Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add remote index privileges to role management #154948

Merged
merged 10 commits into from
Apr 19, 2023
Merged

Add remote index privileges to role management #154948

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
2931bf3
Add remote indices to role management
thomheymann Apr 13, 2023
0802913
Fix i18n issue
thomheymann Apr 13, 2023
db5c708
Fix i18n issues
thomheymann Apr 14, 2023
c252256
Merge branch 'main' into remote-indices-role-management
thomheymann Apr 17, 2023
10ad803
Added correct license for remote index privileges
thomheymann Apr 19, 2023
7025702
Added suggestions from code review
thomheymann Apr 19, 2023
7207352
Merge branch 'main' into remote-indices-role-management
thomheymann Apr 19, 2023
085cd76
Fix type
thomheymann Apr 19, 2023
fb8d5d8
Merge branch 'remote-indices-role-management' of https://github.com/t…
thomheymann Apr 19, 2023
eb49d6b
Fix snapshot
thomheymann Apr 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions x-pack/plugins/security/common/licensing/license_features.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,11 @@ export interface SecurityLicenseFeatures {
*/
readonly allowRoleFieldLevelSecurity: boolean;

/**
* Indicates whether we allow users to define remote index privileges in roles.
*/
readonly allowRoleRemoteIndexPrivileges: boolean;

/**
* Indicates whether we allow Role-based access control (RBAC).
*/
Expand Down
9 changes: 9 additions & 0 deletions x-pack/plugins/security/common/licensing/license_service.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ describe('license features', function () {
allowAccessAgreement: false,
allowRoleDocumentLevelSecurity: false,
allowRoleFieldLevelSecurity: false,
allowRoleRemoteIndexPrivileges: false,
layout: 'error-es-unavailable',
allowRbac: false,
allowSubFeaturePrivileges: false,
Expand All @@ -48,6 +49,7 @@ describe('license features', function () {
allowAccessAgreement: false,
allowRoleDocumentLevelSecurity: false,
allowRoleFieldLevelSecurity: false,
allowRoleRemoteIndexPrivileges: false,
layout: 'error-xpack-unavailable',
allowRbac: false,
allowSubFeaturePrivileges: false,
Expand Down Expand Up @@ -78,6 +80,7 @@ describe('license features', function () {
"allowRbac": false,
"allowRoleDocumentLevelSecurity": false,
"allowRoleFieldLevelSecurity": false,
"allowRoleRemoteIndexPrivileges": false,
"allowSubFeaturePrivileges": false,
"allowUserProfileCollaboration": false,
"layout": "error-xpack-unavailable",
Expand All @@ -100,6 +103,7 @@ describe('license features', function () {
"allowRbac": true,
"allowRoleDocumentLevelSecurity": true,
"allowRoleFieldLevelSecurity": true,
"allowRoleRemoteIndexPrivileges": true,
"allowSubFeaturePrivileges": true,
"allowUserProfileCollaboration": true,
"showLinks": true,
Expand Down Expand Up @@ -132,6 +136,7 @@ describe('license features', function () {
allowAccessAgreement: false,
allowRoleDocumentLevelSecurity: false,
allowRoleFieldLevelSecurity: false,
allowRoleRemoteIndexPrivileges: false,
allowRbac: true,
allowSubFeaturePrivileges: false,
allowAuditLogging: false,
Expand All @@ -158,6 +163,7 @@ describe('license features', function () {
allowAccessAgreement: false,
allowRoleDocumentLevelSecurity: false,
allowRoleFieldLevelSecurity: false,
allowRoleRemoteIndexPrivileges: false,
allowRbac: false,
allowSubFeaturePrivileges: false,
allowAuditLogging: false,
Expand All @@ -183,6 +189,7 @@ describe('license features', function () {
allowAccessAgreement: false,
allowRoleDocumentLevelSecurity: false,
allowRoleFieldLevelSecurity: false,
allowRoleRemoteIndexPrivileges: false,
allowRbac: true,
allowSubFeaturePrivileges: false,
allowAuditLogging: false,
Expand All @@ -208,6 +215,7 @@ describe('license features', function () {
allowAccessAgreement: true,
allowRoleDocumentLevelSecurity: false,
allowRoleFieldLevelSecurity: false,
allowRoleRemoteIndexPrivileges: false,
allowRbac: true,
allowSubFeaturePrivileges: true,
allowAuditLogging: true,
Expand All @@ -233,6 +241,7 @@ describe('license features', function () {
allowAccessAgreement: true,
allowRoleDocumentLevelSecurity: true,
allowRoleFieldLevelSecurity: true,
allowRoleRemoteIndexPrivileges: true,
allowRbac: true,
allowSubFeaturePrivileges: true,
allowAuditLogging: true,
Expand Down
3 changes: 3 additions & 0 deletions x-pack/plugins/security/common/licensing/license_service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ export class SecurityLicenseService {
allowAuditLogging: false,
allowRoleDocumentLevelSecurity: false,
allowRoleFieldLevelSecurity: false,
allowRoleRemoteIndexPrivileges: false,
allowRbac: false,
allowSubFeaturePrivileges: false,
allowUserProfileCollaboration: false,
Expand All @@ -104,6 +105,7 @@ export class SecurityLicenseService {
allowAuditLogging: false,
allowRoleDocumentLevelSecurity: false,
allowRoleFieldLevelSecurity: false,
allowRoleRemoteIndexPrivileges: false,
allowRbac: false,
allowSubFeaturePrivileges: false,
allowUserProfileCollaboration: false,
Expand All @@ -124,6 +126,7 @@ export class SecurityLicenseService {
// Only platinum and trial licenses are compliant with field- and document-level security.
allowRoleDocumentLevelSecurity: isLicensePlatinumOrBetter,
allowRoleFieldLevelSecurity: isLicensePlatinumOrBetter,
allowRoleRemoteIndexPrivileges: isLicensePlatinumOrBetter,
allowRbac: true,
allowUserProfileCollaboration: isLicenseStandardOrBetter,
};
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security/common/model/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,12 @@ export { shouldProviderUseLoginForm } from './authentication_provider';
export type { BuiltinESPrivileges } from './builtin_es_privileges';
export type { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_privileges';
export type { FeaturesPrivileges } from './features_privileges';
export type { Role, RoleIndexPrivilege, RoleKibanaPrivilege } from './role';
export type {
Role,
RoleIndexPrivilege,
RoleRemoteIndexPrivilege,
RoleKibanaPrivilege,
} from './role';
export {
copyRole,
isRoleDeprecated,
Expand Down
5 changes: 5 additions & 0 deletions x-pack/plugins/security/common/model/role.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ export interface RoleIndexPrivilege {
query?: string;
}

