Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate Capabilities to new platform #51438

Merged
merged 41 commits into from
Dec 3, 2019
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
8774c11
create service skeleton
pgayvallet Nov 21, 2019
7b38121
move registerCapabilitiesModifier to capabilities service and rename …
pgayvallet Nov 21, 2019
590e743
starts to move capabilities logic to CapabilitiesService
pgayvallet Nov 21, 2019
a0628bb
move capabilities route to service
pgayvallet Nov 22, 2019
5182e14
add initial integration test for capabilities route
pgayvallet Nov 22, 2019
b700cda
capabilitiesMixin now delegates to capability service
pgayvallet Nov 22, 2019
ca62942
use server-side Capabilities import in server code
pgayvallet Nov 22, 2019
0d27559
update generated doc
pgayvallet Nov 22, 2019
85b8645
remove capabilities from injectedMetadatas
pgayvallet Nov 25, 2019
bdd07d0
use applications sent from client instead of server-registered navLinks
pgayvallet Nov 25, 2019
6650273
disable authRequired for capabilities route
pgayvallet Nov 25, 2019
dd160fe
(temp) exposes two endpoints for capabilities
pgayvallet Nov 25, 2019
ad99a96
Add fetch-mock on capabilities call for karma tests
pgayvallet Nov 25, 2019
90234d7
adapt xpack Capabilities test - first attempt
pgayvallet Nov 25, 2019
3a81fb6
adapt x-pack ui_capabilities test
pgayvallet Nov 25, 2019
f5acc1f
add '/status' to the list of anonymous pages
pgayvallet Nov 26, 2019
2c66167
Add documentation on Capabilities APIs
pgayvallet Nov 26, 2019
33848c1
move Capabilities to core/types
pgayvallet Nov 26, 2019
bd7064e
update generated docs
pgayvallet Nov 26, 2019
bd98c78
add service tests
pgayvallet Nov 26, 2019
d4ce55c
protecting resolveCapabilities against added/removed capabilities
pgayvallet Nov 26, 2019
7746d5d
update generated docs
pgayvallet Nov 26, 2019
e99dba8
adapt mocks due to rebase
pgayvallet Nov 26, 2019
f6c76d2
add forgotten exports
pgayvallet Nov 26, 2019
707a2c4
improve capabilities routes registering
pgayvallet Nov 27, 2019
a1cc7fc
name capabilities registering methods
pgayvallet Nov 27, 2019
1625cb3
Merge remote-tracking branch 'upstream/master' into kbn-45393-capabil…
pgayvallet Nov 27, 2019
912cb8f
Merge remote-tracking branch 'upstream/master' into kbn-45393-capabil…
pgayvallet Nov 27, 2019
997e476
resolve conflicts due to merge
pgayvallet Nov 27, 2019
b37034a
address review issues
pgayvallet Nov 27, 2019
ebcfdde
add comment about reason for exposing two routes
pgayvallet Nov 29, 2019
ad0ffbb
extract createHttpServer test helper
pgayvallet Nov 29, 2019
349e1d8
Merge remote-tracking branch 'upstream/master' into kbn-45393-capabil…
pgayvallet Nov 29, 2019
d705f69
fix merge conflicts
pgayvallet Nov 29, 2019
9518a8d
Merge remote-tracking branch 'upstream/master' into kbn-45393-capabil…
pgayvallet Nov 29, 2019
a20df2a
Merge remote-tracking branch 'upstream/master' into kbn-45393-capabil…
pgayvallet Dec 2, 2019
7cb5513
improve documentation
pgayvallet Dec 2, 2019
dbf5131
remove `/status` anon registration as now done in NP status plugin
pgayvallet Dec 2, 2019
c4e313f
Merge remote-tracking branch 'upstream/master' into kbn-45393-capabil…
pgayvallet Dec 2, 2019
f66b237
Merge remote-tracking branch 'upstream/master' into kbn-45393-capabil…
pgayvallet Dec 3, 2019
4cee19c
fix merge conflicts
pgayvallet Dec 3, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
adapt x-pack ui_capabilities test
  • Loading branch information
pgayvallet committed Nov 26, 2019
commit 3a81fb6ca6b6e7d6ee4dbeb83462b2f6f4b5a363
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ describe('CapabilitiesService', () => {
describe('/api/core/capabilities route', () => {
it('is exposed', async () => {
const result = await supertest(httpSetup.server.listener)
.post('/core/capabilities')
.post('/api/core/capabilities')
.send({ applications: [] })
.expect(200);
expect(result.body).toMatchInlineSnapshot(`
Expand Down
25 changes: 9 additions & 16 deletions x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,7 @@
import expect from '@kbn/expect';
import { mapValues } from 'lodash';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import {
GetUICapabilitiesFailureReason,
UICapabilitiesService,
} from '../../common/services/ui_capabilities';
import { UICapabilitiesService } from '../../common/services/ui_capabilities';
import { UserAtSpaceScenarios } from '../scenarios';

export default function catalogueTests({ getService }: FtrProviderContext) {
Expand Down Expand Up @@ -58,26 +55,22 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
case 'dual_privileges_all at nothing_space':
case 'dual_privileges_read at nothing_space':
case 'nothing_space_all at nothing_space':
case 'nothing_space_read at nothing_space': {
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('catalogue');
// everything is disabled
const expected = mapValues(uiCapabilities.value!.catalogue, () => false);
expect(uiCapabilities.value!.catalogue).to.eql(expected);
break;
}
// if we don't have access at the space itself, security interceptor responds with 404.
case 'nothing_space_read at nothing_space':
case 'no_kibana_privileges at everything_space':
case 'no_kibana_privileges at nothing_space':
case 'legacy_all at everything_space':
case 'legacy_all at nothing_space':
case 'everything_space_all at nothing_space':
case 'everything_space_read at nothing_space':
case 'nothing_space_all at everything_space':
case 'nothing_space_read at everything_space':
expect(uiCapabilities.success).to.be(false);
expect(uiCapabilities.failureReason).to.be(GetUICapabilitiesFailureReason.NotFound);
case 'nothing_space_read at everything_space': {
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('catalogue');
// everything is disabled
const expected = mapValues(uiCapabilities.value!.catalogue, () => false);
expect(uiCapabilities.value!.catalogue).to.eql(expected);
break;
}
default:
throw new UnreachableError(scenario);
}
Expand Down
25 changes: 9 additions & 16 deletions x-pack/test/ui_capabilities/security_and_spaces/tests/foo.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,7 @@

import expect from '@kbn/expect';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import {
GetUICapabilitiesFailureReason,
UICapabilitiesService,
} from '../../common/services/ui_capabilities';
import { UICapabilitiesService } from '../../common/services/ui_capabilities';
import { UserAtSpaceScenarios } from '../scenarios';

export default function fooTests({ getService }: FtrProviderContext) {
Expand Down Expand Up @@ -61,16 +58,6 @@ export default function fooTests({ getService }: FtrProviderContext) {
case 'dual_privileges_read at nothing_space':
case 'nothing_space_all at nothing_space':
case 'nothing_space_read at nothing_space':
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('foo');
expect(uiCapabilities.value!.foo).to.eql({
create: false,
edit: false,
delete: false,
show: false,
});
break;
// if we don't have access at the space itself, security interceptor responds with 404.
case 'no_kibana_privileges at everything_space':
case 'no_kibana_privileges at nothing_space':
case 'legacy_all at everything_space':
Expand All @@ -79,8 +66,14 @@ export default function fooTests({ getService }: FtrProviderContext) {
case 'everything_space_read at nothing_space':
case 'nothing_space_all at everything_space':
case 'nothing_space_read at everything_space':
expect(uiCapabilities.success).to.be(false);
expect(uiCapabilities.failureReason).to.be(GetUICapabilitiesFailureReason.NotFound);
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('foo');
expect(uiCapabilities.value!.foo).to.eql({
create: false,
edit: false,
delete: false,
show: false,
});
Comment on lines -82 to +76
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As @kobelb explained to me:

so, we used to be getting a 404 because we used /app/kibana to load the ui capabilities: https://github.com/elastic/kibana/pull/51438/files#diff-32f6b7c96a3f2ac5ee5c7c132dfeeff2L60
This hit the following http request middleware which only applies to routes that start with /app


Since we're now using /api/core/capabiliites, and the users in that test suite are "authenticated" but not "authorized" we get back a 200 from the /api/core/capabiliites call with all of the ui capabilities disabled

break;
default:
throw new UnreachableError(scenario);
Expand Down
15 changes: 4 additions & 11 deletions x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,7 @@ import expect from '@kbn/expect';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import { NavLinksBuilder } from '../../common/nav_links_builder';
import { FeaturesService } from '../../common/services';
import {
GetUICapabilitiesFailureReason,
UICapabilitiesService,
} from '../../common/services/ui_capabilities';
import { UICapabilitiesService } from '../../common/services/ui_capabilities';
import { UserAtSpaceScenarios } from '../scenarios';

export default function navLinksTests({ getService }: FtrProviderContext) {
Expand Down Expand Up @@ -58,11 +55,6 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
case 'global_read at nothing_space':
case 'nothing_space_all at nothing_space':
case 'nothing_space_read at nothing_space':
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('navLinks');
expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.only('management'));
break;
// if we don't have access at the space itself, security interceptor responds with 404.
case 'no_kibana_privileges at everything_space':
case 'no_kibana_privileges at nothing_space':
case 'legacy_all at everything_space':
Expand All @@ -71,8 +63,9 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
case 'everything_space_read at nothing_space':
case 'nothing_space_all at everything_space':
case 'nothing_space_read at everything_space':
expect(uiCapabilities.success).to.be(false);
expect(uiCapabilities.failureReason).to.be(GetUICapabilitiesFailureReason.NotFound);
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('navLinks');
expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.only('management'));
break;
default:
throw new UnreachableError(scenario);
Expand Down
12 changes: 6 additions & 6 deletions x-pack/test/ui_capabilities/security_only/tests/catalogue.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,7 @@
import expect from '@kbn/expect';
import { mapValues } from 'lodash';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import {
GetUICapabilitiesFailureReason,
UICapabilitiesService,
} from '../../common/services/ui_capabilities';
import { UICapabilitiesService } from '../../common/services/ui_capabilities';
import { UserScenarios } from '../scenarios';

export default function catalogueTests({ getService }: FtrProviderContext) {
Expand Down Expand Up @@ -63,8 +60,11 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
// these users have no access to even get the ui capabilities
case 'legacy_all':
case 'no_kibana_privileges':
expect(uiCapabilities.success).to.be(false);
expect(uiCapabilities.failureReason).to.be(GetUICapabilitiesFailureReason.NotFound);
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('catalogue');
// only foo is enabled
const expected = mapValues(uiCapabilities.value!.catalogue, () => false);
expect(uiCapabilities.value!.catalogue).to.eql(expected);
break;
default:
throw new UnreachableError(scenario);
Expand Down
15 changes: 9 additions & 6 deletions x-pack/test/ui_capabilities/security_only/tests/foo.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,7 @@

import expect from '@kbn/expect';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import {
GetUICapabilitiesFailureReason,
UICapabilitiesService,
} from '../../common/services/ui_capabilities';
import { UICapabilitiesService } from '../../common/services/ui_capabilities';
import { UserScenarios } from '../scenarios';

export default function fooTests({ getService }: FtrProviderContext) {
Expand Down Expand Up @@ -55,8 +52,14 @@ export default function fooTests({ getService }: FtrProviderContext) {
// these users have no access to even get the ui capabilities
case 'legacy_all':
case 'no_kibana_privileges':
expect(uiCapabilities.success).to.be(false);
expect(uiCapabilities.failureReason).to.be(GetUICapabilitiesFailureReason.NotFound);
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('foo');
expect(uiCapabilities.value!.foo).to.eql({
create: false,
edit: false,
delete: false,
show: false,
});
break;
// all other users can't do anything with Foo
default:
Expand Down
10 changes: 4 additions & 6 deletions x-pack/test/ui_capabilities/security_only/tests/nav_links.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,7 @@ import expect from '@kbn/expect';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import { NavLinksBuilder } from '../../common/nav_links_builder';
import { FeaturesService } from '../../common/services';
import {
GetUICapabilitiesFailureReason,
UICapabilitiesService,
} from '../../common/services/ui_capabilities';
import { UICapabilitiesService } from '../../common/services/ui_capabilities';
import { UserScenarios } from '../scenarios';

export default function navLinksTests({ getService }: FtrProviderContext) {
Expand Down Expand Up @@ -59,8 +56,9 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
break;
case 'legacy_all':
case 'no_kibana_privileges':
expect(uiCapabilities.success).to.be(false);
expect(uiCapabilities.failureReason).to.be(GetUICapabilitiesFailureReason.NotFound);
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('navLinks');
expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.only('management'));
break;
default:
throw new UnreachableError(scenario);
Expand Down