From 82b5bec6b8adef85352ea16278a82300aebef437 Mon Sep 17 00:00:00 2001 From: Patrick Mueller Date: Wed, 1 Apr 2020 14:33:07 -0400 Subject: [PATCH] [Alerting] add alerting privileges for uptime and metrics (#61113) (#62188) resolves https://github.com/elastic/kibana/issues/60135 See the reference issue for how to configure Kibana to test this manually. There are no automated tests for this ATM. The basic test scenario is to create a role with just the Uptime space privilege, make sure it get to the Alerts and Actions management app, make sure you can create an action (server log), and alert (index threshold), and that the alert and action run successfully. Then repeat with just the Metrics space privilege. --- x-pack/plugins/infra/server/features.ts | 30 ++++++++++++--- .../public/application/lib/capabilities.ts | 2 +- x-pack/plugins/uptime/server/kibana.index.ts | 37 ++++++++++++++++--- 3 files changed, 56 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/infra/server/features.ts b/x-pack/plugins/infra/server/features.ts index 5301e1e9cbd0b..fa228e03194a9 100644 --- a/x-pack/plugins/infra/server/features.ts +++ b/x-pack/plugins/infra/server/features.ts @@ -20,22 +20,40 @@ export const METRICS_FEATURE = { all: { app: ['infra', 'kibana'], catalogue: ['infraops'], - api: ['infra'], + api: ['infra', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'], savedObject: { - all: ['infrastructure-ui-source'], + all: ['infrastructure-ui-source', 'alert', 'action', 'action_task_params'], read: ['index-pattern'], }, - ui: ['show', 'configureSource', 'save'], + ui: [ + 'show', + 'configureSource', + 'save', + 'alerting:show', + 'actions:show', + 'alerting:save', + 'actions:save', + 'alerting:delete', + 'actions:delete', + ], }, read: { app: ['infra', 'kibana'], catalogue: ['infraops'], - api: ['infra'], + api: ['infra', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'], savedObject: { - all: [], + all: ['alert', 'action', 'action_task_params'], read: ['infrastructure-ui-source', 'index-pattern'], }, - ui: ['show'], + ui: [ + 'show', + 'alerting:show', + 'actions:show', + 'alerting:save', + 'actions:save', + 'alerting:delete', + 'actions:delete', + ], }, }, }; diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts index f8102189c425c..a216498d68b55 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts +++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts @@ -12,7 +12,7 @@ type Capabilities = Record; -const apps = ['apm', 'siem']; +const apps = ['apm', 'siem', 'uptime', 'infrastructure']; function hasCapability(capabilities: Capabilities, capability: string) { return apps.some(app => capabilities[app]?.[capability]); diff --git a/x-pack/plugins/uptime/server/kibana.index.ts b/x-pack/plugins/uptime/server/kibana.index.ts index c206cfa06e272..725b53aeca02d 100644 --- a/x-pack/plugins/uptime/server/kibana.index.ts +++ b/x-pack/plugins/uptime/server/kibana.index.ts @@ -39,22 +39,47 @@ export const initServerWithKibana = (server: UptimeCoreSetup, plugins: UptimeCor all: { app: ['uptime', 'kibana'], catalogue: ['uptime'], - api: ['uptime-read', 'uptime-write'], + api: [ + 'uptime-read', + 'uptime-write', + 'actions-read', + 'actions-all', + 'alerting-read', + 'alerting-all', + ], savedObject: { - all: [umDynamicSettings.name], + all: [umDynamicSettings.name, 'alert', 'action', 'action_task_params'], read: [], }, - ui: ['save', 'configureSettings', 'show'], + ui: [ + 'save', + 'configureSettings', + 'show', + 'alerting:show', + 'actions:show', + 'alerting:save', + 'actions:save', + 'alerting:delete', + 'actions:delete', + ], }, read: { app: ['uptime', 'kibana'], catalogue: ['uptime'], - api: ['uptime-read'], + api: ['uptime-read', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'], savedObject: { - all: [], + all: ['alert', 'action', 'action_task_params'], read: [umDynamicSettings.name], }, - ui: ['show'], + ui: [ + 'show', + 'alerting:show', + 'actions:show', + 'alerting:save', + 'actions:save', + 'alerting:delete', + 'actions:delete', + ], }, }, });