Comments (4)
I think we should scope the action based on the input type and for elastic-agent use that for its type, so requiring all actions to have a prefix of {input-type}/{action-name}
. So for the Elastic Agent it would look like?
capabilities:
- rule: deny
action: elastic-agent/upgrade
That would allow actions targeting specific inputs to also be denied. Thoughts?
from elastic-agent.
Pinging @elastic/agent (Team:Agent)
from elastic-agent.
++ on adding it to capabilities.
@ph Can you elaborate on the action approach? You mean it would cover multiple cases at once directly? If yes, kind of like the idea.
We will need to make sure independent of the implementation, that an Agent reports its capabilities so Fleet can disable certain UI components / API calls.
from elastic-agent.
@ruflin Yeah, This is my point, we could cover multiple cases with a single strategy. Every command send from Fleet is an action, including upgrade so if we add something to control which kind of action we can executed on the agent we actually support the current use case of an upgrade and any potential action we would like to restrict in the future.
And by doing so we only need to figure out "how capabilities" are surfaced back in the UI.
from elastic-agent.
Related Issues (20)
- [Flaky Test]: TestEndpointSecurityNonDefaultBasePath, TestEndpointSecurityUnprivileged – version conflict, document already exists HOT 7
- Error while enrolling unprivileged agent [mac] HOT 4
- Actionable error message when attempting to `inspect` an unprivileged Agent as a privileged user HOT 4
- Actionable error message when attempting to `enroll` an unprivileged Agent as a privileged user HOT 7
- Detect and fail early if user attempts to upgrade Fleet-managed Agent using the CLI HOT 4
- [Flaky Test]: TestRepeatedInstallUninstall – failed to set user elastic-agent-user password for service HOT 8
- `--insecure` flag should not be required during enroll/install because we have an `http` FLeet URL HOT 7
- Agent/beats gRPC over domain sockets/named pipes HOT 1
- Make `kubeletstatsreceiver` available in `otel` mode HOT 1
- Improve test proxy/mock fleet server to support further elastic-agent TLS tests HOT 3
- Fleet client configuration validation should take http status code into account HOT 5
- crash when logging empty line HOT 4
- [Windows] TestProxyURL fails with `access denied` error on `fleet.enc` HOT 8
- Can I customize the "agent.name" when sending data to ES instead of using hostname? HOT 1
- [Flaky Test]: TestRpmLogIngestFleetManaged/Monitoring_logs_are_shipped – failed to evaluate all symlinks HOT 3
- Integration tests framework creates more OGC VMs than needed HOT 2
- Extract creating of ESS deployment for integration tests in a separate mage target HOT 5
- Run Elastic Agent in `otel` mode as a service HOT 3
- [Integration Test Framework] Dump process list on first failure HOT 1
- [Flaky Test]: TestActionDispatcher/Dispatch_multiples_events_returns_one_error – Expected error HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elastic-agent.