diff --git a/x-pack/plugins/apm/server/routes/profiling/route.ts b/x-pack/plugins/apm/server/routes/profiling/route.ts index 9f008996bcf92..9d5853c288336 100644 --- a/x-pack/plugins/apm/server/routes/profiling/route.ts +++ b/x-pack/plugins/apm/server/routes/profiling/route.ts @@ -157,7 +157,7 @@ const profilingStatusRoute = createApmServerRoute({ if (profilingDataAccessStart) { try { const response = await profilingDataAccessStart?.services.getStatus({ - esClient: esClient.asCurrentUser, + esClient, soClient: (await context.core).savedObjects.client, spaceId: ( await plugins.spaces?.start() diff --git a/x-pack/plugins/profiling/e2e/cypress/e2e/empty_state/home.cy.ts b/x-pack/plugins/profiling/e2e/cypress/e2e/empty_state/home.cy.ts index bba7a3c014c41..1a83949917690 100644 --- a/x-pack/plugins/profiling/e2e/cypress/e2e/empty_state/home.cy.ts +++ b/x-pack/plugins/profiling/e2e/cypress/e2e/empty_state/home.cy.ts @@ -83,4 +83,32 @@ describe('Home page with empty state', () => { cy.contains('Delete existing profiling data'); }); }); + + it('shows disabled button for users without privileges', () => { + cy.intercept('GET', '/internal/profiling/setup/es_resources', { + body: { + has_setup: false, + has_data: false, + pre_8_9_1_data: false, + has_required_role: false, + }, + }).as('getEsResources'); + cy.visitKibana('/app/profiling'); + cy.wait('@getEsResources'); + cy.contains('Set up Universal Profiling').should('be.disabled'); + }); + + it('shows emabled button for users without privileges', () => { + cy.intercept('GET', '/internal/profiling/setup/es_resources', { + body: { + has_setup: false, + has_data: false, + pre_8_9_1_data: false, + has_required_role: true, + }, + }).as('getEsResources'); + cy.visitKibana('/app/profiling'); + cy.wait('@getEsResources'); + cy.contains('Set up Universal Profiling').should('not.be.disabled'); + }); }); diff --git a/x-pack/plugins/profiling/kibana.jsonc b/x-pack/plugins/profiling/kibana.jsonc index aa1ae58a2b190..104196bababc9 100644 --- a/x-pack/plugins/profiling/kibana.jsonc +++ b/x-pack/plugins/profiling/kibana.jsonc @@ -10,6 +10,7 @@ "optionalPlugins": [ "spaces", "usageCollection", + "security", "cloud", "fleet" ], diff --git a/x-pack/plugins/profiling/public/components/check_setup.tsx b/x-pack/plugins/profiling/public/components/check_setup.tsx index 3bfb920f25eb1..72d2985cb90e6 100644 --- a/x-pack/plugins/profiling/public/components/check_setup.tsx +++ b/x-pack/plugins/profiling/public/components/check_setup.tsx @@ -13,6 +13,7 @@ import { EuiLink, EuiLoadingSpinner, EuiText, + EuiToolTip, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; @@ -91,6 +92,7 @@ export function CheckSetup({ children }: { children: React.ReactElement }) { !!error; if (displaySetupScreen) { + const isButtonDisabled = postSetupLoading || data?.has_required_role === false; return ( { - event.preventDefault(); - - setPostSetupLoading(true); - - postSetupResources({ http }) - .then(() => refresh()) - .catch((err) => { - const message = err?.body?.message ?? err.message ?? String(err); - - notifications.toasts.addError(err, { - title: i18n.translate( - 'xpack.profiling.checkSetup.setupFailureToastTitle', - { - defaultMessage: 'Failed to complete setup', - } - ), - toastMessage: message, - }); - }) - .finally(() => { - setPostSetupLoading(false); - }); - }} - fill - isLoading={postSetupLoading} + - {!postSetupLoading - ? i18n.translate('xpack.profiling.noDataConfig.action.buttonLabel', { - defaultMessage: 'Set up Universal Profiling', - }) - : i18n.translate('xpack.profiling.noDataConfig.action.buttonLoadingLabel', { - defaultMessage: 'Setting up Universal Profiling...', - })} - + { + event.preventDefault(); + + setPostSetupLoading(true); + + postSetupResources({ http }) + .then(() => refresh()) + .catch((err) => { + const message = err?.body?.message ?? err.message ?? String(err); + + notifications.toasts.addError(err, { + title: i18n.translate( + 'xpack.profiling.checkSetup.setupFailureToastTitle', + { + defaultMessage: 'Failed to complete setup', + } + ), + toastMessage: message, + }); + }) + .finally(() => { + setPostSetupLoading(false); + }); + }} + fill + isLoading={postSetupLoading} + > + {!postSetupLoading + ? i18n.translate('xpack.profiling.noDataConfig.action.buttonLabel', { + defaultMessage: 'Set up Universal Profiling', + }) + : i18n.translate('xpack.profiling.noDataConfig.action.buttonLoadingLabel', { + defaultMessage: 'Setting up Universal Profiling...', + })} + + ), }, }, diff --git a/x-pack/plugins/profiling/public/services.ts b/x-pack/plugins/profiling/public/services.ts index 750e9eab65a96..7f16747f596c2 100644 --- a/x-pack/plugins/profiling/public/services.ts +++ b/x-pack/plugins/profiling/public/services.ts @@ -26,6 +26,7 @@ export interface ProfilingSetupStatus { has_setup: boolean; has_data: boolean; pre_8_9_1_data: boolean; + has_required_role: boolean; unauthorized?: boolean; } diff --git a/x-pack/plugins/profiling/server/lib/setup/get_has_setup_privileges.ts b/x-pack/plugins/profiling/server/lib/setup/get_has_setup_privileges.ts new file mode 100644 index 0000000000000..83bd21b1740b8 --- /dev/null +++ b/x-pack/plugins/profiling/server/lib/setup/get_has_setup_privileges.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { KibanaRequest } from '@kbn/core/server'; +import { INTEGRATIONS_PLUGIN_ID, PLUGIN_ID as FLEET_PLUGIN_ID } from '@kbn/fleet-plugin/common'; +import { ProfilingPluginStartDeps } from '../../types'; + +export async function getHasSetupPrivileges({ + securityPluginStart, + request, +}: { + securityPluginStart: NonNullable; + request: KibanaRequest; +}) { + // If we have a license which doesn't enable security, or we're a legacy user we shouldn't disable any ui capabilities + if (!securityPluginStart.authz.mode.useRbacForRequest(request)) { + return true; + } + + const { hasAllRequested } = await securityPluginStart.authz + .checkPrivilegesWithRequest(request) + .globally({ + elasticsearch: { + cluster: ['manage', 'monitor'], + index: { + 'profiling-*': ['read'], + }, + }, + kibana: [ + securityPluginStart.authz.actions.api.get(`${FLEET_PLUGIN_ID}-all`), + securityPluginStart.authz.actions.api.get(`${INTEGRATIONS_PLUGIN_ID}-all`), + ], + }); + return hasAllRequested; +} diff --git a/x-pack/plugins/profiling/server/lib/setup/security_role.ts b/x-pack/plugins/profiling/server/lib/setup/security_role.ts deleted file mode 100644 index b48a1d9f63a28..0000000000000 --- a/x-pack/plugins/profiling/server/lib/setup/security_role.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - METADATA_VERSION, - PROFILING_READER_ROLE_NAME, -} from '@kbn/profiling-data-access-plugin/common'; -import { ProfilingSetupOptions } from '@kbn/profiling-data-access-plugin/common/setup'; - -export async function setSecurityRole({ client }: ProfilingSetupOptions) { - const esClient = client.getEsClient(); - await esClient.security.putRole({ - name: PROFILING_READER_ROLE_NAME, - indices: [ - { - names: ['profiling-*', '.profiling-*'], - privileges: ['read', 'view_index_metadata'], - }, - ], - cluster: ['monitor'], - metadata: { - version: METADATA_VERSION, - }, - }); -} diff --git a/x-pack/plugins/profiling/server/routes/setup/route.ts b/x-pack/plugins/profiling/server/routes/setup/route.ts index 5ee297ee68791..cbd0f6ee2170c 100644 --- a/x-pack/plugins/profiling/server/routes/setup/route.ts +++ b/x-pack/plugins/profiling/server/routes/setup/route.ts @@ -5,16 +5,17 @@ * 2.0. */ -import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common'; import { ProfilingSetupOptions } from '@kbn/profiling-data-access-plugin/common/setup'; +import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common'; import { RouteRegisterParameters } from '..'; import { getRoutePaths } from '../../../common'; -import { getCloudSetupInstructions } from './get_cloud_setup_instructions'; +import { getHasSetupPrivileges } from '../../lib/setup/get_has_setup_privileges'; import { handleRouteHandlerError } from '../../utils/handle_route_error_handler'; import { getClient } from '../compat'; +import { getCloudSetupInstructions } from './get_cloud_setup_instructions'; +import { getSelfManagedInstructions } from './get_self_managed_instructions'; import { setupCloud } from './setup_cloud'; import { setupSelfManaged } from './setup_self_managed'; -import { getSelfManagedInstructions } from './get_self_managed_instructions'; export function registerSetupRoute({ router, @@ -23,7 +24,6 @@ export function registerSetupRoute({ dependencies, }: RouteRegisterParameters) { const paths = getRoutePaths(); - // Check if Elasticsearch and Fleet are set up for Universal Profiling router.get( { path: paths.HasSetupESResources, @@ -32,16 +32,22 @@ export function registerSetupRoute({ }, async (context, request, response) => { try { - const esClient = await getClient(context); + const hasRequiredRole = dependencies.start.security + ? await getHasSetupPrivileges({ + securityPluginStart: dependencies.start.security, + request, + }) + : true; + const core = await context.core; const profilingStatus = await dependencies.start.profilingDataAccess.services.getStatus({ - esClient, + esClient: core.elasticsearch.client, soClient: core.savedObjects.client, spaceId: dependencies.setup.spaces?.spacesService?.getSpaceId(request), }); - return response.ok({ body: profilingStatus }); + return response.ok({ body: { ...profilingStatus, has_required_role: hasRequiredRole } }); } catch (error) { return handleRouteHandlerError({ error, @@ -83,9 +89,10 @@ export function registerSetupRoute({ dependencies.setup.spaces?.spacesService?.getSpaceId(request) ?? DEFAULT_SPACE_ID, }; + const scopedESClient = (await context.core).elasticsearch.client; const { type, setupState } = await dependencies.start.profilingDataAccess.services.getSetupState({ - esClient, + esClient: scopedESClient, soClient: core.savedObjects.client, spaceId: dependencies.setup.spaces?.spacesService?.getSpaceId(request) ?? DEFAULT_SPACE_ID, diff --git a/x-pack/plugins/profiling/server/routes/setup/setup_cloud.ts b/x-pack/plugins/profiling/server/routes/setup/setup_cloud.ts index c4978710991ce..5e282e21e4c76 100644 --- a/x-pack/plugins/profiling/server/routes/setup/setup_cloud.ts +++ b/x-pack/plugins/profiling/server/routes/setup/setup_cloud.ts @@ -12,7 +12,6 @@ import { createSymbolizerPackagePolicy, removeProfilingFromApmPackagePolicy, } from '../../lib/setup/fleet_policies'; -import { setSecurityRole } from '../../lib/setup/security_role'; import { ProfilingCloudSetupOptions } from '../../lib/setup/types'; export async function setupCloud({ @@ -24,7 +23,6 @@ export async function setupCloud({ }) { const executeAdminFunctions = [ ...(setupState.resource_management.enabled ? [] : [enableResourceManagement]), - ...(setupState.permissions.configured ? [] : [setSecurityRole]), ...(setupState.settings.configured ? [] : [setMaximumBuckets]), ]; diff --git a/x-pack/plugins/profiling/server/routes/setup/setup_self_managed.ts b/x-pack/plugins/profiling/server/routes/setup/setup_self_managed.ts index c82721780cd0c..4f15624f4c6af 100644 --- a/x-pack/plugins/profiling/server/routes/setup/setup_self_managed.ts +++ b/x-pack/plugins/profiling/server/routes/setup/setup_self_managed.ts @@ -7,7 +7,6 @@ import { ProfilingSetupOptions, SetupState } from '@kbn/profiling-data-access-plugin/common/setup'; import { enableResourceManagement, setMaximumBuckets } from '../../lib/setup/cluster_settings'; -import { setSecurityRole } from '../../lib/setup/security_role'; export async function setupSelfManaged({ setupState, @@ -18,7 +17,6 @@ export async function setupSelfManaged({ }) { const executeFunctions = [ ...(setupState.resource_management.enabled ? [] : [enableResourceManagement]), - ...(setupState.permissions.configured ? [] : [setSecurityRole]), ...