add docs on what privileges are needed for using metricbeat mongodb module

[hwang381]

resolves #13820

[elasticmachine]

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

[elasticmachine]

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

[ChrsMark]

Hi @hwang381 thanks for working on this! In order to fix the failing test we need to execute make update under beats/metricbeat path.

In addition, I think we should also mention these privileges on each Metricset's documentation explicitly, for instance at https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-metricset-mongodb-collstats.html we could mention that top command requires "top action on cluster resource".

[hwang381]

Thanks for the feedback @ChrsMark

Regard documenting the privileges needed for every metricset in their respective doc page, do you think it would be better idea to just put the documentation in the respective metricset doc instead of putting it in the general module documentation?

[ChrsMark]

Thanks for addressing the comments @hwang381, it looks great now!

From my side it is ok! @jsoriano since you had the initial discussion on the issue wdyt?

[jsoriano]

It looks good to me, I have only added some comments about punctuation.

@hwang381 did you have the chance of testing these privileges with metricbeat and a running MongoDB?

[ChrsMark]

@hwang381 thanks for your work on this!

After revisiting the issue and mongodb docs your patch refers to, I would propose to add small snippets on each metricset's docs which will show how one can create users and grant the right privileges on them. For example on collstats I would add:

Create user with proper privileges for the metricset

Create the role

db.createRole(
   {
     role: "collstatsRole",
     privileges: [
       { resource: { cluster: true }, actions: [ "top"] },
     ],
     roles: []
   }
)

create the privileged user

db.createUser(
    {
        user: "beatstop",
        pwd: "pass",
        roles: [ "collstatsRole"]
    }
)

So, the users will be able to easily create the mongo-user required to run the spesific metricset, but also we would be able to confirm that the privileges we document will do the job.

Let me know what you think! @jsoriano feel free to add/comment on anything!

[jsoriano]

After revisiting the issue and mongodb docs your patch refers to, I would propose to add small snippets on each metricset's docs which will show how one can create users and grant the right privileges on them.

+1 to that, maybe we can also add an example with a role with all the privileges in the module docs.

[hwang381]

I've integrated all the above suggestions :)

[jsoriano]

ok to test

[ChrsMark]

jenkins, test this again please

[ChrsMark]

I think that failing tests are irrelevant but we could wait until #14179 is merged which might make CI happy. wdyt @jsoriano?

[jsoriano]

@ChrsMark I think we can merge this, metricbeat builds are green.

[ChrsMark]

I will go along and merge this!

Thank you @hwang381 for working on this!