Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL drilldown #55324

Closed
10 of 16 tasks
Tracked by #42845
streamich opened this issue Jan 20, 2020 · 9 comments
Closed
10 of 16 tasks
Tracked by #42845

URL drilldown #55324

streamich opened this issue Jan 20, 2020 · 9 comments
Assignees
Labels
Feature:Drilldowns Embeddable panel Drilldowns Feature:Embedding Embedding content via iFrame impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:x-large Extra Large Level of Effort

Comments

@streamich
Copy link
Contributor

streamich commented Jan 20, 2020

URL Drilldown MVP

Next

Vague ideas & backlog

Notes

Currently dashboard state (including drilldown state) in edit mode is synced to browser URL. For URL drilldown project we agreed it is OK to use this existing functionality, it is up to KibanaApp team to decide if they want to remove state from the URL in the future.

We also agreed not to build external URL allow-list specifically for the URL drilldown, but in the future Kibana will have a allow-list with which URL drilldown will integrate.

Part of #42845 #61785

@streamich streamich added Feature:Drilldowns Embeddable panel Drilldowns Feature:Embedding Embedding content via iFrame Team:AppArch labels Jan 20, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-app-arch (Team:AppArch)

@streamich streamich added 5sp and removed 5sp labels Jan 20, 2020
@streamich streamich removed the 3sp label May 4, 2020
@streamich streamich mentioned this issue May 4, 2020
6 tasks
@Dosant
Copy link
Contributor

Dosant commented May 7, 2020

Had a thought during meeting:

We have build-stats and gitHub-stats kibana instances.
Would be great if we could validate our solution using those real world use case Kibanas by building drilldowns to GitHub and to Jenkins

Example GitHub url were we could drilldown to issue list of a team: https://github.com/elastic/kibana/issues?q=is%3Aopen+is%3Aissue+label%3ATeam%3A${team}

@streamich streamich changed the title URL destination (drilldowns) Dashboard-to-URL drilldown May 11, 2020
@Dosant
Copy link
Contributor

Dosant commented May 11, 2020

@streamich, wonder what do you meant by "phase"?

  • Development phase where we shouldn't move to next "phase" until done with previous?
  • Or feature "phase" where we could merge to master and allow using feature after each phase?

My confusion is that: this feature won't go live without phase 1-4 implemented, but phase 5 (sso) is an improvement on top?

So what do you think of moving phase 5 (sso) to different issue and not touch it at all for now? (This was my impression after last drilldowns sync meeting)

@streamich
Copy link
Contributor Author

By "phase" I just mean a separate piece of work, I guess "phase" is not the best word here.

So what do you think of moving phase 5 (sso) to different issue and not touch it at all for now?

Yes, I think we will move all 5 phases into separate issues.

@Dosant
Copy link
Contributor

Dosant commented Jun 2, 2020

By default allow URL drilldown to navigate to any external URL.

I think this isn't right?
I think by default nothing should be allowed.

@Dosant
Copy link
Contributor

Dosant commented Jun 5, 2020

Url Drilldowns unknowns: gdoc

@streamich
Copy link
Contributor Author

streamich commented Jun 17, 2020

Old plan:

Implement Dashboard-to-URL drilldown. It should be available under Gold license.

image

Phase 1

Solve security issue of storing URLs in Kibana app state. Kibana app state itself is stored in the URL, thus a hacker could send you a Kibana URL with a malicious drilldown URL in it.

  • Do not store entered URL in Kibana URL state. A hacker can send a link to a malicious URL.
    • Remove app state from URL in edit mode?
    • Or store drilldown URL somehow differently?
    • Or clean-up Kibana state URL on load?

Issue: #67982

Phase 2

Implement the URL drilldown.

  • Create the URL drilldown UrlDrilldownDefinition.
    • Put it in ui_actions_enhanced plugin.
    • Should be available under Gold license.
    • Implement Configurable interface to collect URL drilldown configuration.
      • URL pattern string, with tokens that can be interpolated:
        • Global Kibana values.
          • Cluster name
          • Filters, query, time range
          • etc.
        • Dashboard-specific values.
          • Dashboard ID
          • Dashboard title
          • etc.
        • Panel-specific values.
          • Panel ID
          • Panel title
          • Panel time range, filers, query
          • etc.
        • Trigger-specific data
          • Filter or time range constructed
      • Flags
        • Whether to open in new tab.
    • Implement logic to navigate to the URL in the execute method using redirect in browser.
  • Add functional tests.

Phase 3

Create user-facing website docs.

  • Documentation about the URL drilldown.
  • Add reference about every interpolation token.

Phase 4

Add ability to allow-list URL drilldown origins (protocol + domain + port).

  • By default allow URL drilldown to navigate to any external URL.
  • Add option to disable URL drilldown entirely.
  • Add an opt-in option to kibana.yml to enable URL allow-listing.
  • Add option to kibana.yml to specify URL origin allow list.
  • Respect URL allow-list configuration in URL drilldown.
# Option to disable URL drilldown entirely:
xpack.ui_actions_enhanced.url_drilldown.enabled: false

# Option to opt-in into allow-list behavior:
xpack.ui_actions_enhanced.url_drilldown.origin_allowlist_enabled: true

# Option to specify origin allow-list:
xpack.ui_actions_enhanced.url_drilldown.origin_allowlist:
  - http://google.com
  - http://bing.com

Maybe origin_allowlist_enabled and origin_allowlist options in kibana.yml can be collapsed into one? If origin_allowlist is specified it means that allow-listing is enabled.

Phase 5

Implement redirection to external URL through Kibana server (instead of directly from browser). This will allow us to support SSO authentication features, will allow users signed-in with SSO to authenticate with destination URL.

  • When user executes URL drilldown redirect to Kibana server with all necessary parameters.
  • Kibana server should process the request, construct the redirection URL, add correct headers and redirect there.

This was referenced Jun 17, 2020
@Dosant Dosant changed the title Dashboard-to-URL drilldown URL drilldown Jul 1, 2020
@Dosant Dosant added the loe:x-large Extra Large Level of Effort label Jul 21, 2020
@amberchandel
Copy link

is it possible to use URL drill-down for a number range in the free version without having a gold license

@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:weeks and removed loe:x-large Extra Large Level of Effort labels Jun 21, 2021
@ppisljar
Copy link
Member

ppisljar commented Aug 8, 2022

Thank you for contributing to this issue, however, we are closing this issue due to inactivity as part of a backlog grooming effort. If you believe this feature/bug should still be considered, please reopen with a comment.

@ppisljar ppisljar closed this as completed Aug 8, 2022
@exalate-issue-sync exalate-issue-sync bot added loe:x-large Extra Large Level of Effort and removed loe:weeks labels Aug 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Drilldowns Embeddable panel Drilldowns Feature:Embedding Embedding content via iFrame impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:x-large Extra Large Level of Effort
Projects
None yet
Development

No branches or pull requests

5 participants