(setupState.settings.configured ? [] : [setMaximumBuckets]), ]; diff --git a/x-pack/plugins/profiling/server/types.ts b/x-pack/plugins/profiling/server/types.ts index 24705921bbbf9..adc672c932083 100644 --- a/x-pack/plugins/profiling/server/types.ts +++ b/x-pack/plugins/profiling/server/types.ts @@ -16,6 +16,7 @@ import { ProfilingDataAccessPluginSetup, ProfilingDataAccessPluginStart, } from '@kbn/profiling-data-access-plugin/server'; +import { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/server'; export interface ProfilingPluginSetupDeps { observability: ObservabilityPluginSetup; @@ -25,6 +26,7 @@ export interface ProfilingPluginSetupDeps { spaces?: SpacesPluginSetup; usageCollection?: UsageCollectionSetup; profilingDataAccess: ProfilingDataAccessPluginSetup; + security?: SecurityPluginSetup; } export interface ProfilingPluginStartDeps { @@ -34,6 +36,7 @@ export interface ProfilingPluginStartDeps { fleet?: FleetStartContract; spaces?: SpacesPluginStart; profilingDataAccess: ProfilingDataAccessPluginStart; + security?: SecurityPluginStart; } // eslint-disable-next-line @typescript-eslint/no-empty-interface diff --git a/x-pack/plugins/profiling/tsconfig.json b/x-pack/plugins/profiling/tsconfig.json index af7971b5115d5..7705c70d0d1b4 100644 --- a/x-pack/plugins/profiling/tsconfig.json +++ b/x-pack/plugins/profiling/tsconfig.json @@ -50,7 +50,8 @@ "@kbn/profiling-data-access-plugin", "@kbn/embeddable-plugin", "@kbn/profiling-utils", - "@kbn/advanced-settings-plugin" + "@kbn/advanced-settings-plugin", + "@kbn/security-plugin" // add references to other TypeScript projects the plugin depends on // requiredPlugins from ./kibana.json diff --git a/x-pack/plugins/profiling_data_access/common/cloud_setup.test.ts b/x-pack/plugins/profiling_data_access/common/cloud_setup.test.ts index 1d99c6346c4c6..3071177cab26e 100644 --- a/x-pack/plugins/profiling_data_access/common/cloud_setup.test.ts +++ b/x-pack/plugins/profiling_data_access/common/cloud_setup.test.ts @@ -14,9 +14,6 @@ import { mergePartialSetupStates } from './setup'; const createCloudState = (available: boolean): PartialCloudSetupState => ({ cloud: { available } }); const createDataState = (available: boolean): PartialCloudSetupState => ({ data: { available } }); -const createPermissionState = (configured: boolean): PartialCloudSetupState => ({ - permissions: { configured }, -}); const createCollectorPolicyState = (installed: boolean): PartialCloudSetupState => ({ policies: { collector: { installed } }, }); @@ -75,18 +72,6 @@ describe('Merging partial state operations', () => { expect(mergedState.policies.collector.installed).toEqual(true); expect(mergedState.policies.symbolizer.installed).toEqual(true); }); - it('returns false when permission is not configured', () => { - const mergedState = mergePartialSetupStates(defaultSetupState, [ - createCollectorPolicyState(true), - createSymbolizerPolicyState(true), - createProfilingInApmPolicyState(true), - createResourceState({ enabled: true, created: true }), - createSettingsState(true), - createPermissionState(false), - ]); - - expect(areCloudResourcesSetup(mergedState)).toBeFalsy(); - }); it('returns false when resource management is not enabled', () => { const mergedState = mergePartialSetupStates(defaultSetupState, [ @@ -95,7 +80,6 @@ describe('Merging partial state operations', () => { createProfilingInApmPolicyState(true), createResourceState({ enabled: false, created: true }), createSettingsState(true), - createPermissionState(true), ]); expect(areCloudResourcesSetup(mergedState)).toBeFalsy(); @@ -108,7 +92,6 @@ describe('Merging partial state operations', () => { createProfilingInApmPolicyState(true), createResourceState({ enabled: true, created: false }), createSettingsState(true), - createPermissionState(true), ]); expect(areCloudResourcesSetup(mergedState)).toBeFalsy(); @@ -121,7 +104,6 @@ describe('Merging partial state operations', () => { createProfilingInApmPolicyState(true), createResourceState({ enabled: true, created: true }), createSettingsState(false), - createPermissionState(true), ]); expect(areCloudResourcesSetup(mergedState)).toBeFalsy(); @@ -134,7 +116,6 @@ describe('Merging partial state operations', () => { createProfilingInApmPolicyState(false), createResourceState({ enabled: true, created: true }), createSettingsState(true), - createPermissionState(true), ]); expect(areCloudResourcesSetup(mergedState)).toBeTruthy(); @@ -147,7 +128,6 @@ describe('Merging partial state operations', () => { createProfilingInApmPolicyState(false), createResourceState({ enabled: true, created: true }), createSettingsState(true), - createPermissionState(true), ]); expect(areCloudResourcesSetup(mergedState)).toBeFalsy(); @@ -160,7 +140,6 @@ describe('Merging partial state operations', () => { createProfilingInApmPolicyState(false), createResourceState({ enabled: true, created: true }), createSettingsState(true), - createPermissionState(true), ]); expect(areCloudResourcesSetup(mergedState)).toBeFalsy(); @@ -173,7 +152,6 @@ describe('Merging partial state operations', () => { createProfilingInApmPolicyState(true), createResourceState({ enabled: true, created: true }), createSettingsState(true), - createPermissionState(true), ]); expect(areCloudResourcesSetup(mergedState)).toBeFalsy(); diff --git a/x-pack/plugins/profiling_data_access/common/index.ts b/x-pack/plugins/profiling_data_access/common/index.ts index 8482620dcb474..07ea07f4ca111 100644 --- a/x-pack/plugins/profiling_data_access/common/index.ts +++ b/x-pack/plugins/profiling_data_access/common/index.ts @@ -7,7 +7,6 @@ export { getApmPolicy, ELASTIC_CLOUD_APM_POLICY } from './get_apm_policy'; export { MAX_BUCKETS } from './cluster_settings'; -export { METADATA_VERSION, PROFILING_READER_ROLE_NAME } from './security_role'; export { getCollectorPolicy, getSymbolizerPolicy, diff --git a/x-pack/plugins/profiling_data_access/common/security_role.ts b/x-pack/plugins/profiling_data_access/common/security_role.ts deleted file mode 100644 index ed6cf1dbd4e62..0000000000000 --- a/x-pack/plugins/profiling_data_access/common/security_role.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { PartialSetupState, ProfilingSetupOptions } from './setup'; - -export const PROFILING_READER_ROLE_NAME = 'profiling-reader'; -export const METADATA_VERSION = 1; - -export async function validateSecurityRole({ - client, -}: ProfilingSetupOptions): Promise { - const esClient = client.getEsClient(); - const roles = await esClient.security.getRole(); - const profilingRole = roles[PROFILING_READER_ROLE_NAME]; - return { - permissions: { - configured: !!profilingRole && profilingRole.metadata.version === METADATA_VERSION, - }, - }; -} diff --git a/x-pack/plugins/profiling_data_access/common/setup.test.ts b/x-pack/plugins/profiling_data_access/common/setup.test.ts index 01826ac7fa913..5b63b64732da8 100644 --- a/x-pack/plugins/profiling_data_access/common/setup.test.ts +++ b/x-pack/plugins/profiling_data_access/common/setup.test.ts @@ -13,9 +13,6 @@ import { } from './setup'; const createDataState = (available: boolean): PartialSetupState => ({ data: { available } }); -const createPermissionState = (configured: boolean): PartialSetupState => ({ - permissions: { configured }, -}); function createResourceState({ enabled, @@ -49,7 +46,6 @@ describe('Merging partial state operations', () => { const mergedState = mergePartialSetupStates(defaultSetupState, [createDataState(true)]); expect(mergedState.data.available).toEqual(true); expect(mergedState.settings.configured).toEqual(false); - expect(mergedState.permissions.configured).toEqual(false); expect(mergedState.resources.created).toEqual(false); }); @@ -62,21 +58,10 @@ describe('Merging partial state operations', () => { expect(mergedState.resources.created).toEqual(true); }); - it('returns false