Skip to content

[8.x] [Fleet] Adjust privileges for GET output and GET download_source endpoints (#194951)#195536

Merged
criamico merged 4 commits intoelastic:8.xfrom
criamico:backport/8.x/pr-194951
Oct 11, 2024
Merged

[8.x] [Fleet] Adjust privileges for GET output and GET download_source endpoints (#194951)#195536
criamico merged 4 commits intoelastic:8.xfrom
criamico:backport/8.x/pr-194951

Conversation

@criamico
Copy link
Copy Markdown
Member

@criamico criamico commented Oct 9, 2024

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@criamico
[Fleet] Adjust privileges for GET output and GET download_source endp…
d500b95 
…oints (elastic#194951)

Fixes elastic#191266

## Summary
Updating the authz for following endpoints:
- `GET /agent_download_sources`
- `GET /agent_download_sources/{id}`
- `GET /outputs`
- `GET /outputs/{id}`
They need to have `authz.fleet.readSettings ||
authz.fleet.readAgentPolicies` as they should be visible in the agent
policy settings page as well.

### Testing
- Enable feature flag `subfeaturePrivileges`
- Create a role with following privileges:
![Screenshot 2024-10-04 at 15 49
54](https://github.com/user-attachments/assets/4bbc95e4-01d0-43e0-a539-b03b8f4c219e)
- Create a user that has the previous role
- Log in and go to any agent policy > settings
- The download source and output fields should be filled and editable.
They were previously empty, as the GET endpoints were failing with 403
Forbidden

### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit 14d5677)

# Conflicts:
#	x-pack/plugins/fleet/server/routes/download_source/index.ts
@criamico criamico added the backport This PR is a backport of another PR label Oct 9, 2024
@criamico criamico enabled auto-merge (squash) October 9, 2024 07:29
@criamico criamico mentioned this pull request Oct 9, 2024
Merged
1 task
@botelastic botelastic Bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Oct 9, 2024
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 9, 2024

Pinging @elastic/fleet (Team:Fleet)

@criamico
Copy link
Copy Markdown
Member Author

criamico commented Oct 9, 2024

@elasticmachine merge upstream

@criamico
Copy link
Copy Markdown
Member Author

criamico commented Oct 11, 2024

@elasticmachine merge upstream

@criamico criamico merged commit 994d97f into elastic:8.x Oct 11, 2024
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 11, 2024

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

@criamico criamico deleted the backport/8.x/pr-194951 branch October 11, 2024 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jen-huang jen-huang jen-huang approved these changes

Assignees

No one assigned

Labels

backport This PR is a backport of another PR Team:Fleet Team label for Observability Data Collection Fleet team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@criamico @elasticmachine @jen-huang