-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Fix bulk GET agent policies permissions #193070
[Fleet] Fix bulk GET agent policies permissions #193070
Conversation
Pinging @elastic/fleet (Team:Fleet) |
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code LGTM
💚 Build Succeeded
Metrics [docs]
To update your PR or re-run it, just comment with: cc @nchaulet |
(cherry picked from commit 8c8696d)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
) # Backport This will backport the following commits from `main` to `8.x`: - [[Fleet] Fix bulk GET agent policies permissions (#193070)](#193070) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nicolas Chaulet","email":"nicolas.chaulet@elastic.co"},"sourceCommit":{"committedDate":"2024-09-16T20:14:29Z","message":"[Fleet] Fix bulk GET agent policies permissions (#193070)","sha":"8c8696d537b3661c72d98f9ed50d2922d77d5142","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","backport:prev-minor"],"title":"[Fleet] Fix bulk GET agent policies permissions","number":193070,"url":"https://github.com/elastic/kibana/pull/193070","mergeCommit":{"message":"[Fleet] Fix bulk GET agent policies permissions (#193070)","sha":"8c8696d537b3661c72d98f9ed50d2922d77d5142"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193070","number":193070,"mergeCommit":{"message":"[Fleet] Fix bulk GET agent policies permissions (#193070)","sha":"8c8696d537b3661c72d98f9ed50d2922d77d5142"}}]}] BACKPORT--> Co-authored-by: Nicolas Chaulet <nicolas.chaulet@elastic.co>
Summary
Resolve #191957
In #191661 we switched to fetch all agent policies to use the bulk GET api for agent policies.
That API was not allowed for user with agent read permissions, that PR fix that by allowing it, that API return a sanitized agent policy version just the name and description and no package policies if the user do not have the
AgentPolicies:Read
permissionsTest
I added unit test to cover those scenarios.