Skip to content

Allow fleet-server service account to setup Fleet #78192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 6, 2021
Merged

Allow fleet-server service account to setup Fleet #78192

merged 6 commits into from
Oct 6, 2021

Conversation

@ywangd
Copy link
Member

@ywangd ywangd commented Sep 22, 2021

This PR adds necessary application privilege for Kibana to allow
fleet-server service account to initiate the Fleet setup process.

Resolves: #78078

@ywangd
Allow fleet-server service account to setup Fleet
371b7da 
This PR adds necessary application privilege for Kibana to allow
fleet-server service account to initiate the Fleet setup process.

Resolves: elastic#78078
@ywangd ywangd added >enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v8.0.0 v7.16.0 labels Sep 22, 2021
@ywangd ywangd requested review from joshdover and tvernum September 22, 2021 14:46
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Sep 22, 2021
@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 22, 2021

Pinging @elastic/es-security (Team:Security)

@ywangd ywangd mentioned this pull request Sep 23, 2021
Merged
@ywangd
Copy link
Member Author

ywangd commented Sep 28, 2021

@joshdover The PR is updated with manage_own_api_key as discussed in #78049 (comment)
Please review when convenient. Thanks!

This was referenced Oct 5, 2021
Merged
Closed
@joshdover
Copy link
Contributor

joshdover commented Oct 5, 2021

FYI I did some testing against this today and pending one question for the Kibana Security team, we should be good to merge soon.

joshdover
joshdover approved these changes Oct 5, 2021
View reviewed changes
Copy link
Contributor

@joshdover joshdover left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed this meets all of our requirements, thanks again!

@ywangd ywangd merged commit 324996e into elastic:master Oct 6, 2021
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Oct 6, 2021

💔 Backport failed

Status Branch Result
7.x Commit could not be cherrypicked due to conflicts

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 78192

ywangd added a commit to ywangd/elasticsearch that referenced this pull request Oct 6, 2021
@ywangd
Allow fleet-server service account to setup Fleet (elastic#78192)
d6e6a7b 
This PR adds necessary application privilege for Kibana to allow
fleet-server service account to initiate the Fleet setup process.

Resolves: elastic#78078
elasticsearchmachine pushed a commit that referenced this pull request Oct 6, 2021
@ywangd
Allow fleet-server service account to setup Fleet (#78192) (#78733)
8118a16 
This PR adds necessary application privilege for Kibana to allow
fleet-server service account to initiate the Fleet setup process.

Resolves: #78078
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

+1 more reviewer

@joshdover joshdover joshdover approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

>enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v7.16.0 v8.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Kibana application privileges to elastic/fleet-server service account

6 participants

@ywangd @elasticmachine @joshdover @elasticsearchmachine @tvernum @jakelandis