From c837518650b655e6dcb5c4fd409605ffab062759 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Fri, 12 Apr 2024 15:52:54 +0700 Subject: [PATCH] [Fleet] Enable subfeature privileges (#179889) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary Resolve [#179546](https://github.com/elastic/kibana/issues/179546) Enable subfeature privileges. Added a message in the tooltip that feature is in technical preview. Screenshot 2024-04-03 at 2 28 54 PM ## Release note Add subfeatures privileges for Fleet, for Agents, Agent policies and Settings, that feature is in technical preview and may be changed or removed completely in a future release. --------- Co-authored-by: Kyle Pollich Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com> --- .../plugins/fleet/common/experimental_features.ts | 2 +- x-pack/plugins/fleet/server/plugin.ts | 3 ++- .../api_integration/apis/security/privileges.ts | 13 ++++++++++++- .../apis/security/privileges_basic.ts | 14 +++++++++++++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/fleet/common/experimental_features.ts b/x-pack/plugins/fleet/common/experimental_features.ts index a12711012f307..1c47f91ea241e 100644 --- a/x-pack/plugins/fleet/common/experimental_features.ts +++ b/x-pack/plugins/fleet/common/experimental_features.ts @@ -27,7 +27,7 @@ export const allowedExperimentalValues = Object.freeze>( remoteESOutput: true, agentless: false, enableStrictKQLValidation: false, - subfeaturePrivileges: false, + subfeaturePrivileges: true, enablePackagesStateMachine: true, advancedPolicySettings: true, }); diff --git a/x-pack/plugins/fleet/server/plugin.ts b/x-pack/plugins/fleet/server/plugin.ts index aad61fd21c9ae..413a54877fefe 100644 --- a/x-pack/plugins/fleet/server/plugin.ts +++ b/x-pack/plugins/fleet/server/plugin.ts @@ -301,7 +301,8 @@ export class FleetPlugin app: [PLUGIN_ID], catalogue: ['fleet'], privilegesTooltip: i18n.translate('xpack.fleet.serverPlugin.privilegesTooltip', { - defaultMessage: 'All Spaces is required for Fleet access.', + defaultMessage: + 'All Spaces is required for Fleet access. Subfeatures privileges functionality is in technical preview and may be changed or removed completely in a future release.', }), reserved: { description: diff --git a/x-pack/test/api_integration/apis/security/privileges.ts b/x-pack/test/api_integration/apis/security/privileges.ts index 04a4177485348..029706ea58fd4 100644 --- a/x-pack/test/api_integration/apis/security/privileges.ts +++ b/x-pack/test/api_integration/apis/security/privileges.ts @@ -40,7 +40,18 @@ export default function ({ getService }: FtrProviderContext) { ], observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + fleetv2: [ + 'all', + 'read', + 'minimal_all', + 'minimal_read', + 'agents_all', + 'agents_read', + 'agent_policies_all', + 'agent_policies_read', + 'settings_all', + 'settings_read', + ], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 2773adfe070e8..9c76978e5205b 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -116,7 +116,19 @@ export default function ({ getService }: FtrProviderContext) { ], observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + // fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + fleetv2: [ + 'all', + 'read', + 'minimal_all', + 'minimal_read', + 'agents_all', + 'agents_read', + 'agent_policies_all', + 'agent_policies_read', + 'settings_all', + 'settings_read', + ], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'],