Skip to content

Commit

Permalink
[Fleet] Add actionable error message when generating logstash API keys (
Browse files Browse the repository at this point in the history
  • Loading branch information
nchaulet authored Sep 13, 2024
1 parent c65c2ae commit d07ba0f
Show file tree
Hide file tree
Showing 4 changed files with 112 additions and 59 deletions.
15 changes: 15 additions & 0 deletions x-pack/plugins/fleet/common/constants/output.ts
Original file line number Diff line number Diff line change
Expand Up @@ -139,3 +139,18 @@ export const OUTPUT_TYPES_WITH_PRESET_SUPPORT: Array<ValueOf<OutputType>> = [
];

export const OUTPUT_HEALTH_DATA_STREAM = 'logs-fleet_server.output_health-default';

export const LOGSTASH_API_KEY_CLUSTER_PERMISSIONS = ['monitor', 'manage_own_api_key'];

export const LOGSTASH_API_KEY_INDICES_PRIVILEGES = ['auto_configure', 'create_doc'];

export const LOGSTASH_API_KEY_INDICES = [
'logs-*-*',
'metrics-*-*',
'traces-*-*',
'synthetics-*-*',
'.logs-endpoint.diagnostic.collection-*',
'.logs-endpoint.action.responses-*',
'profiling-*',
'.profiling-*',
];

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import React, { useState, useMemo, useCallback } from 'react';
import { i18n } from '@kbn/i18n';
import { FormattedMessage } from '@kbn/i18n-react';
import { EuiCode } from '@elastic/eui';
import { toMountPoint } from '@kbn/react-kibana-mount';

import {
LOGSTASH_API_KEY_CLUSTER_PERMISSIONS,
LOGSTASH_API_KEY_INDICES,
LOGSTASH_API_KEY_INDICES_PRIVILEGES,
} from '../../../../../../../common/constants';
import { sendPostLogstashApiKeys, useStartServices } from '../../../../hooks';

export function useLogstashApiKey() {
const [isLoading, setIsLoading] = useState(false);
const [apiKey, setApiKey] = useState<string>();
const startServices = useStartServices();
const { notifications } = startServices;
const generateApiKey = useCallback(async () => {
try {
setIsLoading(true);

const res = await sendPostLogstashApiKeys();
if (res.error) {
throw res.error;
}

setApiKey(res.data?.api_key);
} catch (err) {
if (err.statusCode === 403) {
notifications.toasts.addDanger(
{
title: i18n.translate('xpack.fleet.settings.logstashInstructions.generateApiKeyError', {
defaultMessage: 'Cannot generate an API key',
}),
text: toMountPoint(
<FormattedMessage
id="xpack.fleet.settings.logstashInstructions.generateApiKeyPermissions"
defaultMessage="You need the cluster permissions: {clusterPermissions}{br} and the index permissions: {indexPermissions}{br}for indexes: {br}{indexes}"
values={{
clusterPermissions: (
<EuiCode>{LOGSTASH_API_KEY_CLUSTER_PERMISSIONS.join(', ')}</EuiCode>
),
indexPermissions: (
<EuiCode>{LOGSTASH_API_KEY_INDICES_PRIVILEGES.join(', ')}</EuiCode>
),
indexes: LOGSTASH_API_KEY_INDICES.map((index) => (
<React.Fragment key={index}>
<EuiCode>{index}</EuiCode>
<br />
</React.Fragment>
)),
br: <br />,
}}
/>,
startServices
),
},
{}
);
} else {
notifications.toasts.addError(err, {
title: i18n.translate('xpack.fleet.settings.logstashInstructions.generateApiKeyError', {
defaultMessage: 'Cannot generate an API key',
}),
});
}
} finally {
setIsLoading(false);
}
}, [notifications.toasts, startServices]);

return useMemo(
() => ({
isLoading,
generateApiKey,
apiKey,
}),
[isLoading, generateApiKey, apiKey]
);
}
21 changes: 9 additions & 12 deletions x-pack/plugins/fleet/server/services/api_keys/logstash_api_keys.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,27 +7,24 @@

import type { ElasticsearchClient } from '@kbn/core/server';

import {
LOGSTASH_API_KEY_CLUSTER_PERMISSIONS,
LOGSTASH_API_KEY_INDICES,
LOGSTASH_API_KEY_INDICES_PRIVILEGES,
} from '../../../common/constants';

/**
* Check if an esClient has enought permission to create a valid API key for logstash
*
* @param esClient
*/
export async function canCreateLogstashApiKey(esClient: ElasticsearchClient) {
const res = await esClient.security.hasPrivileges({
cluster: ['monitor', 'manage_own_api_key'],
cluster: LOGSTASH_API_KEY_CLUSTER_PERMISSIONS,
index: [
{
names: [
'logs-*-*',
'metrics-*-*',
'traces-*-*',
'synthetics-*-*',
'.logs-endpoint.diagnostic.collection-*',
'.logs-endpoint.action.responses-*',
'profiling-*',
'.profiling-*',
],
privileges: ['auto_configure', 'create_doc'],
names: LOGSTASH_API_KEY_INDICES,
privileges: LOGSTASH_API_KEY_INDICES_PRIVILEGES,
},
],
});
Expand Down

0 comments on commit d07ba0f

Please sign in to comment.