[index management] Better privilege checking for component index templates #202251
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…/kibana into enrich_policy_mgmt_better_privs
|
Pinging @elastic/kibana-management (Team:Kibana Management) |
|
/ci |
ElenaStoeva
reviewed
Dec 16, 2024
There was a problem hiding this comment.
Hi @mattkime, I tested locally (followed the instructions from #178654 to create a test user) and it looks like a user with monitor cluster privileges can view index templates but cannot view component templates. Is this the expected behavior? I thought we would expect to see both index templates and component templates.
|
@ElenaStoeva That's expected as I haven't yet addressed the Index Templates tab. I'm going one tab at a time. Also, sometimes the privilege model doesn't make sense in some ways. I need to write something up for the ES team. More specifically, |
ElenaStoeva
approved these changes
Dec 18, 2024
There was a problem hiding this comment.
Thanks for clarifying @mattkime! I had the incorrect understanding that with monitor privileges we should be able to see the component templates list (but not edit/add templates). Anyway, knowing that we can only view them with manage_index_templates privilege, it works as expected. Changes also lgtm.
|
/ci |
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/12395697943 |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Page load bundle
History
cc @mattkime |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
mattkime
added a commit
to mattkime/kibana
that referenced
this pull request
Dec 18, 2024
…lates (elastic#202251) ## Summary Builds on elastic#201717 Part of elastic#178654 `manage_index_templates` cluster privilege determines access to component index templates tab within index management. (cherry picked from commit 1756918) # Conflicts: # x-pack/platform/plugins/private/translations/translations/zh-CN.json
mattkime
added a commit
that referenced
this pull request
Dec 19, 2024
…x templates (#202251) (#204778) # Backport This will backport the following commits from `main` to `8.x`: - [[index management] Better privilege checking for component index templates (#202251)](#202251) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Matthew Kime","email":"matt@mattki.me"},"sourceCommit":{"committedDate":"2024-12-18T15:05:22Z","message":"[index management] Better privilege checking for component index templates (#202251)\n\n## Summary\r\n\r\nBuilds on https://github.com/elastic/kibana/pull/201717\r\n\r\nPart of https://github.com/elastic/kibana/issues/178654\r\n\r\n`manage_index_templates` cluster privilege determines access to\r\ncomponent index templates tab within index management.","sha":"17569187b6992252eff68a7ba408dd8b88fd883d","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Feature:Index Management","Team:Kibana Management","v9.0.0","backport:prev-minor"],"number":202251,"url":"https://github.com/elastic/kibana/pull/202251","mergeCommit":{"message":"[index management] Better privilege checking for component index templates (#202251)\n\n## Summary\r\n\r\nBuilds on https://github.com/elastic/kibana/pull/201717\r\n\r\nPart of https://github.com/elastic/kibana/issues/178654\r\n\r\n`manage_index_templates` cluster privilege determines access to\r\ncomponent index templates tab within index management.","sha":"17569187b6992252eff68a7ba408dd8b88fd883d"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/202251","number":202251,"mergeCommit":{"message":"[index management] Better privilege checking for component index templates (#202251)\n\n## Summary\r\n\r\nBuilds on https://github.com/elastic/kibana/pull/201717\r\n\r\nPart of https://github.com/elastic/kibana/issues/178654\r\n\r\n`manage_index_templates` cluster privilege determines access to\r\ncomponent index templates tab within index management.","sha":"17569187b6992252eff68a7ba408dd8b88fd883d"}}]}] BACKPORT-->
JoseLuisGJ
pushed a commit
to JoseLuisGJ/kibana
that referenced
this pull request
Dec 19, 2024
…lates (elastic#202251) ## Summary Builds on elastic#201717 Part of elastic#178654 `manage_index_templates` cluster privilege determines access to component index templates tab within index management.
benakansara
pushed a commit
to benakansara/kibana
that referenced
this pull request
Jan 2, 2025
…lates (elastic#202251) ## Summary Builds on elastic#201717 Part of elastic#178654 `manage_index_templates` cluster privilege determines access to component index templates tab within index management.
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Jan 13, 2025
…lates (elastic#202251) ## Summary Builds on elastic#201717 Part of elastic#178654 `manage_index_templates` cluster privilege determines access to component index templates tab within index management.
viduni94
pushed a commit
to viduni94/kibana
that referenced
this pull request
Jan 23, 2025
…lates (elastic#202251) ## Summary Builds on elastic#201717 Part of elastic#178654 `manage_index_templates` cluster privilege determines access to component index templates tab within index management.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Builds on #201717
Part of #178654
manage_index_templatescluster privilege determines access to component index templates tab within index management.