Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RAC][RBAC] - Addition of RBAC to tgrid #7

Closed
wants to merge 16 commits into from

Conversation

yctercero
Copy link
Collaborator

… move to new rac tgrid work

Summary

Summarize your PR. If it involves visual changes include a screenshot or gif.

Checklist

Delete any items that are not applicable to this PR.

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how
they may potentially impact the change:

Risk Probability Severity Mitigation/Notes
Multiple Spaces—unexpected behavior in non-default Kibana Space. Low High Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces.
Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. High Low Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure.
Code should gracefully handle cases when feature X or plugin Y are disabled. Medium High Unit tests will verify that any feature flag or plugin combination still results in our service operational.
See more potential risk examples

For maintainers

dhurley14 and others added 13 commits June 7, 2021 07:02
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check
…ture to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly
@@ -11,7 +11,7 @@ import { FieldMap } from './field_map/types';

export function mappingFromFieldMap(fieldMap: FieldMap): TypeMapping {
const mappings = {
dynamic: 'strict' as const,
dynamic: true,
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporary workaround to unblock work, will not be merged. Seems to be newly introduced mapping issues related to the security solution rules that are being worked on.

@@ -11,7 +11,7 @@ import { IndexMappings } from '../../elasticsearch';

export function mappingFromFieldMap(fieldMap: FieldMap): IndexMappings {
const mappings = {
dynamic: 'strict' as const,
dynamic: true,
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporary workaround to unblock work, will not be merged. Seems to be newly introduced mapping issues related to the security solution rules that are being worked on.

@@ -77,19 +77,21 @@ export const createPersistenceRuleTypeFactory: CreatePersistenceRuleTypeFactory
const alertUuid = event['kibana.rac.alert.uuid'];
const isAlert = alertUuid != null;
return {
...event,
// ...event,
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporary workaround to unblock work, will not be merged. Seems to be newly introduced mapping issues related to the security solution rules that are being worked on.

@@ -237,7 +237,11 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
settings: {
number_of_shards: 1,
},
mappings: {}, // TODO: Add mappings here via `mappingFromFieldMap()`
mappings: mappingFromFieldMap({
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporary workaround to unblock work, will not be merged. Seems to be newly introduced mapping issues related to the security solution rules that are being worked on.

alerting: {
rule: {
all: ruleTypes,
if (experimentalFeatures.ruleRegistryEnabled) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adds the alerts updates subfeature UI if appropriate flag exists.

Copy link
Owner

@dhurley14 dhurley14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM + and maybe a cypress test for ensuring we are getting back security solution alerts. This is awesome though well done!

@yctercero yctercero force-pushed the squashed_alerts_rbac_mvp_backup branch from c3008a8 to 7523f7e Compare June 14, 2021 20:21
@dhurley14 dhurley14 force-pushed the squashed_alerts_rbac_mvp_backup branch 4 times, most recently from 9e19b5a to de863dc Compare June 21, 2021 17:53
@yctercero yctercero force-pushed the squashed_alerts_rbac_mvp_backup branch from de863dc to b55aa7a Compare June 21, 2021 21:04
@dhurley14 dhurley14 force-pushed the squashed_alerts_rbac_mvp_backup branch 2 times, most recently from 691c470 to 6111991 Compare June 22, 2021 23:47
@yctercero yctercero force-pushed the squashed_alerts_rbac_mvp_backup branch from 039ba7a to ed094cd Compare June 30, 2021 15:40
@dhurley14 dhurley14 force-pushed the squashed_alerts_rbac_mvp_backup branch from b1eebd6 to 634439b Compare July 1, 2021 22:16
@yctercero yctercero force-pushed the squashed_alerts_rbac_mvp_backup branch from 634439b to fb1d9cc Compare July 5, 2021 19:03
@dhurley14 dhurley14 force-pushed the squashed_alerts_rbac_mvp_backup branch 2 times, most recently from c22e179 to 220a8e9 Compare July 8, 2021 16:37
@yctercero yctercero changed the base branch from squashed_alerts_rbac_mvp_backup to master July 8, 2021 21:31
@yctercero yctercero closed this Oct 13, 2021
@yctercero yctercero deleted the tgrid_rbac branch October 13, 2021 06:27
dhurley14 pushed a commit that referenced this pull request Sep 5, 2024
fixes
[#8](elastic/observability-accessibility#8)
fixes
[#7](elastic/observability-accessibility#7)
 
