Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Fleet] Adjust privileges for GET output and GET download_source endpoints (#194951) #195536

Merged
merged 4 commits into from
Oct 11, 2024
Merged

[8.x] [Fleet] Adjust privileges for GET output and GET download_source endpoints (#194951) #195536

merged 4 commits into from
Oct 11, 2024

Conversation

criamico
Copy link
Contributor

@criamico criamico commented Oct 9, 2024

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@criamico
[Fleet] Adjust privileges for GET output and GET download_source endp…
d500b95 
…oints (elastic#194951)

Fixes elastic#191266

## Summary
Updating the authz for following endpoints:
- `GET /agent_download_sources`
- `GET /agent_download_sources/{id}`
- `GET /outputs`
- `GET /outputs/{id}`
They need to have `authz.fleet.readSettings ||
authz.fleet.readAgentPolicies` as they should be visible in the agent
policy settings page as well.

### Testing
- Enable feature flag `subfeaturePrivileges`
- Create a role with following privileges:
![Screenshot 2024-10-04 at 15 49
54](https://github.com/user-attachments/assets/4bbc95e4-01d0-43e0-a539-b03b8f4c219e)
- Create a user that has the previous role
- Log in and go to any agent policy > settings
- The download source and output fields should be filled and editable.
They were previously empty, as the GET endpoints were failing with 403
Forbidden

### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Elastic Machine <[email protected]>
(cherry picked from commit 14d5677)

# Conflicts:
#	x-pack/plugins/fleet/server/routes/download_source/index.ts
@criamico criamico enabled auto-merge (squash) October 9, 2024 07:29
@criamico criamico mentioned this pull request Oct 9, 2024
Merged
1 task
@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Oct 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@criamico
Copy link
Contributor Author

criamico commented Oct 9, 2024

@elasticmachine merge upstream

@criamico
Copy link
Contributor Author

@elasticmachine merge upstream

@criamico criamico merged commit 994d97f into elastic:8.x Oct 11, 2024
22 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

@criamico criamico deleted the backport/8.x/pr-194951 branch October 11, 2024 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jen-huang jen-huang jen-huang approved these changes

Assignees
No one assigned
Labels
backport Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@criamico @elasticmachine @jen-huang