Skip to content

Commit

Permalink
Fixes security plugin capabilities switcher to handle opt-out and def…
Browse files Browse the repository at this point in the history
…ault behaviors (#154098)

Closes #153817

## Summary

This PR implements logical checks within the security plugin's
capabilities switcher to account for features that opt out of the Kibana
security model (e.g. Enterprise Search features). It also more
explicitly handles default cases (when a feature is neither a Kibana or
ES feature), exclusions (features handled exclusively by other plugins),
and the catalogue feature (we now qualify each catalogue feature
capability). In these cases (opt-out, default, exclusion, etc.), the
capabilities switcher will ignore the capability and neither enable nor
disable it (see detailed list below).

We are now effectively ignoring only these:
- `spaces` feature ID (handled by spaces plugin capabilities switcher)
- `fileUpload` feature ID (handled by file_upload plugin capabilities
switcher)
- `catalogue` capabilities that are not 'spaces' and are not referenced
by at least one Kibana or ES feature
- `navLinks` that are not referenced by at least one Kibana feature
- Anything that is not a global settings, management, catalogue, nav
link, Kibana, or ES feature

On the flip side we always affect everything under the `management`
feature.

This PR _should_ unblock the ability to implement parallel execution of
capabilities switchers, #152982.


### Related Tests
-
x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts
- x-pack/test/ui_capabilities/security_and_spaces/config.ts
- x-pack/test/functional/apps/home/config.ts

---------

Co-authored-by: kibanamachine <[email protected]>
  • Loading branch information
jeramysoucy and kibanamachine authored Apr 20, 2023
1 parent e4ae398 commit 45f102f
Show file tree
Hide file tree
Showing 2 changed files with 329 additions and 286 deletions.
Loading

0 comments on commit 45f102f

Please sign in to comment.