New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Synthetics] Remove fleet permission requirement for private location monitor cruds #159378
Conversation
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
Pinging @elastic/uptime (Team:uptime) |
…ibana into internal-system-user
Pinging @elastic/fleet (Team:Fleet) |
Update required permissions as a result of elastic/kibana#159378
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does not work for proejct monitors.
There are tests in the api integrations that still show that errors populate when a user uses an api key/user without fleet permissions.
One test you updated actually wasn't a faithful test, because it was using supertest
instead of supertestWithoutAuth
. I've updated it and you can now see the test fails. Plus there are "passing" test that test that errors occur when users do not have fleet permissions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've reviewed the current text as is, but wouldn't it be possible to just add a small mention besides/below the disabled button within the empty state that states "You need the XX privilege to create an agent policy", instead of the big callout?
x-pack/plugins/synthetics/e2e/synthetics/journeys/private_locations.journey.ts
Show resolved
Hide resolved
x-pack/plugins/synthetics/public/apps/synthetics/components/common/components/permissions.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/synthetics/public/apps/synthetics/components/common/components/permissions.tsx
Outdated
Show resolved
Hide resolved
...ns/synthetics/public/apps/synthetics/components/settings/private_locations/location_form.tsx
Outdated
Show resolved
Hide resolved
…mmon/components/permissions.tsx Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
…ttings/private_locations/location_form.tsx Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. @florent-leborgne, I'm just wondering about this content for users who do not have Fleet privileges |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…mmon/components/permissions.tsx Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
@dominiqueclarke the callout is not ideal as we're trying to clarify different permissions needed for different entities but I think it's needed for them to understand that managing policies is different from managing locations, even though you need one to do the other. |
x-pack/plugins/synthetics/public/apps/synthetics/components/common/components/permissions.tsx
Outdated
Show resolved
Hide resolved
…mmon/components/permissions.tsx Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
POST FF Testing looks good, created a small follow up PR |
Summary
Remove fleet permission requirement for private location monitor cruds !!
Only synthetics write permission will be required to add/edit/delete monitors in private locations !!
Release notes
Creating, Editing, deleting monitors in private locations, no longer requires fleet all permission. You will only need synthetics write permissions.