Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[APM] Secure agent configuration endpoints #50050

Closed
dgieselaar opened this issue Nov 6, 2019 · 1 comment · Fixed by #50211
Closed

[APM] Secure agent configuration endpoints #50050

dgieselaar opened this issue Nov 6, 2019 · 1 comment · Fixed by #50211
Assignees
@dgieselaar
Labels
Team:APM All issues that need APM UI Team support

Comments

@dgieselaar
Copy link
Member

dgieselaar commented Nov 6, 2019
edited by sorenlouv
Loading

To secure the agent configuration endpoints a few changes are required.

1) Define the apm_write privilege

It tells us how to create the privileges so that only users who have the APM All privilege will be able to access any APIs with the “access:apm_write” tag

Update

kibana/x-pack/legacy/plugins/apm/index.ts

Line 93 in a014241

api: ['apm'],
with:

privileges: {
  all: {
    api: ['apm', 'apm_write'],
  }
}

2) Add the apm_write privilege on agent configuration endpoints:

{
  tags: [‘access:apm’, ‘access:apm_write’]
}
@dgieselaar dgieselaar added the Team:APM All issues that need APM UI Team support label Nov 6, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/apm-ui (Team:apm)

@sorenlouv sorenlouv changed the title [APM] Add access:apm:write tags to agent configuration routes [APM] Secure Agent configuration routes Nov 8, 2019
@sorenlouv sorenlouv changed the title [APM] Secure Agent configuration routes [APM] Secure agent configuration endpoints Nov 8, 2019
@dgieselaar dgieselaar self-assigned this Nov 11, 2019
dgieselaar added a commit to dgieselaar/kibana that referenced this issue Nov 11, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoints
a89032c 
Closes elastic#50050.
@dgieselaar dgieselaar mentioned this issue Nov 11, 2019
Merged
dgieselaar added a commit to dgieselaar/kibana that referenced this issue Nov 12, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoints
5b7057b 
Closes elastic#50050.
dgieselaar added a commit to dgieselaar/kibana that referenced this issue Nov 12, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoints
9218162 
Closes elastic#50050.
dgieselaar added a commit to dgieselaar/kibana that referenced this issue Nov 13, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoints
acda361 
Closes elastic#50050.
dgieselaar added a commit to dgieselaar/kibana that referenced this issue Nov 13, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoints
ccd9139 
Closes elastic#50050.
dgieselaar added a commit to dgieselaar/kibana that referenced this issue Nov 13, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoints
cf1b6e7 
Closes elastic#50050.
dgieselaar added a commit that referenced this issue Nov 13, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoin… (#50211)
f317c25 
* [APM] Use callWithInternalUser for agent configuration endpoints

Closes #50050.

* Review feedback

* Use internalClient for agent conf queries only
@zube zube bot reopened this Nov 13, 2019
@zube zube bot closed this as completed Nov 13, 2019
@zube zube bot reopened this Nov 13, 2019
@zube zube bot closed this as completed Nov 13, 2019
@zube zube bot reopened this Nov 13, 2019
@zube zube bot closed this as completed Nov 13, 2019
dgieselaar added a commit to dgieselaar/kibana that referenced this issue Nov 13, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoin… (elas…
3106f42 
…tic#50211)

* [APM] Use callWithInternalUser for agent configuration endpoints

Closes elastic#50050.

* Review feedback

* Use internalClient for agent conf queries only
@zube zube bot reopened this Nov 13, 2019
@zube zube bot added [zube]: Inbox and removed [zube]: Done labels Nov 13, 2019
@zube zube bot closed this as completed Nov 13, 2019
@zube zube bot reopened this Nov 13, 2019
@zube zube bot added [zube]: Inbox and removed [zube]: Done labels Nov 13, 2019
@zube zube bot closed this as completed Nov 13, 2019
dgieselaar added a commit to dgieselaar/kibana that referenced this issue Nov 13, 2019
@dgieselaar
[APM] Use callWithInternalUser for agent configuration endpoin… (elas…
46879ee 
…tic#50211)

* [APM] Use callWithInternalUser for agent configuration endpoints

Closes elastic#50050.

* Review feedback

* Use internalClient for agent conf queries only
dgieselaar added a commit that referenced this issue Nov 13, 2019
@dgieselaar
[7.5] [APM] Use callWithInternalUser for agent configuration e… (#50498)
1a2b8d6 
* [APM] Use callWithInternalUser for agent configuration endpoints

Closes #50050.

* Review feedback

* Use internalClient for agent conf queries only
dgieselaar added a commit that referenced this issue Nov 13, 2019
@dgieselaar
[7.x] [APM] Use callWithInternalUser for agent configuration e… (#50488)
57ab6e7 
* [APM] Use callWithInternalUser for agent configuration endpoints

Closes #50050.

* Review feedback

* Use internalClient for agent conf queries only
chrisronline pushed a commit to chrisronline/kibana that referenced this issue Nov 14, 2019
@dgieselaar @chrisronline
[APM] Use callWithInternalUser for agent configuration endpoin… (elas…
c751aac 
…tic#50211)

* [APM] Use callWithInternalUser for agent configuration endpoints

Closes elastic#50050.

* Review feedback

* Use internalClient for agent conf queries only
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dgieselaar dgieselaar

Labels
Team:APM All issues that need APM UI Team support
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[APM] Use callWithInternalUser for agent configuration endpoints dgieselaar/kibana
3 participants
@sorenlouv @dgieselaar @elasticmachine