[Synthetics] Remove fleet permission requirement for private location monitor cruds

[shahzad31]

Summary

Remove fleet permission requirement for private location monitor cruds !!

Only synthetics write permission will be required to add/edit/delete monitors in private locations !!

Release notes

Creating, Editing, deleting monitors in private locations, no longer requires fleet all permission. You will only need synthetics write permissions.

• Creating private locations, managing monitors in private locations will only need synthetics permissions
• Fleet permissions are still required if user have to create a new agent policy which needs to be attached with private location
• If policies already exists for example or have been setup by an admin, Synthetics users with synthetics permissions can read those policies and will be able to use them as part of private location management.

[apmmachine]

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

• /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/uptime (Team:uptime)

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[dominiqueclarke]

This does not work for proejct monitors.

There are tests in the api integrations that still show that errors populate when a user uses an api key/user without fleet permissions.

One test you updated actually wasn't a faithful test, because it was using supertest instead of supertestWithoutAuth. I've updated it and you can now see the test fails. Plus there are "passing" test that test that errors occur when users do not have fleet permissions.

[florent-leborgne]

I've reviewed the current text as is, but wouldn't it be possible to just add a small mention besides/below the disabled button within the empty state that states "You need the XX privilege to create an agent policy", instead of the big callout?

[dominiqueclarke]

Please disable the button as well when user does not have permissions to create an agent policy

[dominiqueclarke]

LGTM.

@florent-leborgne, I'm just wondering about this content for users who do not have Fleet privileges

[dominiqueclarke]

LGTM

[florent-leborgne]

@dominiqueclarke the callout is not ideal as we're trying to clarify different permissions needed for different entities but I think it's needed for them to understand that managing policies is different from managing locations, even though you need one to do the other.
The sentence itself is incorrect though, I'll suggest an edit.

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 6450cf9

Failed CI Steps

• Fleet Cypress Tests

Test Failures

• [job] [logs] Fleet Cypress Tests / View agents list Bulk actions should allow to bulk upgrade agents and cancel that upgrade

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
synthetics	1.2MB	1.2MB	-2.0KB

Unknown metric groups

ESLint disabled line counts

id	before	after	diff
enterpriseSearch	13	15	+2
securitySolution	410	414	+4
total			+6

Total ESLint disabled count

id	before	after	diff
enterpriseSearch	14	16	+2
securitySolution	493	497	+4
total			+6

History

• 💛 Build #135268 was flaky 56fa244
• 💔 Build #135236 failed ef8a46c
• 💛 Build #135192 was flaky 8b0b381
• 💛 Build #135137 was flaky 6cb9946
• 💔 Build #135106 failed 44b7fdb
• 💔 Build #135094 failed 5928aba

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[shahzad31]

POST FF Testing looks good, created a small follow up PR

#161351