-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Add base Fleet authz logic and API #119199
Conversation
}; | ||
} | ||
|
||
export const calculateAuthz = ({ fleet, integrations }: CalculateParams): FleetAuthz => ({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function allows us to have common logic shared across client and server for enforcing access to specific features.
const startServices: FleetStartServices = { | ||
...coreStartServices, | ||
...startDepsServices, | ||
storage: this.storage, | ||
cloud: deps.cloud, | ||
authz: fleetStart.authz, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This value is available via the useKibana
hook inside our React apps
@elasticmachine merge upstream |
@elasticmachine merge upstream |
// Once we have a split privilege, this should be using fleetv2 | ||
// all: capabilities.fleetv2.all as boolean, | ||
all: capabilities.fleet.all as boolean, | ||
setup: false, // browser users will never have setup privileges |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am kind of confused by this as we currently call the setup from Fleet UI, should we set it to true and change that when we remove that call?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small comment otherwise 🚀
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Page load bundle
History
To update your PR or re-run it, just comment with: cc @criamico |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only reviewed the change to the Endpoint mock. Looks good to me 👍
@@ -153,6 +154,9 @@ export const createMockPackageService = (): jest.Mocked<PackageService> => { | |||
*/ | |||
export const createMockFleetStartContract = (indexPattern: string): FleetStartContract => { | |||
return { | |||
authz: { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the update here. At some point, we'll refactor this to actually use the Mocks out of Fleet instead of having our own.
💔 Backport failed
To backport manually run: |
@criamico backport failed here |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
* Add base Fleet authz logic and API * Fix linter error * Fix ts checks * Fix ts checks again Co-authored-by: criamico <[email protected]> Co-authored-by: Kibana Machine <[email protected]> # Conflicts: # x-pack/plugins/fleet/storybook/context/index.tsx
* Add base Fleet authz logic and API * Fix linter error * Fix ts checks * Fix ts checks again Co-authored-by: criamico <[email protected]> Co-authored-by: Kibana Machine <[email protected]> # Conflicts: # x-pack/plugins/fleet/storybook/context/index.tsx
* Add base Fleet authz logic and API * Fix linter error * Fix ts checks * Fix ts checks again Co-authored-by: criamico <[email protected]> Co-authored-by: Kibana Machine <[email protected]> # Conflicts: # x-pack/plugins/fleet/storybook/context/index.tsx Co-authored-by: Josh Dover <[email protected]>
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
* [Fleet] Add base Fleet authz logic and API (#119199) * Add base Fleet authz logic and API * Fix linter error * Fix ts checks * Fix ts checks again Co-authored-by: criamico <[email protected]> Co-authored-by: Kibana Machine <[email protected]> # Conflicts: # x-pack/plugins/fleet/storybook/context/index.tsx * Fix missing import Co-authored-by: Josh Dover <[email protected]>
* Add base Fleet authz logic and API * Fix linter error * Fix ts checks * Fix ts checks again Co-authored-by: criamico <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
Summary
First phase of #108252
Adds two new APIs for other plugins to read Fleet privileges: