Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[index management] Better privilege checking for component index templates #202251

Merged
merged 31 commits into from
Dec 18, 2024
Merged

[index management] Better privilege checking for component index templates #202251

Show file tree
Hide file tree
Changes from 30 commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
97524cb
better privilege checking for enrich policies
mattkime Nov 26, 2024
fa962af
allow for read only access to enrichment policies in index management
mattkime Nov 26, 2024
7630781
remove i18n content
mattkime Nov 26, 2024
cbe3812
remove i18n content
mattkime Nov 26, 2024
615f986
fix tests
mattkime Nov 26, 2024
05833e8
fix jest tests
mattkime Nov 26, 2024
94885e5
Merge branch 'main' into enrich_policy_mgmt_better_privs
mattkime Nov 26, 2024
19d22d6
Merge branch 'main' into enrich_policy_mgmt_better_privs
mattkime Nov 26, 2024
bd0aa8c
Merge branch 'main' into enrich_policy_mgmt_better_privs
mattkime Nov 28, 2024
bd00733
functional tests
mattkime Nov 29, 2024
33a76ad
Merge branch 'enrich_policy_mgmt_better_privs' of github.com:mattkime…
mattkime Nov 29, 2024
d4d435c
Merge branch 'main' into enrich_policy_mgmt_better_privs
mattkime Nov 29, 2024
43987d9
component templates tab access if only manage_index_template priv is …
mattkime Nov 29, 2024
4fd28e0
fix jest test
mattkime Nov 29, 2024
bb8144b
fix functional test
mattkime Nov 29, 2024
b0a77d5
add no access functional test
mattkime Dec 1, 2024
0c42453
fix no access test
mattkime Dec 1, 2024
86ca64d
fix test
mattkime Dec 2, 2024
f5154a3
move config changes, restore config check
mattkime Dec 2, 2024
135b456
Merge branch 'main' into templates_mgmt_better_privs
mattkime Dec 2, 2024
d0014b1
fix bad merge
mattkime Dec 2, 2024
59c53af
fix test
mattkime Dec 3, 2024
e55ca99
Merge branch 'main' into templates_mgmt_better_privs
mattkime Dec 9, 2024
ffac020
Merge branch 'main' into templates_mgmt_better_privs
mattkime Dec 13, 2024
02f6ac9
fix functional test auth
mattkime Dec 14, 2024
a0f1628
tweak privs
mattkime Dec 14, 2024
ad91991
attempt to fix functional test
mattkime Dec 16, 2024
7529c26
fix functional test auth issue
mattkime Dec 16, 2024
321c494
fix functional test auth issue
mattkime Dec 16, 2024
18d0bee
Merge branch 'main' into templates_mgmt_better_privs
mattkime Dec 16, 2024
b04f0bc
Merge branch 'main' into templates_mgmt_better_privs
mattkime Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions x-pack/platform/plugins/private/translations/translations/fr-FR.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22389,8 +22389,6 @@
"xpack.idxMgmt.goToDiscover.discoverIndexButtonLabel": "Découvrir les index",
"xpack.idxMgmt.goToDiscover.showIndexToolTip": "Montrer {indexName} dans Discover",
"xpack.idxMgmt.home.appTitle": "Gestion des index",
"xpack.idxMgmt.home.componentTemplates.checkingPrivilegesDescription": "Vérification des privilèges…",
"xpack.idxMgmt.home.componentTemplates.checkingPrivilegesErrorMessage": "Erreur lors de la récupération des privilèges utilisateur depuis le serveur.",
"xpack.idxMgmt.home.componentTemplates.confirmButtonLabel": "Supprimer {numComponentTemplatesToDelete, plural, one {le modèle de composant} other {les modèles de composants} }",
"xpack.idxMgmt.home.componentTemplates.deleteModal.cancelButtonLabel": "Annuler",
"xpack.idxMgmt.home.componentTemplates.deleteModal.deleteDescription": "Vous êtes sur le point de supprimer {numComponentTemplatesToDelete, plural, one {ce modèle de composant} other {ces modèles de composants} } :",
Expand All @@ -22399,8 +22397,6 @@
"xpack.idxMgmt.home.componentTemplates.deleteModal.multipleErrorsNotificationMessageText": "Erreur lors de la suppression de {count} modèles de composants",
"xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteMultipleNotificationMessageText": "{numSuccesses, plural, one {# modèle de composant supprimé} other {# modèles de composants supprimés}}",
"xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteSingleNotificationMessageText": "Le modèle de composant \"{componentTemplateName}\" a bien été supprimé",
"xpack.idxMgmt.home.componentTemplates.deniedPrivilegeDescription": "Pour utiliser les modèles de composants, vous devez posséder {privilegesCount, plural, one {ce privilège de cluster} other {ces privilèges de cluster}} : {missingPrivileges}.",
