feat(slo): Assert user has correct source index privileges when creating, updating or reseting an SLO#199233
Merged
kdelemme merged 8 commits intoelastic:mainfrom Nov 12, 2024
Conversation
Contributor
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
x-pack/plugins/observability_solution/slo/server/services/reset_slo.ts
Outdated
Show resolved
Hide resolved
Contributor
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
shahzad31
reviewed
Nov 12, 2024
Comment on lines
+49
to
+50
| await this.assertSLOInexistant(slo); | ||
| await assertExpectedIndicatorSourceIndexPrivileges(slo, this.esClient); |
Contributor
There was a problem hiding this comment.
could be done in parallel.
Contributor
💚 Build Succeeded
Metrics [docs]
History
|
Contributor
|
Starting backport for target branches: 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Nov 12, 2024
…ing, updating or reseting an SLO (elastic#199233) (cherry picked from commit da85efe)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
This was referenced Nov 12, 2024
Contributor
|
Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync. |
Contributor
|
Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync. |
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Nov 18, 2024
…ing, updating or reseting an SLO (elastic#199233)
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Nov 18, 2024
…ing, updating or reseting an SLO (elastic#199233)
Contributor
|
Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync. |
1 similar comment
Contributor
|
Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync. |
kibanamachine
added a commit
that referenced
this pull request
Nov 20, 2024
… creating, updating or reseting an SLO (#199233) (#199875) # Backport This will backport the following commits from `main` to `8.x`: - [feat(slo): Assert user has correct source index privileges when creating, updating or reseting an SLO (#199233)](#199233) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kevin Delemme","email":"kevin.delemme@elastic.co"},"sourceCommit":{"committedDate":"2024-11-12T20:08:40Z","message":"feat(slo): Assert user has correct source index privileges when creating, updating or reseting an SLO (#199233)","sha":"da85efe5093c148d4b91bcd3e21fd93c9f182a4f","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-management","v8.17.0"],"title":"feat(slo): Assert user has correct source index privileges when creating, updating or reseting an SLO","number":199233,"url":"https://github.com/elastic/kibana/pull/199233","mergeCommit":{"message":"feat(slo): Assert user has correct source index privileges when creating, updating or reseting an SLO (#199233)","sha":"da85efe5093c148d4b91bcd3e21fd93c9f182a4f"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199233","number":199233,"mergeCommit":{"message":"feat(slo): Assert user has correct source index privileges when creating, updating or reseting an SLO (#199233)","sha":"da85efe5093c148d4b91bcd3e21fd93c9f182a4f"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Kevin Delemme <kevin.delemme@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #195254
🚗 Summary
Since we use the secondary auth to create and start the transform, a user without the read index privileges is able to create an SLO. But the SLO will never be able to work correctly: the related rollup transform will be failing due to missing privileges.
This PR asserts the user has the correct [
read,view_index_metadata] index privileges on the SLO indicator index, i.e. the source index when creating, editing or reseting an SLO.Testing
readprivilege on the index you want to create an SLO with.This request should return a 403: