From 4857adb9301ff787cab0a3bcdd77f6e1313d61ab Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Thu, 4 Jul 2024 09:45:20 -0400 Subject: [PATCH] [Fleet] Disable selecting standalone instructions for user without agent policies READ permissions (#187517) (cherry picked from commit c27ca409a4fcfa4a16e44558ab1302fa26f7f3b8) --- x-pack/plugins/fleet/common/authz.ts | 3 +- .../agent_enrollment_flyout.test.tsx | 9 ++- .../agent_enrollment_flyout/index.tsx | 5 ++ .../installation_mode_selection_step.tsx | 57 +++++++++++++------ 4 files changed, 55 insertions(+), 19 deletions(-) diff --git a/x-pack/plugins/fleet/common/authz.ts b/x-pack/plugins/fleet/common/authz.ts index 463ab7dc90c97..7399eb98a583b 100644 --- a/x-pack/plugins/fleet/common/authz.ts +++ b/x-pack/plugins/fleet/common/authz.ts @@ -144,8 +144,7 @@ export const calculateAuthz = ({ // These are currently used by Fleet Server setup setup: fleet.all || fleet.setup, readEnrollmentTokens: (fleet.all || fleet.setup || fleet.agents?.all) ?? false, - readAgentPolicies: - (fleet.all || fleet.read || fleet.setup || fleet.agentPolicies?.read) ?? false, + readAgentPolicies: (fleet.all || fleet.setup) ?? false, }; return { diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx index d6ac7fdac8def..f8f1854911505 100644 --- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx +++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx @@ -14,7 +14,7 @@ import type { RenderResult } from '@testing-library/react'; import { createFleetTestRendererMock } from '../../mock'; import type { AgentPolicy } from '../../../common'; import { sendGetOneAgentPolicy } from '../../hooks/use_request'; -import { useAgentEnrollmentFlyoutData, useFleetServerStandalone } from '../../hooks'; +import { useAgentEnrollmentFlyoutData, useAuthz, useFleetServerStandalone } from '../../hooks'; import { useAdvancedForm } from '../../applications/fleet/components/fleet_server_instructions/hooks'; import { useFleetServerUnhealthy } from '../../applications/fleet/sections/agents/hooks/use_fleet_server_unhealthy'; @@ -22,6 +22,8 @@ import { useFleetServerUnhealthy } from '../../applications/fleet/sections/agent import type { FlyOutProps } from './types'; import { AgentEnrollmentFlyout } from '.'; +jest.mock('../../hooks/use_authz'); + const render = (props?: Partial) => { cleanup(); const renderer = createFleetTestRendererMock(); @@ -47,6 +49,11 @@ describe('', () => { let results: RenderResult; beforeEach(async () => { + jest.mocked(useAuthz).mockReturnValue({ + fleet: { + readAgentPolicies: true, + }, + } as any); jest.mocked(useFleetServerStandalone).mockReturnValue({ isFleetServerStandalone: false }); (useFleetServerUnhealthy as jest.Mock).mockReturnValue({ diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx index 57b3a8e0e0ff5..ef9f9f34a7eda 100644 --- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx +++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx @@ -28,6 +28,7 @@ import { useFleetStatus, useAgentEnrollmentFlyoutData, useFleetServerHostsForPolicy, + useAuthz, } from '../../hooks'; import { FLEET_SERVER_PACKAGE, MAX_FLYOUT_WIDTH } from '../../constants'; import type { PackagePolicy, AgentPolicy } from '../../types'; @@ -61,6 +62,8 @@ export const AgentEnrollmentFlyout: React.FunctionComponent = ({ return policies.find((p) => p.id === id); }; + const authz = useAuthz(); + const fleetStatus = useFleetStatus(); const { docLinks } = useStartServices(); @@ -172,6 +175,8 @@ export const AgentEnrollmentFlyout: React.FunctionComponent = ({ data-test-subj="standaloneTab" isSelected={mode === 'standalone'} onClick={() => setMode('standalone')} + // Standalone need read access to agent policies + disabled={!authz.fleet.readAgentPolicies} > = ({ children, showTooltip }) => { + return showTooltip && children ? ( + + } + > + {children as React.ReactElement} + + ) : ( + <>{children} + ); +}; + export const InstallationModeSelectionStep = ({ selectedPolicyId, mode, @@ -23,6 +43,7 @@ export const InstallationModeSelectionStep = ({ mode: FlyoutMode; setMode: (v: FlyoutMode) => void; }): EuiContainedStepProps => { + const authz = useAuthz(); // radio id has to be unique so that the component works even if appears twice in DOM const radioSuffix = 'installation_mode_agent_selection'; @@ -63,22 +84,26 @@ export const InstallationModeSelectionStep = ({ }, { id: `standalone_${radioSuffix}`, + // Disabled if no agentPolicies read permission + disabled: !authz.fleet.readAgentPolicies, label: ( - - - - ), - }} - /> + + + + + ), + }} + /> + ), }, ]}