elasticmachine
commented
1 week ago Pinging @elastic/fleet (Team:Fleet)
Open kpollich opened 1 week ago
elasticmachine
commented
1 week ago Pinging @elastic/fleet (Team:Fleet)
Fleet is currently referencing two cluster privileges that aren't supported in serverless. Soon, these privileges will be removed entirely and will result in validation errors in API requests. We should remove these privileges when Kibana is running in serverless mode.
manage_service_account- We don't support enrolling self-hosted Fleet Servers on serverless, and users will always use the hosted Fleet Server provided by Fleet Service. So, this can be removed.read_cross_cluster- Right now, this privilege is specified in Fleet's data stream permissions. Cross cluster search is not supported in serverless, so this should be moved.https://github.com/elastic/kibana/blob/f21d6e436e9f370b741bb495719af7e0f6ce36c1/x-pack/plugins/fleet/server/services/package_policy.ts#L174-L181
https://github.com/elastic/kibana/blob/f21d6e436e9f370b741bb495719af7e0f6ce36c1/x-pack/plugins/fleet/server/routes/app/index.ts#L63-L68
We should be able to add a conditional check to determine whether Kibana is running in serverless mode before referencing these specific privileges.