-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Reporting] Add deprecation messages for roles mapped to reporting_user #115125
[Reporting] Add deprecation messages for roles mapped to reporting_user #115125
Conversation
a14b4ad
to
e2f4f7d
Compare
52e9b8b
to
a8865bd
Compare
@@ -64,7 +64,7 @@ export const config: PluginConfigDescriptor<ReportingConfigType> = { | |||
defaultMessage: | |||
`Use Kibana application privileges to grant reporting privileges.` + | |||
` Using "{fromPath}.roles.allow" to grant reporting privileges` + | |||
` prevents users from using API Keys to create reports.` + | |||
` is deprecated.` + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is unrelated to this PR, but the existing text in this config deprecation was really hard to read on the page.
@@ -72,6 +72,7 @@ export class ReportingCore { | |||
public getContract: () => ReportingSetup; | |||
|
|||
constructor(private logger: LevelLogger, context: PluginInitializerContext<ReportingConfigType>) { | |||
// TODO: capture the entire packageInfo so we can form documentation links on the server |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This applies this this PR, as the doc links are hardcoded to the current
version, which is an issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 would be a good idea to address it in this PR
This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow
a8865bd
to
4847e72
Compare
config, | ||
createMockPluginSetup({ | ||
router: httpSetup.createRouter(''), | ||
security: null, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a side effect of not having the security dependency not mocked well in createMockReportingCore
before this PR.
config, | ||
createMockPluginSetup({ | ||
router: httpSetup.createRouter(''), | ||
security: null, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a side effect of not having the security dependency not mocked well in createMockReportingCore
before this PR.
@@ -39,9 +41,9 @@ export const createMockPluginSetup = (setupMock?: any): ReportingInternalSetup = | |||
features: featuresPluginMock.createSetup(), | |||
basePath: { set: jest.fn() }, | |||
router: setupMock.router, | |||
security: setupMock.security, | |||
security: securityMock.createSetup(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The tests in this PR needed a better security mock from the reporting test utilities
licensing: { license$: Rx.of({ isAvailable: true, isActive: true, type: 'basic' }) } as any, | ||
taskManager: { registerTaskDefinitions: jest.fn() } as any, | ||
taskManager: taskManagerMock.createSetup(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opportunistic cleanup
Pinging @elastic/kibana-reporting-services (Team:Reporting Services) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code changes LGTM, but I haven't tested that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking great @tsullivan, I did a few tests locally and it seemed to be working as expected (I didn't test the role map deprecation manually).
I left a few non-blocker comments but I think it'd be good to address the formatting of markdown before merging.
describe('roles mapped to a deprecated role', () => { | ||
test('logs a deprecation when a role was found that maps to the deprecated reporting_user role', async () => { | ||
esClient.asCurrentUser.security.getRoleMapping = jest.fn().mockResolvedValue({ | ||
body: { dungeon_master: { roles: ['reporting_user'] } }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😄
x-pack/plugins/reporting/server/deprecations/reporting_role.test.ts
Outdated
Show resolved
Hide resolved
return [ | ||
{ | ||
title, | ||
level: 'fetch_error', // NOTE: is fetch_error not shown in the Upgrade Assistant UI? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we follow up on this with the Stack Management team?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added some suggestions below!
A general suggestion/comment: we don't need to use template strings to prevent things from being translated. For example, instead of this:
'Set "{upgradableConfig}" in kibana.yml'
you can write thisL
'Set "xpack.reporting.roles.enabled: false" in kibana.yml'
I confirmed this with @Bamieh
…ecation-errorhandling-7.x
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
@@ -85,8 +86,8 @@ export class ReportingCore { | |||
this.executing = new Set(); | |||
} | |||
|
|||
public getKibanaVersion() { | |||
return this.kibanaVersion; | |||
public getKibanaPackageInfo() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is to allow documentation links generated on the server to use the current branch.
💚 Build Succeeded
Metrics [docs]
To update your PR or re-run it, just comment with: |
…er (elastic#115125) * [Reporting] Add deprecation messages for roles mapped to reporting_user This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow * updates to content per feedback * updates per feedback * store packageInfo in reportingCore * use branch in the documentation links generated in the server * add tests for scenario where config does not need to be changed
…er (#115125) (#115875) * [Reporting] Add deprecation messages for roles mapped to reporting_user This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow * updates to content per feedback * updates per feedback * store packageInfo in reportingCore * use branch in the documentation links generated in the server * add tests for scenario where config does not need to be changed
Closes #115096
Follows: #100427, #94966
Summary
xpack.reporting.roles.allow
Screenshots
manage_security
privileges, they will see this error state:and these messages in the Kibana server log:
Checklist
xpack.reporting.roles.allow
Testing
Security disabled
Default deprecation
reporting_user
roleCustomized xpack.reporting.roles.allow
my_test_reporting_role
)xpack.reporting.roles.allow: ['my_test_reporting_role']
my_test_reporting_user
roleMapped roles
reporting_user
in Stack Management > Role MappingsInvalid privileges for Reporting deprecations
manage
cluster privilege, and then some privileges to Kibana (so they can login)