Skip to content

Commit

Permalink
[Fleet] Show security requirements page when ES security is not enabl…
Browse files Browse the repository at this point in the history
…ed (#114583)

* Show security requirements page when ES security is not enabled

* Add comments
  • Loading branch information
jen-huang authored Oct 13, 2021
1 parent e7ce061 commit 935ba16
Show file tree
Hide file tree
Showing 6 changed files with 86 additions and 78 deletions.
1 change: 1 addition & 0 deletions x-pack/plugins/fleet/common/types/rest_spec/fleet_setup.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ export interface PostFleetSetupResponse {
export interface GetFleetStatusResponse {
isReady: boolean;
missing_requirements: Array<
| 'security_required'
| 'tls_required'
| 'api_keys'
| 'fleet_admin_user'
Expand Down
101 changes: 49 additions & 52 deletions x-pack/plugins/fleet/public/applications/fleet/app.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ import { DefaultLayout, DefaultPageTitle, WithoutHeaderLayout, WithHeaderLayout
import { AgentPolicyApp } from './sections/agent_policy';
import { DataStreamApp } from './sections/data_stream';
import { AgentsApp } from './sections/agents';
import { MissingESRequirementsPage } from './sections/agents/agent_requirements_page';
import { CreatePackagePolicyPage } from './sections/agent_policy/create_package_policy_page';
import { EnrollmentTokenListPage } from './sections/agents/enrollment_token_list_page';

Expand All @@ -71,6 +72,53 @@ const Panel = styled(EuiPanel)`
margin-left: auto;
`;

const PermissionsError: React.FunctionComponent<{ error: string }> = memo(({ error }) => {
if (error === 'MISSING_SECURITY') {
return <MissingESRequirementsPage missingRequirements={['security_required', 'api_keys']} />;
}

if (error === 'MISSING_SUPERUSER_ROLE') {
return (
<Panel>
<EuiEmptyPrompt
iconType="securityApp"
title={
<h2>
<FormattedMessage
id="xpack.fleet.permissionDeniedErrorTitle"
defaultMessage="Permission denied"
/>
</h2>
}
body={
<p>
<FormattedMessage
id="xpack.fleet.permissionDeniedErrorMessage"
defaultMessage="You are not authorized to access Fleet. Fleet requires {roleName} privileges."
values={{ roleName: <EuiCode>superuser</EuiCode> }}
/>
</p>
}
/>
</Panel>
);
}

return (
<Error
title={
<FormattedMessage
id="xpack.fleet.permissionsRequestErrorMessageTitle"
defaultMessage="Unable to check permissions"
/>
}
error={i18n.translate('xpack.fleet.permissionsRequestErrorMessageDescription', {
defaultMessage: 'There was a problem checking Fleet permissions',
})}
/>
);
});

export const WithPermissionsAndSetup: React.FC = memo(({ children }) => {
useBreadcrumbs('base');
const { notifications } = useStartServices();
Expand Down Expand Up @@ -121,58 +169,7 @@ export const WithPermissionsAndSetup: React.FC = memo(({ children }) => {
if (isPermissionsLoading || permissionsError) {
return (
<ErrorLayout isAddIntegrationsPath={isAddIntegrationsPath}>
{isPermissionsLoading ? (
<Loading />
) : permissionsError === 'REQUEST_ERROR' ? (
<Error
title={
<FormattedMessage
id="xpack.fleet.permissionsRequestErrorMessageTitle"
defaultMessage="Unable to check permissions"
/>
}
error={i18n.translate('xpack.fleet.permissionsRequestErrorMessageDescription', {
defaultMessage: 'There was a problem checking Fleet permissions',
})}
/>
) : (
<Panel>
<EuiEmptyPrompt
iconType="securityApp"
title={
<h2>
{permissionsError === 'MISSING_SUPERUSER_ROLE' ? (
<FormattedMessage
id="xpack.fleet.permissionDeniedErrorTitle"
defaultMessage="Permission denied"
/>
) : (
<FormattedMessage
id="xpack.fleet.securityRequiredErrorTitle"
defaultMessage="Security is not enabled"
/>
)}
</h2>
}
body={
<p>
{permissionsError === 'MISSING_SUPERUSER_ROLE' ? (
<FormattedMessage
id="xpack.fleet.permissionDeniedErrorMessage"
defaultMessage="You are not authorized to access Fleet. Fleet requires {roleName} privileges."
values={{ roleName: <EuiCode>superuser</EuiCode> }}
/>
) : (
<FormattedMessage
id="xpack.fleet.securityRequiredErrorMessage"
defaultMessage="You must enable security in Kibana and Elasticsearch to use Fleet."
/>
)}
</p>
}
/>
</Panel>
)}
{isPermissionsLoading ? <Loading /> : <PermissionsError error={permissionsError!} />}
</ErrorLayout>
);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ export const MissingESRequirementsPage: React.FunctionComponent<{
values={{ esConfigFile: <EuiCode>elasticsearch.yml</EuiCode> }}
/>
<EuiSpacer size="l" />
<RequirementItem isMissing={false}>
<RequirementItem isMissing={missingRequirements.includes('security_required')}>
<FormattedMessage
id="xpack.fleet.setupPage.elasticsearchSecurityFlagText"
defaultMessage="{esSecurityLink}. Set {securityFlag} to {true} ."
Expand Down
18 changes: 15 additions & 3 deletions x-pack/plugins/fleet/server/routes/app/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,23 @@ import type { CheckPermissionsResponse, GenerateServiceTokenResponse } from '../
import { defaultIngestErrorHandler, GenerateServiceTokenError } from '../../errors';

