[APM] Use subfeature permissions for Labs settings #197092
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rmyz
added
release_note:fix
backport:prev-minor
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
|
/ci |
1 similar comment
|
/ci |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
History
cc @rmyz |
|
Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services) |
crespocarlos
approved these changes
Oct 22, 2024
|
Starting backport for target branches: 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 22, 2024
## Summary Closes elastic#197091 This PR uses the previously created (elastic#194419) subfeature permissions for APM to be able to modify settings inside Labs flyout. ## Screenshots for unauthorized user | Before | After | |-------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------| ||| ## How to test 1. Go under Stack Management -> Roles and create a new custom role. 2. For Kibana, select All spaces for the space selector, and Customize, you can get all the permissions you need. 3. Go into Observability and APM and User Experience. 4. Select Read and save the role. 5. Create a new user and assign that role and also the viewer role. 6. Login with an incognito / different browser into the new user. 7. Go into APM -> Settings, WARNING: if you are not able to see settings is because you don't have data, run node scripts/synthtrace many_services.ts --live --clean. 8. You should not be able to change the configuration on each tab. 9. Change the role privileges to have Read but with write access. 10. Test it, you should be able to modify the settings. 11. Do the same with All with and without the write permissions. (cherry picked from commit 68b328d)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 22, 2024
…197259) # Backport This will backport the following commits from `main` to `8.x`: - [[APM] Use subfeature permissions for Labs settings (#197092)](#197092) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Sergi Romeu","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-22T14:43:52Z","message":"[APM] Use subfeature permissions for Labs settings (#197092)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/197091\r\n\r\nThis PR uses the previously created\r\n(#194419) subfeature permissions\r\nfor APM to be able to modify settings inside Labs flyout.\r\n\r\n## Screenshots for unauthorized user\r\n| Before | After |\r\n\r\n|-------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|\r\n\r\n|||\r\n\r\n## How to test\r\n1. Go under Stack Management -> Roles and create a new custom role.\r\n2. For Kibana, select All spaces for the space selector, and Customize,\r\nyou can get all the permissions you need.\r\n3. Go into Observability and APM and User Experience.\r\n4. Select Read and save the role.\r\n5. Create a new user and assign that role and also the viewer role.\r\n6. Login with an incognito / different browser into the new user.\r\n7. Go into APM -> Settings, WARNING: if you are not able to see settings\r\nis because you don't have data, run node scripts/synthtrace\r\nmany_services.ts --live --clean.\r\n8. You should not be able to change the configuration on each tab.\r\n9. Change the role privileges to have Read but with write access.\r\n10. Test it, you should be able to modify the settings.\r\n11. Do the same with All with and without the write permissions.","sha":"68b328d36ba6a178c27744c249b0cea7f4eaa00b","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:prev-minor","apm:settings","ci:project-deploy-observability","Team:obs-ux-infra_services"],"title":"[APM] Use subfeature permissions for Labs settings","number":197092,"url":"https://github.com/elastic/kibana/pull/197092","mergeCommit":{"message":"[APM] Use subfeature permissions for Labs settings (#197092)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/197091\r\n\r\nThis PR uses the previously created\r\n(#194419) subfeature permissions\r\nfor APM to be able to modify settings inside Labs flyout.\r\n\r\n## Screenshots for unauthorized user\r\n| Before | After |\r\n\r\n|-------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|\r\n\r\n|||\r\n\r\n## How to test\r\n1. Go under Stack Management -> Roles and create a new custom role.\r\n2. For Kibana, select All spaces for the space selector, and Customize,\r\nyou can get all the permissions you need.\r\n3. Go into Observability and APM and User Experience.\r\n4. Select Read and save the role.\r\n5. Create a new user and assign that role and also the viewer role.\r\n6. Login with an incognito / different browser into the new user.\r\n7. Go into APM -> Settings, WARNING: if you are not able to see settings\r\nis because you don't have data, run node scripts/synthtrace\r\nmany_services.ts --live --clean.\r\n8. You should not be able to change the configuration on each tab.\r\n9. Change the role privileges to have Read but with write access.\r\n10. Test it, you should be able to modify the settings.\r\n11. Do the same with All with and without the write permissions.","sha":"68b328d36ba6a178c27744c249b0cea7f4eaa00b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197092","number":197092,"mergeCommit":{"message":"[APM] Use subfeature permissions for Labs settings (#197092)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/197091\r\n\r\nThis PR uses the previously created\r\n(#194419) subfeature permissions\r\nfor APM to be able to modify settings inside Labs flyout.\r\n\r\n## Screenshots for unauthorized user\r\n| Before | After |\r\n\r\n|-------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|\r\n\r\n|||\r\n\r\n## How to test\r\n1. Go under Stack Management -> Roles and create a new custom role.\r\n2. For Kibana, select All spaces for the space selector, and Customize,\r\nyou can get all the permissions you need.\r\n3. Go into Observability and APM and User Experience.\r\n4. Select Read and save the role.\r\n5. Create a new user and assign that role and also the viewer role.\r\n6. Login with an incognito / different browser into the new user.\r\n7. Go into APM -> Settings, WARNING: if you are not able to see settings\r\nis because you don't have data, run node scripts/synthtrace\r\nmany_services.ts --live --clean.\r\n8. You should not be able to change the configuration on each tab.\r\n9. Change the role privileges to have Read but with write access.\r\n10. Test it, you should be able to modify the settings.\r\n11. Do the same with All with and without the write permissions.","sha":"68b328d36ba6a178c27744c249b0cea7f4eaa00b"}}]}] BACKPORT--> Co-authored-by: Sergi Romeu <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Closes #197091
This PR uses the previously created (#194419) subfeature permissions for APM to be able to modify settings inside Labs flyout.
Screenshots for unauthorized user
How to test