Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Fleet] Add base Fleet authz logic and API #119199

Merged
merged 6 commits into from
Nov 24, 2021

Conversation

joshdover
Copy link
Contributor

Summary

First phase of #108252

Adds two new APIs for other plugins to read Fleet privileges:

// On client
fleetStart.authz;

// On server
fleetStart.authz.fromRequest(req)

// ... or with request context
router.get({ ... }, async (context, req, res) => {
  context.fleet.authz;
})

@joshdover joshdover added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team auto-backport Deprecated - use backport:version if exact versions are needed v8.1.0 labels Nov 19, 2021
@joshdover joshdover requested a review from a team as a code owner November 19, 2021 16:15
};
}

export const calculateAuthz = ({ fleet, integrations }: CalculateParams): FleetAuthz => ({
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function allows us to have common logic shared across client and server for enforcing access to specific features.

const startServices: FleetStartServices = {
...coreStartServices,
...startDepsServices,
storage: this.storage,
cloud: deps.cloud,
authz: fleetStart.authz,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This value is available via the useKibana hook inside our React apps

@criamico
Copy link
Contributor

@elasticmachine merge upstream

@criamico criamico removed their request for review November 22, 2021 14:53
@joshdover joshdover requested a review from a team as a code owner November 22, 2021 16:08
@nchaulet
Copy link
Member

@elasticmachine merge upstream

// Once we have a split privilege, this should be using fleetv2
// all: capabilities.fleetv2.all as boolean,
all: capabilities.fleet.all as boolean,
setup: false, // browser users will never have setup privileges
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am kind of confused by this as we currently call the setup from Fleet UI, should we set it to true and change that when we remove that call?

Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small comment otherwise 🚀

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
fleet 536 537 +1

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
fleet 1130 1136 +6

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
fleet 105.3KB 106.0KB +681.0B
Unknown metric groups

API count

id before after diff
fleet 1232 1239 +7

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @criamico

Copy link
Contributor

@paul-tavares paul-tavares left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only reviewed the change to the Endpoint mock. Looks good to me 👍

@@ -153,6 +154,9 @@ export const createMockPackageService = (): jest.Mocked<PackageService> => {
*/
export const createMockFleetStartContract = (indexPattern: string): FleetStartContract => {
return {
authz: {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the update here. At some point, we'll refactor this to actually use the Mocks out of Fleet instead of having our own.

@criamico criamico merged commit 191aaa7 into elastic:main Nov 24, 2021
@kibanamachine
Copy link
Contributor

💔 Backport failed

Status Branch Result
8.0 Commit could not be cherrypicked due to conflicts

To backport manually run:
node scripts/backport --pr 119199

@juliaElastic
Copy link
Contributor

@criamico backport failed here

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Nov 26, 2021
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create backports run node scripts/backport --pr 119199 or prevent reminders by adding the backport:skip label.

mistic pushed a commit to mistic/kibana that referenced this pull request Nov 29, 2021
* Add base Fleet authz logic and API

* Fix linter error

* Fix ts checks

* Fix ts checks again

Co-authored-by: criamico <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
# Conflicts:
#	x-pack/plugins/fleet/storybook/context/index.tsx
criamico pushed a commit to criamico/kibana that referenced this pull request Nov 29, 2021
* Add base Fleet authz logic and API

* Fix linter error

* Fix ts checks

* Fix ts checks again

Co-authored-by: criamico <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
# Conflicts:
#	x-pack/plugins/fleet/storybook/context/index.tsx
mistic added a commit that referenced this pull request Nov 29, 2021
* Add base Fleet authz logic and API

* Fix linter error

* Fix ts checks

* Fix ts checks again

Co-authored-by: criamico <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
# Conflicts:
#	x-pack/plugins/fleet/storybook/context/index.tsx

Co-authored-by: Josh Dover <[email protected]>
@kibanamachine
Copy link
Contributor

Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync.

@kibanamachine kibanamachine removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Nov 29, 2021
criamico added a commit that referenced this pull request Nov 29, 2021
* [Fleet] Add base Fleet authz logic and API (#119199)

* Add base Fleet authz logic and API

* Fix linter error

* Fix ts checks

* Fix ts checks again

Co-authored-by: criamico <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
# Conflicts:
#	x-pack/plugins/fleet/storybook/context/index.tsx

* Fix missing import

Co-authored-by: Josh Dover <[email protected]>
TinLe pushed a commit to TinLe/kibana that referenced this pull request Dec 22, 2021
* Add base Fleet authz logic and API

* Fix linter error

* Fix ts checks

* Fix ts checks again

Co-authored-by: criamico <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v8.0.0 v8.1.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants