Skip to content

Commit

Permalink
[index management] better privilege checking for enrich policies (ela…
Browse files Browse the repository at this point in the history
…stic#201717)

## Summary

Kibana roles with only `manage_enrich` or `monitor_enrich` will now have
access to the Enrich Policy tab in Index Management.

---

The `registerElasticsearchFeature` api is too restrictive to use for
index management as it only allows a single set of privileges to
determine whether a given management app is shown AND any stated
privilege is combined in an `AND` logic statement. We need `OR` - index
management may cover a number of different privileges that don't
overlap. The solution - use an observable to subscribe to the
capabilities api and register the management app based on that.

This pr focuses on Enrich Policies and removes UI elements as
appropriate based on `manage_enrich` or `monitor_enrich` and leaves
other index management tabs alone as these will be addressed in follow
up PRs.

Part of elastic#178654
  • Loading branch information
mattkime authored and CAWilson94 committed Dec 12, 2024
1 parent 007bf3f commit 3765479
Show file tree
Hide file tree
Showing 20 changed files with 266 additions and 261 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,6 @@ describe('Create enrich policy', () => {

beforeEach(async () => {
httpRequestsMockHelpers.setGetMatchingIndices(getMatchingIndices());
httpRequestsMockHelpers.setGetPrivilegesResponse({
hasAllPrivileges: true,
missingPrivileges: { cluster: [] },
});
httpRequestsMockHelpers.setGetMatchingDataStreams(getMatchingDataStreams());

await act(async () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -188,9 +188,6 @@ const registerHttpRequestMockHelpers = (
error
);

const setGetPrivilegesResponse = (response?: HttpResponse, error?: ResponseError) =>
mockResponse('GET', `${INTERNAL_API_BASE_PATH}/enrich_policies/privileges`, response, error);

const setCreateEnrichPolicy = (response?: HttpResponse, error?: ResponseError) =>
mockResponse('POST', `${INTERNAL_API_BASE_PATH}/enrich_policies`, response, error);

Expand Down Expand Up @@ -253,7 +250,6 @@ const registerHttpRequestMockHelpers = (
setCreateIndexResponse,
setGetMatchingIndices,
setGetFieldsFromIndices,
setGetPrivilegesResponse,
setCreateEnrichPolicy,
setInferenceModels,
setGetMatchingDataStreams,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,11 @@ const appDependencies = {
overlays: {
openConfirm: jest.fn(),
},
privs: {
monitor: true,
manageEnrich: true,
monitorEnrich: true,
},
} as any;

export const kibanaVersion = new SemVer(MAJOR_VERSION);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,6 @@ describe('Enrich policies tab', () => {
describe('empty states', () => {
beforeEach(async () => {
setDelayResponse(false);

httpRequestsMockHelpers.setGetPrivilegesResponse({
hasAllPrivileges: true,
missingPrivileges: { cluster: [] },
});
});

test('displays a loading prompt', async () => {
Expand Down Expand Up @@ -82,24 +77,6 @@ describe('Enrich policies tab', () => {
});
});

describe('permissions check', () => {
it('shows a permissions error when the user does not have sufficient privileges', async () => {
httpRequestsMockHelpers.setGetPrivilegesResponse({
hasAllPrivileges: false,
missingPrivileges: { cluster: ['manage_enrich'] },
});

testBed = await setup(httpSetup);
await act(async () => {
testBed.actions.goToEnrichPoliciesTab();
});

testBed.component.update();

expect(testBed.exists('enrichPoliciesInsuficientPrivileges')).toBe(true);
});
});

describe('policies list', () => {
let testPolicy: ReturnType<typeof createTestEnrichPolicy>;
beforeEach(async () => {
Expand All @@ -110,11 +87,6 @@ describe('Enrich policies tab', () => {
createTestEnrichPolicy('policy-range', 'range'),
]);

httpRequestsMockHelpers.setGetPrivilegesResponse({
hasAllPrivileges: true,
missingPrivileges: { cluster: [] },
});

testBed = await setup(httpSetup);
await act(async () => {
testBed.actions.goToEnrichPoliciesTab();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,11 @@ describe('index table', () => {
enableIndexActions: true,
enableIndexStats: true,
},
privs: {
monitor: true,
manageEnrich: true,
monitorEnrich: true,
},
};

