From 014ea125cd87ae492779a85b67ebf01e8e86de25 Mon Sep 17 00:00:00 2001 From: Patrick Mueller Date: Wed, 1 Apr 2020 12:09:26 -0400 Subject: [PATCH] [Alerting] add alerting privileges for uptime and metrics (#61113) resolves https://github.com/elastic/kibana/issues/60135 See the reference issue for how to configure Kibana to test this manually. There are no automated tests for this ATM. The basic test scenario is to create a role with just the Uptime space privilege, make sure it get to the Alerts and Actions management app, make sure you can create an action (server log), and alert (index threshold), and that the alert and action run successfully. Then repeat with just the Metrics space privilege. --- x-pack/plugins/infra/server/features.ts | 30 ++++++++++++--- .../public/application/lib/capabilities.ts | 2 +- x-pack/plugins/uptime/server/kibana.index.ts | 37 ++++++++++++++++--- 3 files changed, 56 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/infra/server/features.ts b/x-pack/plugins/infra/server/features.ts index 5301e1e9cbd0..fa228e03194a 100644 --- a/x-pack/plugins/infra/server/features.ts +++ b/x-pack/plugins/infra/server/features.ts @@ -20,22 +20,40 @@ export const METRICS_FEATURE = { all: { app: ['infra', 'kibana'], catalogue: ['infraops'], - api: ['infra'], + api: ['infra', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'], savedObject: { - all: ['infrastructure-ui-source'], + all: ['infrastructure-ui-source', 'alert', 'action', 'action_task_params'], read: ['index-pattern'], }, - ui: ['show', 'configureSource', 'save'], + ui: [ + 'show', + 'configureSource', + 'save', + 'alerting:show', + 'actions:show', + 'alerting:save', + 'actions:save', + 'alerting:delete', + 'actions:delete', + ], }, read: { app: ['infra', 'kibana'], catalogue: ['infraops'], - api: ['infra'], + api: ['infra', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'], savedObject: { - all: [], + all: ['alert', 'action', 'action_task_params'], read: ['infrastructure-ui-source', 'index-pattern'], }, - ui: ['show'], + ui: [ + 'show', + 'alerting:show', + 'actions:show', + 'alerting:save', + 'actions:save', + 'alerting:delete', + 'actions:delete', + ], }, }, }; diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts index f8102189c425..a216498d68b5 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts +++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts @@ -12,7 +12,7 @@ type Capabilities = Record; -const apps = ['apm', 'siem']; +const apps = ['apm', 'siem', 'uptime', 'infrastructure']; function hasCapability(capabilities: Capabilities, capability: string) { return apps.some(app => capabilities[app]?.[capability]); diff --git a/x-pack/plugins/uptime/server/kibana.index.ts b/x-pack/plugins/uptime/server/kibana.index.ts index c206cfa06e27..725b53aeca02 100644 --- a/x-pack/plugins/uptime/server/kibana.index.ts +++ b/x-pack/plugins/uptime/server/kibana.index.ts @@ -39,22 +39,47 @@ export const initServerWithKibana = (server: UptimeCoreSetup, plugins: UptimeCor all: { app: ['uptime', 'kibana'], catalogue: ['uptime'], - api: ['uptime-read', 'uptime-write'], + api: [ + 'uptime-read', + 'uptime-write', + 'actions-read', + 'actions-all', + 'alerting-read', + 'alerting-all', + ], savedObject: { - all: [umDynamicSettings.name], + all: [umDynamicSettings.name, 'alert', 'action', 'action_task_params'], read: [], }, - ui: ['save', 'configureSettings', 'show'], + ui: [ + 'save', + 'configureSettings', + 'show', + 'alerting:show', + 'actions:show', + 'alerting:save', + 'actions:save', + 'alerting:delete', + 'actions:delete', + ], }, read: { app: ['uptime', 'kibana'], catalogue: ['uptime'], - api: ['uptime-read'], + api: ['uptime-read', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'], savedObject: { - all: [], + all: ['alert', 'action', 'action_task_params'], read: [umDynamicSettings.name], }, - ui: ['show'], + ui: [ + 'show', + 'alerting:show', + 'actions:show', + 'alerting:save', + 'actions:save', + 'alerting:delete', + 'actions:delete', + ], }, }, });