Skip to content

Commit

Permalink
[Onboarding] Check for user privileges before creating an API key (el…
Browse files Browse the repository at this point in the history
…astic#197964)

Resolves elastic#192983

Check for user privileges before creating an API key

<img width="1413" alt="Screenshot 2024-10-28 at 10 28 58"
src="https://github.com/user-attachments/assets/aa54ce74-98ac-43f0-b422-ab3d895c97ab">
  • Loading branch information
thomheymann authored and tiansivive committed Oct 29, 2024
1 parent 7cb6f8e commit 67609bf
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,9 @@ import { useKibana } from '@kbn/kibana-react-plugin/public';
import useAsyncFn from 'react-use/lib/useAsyncFn';
import { FormattedMessage } from '@kbn/i18n-react';
import { ObservabilityOnboardingAppServices } from '../../..';
import { ApiKeyBanner } from '../custom_logs/api_key_banner';
import { useFetcher } from '../../../hooks/use_fetcher';
import { MultiIntegrationInstallBanner } from './multi_integration_install_banner';
import { EmptyPrompt } from '../shared/empty_prompt';
import { FeedbackButtons } from '../shared/feedback_buttons';

const HOST_COMMAND = i18n.translate(
Expand All @@ -46,11 +46,15 @@ const HOST_COMMAND = i18n.translate(
export const OtelLogsPanel: React.FC = () => {
const {
data: apiKeyData,
status: apiKeyStatus,
error,
} = useFetcher((callApi) => {
return callApi('POST /internal/observability_onboarding/otel/api_key', {});
}, []);
refetch,
} = useFetcher(
(callApi) => {
return callApi('POST /internal/observability_onboarding/otel/api_key', {});
},
[],
{ showToastOnError: false }
);

const { data: setup } = useFetcher((callApi) => {
return callApi('GET /internal/observability_onboarding/logs/setup/environment');
Expand Down Expand Up @@ -116,15 +120,14 @@ rm ./otel.yml && cp ./otel_samples/platformlogs_hostmetrics.yml ./otel.yml && mk

const selectedContent = installTabContents.find((tab) => tab.id === selectedTab)!;

if (error) {
return <EmptyPrompt onboardingFlowType="otel_logs" error={error} onRetryClick={refetch} />;
}

return (
<EuiPanel hasBorder paddingSize="xl">
<EuiFlexGroup direction="column" gutterSize="none">
<MultiIntegrationInstallBanner />
{error && (
<EuiFlexItem>
<ApiKeyBanner status={apiKeyStatus} payload={apiKeyData} error={error} />
</EuiFlexItem>
)}
<EuiSteps
steps={[
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
*/

import * as t from 'io-ts';
import Boom from '@hapi/boom';
import { createObservabilityOnboardingServerRoute } from '../create_observability_onboarding_server_route';
import { getFallbackESUrl } from '../../lib/get_fallback_urls';
import { getKibanaUrl } from '../../lib/get_fallback_urls';
Expand Down Expand Up @@ -80,6 +81,12 @@ const createAPIKeyRoute = createObservabilityOnboardingServerRoute({
const {
elasticsearch: { client },
} = await context.core;

const hasPrivileges = await hasLogMonitoringPrivileges(client.asCurrentUser);
if (!hasPrivileges) {
throw Boom.forbidden('Insufficient permissions to create shipper API key');
}

const { encoded: apiKeyEncoded } = await createShipperApiKey(client.asCurrentUser, 'otel logs');

return { apiKeyEncoded };
Expand Down

0 comments on commit 67609bf

Please sign in to comment.