export const getCheckPermissionsHandler: RequestHandler = async (context, request, response) => {
const missingSecurityBody: CheckPermissionsResponse = {
success: false,
error: 'MISSING_SECURITY',
};
const body: CheckPermissionsResponse = { success: true };
try {
const security = await appContextService.getSecurity();
const user = security.authc.getCurrentUser(request);

// when ES security is disabled, but Kibana security plugin is not explicitly disabled,
// `authc.getCurrentUser()` does not error, instead it comes back as `null`
if (!user) {
return response.ok({
body: missingSecurityBody,
});
}

if (!user?.roles.includes('superuser')) {
body.success = false;
body.error = 'MISSING_SUPERUSER_ROLE';
Expand All @@ -28,10 +40,10 @@ export const getCheckPermissionsHandler: RequestHandler = async (context, reques

return response.ok({ body: { success: true } });
} catch (e) {
body.success = false;
body.error = 'MISSING_SECURITY';
// when Kibana security plugin is explicitly disabled,
// `appContextService.getSecurity()` returns an error, so we catch it here
return response.ok({
body,
body: missingSecurityBody,
});
}
};
Expand Down
21 changes: 10 additions & 11 deletions x-pack/plugins/translations/translations/ja-JP.json
Original file line number Diff line number Diff line change
Expand Up @@ -4908,6 +4908,16 @@
"visTypeMetric.colorModes.backgroundOptionLabel": "背景",
"visTypeMetric.colorModes.labelsOptionLabel": "ラベル",
"visTypeMetric.colorModes.noneOptionLabel": "なし",
"visTypeMetric.metricDescription": "計算結果を単独の数字として表示します。",
"visTypeMetric.metricTitle": "メトリック",
"visTypeMetric.params.color.useForLabel": "使用する色",
"visTypeMetric.params.rangesTitle": "範囲",
"visTypeMetric.params.settingsTitle": "設定",
"visTypeMetric.params.showTitleLabel": "タイトルを表示",
"visTypeMetric.params.style.fontSizeLabel": "ポイント単位のメトリックフォントサイズ",
"visTypeMetric.params.style.styleTitle": "スタイル",
"visTypeMetric.schemas.metricTitle": "メトリック",
"visTypeMetric.schemas.splitGroupTitle": "グループを分割",
"expressionMetricVis.function.dimension.splitGroup": "グループを分割",
"expressionMetricVis.function.bgFill.help": "html 16 進数コード(#123456)、html 色(red、blue)、または rgba 値(rgba(255,255,255,1))。",
"expressionMetricVis.function.bucket.help": "バケットディメンションの構成です。",
Expand All @@ -4923,16 +4933,6 @@
"expressionMetricVis.function.showLabels.help": "メトリック値の下にラベルを表示します。",
"expressionMetricVis.function.subText.help": "メトリックの下に表示するカスタムテキスト",
"expressionMetricVis.function.useRanges.help": "有効な色範囲です。",
"visTypeMetric.metricDescription": "計算結果を単独の数字として表示します。",
"visTypeMetric.metricTitle": "メトリック",
"visTypeMetric.params.color.useForLabel": "使用する色",
"visTypeMetric.params.rangesTitle": "範囲",
"visTypeMetric.params.settingsTitle": "設定",
"visTypeMetric.params.showTitleLabel": "タイトルを表示",
"visTypeMetric.params.style.fontSizeLabel": "ポイント単位のメトリックフォントサイズ",
"visTypeMetric.params.style.styleTitle": "スタイル",
"visTypeMetric.schemas.metricTitle": "メトリック",
"visTypeMetric.schemas.splitGroupTitle": "グループを分割",
"visTypePie.advancedSettings.visualization.legacyPieChartsLibrary.deprecation": "Visualizeの円グラフのレガシーグラフライブラリは廃止予定であり、8.0以降ではサポートされません。",
"visTypePie.advancedSettings.visualization.legacyPieChartsLibrary.description": "Visualizeで円グラフのレガシーグラフライブラリを有効にします。",
"visTypePie.advancedSettings.visualization.legacyPieChartsLibrary.name": "円グラフのレガシーグラフライブラリ",
Expand Down Expand Up @@ -10947,7 +10947,6 @@
"xpack.fleet.preconfiguration.missingIDError": "{agentPolicyName}には「id」フィールドがありません。ポリシーのis_defaultまたはis_default_fleet_serverに設定されている場合をのぞき、「id」は必須です。",
"xpack.fleet.preconfiguration.packageMissingError": "{agentPolicyName}を追加できませんでした。{pkgName}がインストールされていません。{pkgName}を`{packagesConfigValue}`に追加するか、{packagePolicyName}から削除してください。",
"xpack.fleet.preconfiguration.policyDeleted": "構成済みのポリシー{id}が削除されました。作成をスキップしています",
"xpack.fleet.securityRequiredErrorMessage": "Fleet を使用するには、Kibana と Elasticsearch でセキュリティを有効にする必要があります。",
"xpack.fleet.securityRequiredErrorTitle": "セキュリティが有効ではありません",
"xpack.fleet.serverError.agentPolicyDoesNotExist": "エージェントポリシー{agentPolicyId}が存在しません",
"xpack.fleet.serverError.enrollmentKeyDuplicate": "エージェントポリシーの{agentPolicyId}登録キー{providedKeyName}はすでに存在します",
Expand Down
21 changes: 10 additions & 11 deletions x-pack/plugins/translations/translations/zh-CN.json
Original file line number Diff line number Diff line change
Expand Up @@ -4953,6 +4953,16 @@
"visTypeMetric.colorModes.backgroundOptionLabel": "背景",
"visTypeMetric.colorModes.labelsOptionLabel": "标签",
"visTypeMetric.colorModes.noneOptionLabel": "无",
"visTypeMetric.metricDescription": "将计算结果显示为单个数字。",
"visTypeMetric.metricTitle": "指标",
"visTypeMetric.params.color.useForLabel": "将颜色用于",
"visTypeMetric.params.rangesTitle": "范围",
"visTypeMetric.params.settingsTitle": "设置",
"visTypeMetric.params.showTitleLabel": "显示标题",
"visTypeMetric.params.style.fontSizeLabel": "指标字体大小(磅)",
"visTypeMetric.params.style.styleTitle": "样式",
"visTypeMetric.schemas.metricTitle": "指标",
"visTypeMetric.schemas.splitGroupTitle": "拆分组",
"expressionMetricVis.function.dimension.splitGroup": "拆分组",
"expressionMetricVis.function.bgFill.help": "将颜色表示为 html 十六进制代码 (#123456)、html 颜色(red、blue)或 rgba 值 (rgba(255,255,255,1))。",
"expressionMetricVis.function.bucket.help": "存储桶维度配置",
Expand All @@ -4968,16 +4978,6 @@
"expressionMetricVis.function.showLabels.help": "在指标值下显示标签。",
"expressionMetricVis.function.subText.help": "要在指标下显示的定制文本",
"expressionMetricVis.function.useRanges.help": "已启用颜色范围。",
"visTypeMetric.metricDescription": "将计算结果显示为单个数字。",
"visTypeMetric.metricTitle": "指标",
"visTypeMetric.params.color.useForLabel": "将颜色用于",
"visTypeMetric.params.rangesTitle": "范围",
"visTypeMetric.params.settingsTitle": "设置",
"visTypeMetric.params.showTitleLabel": "显示标题",
"visTypeMetric.params.style.fontSizeLabel": "指标字体大小(磅)",
"visTypeMetric.params.style.styleTitle": "样式",
"visTypeMetric.schemas.metricTitle": "指标",
"visTypeMetric.schemas.splitGroupTitle": "拆分组",
"visTypePie.advancedSettings.visualization.legacyPieChartsLibrary.deprecation": "Visualize 中饼图的旧版图表库已弃用,自 8.0 后将不受支持。",
"visTypePie.advancedSettings.visualization.legacyPieChartsLibrary.description": "在 Visualize 中启用饼图的旧版图表库。",
"visTypePie.advancedSettings.visualization.legacyPieChartsLibrary.name": "饼图旧版图表库",
Expand Down Expand Up @@ -11061,7 +11061,6 @@
"xpack.fleet.preconfiguration.missingIDError": "{agentPolicyName} 缺失 `id` 字段。`id` 是必需的,但标记为 is_default 或 is_default_fleet_server 的策略除外。",
"xpack.fleet.preconfiguration.packageMissingError": "{agentPolicyName} 无法添加。{pkgName} 未安装,请将 {pkgName} 添加到 `{packagesConfigValue}` 或将其从 {packagePolicyName} 中移除。",
"xpack.fleet.preconfiguration.policyDeleted": "预配置的策略 {id} 已删除;将跳过创建",
"xpack.fleet.securityRequiredErrorMessage": "必须在 Kibana 和 Elasticsearch 启用安全性,才能使用 Fleet。",
"xpack.fleet.securityRequiredErrorTitle": "安全性未启用",
"xpack.fleet.serverError.agentPolicyDoesNotExist": "代理策略 {agentPolicyId} 不存在",
"xpack.fleet.serverError.enrollmentKeyDuplicate": "称作 {providedKeyName} 的注册密钥对于代理策略 {agentPolicyId} 已存在",
Expand Down

0 comments on commit 935ba16

Please sign in to comment.