component = (
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,11 @@ export interface AppDependencies {
kibanaVersion: SemVer;
overlays: OverlayStart;
canUseSyntheticSource: boolean;
privs: {
monitor: boolean;
manageEnrich: boolean;
monitorEnrich: boolean;
};
}

export const AppContextProvider = ({
Expand Down

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ export function getIndexManagementDependencies({
}): AppDependencies {
const { docLinks, application, uiSettings, settings } = core;
const { url } = startDependencies.share;
const { monitor, manageEnrich, monitorEnrich } = application.capabilities.index_management;

return {
core: {
getUrlForApp: application.getUrlForApp,
Expand Down Expand Up @@ -103,6 +105,11 @@ export function getIndexManagementDependencies({
kibanaVersion,
overlays: core.overlays,
canUseSyntheticSource,
privs: {
monitor: !!monitor,
manageEnrich: !!manageEnrich,
monitorEnrich: !!monitorEnrich,
},
};
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,8 @@ import { breadcrumbService, IndexManagementBreadcrumb } from '../../services/bre

import { CreatePolicyWizard } from './create_policy_wizard';
import { CreatePolicyContextProvider } from './create_policy_context';
import {
EnrichPoliciesAuthProvider,
EnrichPoliciesWithPrivileges,
} from '../../components/enrich_policies';

const CreateView: React.FunctionComponent<RouteComponentProps> = () => {
export const EnrichPolicyCreate: React.FunctionComponent<RouteComponentProps> = () => {
useEffect(() => {
breadcrumbService.setBreadcrumbs(IndexManagementBreadcrumb.enrichPoliciesCreate);
}, []);
Expand Down Expand Up @@ -64,11 +60,3 @@ const CreateView: React.FunctionComponent<RouteComponentProps> = () => {
</CreatePolicyContextProvider>
);
};

export const EnrichPolicyCreate: React.FunctionComponent<RouteComponentProps> = (props) => (
<EnrichPoliciesAuthProvider>
<EnrichPoliciesWithPrivileges>
<CreateView {...props} />
</EnrichPoliciesWithPrivileges>
</EnrichPoliciesAuthProvider>
);
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,6 @@ import { APP_WRAPPER_CLASS, useExecutionContext } from '../../../../shared_impor
import { useAppContext } from '../../../app_context';
import { useRedirectPath } from '../../../hooks/redirect_path';

import {
EnrichPoliciesAuthProvider,
EnrichPoliciesWithPrivileges,
} from '../../../components/enrich_policies';
import { breadcrumbService, IndexManagementBreadcrumb } from '../../../services/breadcrumbs';
import { documentationService } from '../../../services/documentation';
import { useLoadEnrichPolicies } from '../../../services/api';
Expand All @@ -34,9 +30,13 @@ const getEnrichPolicyNameFromLocation = (location: Location) => {
return policy;
};

const ListView: React.FunctionComponent<RouteComponentProps> = ({ history, location }) => {
export const EnrichPoliciesList: React.FunctionComponent<RouteComponentProps> = ({
history,
location,
}) => {
const {
core: { executionContext },
privs,
} = useAppContext();
const redirectTo = useRedirectPath(history);

Expand Down Expand Up @@ -79,7 +79,7 @@ const ListView: React.FunctionComponent<RouteComponentProps> = ({ history, locat
return <ErrorState error={error} resendRequest={reloadPolicies} />;
}

if (policies?.length === 0) {
if (privs.manageEnrich && policies?.length === 0) {
return <EmptyState />;
}

Expand Down Expand Up @@ -151,11 +151,3 @@ const ListView: React.FunctionComponent<RouteComponentProps> = ({ history, locat
</div>
);
};

export const EnrichPoliciesList: React.FunctionComponent<RouteComponentProps> = (props) => (
<EnrichPoliciesAuthProvider>
<EnrichPoliciesWithPrivileges>
<ListView {...props} />
</EnrichPoliciesWithPrivileges>
</EnrichPoliciesAuthProvider>
);
Loading

0 comments on commit 3765479

Please sign in to comment.