[7.7] [SIEM] [Detection Engine] Remove has manage api keys req… (#62535)

Alerting no longer requires the manage_api_keys privilege, so we are removing it from the detection engine code. Fixes #62387 * removes hasManageApiKeys since alerting is using the internal user api calls, manage_api_keys privilege is no longer necessary * linting error * fixes types and removes a test for manage api keys * removes manage api key reducer and updates leftover tests * moves userHasNoPermissions repeated code into a function in helpers, adds a few test cases, updated references to new function * fix test title * remove userHasNoPermissions function and remove tests, replace with just not canUserCRUD * Revert "remove userHasNoPermissions function and remove tests, replace with just not canUserCRUD" This reverts commit 93912e7. Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
elastic · Apr 4, 2020 · 868cf86 · 868cf86
1 parent 22cb4e7
commit 868cf86
Show file tree

Hide file tree

Showing 13 changed files with 51 additions and 112 deletions.
diff --git a/...acy/plugins/siem/public/containers/detection_engine/rules/use_pre_packaged_rules.test.tsx b/...acy/plugins/siem/public/containers/detection_engine/rules/use_pre_packaged_rules.test.tsx
@@ -22,7 +22,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: null,
           hasIndexWrite: null,
-          hasManageApiKey: null,
           isAuthenticated: null,
           hasEncryptionKey: null,
           isSignalIndexExists: null,
@@ -50,7 +49,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: null,
           hasIndexWrite: null,
-          hasManageApiKey: null,
           isAuthenticated: null,
           hasEncryptionKey: null,
           isSignalIndexExists: null,
@@ -79,7 +77,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: true,
           hasIndexWrite: true,
-          hasManageApiKey: true,
           isAuthenticated: true,
           hasEncryptionKey: true,
           isSignalIndexExists: true,
@@ -116,7 +113,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: true,
           hasIndexWrite: true,
-          hasManageApiKey: true,
           isAuthenticated: true,
           hasEncryptionKey: true,
           isSignalIndexExists: true,
@@ -139,7 +135,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: false,
           hasIndexWrite: true,
-          hasManageApiKey: true,
           isAuthenticated: true,
           hasEncryptionKey: true,
           isSignalIndexExists: true,
@@ -161,29 +156,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: true,
           hasIndexWrite: false,
-          hasManageApiKey: true,
-          isAuthenticated: true,
-          hasEncryptionKey: true,
-          isSignalIndexExists: true,
-        })
-      );
-      await waitForNextUpdate();
-      await waitForNextUpdate();
-      let resp = null;
-      if (result.current.createPrePackagedRules) {
-        resp = await result.current.createPrePackagedRules();
-      }
-      expect(resp).toEqual(false);
-    });
-  });
-
-  test('can NOT createPrePackagedRules because hasManageApiKey === false', async () => {
-    await act(async () => {
-      const { result, waitForNextUpdate } = renderHook<unknown, ReturnPrePackagedRules>(() =>
-        usePrePackagedRules({
-          canUserCRUD: true,
-          hasIndexWrite: true,
-          hasManageApiKey: false,
           isAuthenticated: true,
           hasEncryptionKey: true,
           isSignalIndexExists: true,
@@ -205,7 +177,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: true,
           hasIndexWrite: true,
-          hasManageApiKey: true,
           isAuthenticated: false,
           hasEncryptionKey: true,
           isSignalIndexExists: true,
@@ -227,7 +198,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: true,
           hasIndexWrite: true,
-          hasManageApiKey: true,
           isAuthenticated: true,
           hasEncryptionKey: false,
           isSignalIndexExists: true,
@@ -249,7 +219,6 @@ describe('usePersistRule', () => {
         usePrePackagedRules({
           canUserCRUD: true,
           hasIndexWrite: true,
-          hasManageApiKey: true,
           isAuthenticated: true,
           hasEncryptionKey: true,
           isSignalIndexExists: false,

