Skip to content

Enable _otlp usage with create_doc, auto_configure privileges #137325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
felixbarny merged 3 commits into from
Oct 29, 2025
Merged

Enable _otlp usage with create_doc, auto_configure privileges #137325

felixbarny merged 3 commits into from
Oct 29, 2025
+34 −4

Conversation

@felixbarny
Copy link
Member

@felixbarny felixbarny commented Oct 29, 2025
edited
Loading

Previously, the full write privilege was required, now the more fine-grained create_doc privilege is enough. It still checks the permissions in the internal _bulk request again. For example, the request would fail if we used the index instead of the create op_type within the OTLPMetricsTransportAction.

@felixbarny
Enable _otlp usage with create_doc, auto_configure privileges
7f70321 
Previously, the full `write` privilege was required, now the more fine-grained `create_doc` privilege is enough. It still checks the permissions in the internal _bulk request again. For example, the request would fail if we used the `index` instead of the `create` op_type within the `OTLPMetricsTransportAction`.
@felixbarny felixbarny requested a review from kkrik-es October 29, 2025 10:30
@felixbarny felixbarny self-assigned this Oct 29, 2025
@felixbarny felixbarny added the :StorageEngine/TSDB You know, for Metrics label Oct 29, 2025
@felixbarny felixbarny requested review from a team as code owners October 29, 2025 10:30
@elasticsearchmachine elasticsearchmachine added v9.3.0 Team:StorageEngine external-contributor Pull request authored by a developer outside the Elasticsearch team labels Oct 29, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Oct 29, 2025

Pinging @elastic/es-storage-engine (Team:StorageEngine)

@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Oct 29, 2025

Hi @felixbarny, I've created a changelog YAML for you.

@felixbarny felixbarny added auto-backport Automatically create backport pull requests when merged and removed >enhancement labels Oct 29, 2025
@kkrik-es
Copy link
Contributor

kkrik-es commented Oct 29, 2025

Is there a tracking bug for this? I wonder how you noticed.

@felixbarny
Copy link
Member Author

felixbarny commented Oct 29, 2025

This came up during internal testing for the managed OTLP endpoint.

@felixbarny felixbarny merged commit a61e479 into elastic:main Oct 29, 2025
34 checks passed
@felixbarny felixbarny deleted the otlp-create-doc branch October 29, 2025 12:18
@felixbarny felixbarny mentioned this pull request Oct 29, 2025
Merged
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Oct 29, 2025

💚 Backport successful

Status Branch Result
9.2

felixbarny added a commit to felixbarny/elasticsearch that referenced this pull request Oct 29, 2025
@felixbarny
Enable _otlp usage with create_doc, auto_configure privileges (el…
d172c0b 
…astic#137325)

Previously, the full `write` privilege was required, now the more fine-grained `create_doc` privilege is enough. It still checks the permissions in the internal _bulk request again. For example, the request would fail if we used the `index` instead of the `create` op_type within the `OTLPMetricsTransportAction`.
elasticsearchmachine pushed a commit that referenced this pull request Oct 29, 2025
@felixbarny
Enable _otlp usage with create_doc, auto_configure privileges (#1…
05fd7be 
…37325) (#137332)

Previously, the full `write` privilege was required, now the more fine-grained `create_doc` privilege is enough. It still checks the permissions in the internal _bulk request again. For example, the request would fail if we used the `index` instead of the `create` op_type within the `OTLPMetricsTransportAction`.
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Oct 30, 2025
@ywangd
Enable security for OTLPMetricsIndexingRestIT
cd8cfe9 
Security must be explicity enabled to make tests in fips mode pass.

Relates: elastic#137325
@ywangd ywangd mentioned this pull request Oct 30, 2025
Merged
ywangd added a commit that referenced this pull request Oct 30, 2025
@ywangd
Enable security for OTLPMetricsIndexingRestIT (#137355)
558d38c 
Security must be explicity enabled to make tests in fips mode pass.

Relates: #137325
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Oct 30, 2025
@ywangd
Enable security for OTLPMetricsIndexingRestIT (elastic#137355)
2816138 
Security must be explicity enabled to make tests in fips mode pass.

Relates: elastic#137325
elasticsearchmachine pushed a commit that referenced this pull request Oct 30, 2025
@ywangd
Enable security for OTLPMetricsIndexingRestIT (#137355) (#137358)
47862e8 
Security must be explicity enabled to make tests in fips mode pass.

Relates: #137325
chrisparrinello pushed a commit to chrisparrinello/elasticsearch that referenced this pull request Nov 3, 2025
@felixbarny @chrisparrinello
Enable _otlp usage with create_doc, auto_configure privileges (el…
0961cb6 
…astic#137325)

Previously, the full `write` privilege was required, now the more fine-grained `create_doc` privilege is enough. It still checks the permissions in the internal _bulk request again. For example, the request would fail if we used the `index` instead of the `create` op_type within the `OTLPMetricsTransportAction`.
chrisparrinello pushed a commit to chrisparrinello/elasticsearch that referenced this pull request Nov 3, 2025
@ywangd @chrisparrinello
Enable security for OTLPMetricsIndexingRestIT (elastic#137355)
6ae3dbf 
Security must be explicity enabled to make tests in fips mode pass.

Relates: elastic#137325
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kkrik-es kkrik-es kkrik-es approved these changes

Assignees

@felixbarny felixbarny

Labels

auto-backport Automatically create backport pull requests when merged >bug external-contributor Pull request authored by a developer outside the Elasticsearch team :StorageEngine/TSDB You know, for Metrics Team:StorageEngine v9.2.1 v9.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@felixbarny @elasticsearchmachine @kkrik-es