[Fleet] RBAC - Make agents write APIs space aware - 4/4#191277
Merged
jillguyonnet merged 5 commits intoelastic:mainfrom Aug 30, 2024
Merged
[Fleet] RBAC - Make agents write APIs space aware - 4/4#191277jillguyonnet merged 5 commits intoelastic:mainfrom
jillguyonnet merged 5 commits intoelastic:mainfrom
Conversation
Member
Author
|
/ci |
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
jillguyonnet
added
Team:Fleet
Member
Author
|
Hey @nchaulet - this PR should be ready for first review - I've detailed the changes in the description to help with the review. I'm still looking if I can figure out tests for queries in batches as these have proven unstable, otherwise I think this is everything. |
jillguyonnet
commented
Aug 26, 2024
Member
Author
|
/ci |
Contributor
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#6810[✅] x-pack/test/fleet_api_integration/config.space_awareness.ts: 200/200 tests passed. |
Contributor
|
Pinging @elastic/fleet (Team:Fleet) |
Member
Author
|
@elasticmachine merge upstream |
Member
Author
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
nchaulet
approved these changes
Aug 29, 2024
Member
nchaulet
left a comment
nchaulet
left a comment
There was a problem hiding this comment.
Code LGTM 🚀 renaming namespace => spaceId remove a lot of confusion that's great
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #185040
Followup to:
#188507
#189519
#190069
This PR contains the last required changed for making Fleet agents write APIs space aware:
POST /agents/{agentId}/unenrollPOST /agents/{agentId}/request_diagnosticsPOST /agents/bulk_unenrollPOST /agents/bulk_request_diagnosticsPOST /agents/bulk_update_agent_tagswhere the space id was not passed.namespacesproperty when creating agent actions when the space id is known.currentNamespacetocurrentSpaceIdwhere appropriate (see comment below).⚠️ At the time of writing, I would like there to be more tests covering bulk query processing in batches, which are currently lacking. I have experienced difficulties getting those tests to pass consistently.A note on terminology
As pointed out in #191083 (comment), it seems that the terms "namespace" and "space id" are occasionally used interchangeably in some parts of the codebase to refer to a Kibana space. For instance, documents in Fleet indices (agents, agent policies, agent actions...) possess a
namespacesproperty to track the spaces they belong to. The current space id is also returned using the Saved Object client'sgetCurrentNamespacefunction.However, "namespace" is also a datastream property. In the Agent policy settings UI, the "Spaces" property (which will be linked to the saved object's
namespacesproperty) is above the "Default namespace" property, which relates to the integration's data streams:This should not be a source of major issues, but is best clarified for future reference. In this PR, I've replaced some occurrences of
namespacewithspaceIdwhere appropriate to try to maximise the use of the latter.Testing
Checklist