## Summary

Fixes APM breadcrumbs on serverless

| Serverless  |  Stateful  |
|---|---|
| <img width="700px" alt="image"
src="https://github.com/user-attachments/assets/944a7d58-7de3-4a7f-be02-3c8c1110a0e2">
|<img width="800px" alt="image"
src="https://github.com/user-attachments/assets/450664b1-ddfc-4395-9fa3-a7b941affb3b">|
|<img width="500px" alt="image"
src="https://github.com/user-attachments/assets/944a7d58-7de3-4a7f-be02-3c8c1110a0e2">
|<img width="500px" alt="image"
src="https://github.com/user-attachments/assets/450664b1-ddfc-4395-9fa3-a7b941affb3b">|
| <img width="500px" alt="image"
src="https://github.com/user-attachments/assets/944a7d58-7de3-4a7f-be02-3c8c1110a0e2">
|<img width="500px" alt="image"
src="https://github.com/user-attachments/assets/cb8a39e2-ca33-4cf9-a8ac-4c84566d092d">|
|<img width="500px" alt="image"
src="https://github.com/user-attachments/assets/151a3a9c-c81e-4558-9d00-e695e3d1d79c">|<img
width="500px" alt="image"
src="https://github.com/user-attachments/assets/2562e96f-d5e4-4aa4-a221-6721f8995883">|
|<img width="500px" alt="image"
src="https://github.com/user-attachments/assets/8d877d11-8c3f-4ac5-8146-6a11125eae7c">|<img
width="500px" alt="image"
src="https://github.com/user-attachments/assets/36e588cb-4c18-4d66-a2c6-f0e66392f708">|
|<img width="500px" alt="image"
src="https://github.com/user-attachments/assets/14253196-06de-4343-811f-61aa31ea0d1e">|<img
width="500px" alt="image"
src="https://github.com/user-attachments/assets/0cdfc83f-6545-433f-8c14-5bbf2a581175">|
|<img width="500px" alt="image"
src="https://github.com/user-attachments/assets/89a58e2b-2cef-4188-b2be-f359ba6890db">|<img
width="500px" alt="image"
src="https://github.com/user-attachments/assets/f15e767f-5b60-4485-ac71-7b6fd850ec50">|
|<img width="500px" alt="image"
src="https://github.com/user-attachments/assets/a0f7bfae-bfda-4f49-b92a-e736d80fea4c">|<img
width="500px" alt="image"
src="https://github.com/user-attachments/assets/680db8ab-58b8-454b-a0d7-6e1681dbe616">|


### How to test
#### Serverless
- Start a local ES serverless instance: `yarn es serverless
--projectType=oblt --ssl -k/--insecure`
- Start a local Kibana serverless instance: ` yarn start
--serverless=oblt --no-ssl`
- Run some synthtrace scenarios
- `NODE_TLS_REJECT_UNAUTHORIZED=0 node scripts/synthtrace mobile.ts
--live --target=https://elastic_serverless:[email protected]:9200
--kibana=http://elastic_serverless:[email protected]:5601`
- `NODE_TLS_REJECT_UNAUTHORIZED=0 node scripts/synthtrace service_map.ts
--live --target=https://elastic_serverless:[email protected]:9200
--kibana=http://elastic_serverless:[email protected]:5601`
- Navigate to Applications and click through the links

### Stateful
- Start a local ES and Kibana instance
- Run the some synthtrace scenarios:
  -  `node scripts/synthtrace mobile.ts --live`
  -  `node scripts/synthtrace service_map.ts --live`
- Navigate to Applications and click through the links

---------

Co-authored-by: kibanamachine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants