Add exported Elasticsearch config and permissions test
What does this MR do and why?
- Adds exported Elasticsearch configuration to the project. It's good practice to track changes to this in Git, and it's also good to have a backup.
- Adds a test to validate permissions on the Elastic API key
Closes #139 (closed)
Screenshots, screen recordings, or links to review app
- Failing job: https://gitlab.com/gitlab-org/technical-writing-group/gitlab-docs-hugo/-/jobs/8094091228
- The production key had overly-loose permissions (ability to read cluster health), and so it failed this test. This is good!
- Passing job: https://gitlab.com/gitlab-org/technical-writing-group/gitlab-docs-hugo/-/jobs/8094351845
- After I adjusted the permissions on the key to replace
cluster: ["all"]
with the more restrictivecluster: ["post_behavioral_analytics_event"]
, the test now passes.
- After I adjusted the permissions on the key to replace
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
-
Configure a local GitLab Docs environment: https://gitlab.com/gitlab-org/technical-writing-group/gitlab-docs-hugo/-/blob/main/doc/setup.md. -
Run the test with your existing key: make check-elastic-key-permissions
. This should FAIL because your existing key ("hiru localhost") still has thecluster: ["all"]
permission. -
Adjust your localhost key to match the updated recommended permissions (copy from here): https://gitlab-docs-website.kb.us-central1.gcp.cloud.es.io:9243/app/management/security/api_keys/ -
Run the test again: make check-elastic-key-permissions
. This should PASS -
Make a new key that has no access control (leave "Control security privileges" off when creating the key). Run the test with this new, sketchy key: ELASTIC_KEY="abc123" make check-elastic-key-permissions
. This should FAIL -
Delete the test key
Merge request acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this merge request.
Edited by Hiru Fernando