Skip to content

Commit

Permalink
Adds Role Based Access-Control to the Alerting & Action plugins based…
Browse files Browse the repository at this point in the history
… on Kibana Feature Controls (elastic#67157)

This PR adds _Role Based Access-Control_ to the Alerting framework & Actions feature using  Kibana Feature Controls, addressing most of the Meta issue: elastic#43994

This also closes elastic#62438

This PR includes the following:

1. Adds `alerting` specific Security Actions (not to be confused with Alerting Actions) to the `security` plugin which allows us to assign alerting specific privileges to users of other plugins using the `features` plugin.
2. Removes the security wrapper from the savedObjectsClient in AlertsClient and instead plugs in the new AlertsAuthorization which performs the privilege checks on each api call made to the AlertsClient.
3. Adds privileges in each plugin that is already using the Alerting Framework which mirror (as closely as possible) the existing api-level tag-based privileges and plugs them into the AlertsClient.
4. Adds feature granted privileges arounds Actions (by relying on Saved Object privileges under the hood) and plugs them into the ActionsClient
5. Removes the legacy api-level tag-based privilege system from both the Alerts and Action HTTP APIs
  • Loading branch information
gmmorris committed Jul 22, 2020
1 parent 8d05f38 commit 86477e1
Show file tree
Hide file tree
Showing 226 changed files with 10,844 additions and 1,704 deletions.
2 changes: 1 addition & 1 deletion examples/alerting_example/kibana.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@
"kibanaVersion": "kibana",
"server": true,
"ui": true,
"requiredPlugins": ["triggers_actions_ui", "charts", "data", "alerts", "actions", "developerExamples"],
"requiredPlugins": ["triggers_actions_ui", "charts", "data", "alerts", "actions", "features", "developerExamples"],
"optionalPlugins": []
}
38 changes: 37 additions & 1 deletion examples/alerting_example/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,56 @@
*/

import { Plugin, CoreSetup } from 'kibana/server';
import { i18n } from '@kbn/i18n';
import { PluginSetupContract as AlertingSetup } from '../../../x-pack/plugins/alerts/server';
import { PluginSetupContract as FeaturesPluginSetup } from '../../../x-pack/plugins/features/server';

import { alertType as alwaysFiringAlert } from './alert_types/always_firing';
import { alertType as peopleInSpaceAlert } from './alert_types/astros';
import { INDEX_THRESHOLD_ID } from '../../../x-pack/plugins/alerting_builtins/server';
import { ALERTING_EXAMPLE_APP_ID } from '../common/constants';

// this plugin's dependendencies
export interface AlertingExampleDeps {
alerts: AlertingSetup;
features: FeaturesPluginSetup;
}

export class AlertingExamplePlugin implements Plugin<void, void, AlertingExampleDeps> {
public setup(core: CoreSetup, { alerts }: AlertingExampleDeps) {
public setup(core: CoreSetup, { alerts, features }: AlertingExampleDeps) {
alerts.registerType(alwaysFiringAlert);
alerts.registerType(peopleInSpaceAlert);

features.registerFeature({
id: ALERTING_EXAMPLE_APP_ID,
name: i18n.translate('alertsExample.featureRegistry.alertsExampleFeatureName', {
defaultMessage: 'Alerts Example',
}),
app: [],
alerting: [alwaysFiringAlert.id, peopleInSpaceAlert.id, INDEX_THRESHOLD_ID],
privileges: {
all: {
alerting: {
all: [alwaysFiringAlert.id, peopleInSpaceAlert.id, INDEX_THRESHOLD_ID],
},
savedObject: {
all: [],
read: [],
},
ui: ['alerting:show'],
},
read: {
alerting: {
read: [alwaysFiringAlert.id, peopleInSpaceAlert.id, INDEX_THRESHOLD_ID],
},
savedObject: {
all: [],
read: [],
},
ui: ['alerting:show'],
},
},
});
}

public start() {}
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/actions/kibana.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"version": "8.0.0",
"kibanaVersion": "kibana",
"configPath": ["xpack", "actions"],
"requiredPlugins": ["licensing", "taskManager", "encryptedSavedObjects", "eventLog"],
"optionalPlugins": ["usageCollection", "spaces"],
"requiredPlugins": ["licensing", "taskManager", "encryptedSavedObjects", "eventLog", "features"],
"optionalPlugins": ["usageCollection", "spaces", "security"],
"ui": false
}
1 change: 1 addition & 0 deletions x-pack/plugins/actions/server/actions_client.mock.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ const createActionsClientMock = () => {
getBulk: jest.fn(),
execute: jest.fn(),
enqueueExecution: jest.fn(),
listTypes: jest.fn(),
};
return mocked;
};
Expand Down
Loading

0 comments on commit 86477e1

Please sign in to comment.