when permission is not configured', () => { - const mergedState = mergePartialSetupStates(defaultSetupState, [ - createResourceState({ enabled: true, created: true }), - createSettingsState(true), - createPermissionState(false), - ]); - - expect(areResourcesSetup(mergedState)).toBeFalsy(); - }); - it('returns false when resource management is not enabled', () => { const mergedState = mergePartialSetupStates(defaultSetupState, [ createResourceState({ enabled: false, created: true }), createSettingsState(true), - createPermissionState(true), ]); expect(areResourcesSetup(mergedState)).toBeFalsy(); @@ -86,7 +71,6 @@ describe('Merging partial state operations', () => { const mergedState = mergePartialSetupStates(defaultSetupState, [ createResourceState({ enabled: true, created: false }), createSettingsState(true), - createPermissionState(true), ]); expect(areResourcesSetup(mergedState)).toBeFalsy(); @@ -96,7 +80,6 @@ describe('Merging partial state operations', () => { const mergedState = mergePartialSetupStates(defaultSetupState, [ createResourceState({ enabled: true, created: true }), createSettingsState(false), - createPermissionState(true), ]); expect(areResourcesSetup(mergedState)).toBeFalsy(); @@ -106,7 +89,6 @@ describe('Merging partial state operations', () => { const mergedState = mergePartialSetupStates(defaultSetupState, [ createResourceState({ enabled: true, created: true }), createSettingsState(true), - createPermissionState(true), ]); expect(areResourcesSetup(mergedState)).toBeTruthy(); diff --git a/x-pack/plugins/profiling_data_access/common/setup.ts b/x-pack/plugins/profiling_data_access/common/setup.ts index 934c425ed0af9..625423f48ab20 100644 --- a/x-pack/plugins/profiling_data_access/common/setup.ts +++ b/x-pack/plugins/profiling_data_access/common/setup.ts @@ -26,9 +26,6 @@ export interface SetupState { data: { available: boolean; }; - permissions: { - configured: boolean; - }; resource_management: { enabled: boolean; }; @@ -48,9 +45,6 @@ export function createDefaultSetupState(): SetupState { data: { available: false, }, - permissions: { - configured: false, - }, resource_management: { enabled: false, }, @@ -65,12 +59,7 @@ export function createDefaultSetupState(): SetupState { } export function areResourcesSetup(state: SetupState): boolean { - return ( - state.resource_management.enabled && - state.resources.created && - state.permissions.configured && - state.settings.configured - ); + return state.resource_management.enabled && state.resources.created && state.settings.configured; } function mergeRecursivePartial(base: T, partial: RecursivePartial): T { diff --git a/x-pack/plugins/profiling_data_access/server/services/setup_state/cloud_setup_state.ts b/x-pack/plugins/profiling_data_access/server/services/setup_state/cloud_setup_state.ts index ed05677d21dfb..3673e4191e3fc 100644 --- a/x-pack/plugins/profiling_data_access/server/services/setup_state/cloud_setup_state.ts +++ b/x-pack/plugins/profiling_data_access/server/services/setup_state/cloud_setup_state.ts @@ -18,7 +18,6 @@ import { validateSymbolizerPackagePolicy, } from '../../../common/fleet_policies'; import { hasProfilingData } from '../../../common/has_profiling_data'; -import { validateSecurityRole } from '../../../common/security_role'; import { mergePartialSetupStates } from '../../../common/setup'; export async function cloudSetupState( @@ -30,7 +29,6 @@ export async function cloudSetupState( const verifyFunctions = [ validateMaximumBuckets, validateResourceManagement, - validateSecurityRole, validateCollectorPackagePolicy, validateSymbolizerPackagePolicy, validateProfilingInApmPackagePolicy, diff --git a/x-pack/plugins/profiling_data_access/server/services/setup_state/index.ts b/x-pack/plugins/profiling_data_access/server/services/setup_state/index.ts index 99d81ab771793..d11668e1af6e9 100644 --- a/x-pack/plugins/profiling_data_access/server/services/setup_state/index.ts +++ b/x-pack/plugins/profiling_data_access/server/services/setup_state/index.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server'; +import { IScopedClusterClient, SavedObjectsClientContract } from '@kbn/core/server'; import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common'; import { CloudSetupStateType } from '../../../common/cloud_setup'; import { SetupStateType } from '../../../common/setup'; @@ -14,7 +14,7 @@ import { selfManagedSetupState } from './self_managed_setup_state'; export interface SetupStateParams { soClient: SavedObjectsClientContract; - esClient: ElasticsearchClient; + esClient: IScopedClusterClient; spaceId?: string; } @@ -26,12 +26,12 @@ export async function getSetupState({ soClient, spaceId, }: RegisterServicesParams & SetupStateParams): Promise { - const clientWithDefaultAuth = createProfilingEsClient({ - esClient, + const kibanaInternalProfilingESClient = createProfilingEsClient({ + esClient: esClient.asInternalUser, useDefaultAuth: true, }); - const clientWithProfilingAuth = createProfilingEsClient({ - esClient, + const profilingESClient = createProfilingEsClient({ + esClient: esClient.asCurrentUser, useDefaultAuth: false, }); @@ -42,8 +42,8 @@ export async function getSetupState({ } const setupState = await cloudSetupState({ - client: clientWithDefaultAuth, - clientWithProfilingAuth, + client: kibanaInternalProfilingESClient, + clientWithProfilingAuth: profilingESClient, logger, soClient, spaceId: spaceId ?? DEFAULT_SPACE_ID, @@ -58,8 +58,8 @@ export async function getSetupState({ } const setupState = await selfManagedSetupState({ - client: clientWithDefaultAuth, - clientWithProfilingAuth, + client: kibanaInternalProfilingESClient, + clientWithProfilingAuth: profilingESClient, logger, soClient, spaceId: spaceId ?? DEFAULT_SPACE_ID, diff --git a/x-pack/plugins/profiling_data_access/server/services/setup_state/self_managed_setup_state.ts b/x-pack/plugins/profiling_data_access/server/services/setup_state/self_managed_setup_state.ts index 062a75f0f1f02..ac7ff7ae7459e 100644 --- a/x-pack/plugins/profiling_data_access/server/services/setup_state/self_managed_setup_state.ts +++ b/x-pack/plugins/profiling_data_access/server/services/setup_state/self_managed_setup_state.ts @@ -10,7 +10,6 @@ import { validateResourceManagement, } from '../../../common/cluster_settings'; import { hasProfilingData } from '../../../common/has_profiling_data'; -import { validateSecurityRole } from '../../../common/security_role'; import { createDefaultSetupState, mergePartialSetupStates, @@ -21,12 +20,7 @@ import { export async function selfManagedSetupState(params: ProfilingSetupOptions): Promise { const state = createDefaultSetupState(); - const verifyFunctions = [ - validateMaximumBuckets, - validateResourceManagement, - validateSecurityRole, - hasProfilingData, - ]; + const verifyFunctions = [validateMaximumBuckets, validateResourceManagement, hasProfilingData]; const partialStates = await Promise.all(verifyFunctions.map((fn) => fn(params))); diff --git a/x-pack/plugins/profiling_data_access/server/services/status/index.ts b/x-pack/plugins/profiling_data_access/server/services/status/index.ts index 0e32989ea8828..a2ad969847da7 100644 --- a/x-pack/plugins/profiling_data_access/server/services/status/index.ts +++ b/x-pack/plugins/profiling_data_access/server/services/status/index.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server'; +import { IScopedClusterClient, SavedObjectsClientContract } from '@kbn/core/server'; import { ProfilingStatus } from '@kbn/profiling-utils'; import { areCloudResourcesSetup } from '../../../common/cloud_setup'; import { areResourcesSetup } from '../../../common/setup'; @@ -14,7 +14,7 @@ import { getSetupState } from '../setup_state'; export interface HasSetupParams { soClient: SavedObjectsClientContract; - esClient: ElasticsearchClient; + esClient: IScopedClusterClient; spaceId?: string; }