New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional reasoning/requirements and suggestion for use to ES privileges #4197

Closed

conceptualshark wants to merge 10 commits into main from cg-add-es-privs

Contributor

conceptualshark commented Aug 26, 2024

Description

Closes #3355

When should this change go live?

This is a bug fix, security concern, or something that needs urgent release support.
This is already available but undocumented and should be released within a week.
This on a specific schedule and the assignee will coordinate a release with the DevEx team. (apply hold label or convert to draft PR)
This is part of a scheduled alpha or minor. (apply alpha or minor label)
There is no urgency with this change and can be released at any time.

PR Checklist

My changes are for an already released minor and are in /versioned_docs directory.
My changes are for the next minor and are in /docs directory (aka /next/).

My changes require an Engineering review, and I've assigned the Engineering DRI or delegate.
My changes require a technical writer review, and I've assigned @camunda/tech-writers as a reviewer.

conceptualshark added 2 commits

August 26, 2024 15:09


          update es privileges, backport

0a0e28c


          Merge branch 'main' into cg-add-es-privs

69b3651

conceptualshark requested review from romansmirnov and a team

August 26, 2024 19:16

conceptualshark self-assigned this

conceptualshark added the component:self-managed label

christinaausley previously approved these changes

View reviewed changes


          Merge branch 'main' into cg-add-es-privs

f967d21

conceptualshark requested review from romansmirnov and removed request for romansmirnov

September 5, 2024 19:24

Contributor

christinaausley commented Sep 16, 2024

CC @romansmirnov for final review 👍

romansmirnov previously approved these changes

View reviewed changes

Member

romansmirnov left a comment

Content-wise it looks good, that's basically what I have summarized at some point in Slack. Just added two questions.

docs/self-managed/concepts/elasticsearch-privileges.md Outdated

-              - `manage_index_templates` to create and manage index schema on start up, if they don't already exist in Elasticsearch.
-              - _Optional_ `manage_ilm` - required only when ILM is enabled
+              - `monitor` - Required to check the Elasticsearch cluster health. This privilege provides read-only cluster operations permissions.
+              - `manage_index_templates` - Creates the necessary index templates when Operate is started for the first time, or when updating to a newer version of Camunda 8. Once the index templates are created, you can stop Operate, remove this privilege, and then start Operate again.

Member

romansmirnov Oct 9, 2024

❓ It explicitly mentions Operate, what about Tasklist (and Optimize)?

Contributor Author

conceptualshark Oct 15, 2024

I've gone ahead and updated the file in /docs with a change to reference Operate, Tasklist, and Optimize (instead of only Operate). If this looks good I'll update it in the other files. 👍

docs/self-managed/concepts/elasticsearch-privileges.md

+              - `manage_index_templates` - See [cluster privileges](#cluster-privileges).
+              - `manage_ilm` - _Required when index lifecycle management (ILM) is enabled._ See [cluster privileges](#cluster-privileges).
+              These privileges can be granted temporarily during an upgrade:

Member

romansmirnov Oct 9, 2024

❓ Just for context, why are we documenting this? If I remember correctly, I summarized that in the context of a customer request.

Contributor Author

conceptualshark Oct 15, 2024

I don't have context for the original ask, only the summary. Can you specify if these permissions should be removed, and if so, which ones in particular?

conceptualshark added 2 commits

October 15, 2024 14:45


          Merge branch 'main' into cg-add-es-privs

eadaadb


          make references to operate more generic

8be2870

conceptualshark dismissed stale reviews from romansmirnov and christinaausley via

8be2870

October 15, 2024 18:48

Contributor

github-actions bot commented Oct 15, 2024 •

edited

Loading

👋 🤖 ✅ Looks like the changes were ported across versions, nice job! 🎉

You can read more about the versioning within our docs in our documentation guidelines.

