New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow routing for integrations that are not input packages #6340
Conversation
🌐 Coverage report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CSP integration changes look good to me - only thing on my mind is the future - someone looking at this file without the context of routing rules etc, they might be able to look up what these settings do, but there is some implicit coupling to other parts of the system here that i think would be good to call out 'at the source'. can we comment what the settings are for?
about
I think that we could add a comment like # Ensures agents have permissions to write data to `logs-nginx.*-*` like the one you can see at here |
I've updated the versions so that it increments the minor version, not the bug fix version now. |
Done.
This will need to wait until Giuseppe is back. @joshdover, since you implemented the flags in fleet, how big do you think is the risk that packages with these flags cause issues when used in older stack versions?
These settings are documented in the package spec: https://github.com/elastic/package-spec/blob/e29dd918bc5a6e81cb0b36ae8a3c4b4738f1d68e/spec/integration/data_stream/manifest.spec.yml#L304-L309
While dynamic dataset/namespace is enabled by default for input packages, regular integrations need to opt-in for each data stream. That's because not all integrations will want to open up the API key permissions. The regular API key permissions are very narrowly scoped to the exact dataset and namespace, for example
No, this will not show in any UI. |
I have tested now the rerouting of logs for the following use cases:
|
/test |
💚 Build Succeeded
Historycc @gsantoro |
Package activemq - 0.10.0 containing this change is available at https://epr.elastic.co/search?package=activemq |
Package auditd - 3.9.0 containing this change is available at https://epr.elastic.co/search?package=auditd |
Package aws - 1.44.0 containing this change is available at https://epr.elastic.co/search?package=aws |
Package docker - 2.6.0 containing this change is available at https://epr.elastic.co/search?package=docker |
Package kafka - 1.7.0 containing this change is available at https://epr.elastic.co/search?package=kafka |
Package kubernetes - 1.42.0 containing this change is available at https://epr.elastic.co/search?package=kubernetes |
Package system - 1.33.0 containing this change is available at https://epr.elastic.co/search?package=system |
@@ -1,7 +1,7 @@ | |||
format_version: 1.0.0 | |||
name: system | |||
title: System | |||
version: 1.32.0-beta.2 | |||
version: 1.33.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gsantoro With this change you accidentally release TSDB which was still in beta!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gsantoro Are we considering System Integration TSDB as GA now or are we planning to revert the change ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TSDB in system is now approved to be in GA. #6607
* fix system test for kubernetes integration for k8s v1.27.0 * minor changes from formatting * syslong changes * revert a merge conflict * add permissions to selected list of datastreams * update PR id * fix merge conflict with main * Increment minor version instead of bugfix version * added comments for new settings * update activemq version --------- Co-authored-by: Felix Barnsteiner <felix.barnsteiner@elastic.co>
What does this PR do?
This PR add permissions to reroute logs to
logs-*-*
for integrations that are not input packages.The full list of packages to edit is:
kubernetes.container_logs
system.syslog
activemq.log
auditd.log
aws.cloudwatch_logs
aws.ec2_logs
kafka.log
docker.container_logs
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots