forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Infra][ECO] Fix RBAC issue in hosts view (elastic#199841)
closes [elastic#200151](elastic#200151) ## Summary This PR change the `getApmIndices` function from `apm_data_access` to fetch the information using Kibana's internal user. This was done for 2 reasons: 1 - Plugins using `savedObjects.client` might face a situation where the logged in user doesn't have permission to read saved objects, causing the retrieval of apm indices to fail, which could lead to unexpected exceptions 2 - Elasticsearch is able to determine whether the user has permission to view docs in the index patterns, therefore, it's ok to retrieve the index pattern with Kibana's internal user because ultimately elasticsearch will only return the data the user has access to. ### Infra app permission **Role config:** <img width="500" alt="image" src="https://github.com/user-attachments/assets/ae98a98f-570a-4139-b804-91a8de0c9d1d"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/afe29e7f-ab02-40f4-a86c-aeb016655708"> **Without access to APM indices** <img width="500" alt="image" src="https://github.com/user-attachments/assets/8aa7d4e5-3484-4723-838c-54920e442c08"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/af3ce400-7a45-4313-84c7-5b8170c39bf5"> **With access to APM indices** <img width="500" alt="image" src="https://github.com/user-attachments/assets/1effc137-72a2-4e5b-b2ac-62e685370a21"> <img width="500" alt="image" src="https://github.com/user-attachments/assets/e161f6d9-85a7-4f80-a7d3-7ec0bdc338a3"> ### Admin <img width="500" alt="image" src="https://github.com/user-attachments/assets/d280f0d6-de6c-408f-a080-fa150d237afc"> ### How to test - Follow the steps above - Other areas affected: assistant and profiling --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
- Loading branch information
1 parent
8f8a671
commit 209c667
Showing
19 changed files
with
49 additions
and
158 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 0 additions & 42 deletions
42
x-pack/plugins/observability_solution/apm_data_access/server/lib/check_privileges.ts
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.