193070

Merged
merged 1 commit into from
Sep 16, 2024
Merged

[Fleet] Fix bulk GET agent policies permissions #193070

merged 1 commit into from
Sep 16, 2024

Conversation

nchaulet
Copy link
Member

@nchaulet nchaulet commented Sep 16, 2024
edited by kibanamachine
Loading

Summary

Resolve #191957

In #191661 we switched to fetch all agent policies to use the bulk GET api for agent policies.

That API was not allowed for user with agent read permissions, that PR fix that by allowing it, that API return a sanitized agent policy version just the name and description and no package policies if the user do not have the AgentPolicies:Read permissions

Test

I added unit test to cover those scenarios.

@nchaulet nchaulet added release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team backport:prev-major Backport to (8.x, 8.16, 8.15) the previous major branch and all later branches still in development labels Sep 16, 2024
@nchaulet nchaulet self-assigned this Sep 16, 2024
@nchaulet nchaulet requested a review from a team as a code owner September 16, 2024 18:46
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@obltmachine
Copy link

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

jen-huang
jen-huang approved these changes Sep 16, 2024
View reviewed changes
Copy link
Contributor

@jen-huang jen-huang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM

@nchaulet nchaulet enabled auto-merge (squash) September 16, 2024 19:15
@nchaulet nchaulet added backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) and removed backport:prev-major Backport to (8.x, 8.16, 8.15) the previous major branch and all later branches still in development labels Sep 16, 2024
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @nchaulet

@nchaulet nchaulet merged commit 8c8696d into elastic:main Sep 16, 2024
28 checks passed
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Sep 16, 2024
@nchaulet
[Fleet] Fix bulk GET agent policies permissions (elastic#193070)
d21c483 
(cherry picked from commit 8c8696d)
@kibanamachine kibanamachine mentioned this pull request Sep 16, 2024
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Sep 16, 2024
@kibanamachine @nchaulet
[8.x] [Fleet] Fix bulk GET agent policies permissions (#193070) (#193083
834e4f8 
)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Fleet] Fix bulk GET agent policies permissions
(#193070)](#193070)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Nicolas
Chaulet","email":"nicolas.chaulet@elastic.co"},"sourceCommit":{"committedDate":"2024-09-16T20:14:29Z","message":"[Fleet]
Fix bulk GET agent policies permissions
(#193070)","sha":"8c8696d537b3661c72d98f9ed50d2922d77d5142","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","backport:prev-minor"],"title":"[Fleet]
Fix bulk GET agent policies
permissions","number":193070,"url":"https://github.com/elastic/kibana/pull/193070","mergeCommit":{"message":"[Fleet]
Fix bulk GET agent policies permissions
(#193070)","sha":"8c8696d537b3661c72d98f9ed50d2922d77d5142"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193070","number":193070,"mergeCommit":{"message":"[Fleet]
Fix bulk GET agent policies permissions
(#193070)","sha":"8c8696d537b3661c72d98f9ed50d2922d77d5142"}}]}]
BACKPORT-->

Co-authored-by: Nicolas Chaulet <nicolas.chaulet@elastic.co>
markov00 pushed a commit to markov00/kibana that referenced this pull request Sep 18, 2024
@nchaulet @markov00
[Fleet] Fix bulk GET agent policies permissions (elastic#193070)
241bdbb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jen-huang jen-huang jen-huang approved these changes

Assignees

@nchaulet nchaulet

Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v8.16.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Fleet]: User gets forbidden error under Agents tab for custom user with Agent policies None.
6 participants
@nchaulet @elasticmachine @obltmachine @kibana-ci @kibanamachine @jen-huang