Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] added privileges for fleet-synced-integrations* #123493

Merged
merged 4 commits into from
Mar 3, 2025
Merged

[Fleet] added privileges for fleet-synced-integrations* #123493

merged 4 commits into from
Mar 3, 2025

Conversation

juliaElastic
Copy link
Contributor

Related elastic/kibana#206242
Follow up after #121753

Added kibana_system privileges on fleet-synced-integrations*
Reason: we are building a feature where the index fleet-synced-integrations will be replicated with CCR to remote clusters with the name fleet-synced-integrations-ccr-<remote_output_name>.
kibana_system has to read the follower index.

  • Have you signed the contributor license agreement? yes
  • Have you followed the contributor guidelines? yes
  • If submitting code, have you built your formula locally prior to submission with gradle check? yes
  • If submitting code, is your pull request against main? Unless there is a good reason otherwise, we prefer pull requests against main and will backport as needed. yes
  • If submitting code, have you checked that your submission is for an OS and architecture that we support? yes
  • If you are submitting this code for a class then read our policy for that.

@juliaElastic juliaElastic added >non-issue :Core/Infra/Plugins Plugin API and infrastructure Team:Core/Infra Meta label for core/infra team Team:Fleet v9.1.0 labels Feb 26, 2025
@juliaElastic juliaElastic self-assigned this Feb 26, 2025
@juliaElastic juliaElastic requested a review from a team as a code owner February 26, 2025 13:18
@juliaElastic juliaElastic changed the title [Fleet] added privileges for fleet-synced-integrations* [Fleet] added privileges for fleet-synced-integrations* Feb 26, 2025
@elasticsearchmachine elasticsearchmachine added the external-contributor Pull request authored by a developer outside the Elasticsearch team label Feb 26, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra (Team:Core/Infra)

@juliaElastic juliaElastic mentioned this pull request Feb 27, 2025
Merged
1 task
SiddharthMantri
SiddharthMantri requested changes Mar 3, 2025
View reviewed changes
Copy link
Contributor

@SiddharthMantri SiddharthMantri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a suggestion.

@juliaElastic @SiddharthMantri
Update x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/…
feb75d3 
…security/authz/store/KibanaOwnedReservedRoleDescriptors.java

Co-authored-by: Sid <siddharthmantri1@gmail.com>
@juliaElastic juliaElastic merged commit 24c5e5c into elastic:main Mar 3, 2025
17 checks passed
juliaElastic added a commit to elastic/kibana that referenced this pull request Mar 3, 2025
@juliaElastic
[Fleet] sync integrations from follower index (#212371)
3e2373f 
## Summary

Relates #206242

Implemented installing integrations from the doc in the follower index.
Can be tested locally by creating the ccr index locally or setting up 2
local clusters and set up ccr between them.

To test:
- Requires elastic/elasticsearch#123493,
checkout and run es from source
```
yarn es source --license trial -E xpack.security.authc.api_key.enabled=true -E xpack.security.authc.token.enabled=true  --source-path=/Users/juliabardi/elasticsearch  -E path.data=/tmp/es-data -E xpack.ml.enabled=false
```
- Enable feature flag `xpack.fleet.enableExperimental:
['enableSyncIntegrationsOnRemote']`
- Create doc in ccr index, `hosts` should match local elasticsearch host
```
POST fleet-synced-integrations-ccr-remote1/_doc
{
  "id": "fleet-synced-integrations",
 "remote_es_hosts": [
            {
              "hosts": [
                "http://192.168.64.1:9200"
              ],
              "name": "remote1",
              "sync_integrations": true
            }
          ],
          "integrations": [
            {
              "package_version": "1.25.0",
              "package_name": "nginx",
              "updated_at": "2025-02-24T09:03:51.936Z"
            }
          ]
}
```
- Wait 1m until the task runs, verify that the integrations from the doc
are installed


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Mar 22, 2025
@juliaElastic @CAWilson94
[Fleet] sync integrations from follower index (elastic#212371)
e18dd99 
## Summary

Relates elastic#206242

Implemented installing integrations from the doc in the follower index.
Can be tested locally by creating the ccr index locally or setting up 2
local clusters and set up ccr between them.

To test:
- Requires elastic/elasticsearch#123493,
checkout and run es from source
```
yarn es source --license trial -E xpack.security.authc.api_key.enabled=true -E xpack.security.authc.token.enabled=true  --source-path=/Users/juliabardi/elasticsearch  -E path.data=/tmp/es-data -E xpack.ml.enabled=false
```
- Enable feature flag `xpack.fleet.enableExperimental:
['enableSyncIntegrationsOnRemote']`
- Create doc in ccr index, `hosts` should match local elasticsearch host
```
POST fleet-synced-integrations-ccr-remote1/_doc
{
  "id": "fleet-synced-integrations",
 "remote_es_hosts": [
            {
              "hosts": [
                "http://192.168.64.1:9200"
              ],
              "name": "remote1",
              "sync_integrations": true
            }
          ],
          "integrations": [
            {
              "package_version": "1.25.0",
              "package_name": "nginx",
              "updated_at": "2025-02-24T09:03:51.936Z"
            }
          ]
}
```
- Wait 1m until the task runs, verify that the integrations from the doc
are installed


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SiddharthMantri SiddharthMantri SiddharthMantri approved these changes

Assignees

@juliaElastic juliaElastic

Labels
:Core/Infra/Plugins Plugin API and infrastructure external-contributor Pull request authored by a developer outside the Elasticsearch team >non-issue Team:Core/Infra Meta label for core/infra team Team:Fleet v9.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@juliaElastic @elasticsearchmachine @SiddharthMantri