From 2f4f5fff12afd851182969b6b1e773998ad908e9 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 5 Jul 2024 00:54:09 +0200 Subject: [PATCH] [8.15] [Fleet] Disable selecting standalone instructions for user without agent policies READ permissions (#187517) (#187605) # Backport This will backport the following commits from `main` to `8.15`: - [[Fleet] Disable selecting standalone instructions for user without agent policies READ permissions (#187517)](https://github.com/elastic/kibana/pull/187517) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Nicolas Chaulet --- x-pack/plugins/fleet/common/authz.ts | 3 +- .../agent_enrollment_flyout.test.tsx | 9 ++- .../agent_enrollment_flyout/index.tsx | 5 ++ .../installation_mode_selection_step.tsx | 57 +++++++++++++------ 4 files changed, 55 insertions(+), 19 deletions(-) diff --git a/x-pack/plugins/fleet/common/authz.ts b/x-pack/plugins/fleet/common/authz.ts index 463ab7dc90c97..7399eb98a583b 100644 --- a/x-pack/plugins/fleet/common/authz.ts +++ b/x-pack/plugins/fleet/common/authz.ts @@ -144,8 +144,7 @@ export const calculateAuthz = ({ // These are currently used by Fleet Server setup setup: fleet.all || fleet.setup, readEnrollmentTokens: (fleet.all || fleet.setup || fleet.agents?.all) ?? false, - readAgentPolicies: - (fleet.all || fleet.read || fleet.setup || fleet.agentPolicies?.read) ?? false, + readAgentPolicies: (fleet.all || fleet.setup) ?? false, }; return { diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx index d6ac7fdac8def..f8f1854911505 100644 --- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx +++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx @@ -14,7 +14,7 @@ import type { RenderResult } from '@testing-library/react'; import { createFleetTestRendererMock } from '../../mock'; import type { AgentPolicy } from '../../../common'; import { sendGetOneAgentPolicy } from '../../hooks/use_request'; -import { useAgentEnrollmentFlyoutData, useFleetServerStandalone } from '../../hooks'; +import { useAgentEnrollmentFlyoutData, useAuthz, useFleetServerStandalone } from '../../hooks'; import { useAdvancedForm } from '../../applications/fleet/components/fleet_server_instructions/hooks'; import { useFleetServerUnhealthy } from '../../applications/fleet/sections/agents/hooks/use_fleet_server_unhealthy'; @@ -22,6 +22,8 @@ import { useFleetServerUnhealthy } from '../../applications/fleet/sections/agent import type { FlyOutProps } from './types'; import { AgentEnrollmentFlyout } from '.'; +jest.mock('../../hooks/use_authz'); + const render = (props?: Partial) => { cleanup(); const renderer = createFleetTestRendererMock(); @@ -47,6 +49,11 @@ describe('', () => { let results: RenderResult; beforeEach(async () => { + jest.mocked(useAuthz).mockReturnValue({ + fleet: { + readAgentPolicies: true, + }, + } as any); jest.mocked(useFleetServerStandalone).mockReturnValue({ isFleetServerStandalone: false }); (useFleetServerUnhealthy as jest.Mock).mockReturnValue({ diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx index 57b3a8e0e0ff5..ef9f9f34a7eda 100644 --- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx +++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx @@ -28,6 +28,7 @@ import { useFleetStatus, useAgentEnrollmentFlyoutData, useFleetServerHostsForPolicy, + useAuthz, } from '../../hooks'; import { FLEET_SERVER_PACKAGE, MAX_FLYOUT_WIDTH } from '../../constants'; import type { PackagePolicy, AgentPolicy } from '../../types'; @@ -61,6 +62,8 @@ export const AgentEnrollmentFlyout: React.FunctionComponent = ({ return policies.find((p) => p.id === id); }; + const authz = useAuthz(); + const fleetStatus = useFleetStatus(); const { docLinks } = useStartServices(); @@ -172,6 +175,8 @@ export const AgentEnrollmentFlyout: React.FunctionComponent = ({ data-test-subj="standaloneTab" isSelected={mode === 'standalone'} onClick={() => setMode('standalone')} + // Standalone need read access to agent policies + disabled={!authz.fleet.readAgentPolicies} > = ({ children, showTooltip }) => { + return showTooltip && children ? ( + + } + > + {children as React.ReactElement} + + ) : ( + <>{children} + ); +}; + export const InstallationModeSelectionStep = ({ selectedPolicyId, mode, @@ -23,6 +43,7 @@ export const InstallationModeSelectionStep = ({ mode: FlyoutMode; setMode: (v: FlyoutMode) => void; }): EuiContainedStepProps => { + const authz = useAuthz(); // radio id has to be unique so that the component works even if appears twice in DOM const radioSuffix = 'installation_mode_agent_selection'; @@ -63,22 +84,26 @@ export const InstallationModeSelectionStep = ({ }, { id: `standalone_${radioSuffix}`, + // Disabled if no agentPolicies read permission + disabled: !authz.fleet.readAgentPolicies, label: ( - - - - ), - }} - /> + + + + + ), + }} + /> + ), }, ]}