[Fleet] Fix dataset suffix in permissions for OTel policies#266101
Merged
jsoriano merged 2 commits intoelastic:mainfrom Apr 28, 2026
Merged
[Fleet] Fix dataset suffix in permissions for OTel policies#266101jsoriano merged 2 commits intoelastic:mainfrom
jsoriano merged 2 commits intoelastic:mainfrom
Conversation
jsoriano
added
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
jsoriano
added
the
release_note:skip
Contributor
ApprovabilityVerdict: Needs human review This PR modifies how agent index permissions are computed for OTel policies by appending You can customize Macroscope's approvability policy. Learn more. |
nchaulet
approved these changes
Apr 28, 2026
teresaromero
approved these changes
Apr 28, 2026
Contributor
teresaromero
left a comment
teresaromero
left a comment
There was a problem hiding this comment.
tested integrated with elastic-package 👍🏻
Member
Author
Yes, the elasticsearch exporter in the OTel collector appends |
jsoriano
added
release_note:skip
Contributor
💚 Build Succeeded
Metrics [docs]
History
cc @jsoriano |
Contributor
|
Starting backport for target branches: 9.4 https://github.com/elastic/kibana/actions/runs/25070561455 |
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Apr 28, 2026
…66101) (#266206) # Backport This will backport the following commits from `main` to `9.4`: - [[Fleet] Fix dataset suffix in permissions for OTel policies (#266101)](#266101) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Jaime Soriano Pastor","email":"jaime.soriano@elastic.co"},"sourceCommit":{"committedDate":"2026-04-28T18:27:33Z","message":"[Fleet] Fix dataset suffix in permissions for OTel policies (#266101)\n\nPermissions added for data streams in OTel policies should include the\n.otel suffix in the dataset. Without this the permissions don't match\nand ingestion fails.\n\nThis is an issue with integration packages without `dynamic_dataset:\ntrue`. In the case of input packages this is not an issue because this\nparameter is always true.","sha":"283d848b4e9f67b4b4354f51214c699c484a8a04","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","backport:version","v9.4.0","v9.5.0"],"title":"[Fleet] Fix dataset suffix in permissions for OTel policies","number":266101,"url":"https://github.com/elastic/kibana/pull/266101","mergeCommit":{"message":"[Fleet] Fix dataset suffix in permissions for OTel policies (#266101)\n\nPermissions added for data streams in OTel policies should include the\n.otel suffix in the dataset. Without this the permissions don't match\nand ingestion fails.\n\nThis is an issue with integration packages without `dynamic_dataset:\ntrue`. In the case of input packages this is not an issue because this\nparameter is always true.","sha":"283d848b4e9f67b4b4354f51214c699c484a8a04"}},"sourceBranch":"main","suggestedTargetBranches":["9.4"],"targetPullRequestStates":[{"branch":"9.4","label":"v9.4.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/266101","number":266101,"mergeCommit":{"message":"[Fleet] Fix dataset suffix in permissions for OTel policies (#266101)\n\nPermissions added for data streams in OTel policies should include the\n.otel suffix in the dataset. Without this the permissions don't match\nand ingestion fails.\n\nThis is an issue with integration packages without `dynamic_dataset:\ntrue`. In the case of input packages this is not an issue because this\nparameter is always true.","sha":"283d848b4e9f67b4b4354f51214c699c484a8a04"}}]}] BACKPORT--> Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Permissions added for data streams in OTel policies should include the .otel suffix in the dataset. Without this the permissions don't match and ingestion fails.
This is an issue with integration packages without
dynamic_dataset: true. In the case of input packages this is not an issue because this parameter is always true.Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.Identify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.