"xpack.idxMgmt.home.componentTemplates.deniedPrivilegeTitle": "Privilèges de cluster requis",
"xpack.idxMgmt.home.componentTemplates.emptyPromptButtonLabel": "Créer un modèle de composant",
"xpack.idxMgmt.home.componentTemplates.emptyPromptDescription": "Par exemple, vous pouvez créer un modèle de composant pour les paramètres d'index réutilisables dans tous les modèles d'index.",
"xpack.idxMgmt.home.componentTemplates.emptyPromptDocumentionLink": "En savoir plus.",
Expand Down
4 changes: 0 additions & 4 deletions x-pack/platform/plugins/private/translations/translations/ja-JP.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22247,8 +22247,6 @@
"xpack.idxMgmt.goToDiscover.discoverIndexButtonLabel": "Discoverインデックス",
"xpack.idxMgmt.goToDiscover.showIndexToolTip": "Discoverで{indexName}を表示",
"xpack.idxMgmt.home.appTitle": "インデックス管理",
"xpack.idxMgmt.home.componentTemplates.checkingPrivilegesDescription": "権限を確認中…",
"xpack.idxMgmt.home.componentTemplates.checkingPrivilegesErrorMessage": "サーバーからユーザー特権を取得中にエラーが発生。",
"xpack.idxMgmt.home.componentTemplates.confirmButtonLabel": "{numComponentTemplatesToDelete, plural, other {個のコンポーネントテンプレート} }を削除",
"xpack.idxMgmt.home.componentTemplates.deleteModal.cancelButtonLabel": "キャンセル",
"xpack.idxMgmt.home.componentTemplates.deleteModal.deleteDescription": "{numComponentTemplatesToDelete, plural, one {このコンポーネントテンプレート} other {これらのコンポーネントテンプレート} }を削除しようとしています。",
Expand All @@ -22257,8 +22255,6 @@
"xpack.idxMgmt.home.componentTemplates.deleteModal.multipleErrorsNotificationMessageText": "{count}個のコンポーネントテンプレートの削除エラー",
"xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteMultipleNotificationMessageText": "{numSuccesses, plural, other {# 個のコンポーネントテンプレート}}を削除しました",
"xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteSingleNotificationMessageText": "コンポーネントテンプレート''{componentTemplateName}''を削除しました",
"xpack.idxMgmt.home.componentTemplates.deniedPrivilegeDescription": "コンポーネントテンプレートを使用するには、{privilegesCount, plural, one {このクラスター特権} other {これらのクラスター特権}}が必要です:{missingPrivileges}。",
"xpack.idxMgmt.home.componentTemplates.deniedPrivilegeTitle": "クラスターの権限が必要です",
"xpack.idxMgmt.home.componentTemplates.emptyPromptButtonLabel": "コンポーネントテンプレートを作成",
"xpack.idxMgmt.home.componentTemplates.emptyPromptDescription": "たとえば、インデックステンプレート全体で再利用できるインデックス設定のコンポーネントテンプレートを作成できます。",
"xpack.idxMgmt.home.componentTemplates.emptyPromptDocumentionLink": "詳細情報",
Expand Down
4 changes: 0 additions & 4 deletions x-pack/platform/plugins/private/translations/translations/zh-CN.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21890,16 +21890,12 @@
"xpack.idxMgmt.goToDiscover.discoverIndexButtonLabel": "Discover 索引",
"xpack.idxMgmt.goToDiscover.showIndexToolTip": "在 Discover 中显示 {indexName}",
"xpack.idxMgmt.home.appTitle": "索引管理",
"xpack.idxMgmt.home.componentTemplates.checkingPrivilegesDescription": "正在检查权限……",
"xpack.idxMgmt.home.componentTemplates.checkingPrivilegesErrorMessage": "从服务器获取用户权限时出错。",
"xpack.idxMgmt.home.componentTemplates.confirmButtonLabel": "删除{numComponentTemplatesToDelete, plural, other {组件模板} }",
"xpack.idxMgmt.home.componentTemplates.deleteModal.cancelButtonLabel": "取消",
"xpack.idxMgmt.home.componentTemplates.deleteModal.deleteDescription": "您即将删除{numComponentTemplatesToDelete, plural, other {以下组件模板} }:",
"xpack.idxMgmt.home.componentTemplates.deleteModal.modalTitleText": "删除{numComponentTemplatesToDelete, plural, one {组件模板} other { # 个组件模板}}",
"xpack.idxMgmt.home.componentTemplates.deleteModal.multipleErrorsNotificationMessageText": "删除 {count} 个组件模板时出错",
"xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteMultipleNotificationMessageText": "已删除 {numSuccesses, plural, other {# 个组件模板}}",
"xpack.idxMgmt.home.componentTemplates.deniedPrivilegeDescription": "要使用'组件模板',必须具有{privilegesCount, plural, other {以下集群权限}}:{missingPrivileges}。",
"xpack.idxMgmt.home.componentTemplates.deniedPrivilegeTitle": "需要集群权限",
"xpack.idxMgmt.home.componentTemplates.emptyPromptButtonLabel": "创建组件模板",
"xpack.idxMgmt.home.componentTemplates.emptyPromptDescription": "例如,您可以为可在多个索引模板上重复使用的索引设置创建组件模板。",
"xpack.idxMgmt.home.componentTemplates.emptyPromptDocumentionLink": "了解详情。",
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ const appDependencies = {
monitor: true,
manageEnrich: true,
monitorEnrich: true,
manageIndexTemplates: true,
},
} as any;

Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/index_management/public/application/app_context.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ export interface AppDependencies {
monitor: boolean;
manageEnrich: boolean;
monitorEnrich: boolean;
manageIndexTemplates: boolean;
};
}

Expand Down
26 changes: 0 additions & 26 deletions ...blic/application/components/component_templates/component_template_list/auth_provider.tsx
View file
Open in desktop

This file was deleted.

16 changes: 5 additions & 11 deletions ...ponents/component_templates/component_template_list/component_template_list_container.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ import { RouteComponentProps } from 'react-router-dom';
import qs from 'query-string';
import { useExecutionContext } from '../shared_imports';
import { useComponentTemplatesContext } from '../component_templates_context';
import { ComponentTemplatesAuthProvider } from './auth_provider';
import { ComponentTemplatesWithPrivileges } from './with_privileges';
import { ComponentTemplateList } from './component_template_list';

interface MatchParams {
Expand All @@ -39,14 +37,10 @@ export const ComponentTemplateListContainer: React.FunctionComponent<
const filter = urlParams.filter ?? '';

return (
<ComponentTemplatesAuthProvider>
<ComponentTemplatesWithPrivileges>
<ComponentTemplateList
componentTemplateName={componentTemplateName}
history={history}
filter={String(filter)}
/>
</ComponentTemplatesWithPrivileges>
</ComponentTemplatesAuthProvider>
<ComponentTemplateList
componentTemplateName={componentTemplateName}
history={history}
filter={String(filter)}
/>
);
};
83 changes: 0 additions & 83 deletions ...ic/application/components/component_templates/component_template_list/with_privileges.tsx
View file
Open in desktop

This file was deleted.

4 changes: 3 additions & 1 deletion x-pack/plugins/index_management/public/application/mount_management_section.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,8 @@ export function getIndexManagementDependencies({
}): AppDependencies {
const { docLinks, application, uiSettings, settings } = core;
const { url } = startDependencies.share;
const { monitor, manageEnrich, monitorEnrich } = application.capabilities.index_management;
const { monitor, manageEnrich, monitorEnrich, manageIndexTemplates } =
application.capabilities.index_management;

return {
core: {
Expand Down Expand Up @@ -109,6 +110,7 @@ export function getIndexManagementDependencies({
monitor: !!monitor,
manageEnrich: !!manageEnrich,
monitorEnrich: !!monitorEnrich,
manageIndexTemplates: !!manageIndexTemplates,
},
};
}
Expand Down
27 changes: 16 additions & 11 deletions x-pack/plugins/index_management/public/application/sections/home/home.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,16 +66,19 @@ export const IndexManagementHome: React.FunctionComponent<RouteComponentProps<Ma
/>
),
},
{
];

if (privs.manageIndexTemplates) {
tabs.push({
id: Section.ComponentTemplates,
name: (
<FormattedMessage
id="xpack.idxMgmt.home.componentTemplatesTabTitle"
defaultMessage="Component Templates"
/>
),
},
];
});
}

if (privs.monitorEnrich) {
tabs.push({
Expand Down Expand Up @@ -139,14 +142,16 @@ export const IndexManagementHome: React.FunctionComponent<RouteComponentProps<Ma
path={[`/${Section.IndexTemplates}`, `/${Section.IndexTemplates}/:templateName?`]}
component={TemplateList}
/>
<Route
exact
path={[
`/${Section.ComponentTemplates}`,
`/${Section.ComponentTemplates}/:componentTemplateName?`,
]}
component={ComponentTemplateList}
/>
{privs.manageIndexTemplates && (
<Route
exact
path={[
`/${Section.ComponentTemplates}`,
`/${Section.ComponentTemplates}/:componentTemplateName?`,
]}
component={ComponentTemplateList}
/>
)}
{privs.monitorEnrich && (
<Route exact path={`/${Section.EnrichPolicies}`} component={EnrichPoliciesList} />
)}
Expand Down
8 changes: 6 additions & 2 deletions x-pack/plugins/index_management/public/plugin.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,8 +105,12 @@ export class IndexMgmtUIPlugin
const { fleet, usageCollection, management, cloud } = plugins;

this.capabilities$.subscribe((capabilities) => {
const { monitor, manageEnrich, monitorEnrich } = capabilities.index_management;
if (this.config.isIndexManagementUiEnabled && (monitor || manageEnrich || monitorEnrich)) {
const { monitor, manageEnrich, monitorEnrich, manageIndexTemplates } =
capabilities.index_management;
if (
this.config.isIndexManagementUiEnabled &&
(monitor || manageEnrich || monitorEnrich || manageIndexTemplates)
) {
management.sections.section.data.registerApp({
id: PLUGIN.id,
title: i18n.translate('xpack.idxMgmt.appTitle', { defaultMessage: 'Index Management' }),
Expand Down
4 changes: 4 additions & 0 deletions x-pack/plugins/index_management/server/plugin.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ export class IndexMgmtServerPlugin implements Plugin<IndexManagementPluginSetup,
requiredClusterPrivileges: ['manage_enrich'],
ui: ['manageEnrich'],
},
{
requiredClusterPrivileges: ['manage_index_templates'],
ui: ['manageIndexTemplates'],
},
{
// manage_index_templates is also required, but we will disable specific parts of the
// UI if this privilege is missing.
Expand Down
2 changes: 0 additions & 2 deletions x-pack/plugins/index_management/server/routes/api/component_templates/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import { registerGetAllRoute } from './register_get_route';
import { registerCreateRoute } from './register_create_route';
import { registerUpdateRoute } from './register_update_route';
import { registerDeleteRoute } from './register_delete_route';
import { registerPrivilegesRoute } from './register_privileges_route';
import {
registerGetDatastreams,
registerReferencedIndexTemplateMeta,
Expand All @@ -24,5 +23,4 @@ export function registerComponentTemplateRoutes(dependencies: RouteDependencies)
registerGetDatastreams(dependencies);
registerReferencedIndexTemplateMeta(dependencies);
registerDeleteRoute(dependencies);
registerPrivilegesRoute(dependencies);
}
Loading