Move streams status actions to cluster:monitor group #131015
Merged
+7 −2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
lukewhiting added >bug :Data Management/Data streams 
elasticsearchmachine added the Team:Data Management 
| Pinging @elastic/es-data-management (Team:Data Management) |
| Hi @lukewhiting, I've created a changelog YAML for you. |
There was a problem hiding this comment.
Pull Request Overview
This PR moves the streams status action out of the cluster:admin group and into the cluster:monitor group so that it is included in the monitor cluster role for the Kibana system user.
- Removed
"cluster:admin/streams/status"from the admin privileges in the test constants - Added
"cluster:monitor/streams/status"to the monitor privileges in the test constants - Updated
StreamsStatusAction.INSTANCEto use"cluster:monitor/streams/status"
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java | Removed old admin action and added new monitor action in the constants list |
| modules/streams/src/main/java/org/elasticsearch/rest/streams/logs/StreamsStatusAction.java | Changed the ActionType name to cluster:monitor/streams/status |
Comments suppressed due to low confidence (2)
x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java:375
- Consider adding or updating a dedicated test case to verify that the monitor role correctly includes the new "cluster:monitor/streams/status" privilege and that the old admin action has been removed.
"cluster:monitor/streams/status", modules/streams/src/main/java/org/elasticsearch/rest/streams/logs/StreamsStatusAction.java:27
- [nitpick] Add a class-level JavaDoc comment to explain the purpose of this action and its usage within the streams logs module.
public class StreamsStatusAction { ...vileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java Show resolved Hide resolved
masseyke approved these changes Jul 11, 2025
This was referenced Jul 14, 2025
lukewhiting added a commit to lukewhiting/elasticsearch that referenced this pull request Jul 14, 2025
* Move streams status actions to cluster:monitor group * Update docs/changelog/131015.yaml
szybia added a commit to szybia/elasticsearch that referenced this pull request Jul 14, 2025
…king * upstream/main: (33 commits) Allow both WithEntitlementsOnTestCode and EntitledTestPackages together (elastic#130826) Move streams status actions to cluster:monitor group (elastic#131015) Update JDK base image for OIDC fixture (elastic#131176) Mute org.elasticsearch.xpack.esql.ccq.MultiClustersIT testLookupJoinAliases elastic#131166 Mute org.elasticsearch.index.engine.ThreadPoolMergeExecutorServiceDiskSpaceTests testEnqueuedMergeTasksAreUnblockedWhenEstimatedMergeSizeChanges elastic#131165 Mute org.elasticsearch.xpack.esql.ccq.MultiClustersIT testNotLikeListKeyword elastic#131155 Mute org.elasticsearch.xpack.esql.qa.multi_node.GenerativeIT test elastic#131154 Check file entitlements on the Lucene FilterFileSystem in tests (elastic#130825) Mute org.elasticsearch.xpack.esql.qa.multi_node.EsqlSpecIT test {lookup-join.MvJoinKeyOnFromAfterStats ASYNC} elastic#131148 Move FrequencyCappedAction to common package (elastic#131060) Mute org.elasticsearch.xpack.esql.action.CrossClusterAsyncQueryStopIT testStopQueryLocal elastic#121672 Remove nesting from multi allocation decision (elastic#130844) Disable async search rest tests in release builds (elastic#131132) Fix testStopQueryLocal (elastic#131130) Fixes based on resharding disruption tests (elastic#130870) Remove inactive logger (elastic#131121) Add wait for remote start for the test (elastic#131124) Add existing shards allocator settings to failure store allowed list. (elastic#131056) Don't allow field caps to use semantic queries as index filters (elastic#131111) issue should be already fixed by elastic#121466 (elastic#130860) ...
elasticsearchmachine pushed a commit that referenced this pull request Jul 14, 2025
elasticsearchmachine pushed a commit that referenced this pull request Jul 14, 2025
flash1293 added a commit to elastic/kibana that referenced this pull request Jul 15, 2025
To check the streams status, cluster `monitor` permissions are needed (elastic/elasticsearch#131015). Since the user might not have this permission, the kibana system user should be used to check the status ( effectively granting this access based on the Kibana level feature privilege).
mridula-s109 pushed a commit to mridula-s109/elasticsearch that referenced this pull request Jul 17, 2025
* Move streams status actions to cluster:monitor group * Update docs/changelog/131015.yaml
mridula-s109 pushed a commit to mridula-s109/elasticsearch that referenced this pull request Jul 17, 2025
* Move streams status actions to cluster:monitor group * Update docs/changelog/131015.yaml
Bluefinger pushed a commit to Bluefinger/kibana that referenced this pull request Jul 22, 2025
To check the streams status, cluster `monitor` permissions are needed (elastic/elasticsearch#131015). Since the user might not have this permission, the kibana system user should be used to check the status ( effectively granting this access based on the Kibana level feature privilege).
kertal pushed a commit to kertal/kibana that referenced this pull request Jul 25, 2025
To check the streams status, cluster `monitor` permissions are needed (elastic/elasticsearch#131015). Since the user might not have this permission, the kibana system user should be used to check the status ( effectively granting this access based on the Kibana level feature privilege).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Changes the action name to ensure it's picked up as part of the "monitor" cluster role on the kibana system user