Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to enable display beta integrations toggle with user role Integrations: All and Fleet: Read. #184639

Closed
amolnater-qasource opened this issue Jun 3, 2024 · 11 comments · Fixed by #187513
Closed

Unable to enable display beta integrations toggle with user role Integrations: All and Fleet: Read. #184639

amolnater-qasource opened this issue Jun 3, 2024 · 11 comments · Fixed by #187513
Assignees
@jen-huang
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Fleet Team label for Observability Data Collection Fleet team

Comments

@amolnater-qasource
Copy link

amolnater-qasource commented Jun 3, 2024
edited
Loading

Kibana Build details:

VERSION: 8.15.0 SNAPSHOT
BUILD: 74938
COMMIT: 9e2b401f2c4c315e0b9b037221d7864cf195f321

Role:

Integrations: All
Fleet: Read
Agents: Read
Agent policies: Read
Settings: Read

image

Preconditions:

  1. 8.15.0-SNAPSHOT Kibana cloud environment should be available.
  2. New User should be created with above defined role.

Steps to reproduce:

  1. Navigate to Integrations tab.
  2. Click toggle Display beta integrations.
  3. Observe forbidden error is displayed.

Expected Result:
User should be able to enable display beta integrations toggle with user role Integrations: All and Fleet: Read.

Screen Recording:

Browse.integrations.-.Integrations.-.Elastic.-.Google.Chrome.2024-06-03.15-29-39.mp4

Feature:
https://github.com/elastic/ingest-dev/issues/2903
@amolnater-qasource amolnater-qasource added bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Fleet Team label for Observability Data Collection Fleet team labels Jun 3, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@amolnater-qasource
Copy link
Author

@manishgupta-qasource Please review.

@manishgupta-qasource
Copy link

Secondary review for this ticket is Done

@jen-huang jen-huang self-assigned this Jun 12, 2024
@jen-huang
Copy link
Contributor

@nchaulet This fails because a request is made to set this at the global level.

PUT /api/fleet/settings
{prerelease_integrations_enabled: true}

This route is restricted to users who have the fleet.settings.all privilege. IMO this type of UI setting shouldn't be persisted globally in a saved object. What do you think of moving it to local storage?

I think the whole settings SO is deprecated per this LOC anyway.

@nchaulet
Copy link
Member

nchaulet commented Jun 13, 2024
edited
Loading

It may be a little more complicated as it also toggle the settings for server side operation, we will use that prerelease flag everywhere when retrieving packages, package with auto upgrade will use that prerelease flag. So it's expected that a user could not change that flag without all permissions as it not just a "display beta" but more an "enable prerelease" in Fleet.

In my opinion we should probably revisit that with a local storage flag to display prerelease integrations (that do not impact server side operation) and use a kibana config to have prerelase for auto-update or preconfigured package. Does it make sense to you?

I do not think the whole settings SO is deprecated right now, some properties inside are like fleet_server_hosts

@jen-huang
Copy link
Contributor

we will use that prerelease flag everywhere when retrieving packages, package with auto upgrade will use that prerelease flag

Can you refer me to the LOC where we use this setting for auto upgrade? I found a helper method getPrereleaseFromSettings but it is not called anywhere.

@nchaulet
Copy link
Member

Can you refer me to the LOC where we use this setting for auto upgrade? I found a helper method getPrereleaseFromSettings but it is not called anywhere.

Looks like it's not used I misremembered that, looks it was discussed during the prerelease flag implementation and when getPrereleaseFromSettings was introduced. We could probably clean that code and move to UI setings

@jen-huang
Copy link
Contributor

After investigating further, I found that prerelease_integrations_enabled flag is used more on the client side, mostly for setting prelease parameter when fetching package info. I believe we can still move to a UI storage setting for this, but it will be a more involved change.

For this bug, I will hide this section for users without write access to settings and file an issue to move to UI storage setting and then unhide this section.

This was referenced Jul 3, 2024
Open
Merged
jen-huang added a commit that referenced this issue Jul 4, 2024
@jen-huang
[UII] Only show beta integrations setting for settings write privilege (
3dfcb85 
#187513)

## Summary

Resolves [#184639](#184639).

This PR hides the beta integrations toggle if user does not have
sufficient privileges to write this to Fleet settings SO. The real fix
should be handled with #187511.
@amolnater-qasource amolnater-qasource added the QA:Ready for Testing Code is merged and ready for QA to validate label Jul 4, 2024
@amolnater-qasource
Copy link
Author

Hi Team,

We have revalidated this issue on latest 8.15.0 BC3 kibana cloud environment and found it still reproducible.

Observations:

  • Display beta integrations toggle is visible and user is not able to enable with user role Integrations: All and Fleet: Read.

Screen Recording:

Browse.integrations.-.Integrations.-.Elastic.-.Google.Chrome.2024-07-23.15-37-17.mp4

Build details:
VERSION: 8.15.0 BC3
BUILD: 76206
COMMIT: 674b3ab

Hence, we are reopening this issue.

Thanks!

@jen-huang
Copy link
Contributor

@amolnater-qasource Thanks for testing again. I found that the PR somehow didn't make it to the 8.15 branch, so I'm triggering a backport and will close this again when it merges.

kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Jul 25, 2024
@jen-huang
[UII] Only show beta integrations setting for settings write privilege (
3ca571b 
elastic#187513)

## Summary

Resolves [elastic#184639](elastic#184639).

This PR hides the beta integrations toggle if user does not have
sufficient privileges to write this to Fleet settings SO. The real fix
should be handled with elastic#187511.

(cherry picked from commit 3dfcb85)
@jen-huang jen-huang mentioned this issue Jul 25, 2024
Merged
kibanamachine added a commit that referenced this issue Jul 25, 2024
@kibanamachine @jen-huang
[8.15] [UII] Only show beta integrations setting for settings write p…
c350b46 
…rivilege (#187513) (#189146)

Resolves #184639.

# Backport

This will backport the following commits from `main` to `8.15`:
- [[UII] Only show beta integrations setting for settings write
privilege (#187513)](#187513)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jen
Huang","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-07-04T08:07:31Z","message":"[UII]
Only show beta integrations setting for settings write privilege
(#187513)\n\n## Summary\r\n\r\nResolves
[#184639](https://github.com/elastic/kibana/issues/184639).\r\n\r\nThis
PR hides the beta integrations toggle if user does not
have\r\nsufficient privileges to write this to Fleet settings SO. The
real fix\r\nshould be handled with
#187511.","sha":"3dfcb859c4e5c7f9ec0deef7fc15cae655e0b17a","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","backport:prev-minor","v8.16.0"],"title":"[UII]
Only show beta integrations setting for settings write
privilege","number":187513,"url":"https://github.com/elastic/kibana/pull/187513","mergeCommit":{"message":"[UII]
Only show beta integrations setting for settings write privilege
(#187513)\n\n## Summary\r\n\r\nResolves
[#184639](https://github.com/elastic/kibana/issues/184639).\r\n\r\nThis
PR hides the beta integrations toggle if user does not
have\r\nsufficient privileges to write this to Fleet settings SO. The
real fix\r\nshould be handled with
#187511.","sha":"3dfcb859c4e5c7f9ec0deef7fc15cae655e0b17a"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Jen Huang <[email protected]>
@amolnater-qasource
Copy link
Author

amolnater-qasource commented Aug 2, 2024
edited
Loading

Hi Team,

We have revalidated this issue on latest 8.15.0 BC5 kibana cloud environment and found it fixed now.

Observations:

  • Display beta integrations toggle is hidden with user role Integrations: All and Fleet: Read.

Screen Recording:

Agent.policies.-.Fleet.-.Elastic.-.Google.Chrome.2024-08-02.15-35-03.mp4

Build details:
VERSION: 8.15.0 BC5
BUILD: 76335
COMMIT: 393e3c4

Hence, we are marking this issue as QA:Validated.

Thanks!

@amolnater-qasource amolnater-qasource added QA:Validated Issue has been validated by QA and removed QA:Ready for Testing Code is merged and ready for QA to validate labels Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jen-huang jen-huang

Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[UII] Only show beta integrations setting for settings write privilege jen-huang/kibana
5 participants
@nchaulet @jen-huang @elasticmachine @manishgupta-qasource @amolnater-qasource