Skip to content

Fleet should restrict the permissions on the keys. #89713

Closed
#90302
Closed
Fleet should restrict the permissions on the keys.#89713
#90302
Assignees
skh
Labels
Team:FleetTeam label for Observability Data Collection Fleet teambugFixes for quality problems that affect the customer experiencetechnical debtImprovement of the software architecture and operational architecture
@ph

Description

@ph
ph
opened on Jan 29, 2021

In the following code, we give more permission to the API that we would like to, we should restrict the permissions to the data stream and not the backing indices and we should only use minimal permissions.

kibana/x-pack/test/fleet_api_integration/apis/fleet_setup.ts

Lines 64 to 73 in 49d95f6

names: [
'logs-*',
'metrics-*',
'traces-*',
'.ds-logs-*',
'.ds-metrics-*',
'.ds-traces-*',
],
privileges: ['write', 'create_index', 'indices:admin/auto_create'],
allow_restricted_indices: false, 

{
	"fleet-output": {
		"cluster": ["monitor"],
		"index": [{
			"names": [
				"logs-*",
				"metrics-*",
                                "traces-*",
			],
			"privileges": [
				"create_doc",
				"indices:admin/auto_create"
			]
		}]
	}
}

Metadata

Metadata

Assignees

Labels

Team:FleetTeam label for Observability Data Collection Fleet teambugFixes for quality problems that affect the customer experiencetechnical debtImprovement of the software architecture and operational architecture

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions