-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RBAC Phase 1 #19723
RBAC Phase 1 #19723
Commits on Apr 25, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 01b5cf0 - Browse repository at this point
Copy the full SHA 01b5cf0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7cee640 - Browse repository at this point
Copy the full SHA 7cee640View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0afd1c1 - Browse repository at this point
Copy the full SHA 0afd1c1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 30e86d1 - Browse repository at this point
Copy the full SHA 30e86d1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 936180b - Browse repository at this point
Copy the full SHA 936180bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4d4f946 - Browse repository at this point
Copy the full SHA 4d4f946View commit details -
Configuration menu - View commit details
-
Copy full SHA for df569df - Browse repository at this point
Copy the full SHA df569dfView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9979fb9 - Browse repository at this point
Copy the full SHA 9979fb9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 646a80a - Browse repository at this point
Copy the full SHA 646a80aView commit details
Commits on May 16, 2018
-
Beginning to use the ES APIs to insert/check privileges (#18645)
* Beginning to use the ES APIs to insert/check privileges * Removing todo comment, I think we're good with the current check * Adding ability to edit kibana application privileges * Introducing DEFAULT_RESOURCE constant * Removing unused arguments when performing saved objects auth check * Performing bulkCreate auth more efficiently * Throwing error in SavedObjectClient.find if type isn't provided * Fixing Reporting and removing errant console.log * Introducing a separate hasPrivileges "service" * Adding tests and fleshing out the has privileges "service" * Fixing error message * You can now edit whatever roles you want * We're gonna throw the find error in another PR * Changing conflicting version detection to work when user has no application privileges * Throwing correct error when user is forbidden * Removing unused interceptor * Adding warning if they're editing a role with application privileges we can't edit * Fixing filter... * Beginning to only update privileges when they need to be * More tests * One more test... * Restricting the rbac application name that can be chosen * Removing DEFAULT_RESOURCE check * Supporting 1024 characters for the role name * Renaming some variables, fixing issue with role w/ no kibana privileges * Throwing decorated general error when appropriate * Fixing test description * Dedent does nothing... * Renaming some functions
Configuration menu - View commit details
-
Copy full SHA for d679cf5 - Browse repository at this point
Copy the full SHA d679cf5View commit details
Commits on May 22, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 36e7a67 - Browse repository at this point
Copy the full SHA 36e7a67View commit details -
Configuration menu - View commit details
-
Copy full SHA for 06eb784 - Browse repository at this point
Copy the full SHA 06eb784View commit details
Commits on May 29, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 767fb27 - Browse repository at this point
Copy the full SHA 767fb27View commit details -
Configuration menu - View commit details
-
Copy full SHA for 203ec3e - Browse repository at this point
Copy the full SHA 203ec3eView commit details -
Configuration menu - View commit details
-
Copy full SHA for d818cc6 - Browse repository at this point
Copy the full SHA d818cc6View commit details
Commits on May 30, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 813a816 - Browse repository at this point
Copy the full SHA 813a816View commit details -
Configuration menu - View commit details
-
Copy full SHA for 66226d6 - Browse repository at this point
Copy the full SHA 66226d6View commit details
Commits on Jun 1, 2018
-
RBAC - SecurityAuditLogger (#19571)
* Manually porting over the AuditLogger for use within the security audit logger * HasPrivileges now returns the user from the request * Has privileges returns username from privilegeCheck * Adding first eventType to the security audit logger * Adding authorization success message * Logging arguments when authorization success * Fixing test description * Logging args during audit failures
Configuration menu - View commit details
-
Copy full SHA for d8d9810 - Browse repository at this point
Copy the full SHA d8d9810View commit details
Commits on Jun 4, 2018
-
RBAC Integration Tests (#19647)
* Porting over the saved objects tests, a bunch are failing, I believe because security is preventing the requests * Running saved objects tests with rbac and xsrf disabled * Adding users * BulkGet now tests under 3 users * Adding create tests * Adding delete tests * Adding find tests * Adding get tests * Adding bulkGet forbidden tests * Adding not a kibana user tests * Update tests * Renaming the actions/privileges to be closer to the functions on the saved object client itself * Cleaning up tests and removing without index tests I'm considering the without index tests to be out of scope for the RBAC API testing, and we already have unit coverage for these and integration coverage via the OSS Saved Objects API tests. * Fixing misspelling