export interface RoleRemoteIndexPrivilege extends RoleIndexPrivilege {
clusters: string[];
}

export interface RoleKibanaPrivilege {
spaces: string[];
base: string[];
Expand All @@ -33,6 +37,7 @@ export interface Role {
elasticsearch: {
cluster: string[];
indices: RoleIndexPrivilege[];
remote_indices?: RoleRemoteIndexPrivilege[];
run_as: string[];
};
kibana: RoleKibanaPrivilege[];
Expand Down
2 changes: 2 additions & 0 deletions ...ugins/security/public/management/roles/edit_role/__snapshots__/validate_role.test.ts.snap
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,8 @@ function useRole(
return;
}

if (fetchedRole.elasticsearch.indices.length === 0) {
const isEditingExistingRole = !!roleName && action === 'edit';
if (!isEditingExistingRole && fetchedRole.elasticsearch.indices.length === 0) {
thomheymann marked this conversation as resolved.
Show resolved Hide resolved
const emptyOption: RoleIndexPrivilege = {
names: [],
privileges: [],
Expand Down
1 change: 1 addition & 0 deletions ...c/management/roles/edit_role/privileges/es/__snapshots__/cluster_privileges.test.tsx.snap
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

96 changes: 84 additions & 12 deletions ...gement/roles/edit_role/privileges/es/__snapshots__/elasticsearch_privileges.test.tsx.snap
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading