-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[apm] Update APM feature roles docs #4193
Conversation
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Verify that the privileges listed in each role are correct and reflect the latest version of APM / Elastic as a whole. (I'm not sure how to go about confirming or testing these.)
Are these the right feature roles? Are any missing? Should any be removed?
Our team should confirm the required privileges. IIUC points to update:
- missing privilege to query cluster uuid
- mark api key role as deprecated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some comment but overall is already a great improvement 🤩
I'll take on me to:
|
TL;DR: querying cluster uuid requires Today I researched how to query cluster UUID. My understanding is that
|
Regarding the Api Key role, my understanding is that is only needed for the |
I've completed checking for roles/permissions.
Details
|
It looks like that setting was added about 7 months ago by @carsonip in 4834fce. Maybe Carson can provide context? (The related PR and issue don't provide much information.) |
Also @endorama ...
... can you confirm if this just for the writer role or if it is necessary for all roles? The phrase APM server startup preconditions makes me think it's necessary to do anything, but I wanted to make sure. Also is |
@colleenmcginnis Sorry for the confusion!
I think adding it to the |
Apparently there is no option to set allow_restricted_indices in roles UI. Roles created in this UI will have allow_restricted_indices default to false. e.g.
However, if you create the API key from API Key UI, under "Control security privileges", the example config in the textbox will have |
@carsonip I can confirm it's broken with |
Co-authored-by: Edoardo Tenani <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤩 looks great! Thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some little things and some questions about heading hierarchy.
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/observability/apm/security/elastic-stack/feature-roles.asciidoc
Outdated
Show resolved
Hide resolved
Co-authored-by: Mike Birnstiehl <[email protected]>
Thank you! I messed up the headings when I caught up to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🦭 👍
* initial attempt * restructure * fix build * address initial feedback * deprecate api key role * fix typo * add use cases * reframe what we mean by users * fix redirect * add monitor privilege * clean up structure * Update docs/en/observability/apm/feature-roles.asciidoc Co-authored-by: Edoardo Tenani <[email protected]> * update docs/en/observability/apm/feature-roles.asciidoc * Update feature-roles.asciidoc * update docs/en/observability/apm/feature-roles.asciidoc * use roles api in central config section * apply suggestions from code review Co-authored-by: Mike Birnstiehl <[email protected]> --------- Co-authored-by: Edoardo Tenani <[email protected]> Co-authored-by: Mike Birnstiehl <[email protected]> (cherry picked from commit d6a61fd) # Conflicts: # docs/en/observability/apm/feature-roles.asciidoc
* initial attempt * restructure * fix build * address initial feedback * deprecate api key role * fix typo * add use cases * reframe what we mean by users * fix redirect * add monitor privilege * clean up structure * Update docs/en/observability/apm/feature-roles.asciidoc Co-authored-by: Edoardo Tenani <[email protected]> * update docs/en/observability/apm/feature-roles.asciidoc * Update feature-roles.asciidoc * update docs/en/observability/apm/feature-roles.asciidoc * use roles api in central config section * apply suggestions from code review Co-authored-by: Mike Birnstiehl <[email protected]> --------- Co-authored-by: Edoardo Tenani <[email protected]> Co-authored-by: Mike Birnstiehl <[email protected]> (cherry picked from commit d6a61fd) # Conflicts: # docs/en/observability/apm/feature-roles.asciidoc
* initial attempt * restructure * fix build * address initial feedback * deprecate api key role * fix typo * add use cases * reframe what we mean by users * fix redirect * add monitor privilege * clean up structure * Update docs/en/observability/apm/feature-roles.asciidoc Co-authored-by: Edoardo Tenani <[email protected]> * update docs/en/observability/apm/feature-roles.asciidoc * Update feature-roles.asciidoc * update docs/en/observability/apm/feature-roles.asciidoc * use roles api in central config section * apply suggestions from code review Co-authored-by: Mike Birnstiehl <[email protected]> --------- Co-authored-by: Edoardo Tenani <[email protected]> Co-authored-by: Mike Birnstiehl <[email protected]> (cherry picked from commit d6a61fd)
* initial attempt * restructure * fix build * address initial feedback * deprecate api key role * fix typo * add use cases * reframe what we mean by users * fix redirect * add monitor privilege * clean up structure * Update docs/en/observability/apm/feature-roles.asciidoc Co-authored-by: Edoardo Tenani <[email protected]> * update docs/en/observability/apm/feature-roles.asciidoc * Update feature-roles.asciidoc * update docs/en/observability/apm/feature-roles.asciidoc * use roles api in central config section * apply suggestions from code review Co-authored-by: Mike Birnstiehl <[email protected]> --------- Co-authored-by: Edoardo Tenani <[email protected]> Co-authored-by: Mike Birnstiehl <[email protected]> (cherry picked from commit d6a61fd) Co-authored-by: Colleen McGinnis <[email protected]>
* [apm] Update APM feature roles docs (#4193) * initial attempt * restructure * fix build * address initial feedback * deprecate api key role * fix typo * add use cases * reframe what we mean by users * fix redirect * add monitor privilege * clean up structure * Update docs/en/observability/apm/feature-roles.asciidoc Co-authored-by: Edoardo Tenani <[email protected]> * update docs/en/observability/apm/feature-roles.asciidoc * Update feature-roles.asciidoc * update docs/en/observability/apm/feature-roles.asciidoc * use roles api in central config section * apply suggestions from code review Co-authored-by: Mike Birnstiehl <[email protected]> --------- Co-authored-by: Edoardo Tenani <[email protected]> Co-authored-by: Mike Birnstiehl <[email protected]> (cherry picked from commit d6a61fd) # Conflicts: # docs/en/observability/apm/feature-roles.asciidoc * fix conflicts --------- Co-authored-by: Colleen McGinnis <[email protected]>
* [apm] Update APM feature roles docs (#4193) * initial attempt * restructure * fix build * address initial feedback * deprecate api key role * fix typo * add use cases * reframe what we mean by users * fix redirect * add monitor privilege * clean up structure * Update docs/en/observability/apm/feature-roles.asciidoc Co-authored-by: Edoardo Tenani <[email protected]> * update docs/en/observability/apm/feature-roles.asciidoc * Update feature-roles.asciidoc * update docs/en/observability/apm/feature-roles.asciidoc * use roles api in central config section * apply suggestions from code review Co-authored-by: Mike Birnstiehl <[email protected]> --------- Co-authored-by: Edoardo Tenani <[email protected]> Co-authored-by: Mike Birnstiehl <[email protected]> (cherry picked from commit d6a61fd) # Conflicts: # docs/en/observability/apm/feature-roles.asciidoc * fix conflicts --------- Co-authored-by: Colleen McGinnis <[email protected]>
In #3980 (comment), @endorama suggested that we clarify the docs on APM feature roles. Let me know what you think of this approach. I attempted to clarify how feature roles work and which privileges are required for different use cases by:
Here's what hasn't been addressed yet:
Here's the PR preview: https://observability-docs_bk_4193.docs-preview.app.elstc.co/guide/en/observability/master/apm-feature-roles.html
@endorama let me know what you think of this approach. If we're on the right track, we can iterate in this PR.
cc @simitt @carsonip