Configuration menu - View commit details
-
Copy full SHA for 3e8e694 - Browse repository at this point
Copy the full SHA 3e8e694View commit details
Commits on Jun 5, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 74b8486 - Browse repository at this point
Copy the full SHA 74b8486View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1231c70 - Browse repository at this point
Copy the full SHA 1231c70View commit details
Commits on Jun 6, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 99d70b9 - Browse repository at this point
Copy the full SHA 99d70b9View commit details -
Configuration menu - View commit details
-
Copy full SHA for db18d1e - Browse repository at this point
Copy the full SHA db18d1eView commit details -
Configuration menu - View commit details
-
Copy full SHA for d793056 - Browse repository at this point
Copy the full SHA d793056View commit details
Commits on Jun 7, 2018
-
SavedObjectClient.find filtering (#19708)
* Adding ability to specify filters when calling the repository * Implementing find filtering * Revert "Adding ability to specify filters when calling the repository" This reverts commit 9da30a1. * Adding integration tests for find filtering * Adding forbidden auth logging * Adding asserts to make sure some audit log isn't used * Adding more audit log specific tests * Necessarly is not a work, unfortunately * Fixing test * More descriptive name than "result" * Better unauthorized find message? * Adding getTypes tests
Configuration menu - View commit details
-
Copy full SHA for 7f2c9b0 - Browse repository at this point
Copy the full SHA 7f2c9b0View commit details -
Configuration menu - View commit details
-
Copy full SHA for b6093bc - Browse repository at this point
Copy the full SHA b6093bcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4abf5ed - Browse repository at this point
Copy the full SHA 4abf5edView commit details -
Configuration menu - View commit details
-
Copy full SHA for d951a20 - Browse repository at this point
Copy the full SHA d951a20View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8920425 - Browse repository at this point
Copy the full SHA 8920425View commit details -
Configuration menu - View commit details
-
Copy full SHA for 91d04e4 - Browse repository at this point
Copy the full SHA 91d04e4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 430d72c - Browse repository at this point
Copy the full SHA 430d72cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 7977f00 - Browse repository at this point
Copy the full SHA 7977f00View commit details -
Configuration menu - View commit details
-
Copy full SHA for 60d5917 - Browse repository at this point
Copy the full SHA 60d5917View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4b3c6ba - Browse repository at this point
Copy the full SHA 4b3c6baView commit details
Commits on Jun 11, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 117b0d4 - Browse repository at this point
Copy the full SHA 117b0d4View commit details
Commits on Jun 12, 2018
-
Configuration menu - View commit details
-
Copy full SHA for c42635b - Browse repository at this point
Copy the full SHA c42635bView commit details -
Configuration menu - View commit details
-
Copy full SHA for e887076 - Browse repository at this point
Copy the full SHA e887076View commit details
Commits on Jun 13, 2018
-
[RBAC Phase 1] - Update application privileges when XPack license cha…
…nges (#19839) * Adding start to supporting basic license and switching to plat/gold * Initialize application privilages on XPack license change * restore mirror_status_and_initialize * additional tests and peer review updates * Introducing watchStatusAndLicenseToInitialize * Adding some tests * One more test * Even better tests * Removing unused mirrorStatusAndInitialize * Throwing an error if the wrong status function is called
Configuration menu - View commit details
-
Copy full SHA for a76e4a5 - Browse repository at this point
Copy the full SHA a76e4a5View commit details -
* Basic implementation, rather sloppy * Cleaning stuff up a bit * Beginning to write tests, going to refactor how we build the privileges * Making the buildPrivilegesMap no longer return application name as the main key * Using real privileges since we need to use them for the legacy fallback * Adding more tests * Fixing spelling * Fixing test description * Fixing comment description * Adding similar line breaks in the has privilege calls * No more settings * No more rbac enabled setting, we just do RBAC * Using describe to cleanup the test cases * Logging deprecations when using the legacy fallback * Cleaning up a bit... * Using the privilegeMap for the legacy fallback tests * Now with even less duplication * Removing stray `rbacEnabled` from angularjs
Configuration menu - View commit details
-
Copy full SHA for 7ef5850 - Browse repository at this point
Copy the full SHA 7ef5850View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9941eb2 - Browse repository at this point
Copy the full SHA 9941eb2View commit details
Commits on Jun 14, 2018
-
[Flaky Test] - wait for page load to complete (#19895)
@kobelb this seems unrelated to our RBAC Phase 1 work, but I was able to consistently reproduce this on my machine.
Configuration menu - View commit details
-
Copy full SHA for 8667ebd - Browse repository at this point
Copy the full SHA 8667ebdView commit details -
[Flaky Test] Fixes flaky role test (#19899)
Here's a fix for the latest flaky test @kobelb
Configuration menu - View commit details
-
Copy full SHA for b0e6998 - Browse repository at this point
Copy the full SHA b0e6998View commit details -
Configuration menu - View commit details
-
Copy full SHA for 84f4a8d - Browse repository at this point
Copy the full SHA 84f4a8dView commit details -
Configuration menu - View commit details
-
Copy full SHA for b464f03 - Browse repository at this point
Copy the full SHA b464f03View commit details -
Sample was including login/version privileges, which was occasionally (…
…#19915) causing issues that were really hard to replicate
Configuration menu - View commit details
-
Copy full SHA for e02c5bb - Browse repository at this point
Copy the full SHA e02c5bbView commit details
Commits on Jun 15, 2018
-
No more hard-coded types! This will make it so that plugins that register their own mappings just transparently work.
Configuration menu - View commit details
-
Copy full SHA for 9cdf641 - Browse repository at this point
Copy the full SHA 9cdf641View commit details
Commits on Jun 19, 2018
-
Configuration menu - View commit details
-
Copy full SHA for a53e7d0 - Browse repository at this point
Copy the full SHA a53e7d0View commit details
Commits on Jun 26, 2018
-
Configuration menu - View commit details
-
Copy full SHA for e11d86b - Browse repository at this point
Copy the full SHA e11d86bView commit details -
Fix RBAC Phase 1 merge from master (#20226)
This updates RBAC Phase 1 to work against the latest master. Specifically: 1. Removes `xpack_main`'s `registerLicenseChangeCallback`, which we introduced in `security-app-privs`, in favor of `onLicenseInfoChange`, which was recently added to master 2. Updated `x-pack/plugins/security/server/lib/watch_status_and_license_to_initialize.js` to be compliant with rxjs v6
Configuration menu - View commit details
-
Copy full SHA for f875cec - Browse repository at this point
Copy the full SHA f875cecView commit details
Commits on Jun 27, 2018
-
Configuration menu - View commit details
-
Copy full SHA for c899985 - Browse repository at this point
Copy the full SHA c899985View commit details
Commits on Jun 28, 2018
-
Retrying initialize 20 times with a scaling backoff (#20297)
* Retrying initialize 20 times with a scaling backoff * Logging error when we are registering the privileges
Configuration menu - View commit details
-
Copy full SHA for be6445c - Browse repository at this point
Copy the full SHA be6445cView commit details
Commits on Jun 29, 2018
-
Alternate legacy fallback (#20322)
* Beginning to use alternate callWithRequest fallback * Only use legacy fallback when user has "some" privileges on index * Logging useLegacyFallback when there's an authorization failure * Adding tests, logging failure during find no types fallback * Switching to using an enum instead of success/useLegacyFallback * Using _execute to share some of the structure * Moving comment to where it belongs * No longer audit logging when we use the legacy fallback
Configuration menu - View commit details
-
Copy full SHA for e3c1a99 - Browse repository at this point
Copy the full SHA e3c1a99View commit details -
Configuration menu - View commit details
-
Copy full SHA for a2cc325 - Browse repository at this point
Copy the full SHA a2cc325View commit details
Commits on Jul 2, 2018
-
Configuration menu - View commit details
-
Copy full SHA for b8a110b - Browse repository at this point
Copy the full SHA b8a110bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8696030 - Browse repository at this point
Copy the full SHA 8696030View commit details -
Configuration menu - View commit details
-
Copy full SHA for a56af65 - Browse repository at this point
Copy the full SHA a56af65View commit details -
Configuration menu - View commit details
-
Copy full SHA for 19a7d6f - Browse repository at this point
Copy the full SHA 19a7d6fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 33a153d - Browse repository at this point
Copy the full SHA 33a153dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5d8745f - Browse repository at this point
Copy the full SHA 5d8745fView commit details -
Configuration menu - View commit details
-
Copy full SHA for c1689f7 - Browse repository at this point
Copy the full SHA c1689f7View commit details -
Configuration menu - View commit details
-
Copy full SHA for c7ae3e8 - Browse repository at this point
Copy the full SHA c7ae3e8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 03f7931 - Browse repository at this point
Copy the full SHA 03f7931View commit details -
Configuration menu - View commit details
-
Copy full SHA for 98acdc0 - Browse repository at this point
Copy the full SHA 98acdc0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3a95af3 - Browse repository at this point
Copy the full SHA 3a95af3View commit details
Commits on Jul 5, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 3299a0a - Browse repository at this point
Copy the full SHA 3299a0aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6942034 - Browse repository at this point
Copy the full SHA 6942034View commit details -
Configuration menu - View commit details
