Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Tighten policy permissions #96063

Closed
wants to merge 11 commits into from
Closed

[Fleet] Tighten policy permissions #96063

wants to merge 11 commits into from

Commits on Apr 1, 2021

  1. Ensure packages' data_streams contain all metadata 

    We can read the package information from two places
- The EPM registry (method `getRegistryPackage()`)
- The local ES cache (method `getEsPackage()`)

The package contains a property called `data_streams`. The contents of
this property varied depending on from where the package was being
loaded. The code in `getEsPackage` was cherry-picking what properties to
load to do validation.

We have changed the code so we cherry-pick only the properties that need
some sort of validation, and pass the others in bulk.
    Alejandro Fernández Gómez committed Apr 1, 2021
    Configuration menu
    Copy the full SHA
    4176e8f View commit details
    Browse the repository at this point in the history

  2. Add getPackagePermissions method 

    Returns a list of the necessary ES permissions based on the permissions
specified in each data_stream.

If no permissions are specified it returns a default set of permissions
for each data_stream.
    Alejandro Fernández Gómez committed Apr 1, 2021
    Configuration menu
    Copy the full SHA
    8b90529 View commit details
    Browse the repository at this point in the history

  3. Expose tight permissions in the agent policy

    Alejandro Fernández Gómez committed Apr 1, 2021
    Configuration menu
    Copy the full SHA
    a57160f View commit details
    Browse the repository at this point in the history

Commits on Apr 12, 2021

  1. Restore missing package prop

    Alejandro Fernández Gómez committed Apr 12, 2021
    Configuration menu
    Copy the full SHA
    754d6f9 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into 64634-tight-policy-permissions

    Alejandro Fernández Gómez committed Apr 12, 2021
    Configuration menu
    Copy the full SHA
    c4b1137 View commit details
    Browse the repository at this point in the history

Commits on Apr 13, 2021

  1. Add config flag to enable/disable the permissions

    Alejandro Fernández Gómez committed Apr 13, 2021
    Configuration menu
    Copy the full SHA
    579278c View commit details
    Browse the repository at this point in the history

  2. Use config flag to send tight permissions with the agent

    Alejandro Fernández Gómez committed Apr 13, 2021
    Configuration menu
    Copy the full SHA
    e7053c4 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'master' into 64634-tight-policy-permissions

    Alejandro Fernández Gómez committed Apr 13, 2021
    Configuration menu
    Copy the full SHA
    2696b90 View commit details
    Browse the repository at this point in the history

  4. Extract getPackagePermissions to its own file

    Alejandro Fernández Gómez committed Apr 13, 2021
    Configuration menu
    Copy the full SHA
    66b693f View commit details
    Browse the repository at this point in the history

  5. Add tests to getPackagePermissions

    Alejandro Fernández Gómez committed Apr 13, 2021
    Configuration menu
    Copy the full SHA
    b6b1337 View commit details
    Browse the repository at this point in the history

Commits on Apr 14, 2021

  1. Move default cluster permissions out of getPackagePermissions

    Alejandro Fernández Gómez committed Apr 14, 2021
    Configuration menu
    Copy the full SHA
    fb90525 View commit details
    Browse the repository at this point in the history