diff --git a/...k/legacy/plugins/siem/public/containers/detection_engine/rules/use_pre_packaged_rules.tsx b/...k/legacy/plugins/siem/public/containers/detection_engine/rules/use_pre_packaged_rules.tsx
@@ -26,7 +26,6 @@ export interface ReturnPrePackagedRules {
 interface UsePrePackagedRuleProps {
   canUserCRUD: boolean | null;
   hasIndexWrite: boolean | null;
-  hasManageApiKey: boolean | null;
   isAuthenticated: boolean | null;
   hasEncryptionKey: boolean | null;
   isSignalIndexExists: boolean | null;
@@ -36,7 +35,6 @@ interface UsePrePackagedRuleProps {
  * Hook for using to get status about pre-packaged Rules from the Detection Engine API
  *
  * @param hasIndexWrite boolean
- * @param hasManageApiKey boolean
  * @param isAuthenticated boolean
  * @param hasEncryptionKey boolean
  * @param isSignalIndexExists boolean
@@ -45,7 +43,6 @@ interface UsePrePackagedRuleProps {
 export const usePrePackagedRules = ({
   canUserCRUD,
   hasIndexWrite,
-  hasManageApiKey,
   isAuthenticated,
   hasEncryptionKey,
   isSignalIndexExists,
@@ -117,7 +114,6 @@ export const usePrePackagedRules = ({
           if (
             canUserCRUD &&
             hasIndexWrite &&
-            hasManageApiKey &&
             isAuthenticated &&
             hasEncryptionKey &&
             isSignalIndexExists
@@ -185,14 +181,7 @@ export const usePrePackagedRules = ({
       isSubscribed = false;
       abortCtrl.abort();
     };
-  }, [
-    canUserCRUD,
-    hasIndexWrite,
-    hasManageApiKey,
-    isAuthenticated,
-    hasEncryptionKey,
-    isSignalIndexExists,
-  ]);
+  }, [canUserCRUD, hasIndexWrite, isAuthenticated, hasEncryptionKey, isSignalIndexExists]);
 
   return {
     loading,

diff --git a/x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/mock.ts b/x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/mock.ts
@@ -992,7 +992,6 @@ export const mockUserPrivilege: Privilege = {
     monitor_watcher: true,
     monitor_transform: true,
     read_ilm: true,
-    manage_api_key: true,
     manage_security: true,
     manage_own_api_key: false,
     manage_saml: true,

diff --git a/x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/types.ts b/x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/types.ts
@@ -54,7 +54,6 @@ export interface Privilege {
     monitor_watcher: boolean;
     monitor_transform: boolean;
     read_ilm: boolean;
-    manage_api_key: boolean;
     manage_security: boolean;
     manage_own_api_key: boolean;
     manage_saml: boolean;

diff --git a/...egacy/plugins/siem/public/containers/detection_engine/signals/use_privilege_user.test.tsx b/...egacy/plugins/siem/public/containers/detection_engine/signals/use_privilege_user.test.tsx
@@ -21,7 +21,6 @@ describe('usePrivilegeUser', () => {
         hasEncryptionKey: null,
         hasIndexManage: null,
         hasIndexWrite: null,
-        hasManageApiKey: null,
         isAuthenticated: null,
         loading: true,
       });
@@ -39,7 +38,6 @@ describe('usePrivilegeUser', () => {
         hasEncryptionKey: true,
         hasIndexManage: true,
         hasIndexWrite: true,
-        hasManageApiKey: true,
         isAuthenticated: true,
         loading: false,
       });
@@ -61,7 +59,6 @@ describe('usePrivilegeUser', () => {
         hasEncryptionKey: false,
         hasIndexManage: false,
         hasIndexWrite: false,
-        hasManageApiKey: false,
         isAuthenticated: false,
         loading: false,
       });

diff --git a/x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/use_privilege_user.tsx b/x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/use_privilege_user.tsx
@@ -15,7 +15,6 @@ export interface ReturnPrivilegeUser {
   isAuthenticated: boolean | null;
   hasEncryptionKey: boolean | null;
   hasIndexManage: boolean | null;
-  hasManageApiKey: boolean | null;
   hasIndexWrite: boolean | null;
 }
 /**
@@ -27,17 +26,12 @@ export const usePrivilegeUser = (): ReturnPrivilegeUser => {
   const [privilegeUser, setPrivilegeUser] = useState<
     Pick<
       ReturnPrivilegeUser,
-      | 'isAuthenticated'
-      | 'hasEncryptionKey'
-      | 'hasIndexManage'
-      | 'hasManageApiKey'
-      | 'hasIndexWrite'
+      'isAuthenticated' | 'hasEncryptionKey' | 'hasIndexManage' | 'hasIndexWrite'
     >
   >({
     isAuthenticated: null,
     hasEncryptionKey: null,
     hasIndexManage: null,
-    hasManageApiKey: null,
     hasIndexWrite: null,
   });
   const [, dispatchToaster] = useStateToaster();
@@ -65,10 +59,6 @@ export const usePrivilegeUser = (): ReturnPrivilegeUser => {
                 privilege.index[indexName].create_doc ||
                 privilege.index[indexName].index ||
                 privilege.index[indexName].write,
-              hasManageApiKey:
-                privilege.cluster.manage_security ||
-                privilege.cluster.manage_api_key ||
-                privilege.cluster.manage_own_api_key,
             });
           }
         }
@@ -78,7 +68,6 @@ export const usePrivilegeUser = (): ReturnPrivilegeUser => {
             isAuthenticated: false,
             hasEncryptionKey: false,
             hasIndexManage: false,
-            hasManageApiKey: false,
             hasIndexWrite: false,
           });
           errorToToaster({ title: i18n.PRIVILEGE_FETCH_FAILURE, error, dispatchToaster });

diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/user_info/index.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/user_info/index.tsx
@@ -15,7 +15,6 @@ export interface State {
   canUserCRUD: boolean | null;
   hasIndexManage: boolean | null;
   hasIndexWrite: boolean | null;
-  hasManageApiKey: boolean | null;
   isSignalIndexExists: boolean | null;
   isAuthenticated: boolean | null;
   hasEncryptionKey: boolean | null;
@@ -27,7 +26,6 @@ const initialState: State = {
   canUserCRUD: null,
   hasIndexManage: null,
   hasIndexWrite: null,
-  hasManageApiKey: null,
   isSignalIndexExists: null,
   isAuthenticated: null,
   hasEncryptionKey: null,
@@ -37,10 +35,6 @@ const initialState: State = {
 
 export type Action =
   | { type: 'updateLoading'; loading: boolean }
-  | {
-      type: 'updateHasManageApiKey';
-      hasManageApiKey: boolean | null;
-    }
   | {
       type: 'updateHasIndexManage';
       hasIndexManage: boolean | null;
@@ -90,12 +84,6 @@ export const userInfoReducer = (state: State, action: Action): State => {
         hasIndexWrite: action.hasIndexWrite,
       };
     }
-    case 'updateHasManageApiKey': {
-      return {
-        ...state,
-        hasManageApiKey: action.hasManageApiKey,
-      };
-    }
     case 'updateIsSignalIndexExists': {
       return {
         ...state,
@@ -151,7 +139,6 @@ export const useUserInfo = (): State => {
       canUserCRUD,
       hasIndexManage,
       hasIndexWrite,
-      hasManageApiKey,
       isSignalIndexExists,
       isAuthenticated,
       hasEncryptionKey,
@@ -166,7 +153,6 @@ export const useUserInfo = (): State => {
     hasEncryptionKey: isApiEncryptionKey,
     hasIndexManage: hasApiIndexManage,
     hasIndexWrite: hasApiIndexWrite,
-    hasManageApiKey: hasApiManageApiKey,
   } = usePrivilegeUser();
   const {
     loading: indexNameLoading,
@@ -197,12 +183,6 @@ export const useUserInfo = (): State => {
     }
   }, [loading, hasIndexWrite, hasApiIndexWrite]);
 
-  useEffect(() => {
-    if (!loading && hasManageApiKey !== hasApiManageApiKey && hasApiManageApiKey != null) {
-      dispatch({ type: 'updateHasManageApiKey', hasManageApiKey: hasApiManageApiKey });
-    }
-  }, [loading, hasManageApiKey, hasApiManageApiKey]);
-
   useEffect(() => {
     if (
       !loading &&
@@ -258,7 +238,6 @@ export const useUserInfo = (): State => {
     canUserCRUD,
     hasIndexManage,
     hasIndexWrite,
-    hasManageApiKey,
     signalIndexName,
   };
 };
diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/create/index.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/create/index.tsx
@@ -24,7 +24,7 @@ import { StepScheduleRule } from '../components/step_schedule_rule';
 import { StepRuleActions } from '../components/step_rule_actions';
 import { DetectionEngineHeaderPage } from '../../components/detection_engine_header_page';
 import * as RuleI18n from '../translations';
-import { redirectToDetections, getActionMessageParams } from '../helpers';
+import { redirectToDetections, getActionMessageParams, userHasNoPermissions } from '../helpers';
 import {
   AboutStepRule,
   DefineStepRule,
@@ -85,7 +85,6 @@ const CreateRulePageComponent: React.FC = () => {
     isAuthenticated,
     hasEncryptionKey,
     canUserCRUD,
-    hasManageApiKey,
   } = useUserInfo();
   const [, dispatchToaster] = useStateToaster();
   const [openAccordionId, setOpenAccordionId] = useState<RuleStep>(RuleStep.defineRule);
@@ -117,8 +116,6 @@ const CreateRulePageComponent: React.FC = () => {
       getActionMessageParams((stepsData.current['define-rule'].data as DefineStepRule).ruleType),
     [stepsData.current['define-rule'].data]
   );
-  const userHasNoPermissions =
-    canUserCRUD != null && hasManageApiKey != null ? !canUserCRUD || !hasManageApiKey : false;
 
   const setStepData = useCallback(
     (step: RuleStep, data: unknown, isValid: boolean) => {
@@ -274,7 +271,7 @@ const CreateRulePageComponent: React.FC = () => {
 
   if (redirectToDetections(isSignalIndexExists, isAuthenticated, hasEncryptionKey)) {
     return <Redirect to={`/${DETECTION_ENGINE_PAGE_NAME}`} />;
-  } else if (userHasNoPermissions) {
+  } else if (userHasNoPermissions(canUserCRUD)) {
     return <Redirect to={`/${DETECTION_ENGINE_PAGE_NAME}/rules`} />;
   }