conceptualshark requested a review from romansmirnov

October 15, 2024 18:54

conceptualshark added 4 commits

December 3, 2024 09:27


          Merge branch 'main' into cg-add-es-privs

e39559d


          update for 8.6 release, backport

ca915b5


          Merge branch 'main' into cg-add-es-privs

45f266c


          Revert "make references to operate more generic"

95c4256

This reverts commit 8be2870.

camunda deleted a comment from github-actions bot

camunda deleted a comment from github-actions bot

camunda deleted a comment from github-actions bot

camunda deleted a comment from github-actions bot


          update 8.6

ca80faa

camunda deleted a comment from github-actions bot

github-actions bot reviewed

View reviewed changes

docs/apis-tools/tasklist-api/tasklist-api-tutorial.md

Comment on lines +253 to +255

+                  axiosRef.defaults.headers[
+                    "Authorization"
+                  ] = `Bearer ${credentials.access_token}`;

Contributor

github-actions bot Dec 3, 2024

[prettier] _{reported by reviewdog 🐶}

Suggested change

      
                axiosRef.defaults.headers[
          
                  "Authorization"
          
                ] = `Bearer ${credentials.access_token}`;
          
                axiosRef.defaults.headers["Authorization"] =
          
                  `Bearer ${credentials.access_token}`;

versioned_docs/version-8.3/apis-tools/tasklist-api/tasklist-api-tutorial.md

Comment on lines +253 to +255

+                  axiosRef.defaults.headers[
+                    "Authorization"
+                  ] = `Bearer ${credentials.access_token}`;

Contributor

github-actions bot Dec 3, 2024

[prettier] _{reported by reviewdog 🐶}

Suggested change

      
                axiosRef.defaults.headers[
          
                  "Authorization"
          
                ] = `Bearer ${credentials.access_token}`;
          
                axiosRef.defaults.headers["Authorization"] =
          
                  `Bearer ${credentials.access_token}`;

versioned_docs/version-8.4/apis-tools/tasklist-api/tasklist-api-tutorial.md

Comment on lines +253 to +255

+                  axiosRef.defaults.headers[
+                    "Authorization"
+                  ] = `Bearer ${credentials.access_token}`;

Contributor

github-actions bot Dec 3, 2024

[prettier] _{reported by reviewdog 🐶}

Suggested change

      
                axiosRef.defaults.headers[
          
                  "Authorization"
          
                ] = `Bearer ${credentials.access_token}`;
          
                axiosRef.defaults.headers["Authorization"] =
          
                  `Bearer ${credentials.access_token}`;

versioned_docs/version-8.5/apis-tools/tasklist-api/tasklist-api-tutorial.md

Comment on lines +253 to +255

+                  axiosRef.defaults.headers[
+                    "Authorization"
+                  ] = `Bearer ${credentials.access_token}`;

Contributor

github-actions bot Dec 3, 2024

[prettier] _{reported by reviewdog 🐶}

Suggested change

      
                axiosRef.defaults.headers[
          
                  "Authorization"
          
                ] = `Bearer ${credentials.access_token}`;
          
                axiosRef.defaults.headers["Authorization"] =
          
                  `Bearer ${credentials.access_token}`;

versioned_docs/version-8.6/apis-tools/tasklist-api/tasklist-api-tutorial.md

Comment on lines +253 to +255

+                  axiosRef.defaults.headers[
+                    "Authorization"
+                  ] = `Bearer ${credentials.access_token}`;

Contributor

github-actions bot Dec 3, 2024

[prettier] _{reported by reviewdog 🐶}

Suggested change

      
                axiosRef.defaults.headers[
          
                  "Authorization"
          
                ] = `Bearer ${credentials.access_token}`;
          
                axiosRef.defaults.headers["Authorization"] =
          
                  `Bearer ${credentials.access_token}`;

Contributor Author

conceptualshark commented Dec 3, 2024

I can't seem to resolve git thinking these tasklist files need to be added - closing to bring up to date and continue in #4704

conceptualshark closed this

conceptualshark mentioned this pull request

add clarification to elasticsearch privileges #4704

Open

9 tasks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

component:self-managed