-
Copy full SHA for 19ddaea - Browse repository at this point
Copy the full SHA 19ddaeaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1f48041 - Browse repository at this point
Copy the full SHA 1f48041View commit details
Commits on Jul 6, 2018
-
Logging legacy fallback deprecation warning on login (#20493)
* Logging legacy fallback deprecation on login * Consolidation the privileges/authorization folder * Exposing rudimentary authorization service and fixing authenticate tests * Moving authorization services configuration to initAuthorization * Adding "actions" service exposed by the authorization * Fixing misspelling * Removing invalid and unused exports * Adding note about only adding privileges * Calling it initAuthorizationService * Throwing explicit validation error in actions.getSavedObjectAction * Deep freezing authorization service * Adding deepFreeze tests * Checking privileges in one call and cleaning up tests
Configuration menu - View commit details
-
Copy full SHA for 98ea1b5 - Browse repository at this point
Copy the full SHA 98ea1b5View commit details
Commits on Jul 10, 2018
-
Deriving application from Kibana index (#20614)
* Specifying the application on the "authorization service" * Moving watchStatusAndLicenseToInitialize to be below initAuthorizationService * Using short-hand propery assignment
Configuration menu - View commit details
-
Copy full SHA for 7cef606 - Browse repository at this point
Copy the full SHA 7cef606View commit details
Commits on Jul 12, 2018
-
Validate ES has_privileges response before trusting it (#20682)
* validate elasticsearch has_privileges response before trusting it * address feedback
Configuration menu - View commit details
-
Copy full SHA for fb724d2 - Browse repository at this point
Copy the full SHA fb724d2View commit details -
Configuration menu - View commit details
-
Copy full SHA for c65908b - Browse repository at this point
Copy the full SHA c65908bView commit details
Commits on Jul 13, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 3e6c057 - Browse repository at this point
Copy the full SHA 3e6c057View commit details -
* Beginning to work on external role management APIs * Refactoring GET tests and adding more permutations * Adding test for excluding other resources * Adding get role tests * Splitting out the endpoints, or else it's gonna get overwhelming * Splitting out the post and delete actions * Beginning to work on POST and the tests * Posting the updated role * Adding update tests * Modifying the UI to use the new public APIs * Removing internal roles API * Moving the rbac api integration setup tests to use the public role apis * Testing field_security and query * Adding create role tests * We can't update the transient_metadata... * Removing debugger * Update and delete tests * Returning a 204 when POSTing a Role. * Switching POST to PUT and roles to role * We don't need the rbacApplication client-side anymore * Adding delete route tests * Using not found instead of not acceptable, as that's more likely * Only allowing us to PUT known Kibana privileges * Removing transient_metadata * Removing one letter variable names * Using PUT instead of POST when saving roles * Fixing broken tests
Configuration menu - View commit details
-
Copy full SHA for a597976 - Browse repository at this point
Copy the full SHA a597976View commit details -
Configuration menu - View commit details
-
Copy full SHA for 36f4b2f - Browse repository at this point
Copy the full SHA 36f4b2fView commit details
Commits on Jul 17, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 6fc19e6 - Browse repository at this point
Copy the full SHA 6fc19e6View commit details -
Configuration menu - View commit details
-
Copy full SHA for e170337 - Browse repository at this point
Copy the full SHA e170337View commit details
Commits on Jul 20, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 95dbb99 - Browse repository at this point
Copy the full SHA 95dbb99View commit details -
Rbac phase1 functional UI tests (#20949)
* rbac functional tests * changes to the test file * RBAC_functional test * incorporating review feedback * slight modification to the addPriv() to cover all tests * removed the @ in secure roles and perm file in the describe block and made it look more relevant
Configuration menu - View commit details
-
Copy full SHA for 759330e - Browse repository at this point
Copy the full SHA 759330eView commit details -
Configuration menu - View commit details
-
Copy full SHA for beabf5d - Browse repository at this point
Copy the full SHA beabf5dView commit details
Commits on Jul 23, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 40aab3f - Browse repository at this point
Copy the full SHA 40aab3fView commit details -
Configuration menu - View commit details
-
Copy full SHA for c33ab6c - Browse repository at this point
Copy the full SHA c33ab6cView commit details -
Configuration menu - View commit details
-
Copy full SHA for f8645f3 - Browse repository at this point
Copy the full SHA f8645f3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3e248ba - Browse repository at this point
Copy the full SHA 3e248baView commit details -
Configuration menu - View commit details
-
Copy full SHA for 066ec5b - Browse repository at this point
Copy the full SHA 066ec5bView commit details