[Security Solution] Fix the feature app list #191965
Merged
+106
−89
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
semd
added
bug
|
/ci |
semd
commented
Sep 27, 2024
Comment on lines
+341
to
+349
| // When the user does not have access to SIEM (main Security feature) nor Security Cases feature, the plugin must be inaccessible. | ||
| if (!capabilities.siem?.show && !capabilities.securitySolutionCases?.read_cases) { | ||
| this.appUpdater$.next(() => ({ | ||
| status: AppStatus.inaccessible, | ||
| visibleIn: [], | ||
| })); | ||
| // no need to register the links updater when the plugin is inaccessible | ||
| return; | ||
| } |
There was a problem hiding this comment.
This is the only code addition in this PR, the rest is a small housekeeping refactor.
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Public APIs missing comments
Page load bundle
History
To update your PR or re-run it, just comment with: cc @semd |
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11123322570 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 1, 2024
## Summary Fixes elastic/kibana-team#1136 The Kibana feature definition for Security Solution was missing the correct plugin ID registered in the `app` definition. We were still defining the old _"securitySolution"_ app ID in the `app` property, instead of the new _"securitySolutionUI"_ ID. The Security Solution plugin ID change (_"securitySolution"_ -> _"securitySolutionUI"_) was done a long time ago, the inconsistency with the Security feature definition is causing the _Security_ app to still be visible in the global search when the Security feature is disabled: - In the role features <img width="737" alt="Security and Cases disabled" src="https://github.com/user-attachments/assets/146b8205-90f7-4218-9f1a-7b55c3bad563"> - Or in the space features config <img width="1213" alt="Captura de pantalla 2024-09-03 a les 15 31 09" src="https://github.com/user-attachments/assets/2563675a-d956-4422-a887-d6d95bcad773"> This is fixed now: Before: <img width="1302" alt="Security app incorrectly enabled" src="https://github.com/user-attachments/assets/8031f054-7cfb-4098-93c2-eac402501887"> After: <img width="1302" alt="Security app disabled properly" src="https://github.com/user-attachments/assets/a4f38ec2-fb78-4b1b-8c2d-bac58b97ff99"> ### Caveat As per this PR changes: elastic#113573 In the Kibana features of the role, under the Security catalog, both Security and Cases features need to be `none` for the Security Solution plugin to be disabled. Otherwise, we must enable the plugin and make the enabled features available. So, with a role with the following Kibana features: <img width="737" alt="Security disabled cases enabled" src="https://github.com/user-attachments/assets/aca8288e-9dd9-49d0-b864-e60273d30759"> The Security app needs to be available and display only Cases available: <img width="247" alt="navigation with only cases" src="https://github.com/user-attachments/assets/d4866edb-1d1d-4290-a399-76a37536b05c"> --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit e373e44)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 1, 2024
# Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Fix the feature app list (#191965)](#191965) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Sergi Massaneda","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-01T10:18:17Z","message":"[Security Solution] Fix the feature app list (#191965)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana-team/issues/1136\r\n\r\nThe Kibana feature definition for Security Solution was missing the\r\ncorrect plugin ID registered in the `app` definition. We were still\r\ndefining the old _\"securitySolution\"_ app ID in the `app` property,\r\ninstead of the new _\"securitySolutionUI\"_ ID.\r\n\r\nThe Security Solution plugin ID change (_\"securitySolution\"_ ->\r\n_\"securitySolutionUI\"_) was done a long time ago, the inconsistency with\r\nthe Security feature definition is causing the _Security_ app to still\r\nbe visible in the global search when the Security feature is disabled:\r\n\r\n- In the role features\r\n<img width=\"737\" alt=\"Security and Cases disabled\"\r\nsrc=\"https://github.com/user-attachments/assets/146b8205-90f7-4218-9f1a-7b55c3bad563\">\r\n\r\n- Or in the space features config\r\n<img width=\"1213\" alt=\"Captura de pantalla 2024-09-03 a les 15 31 09\"\r\nsrc=\"https://github.com/user-attachments/assets/2563675a-d956-4422-a887-d6d95bcad773\">\r\n\r\n\r\nThis is fixed now:\r\n\r\nBefore:\r\n<img width=\"1302\" alt=\"Security app incorrectly enabled\"\r\nsrc=\"https://github.com/user-attachments/assets/8031f054-7cfb-4098-93c2-eac402501887\">\r\n\r\nAfter:\r\n<img width=\"1302\" alt=\"Security app disabled properly\"\r\nsrc=\"https://github.com/user-attachments/assets/a4f38ec2-fb78-4b1b-8c2d-bac58b97ff99\">\r\n\r\n\r\n### Caveat\r\n\r\nAs per this PR changes: https://github.com/elastic/kibana/pull/113573\r\nIn the Kibana features of the role, under the Security catalog, both\r\nSecurity and Cases features need to be `none` for the Security Solution\r\nplugin to be disabled. Otherwise, we must enable the plugin and make the\r\nenabled features available. So, with a role with the following Kibana\r\nfeatures:\r\n\r\n<img width=\"737\" alt=\"Security disabled cases enabled\"\r\nsrc=\"https://github.com/user-attachments/assets/aca8288e-9dd9-49d0-b864-e60273d30759\">\r\n\r\nThe Security app needs to be available and display only Cases available:\r\n\r\n<img width=\"247\" alt=\"navigation with only cases\"\r\nsrc=\"https://github.com/user-attachments/assets/d4866edb-1d1d-4290-a399-76a37536b05c\">\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"e373e443770399d4b0401b02abc39f794a3ec321","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Team: SecuritySolution","backport:prev-minor","v8.16.0"],"title":"[Security Solution] Fix the feature app list","number":191965,"url":"https://github.com/elastic/kibana/pull/191965","mergeCommit":{"message":"[Security Solution] Fix the feature app list (#191965)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana-team/issues/1136\r\n\r\nThe Kibana feature definition for Security Solution was missing the\r\ncorrect plugin ID registered in the `app` definition. We were still\r\ndefining the old _\"securitySolution\"_ app ID in the `app` property,\r\ninstead of the new _\"securitySolutionUI\"_ ID.\r\n\r\nThe Security Solution plugin ID change (_\"securitySolution\"_ ->\r\n_\"securitySolutionUI\"_) was done a long time ago, the inconsistency with\r\nthe Security feature definition is causing the _Security_ app to still\r\nbe visible in the global search when the Security feature is disabled:\r\n\r\n- In the role features\r\n<img width=\"737\" alt=\"Security and Cases disabled\"\r\nsrc=\"https://github.com/user-attachments/assets/146b8205-90f7-4218-9f1a-7b55c3bad563\">\r\n\r\n- Or in the space features config\r\n<img width=\"1213\" alt=\"Captura de pantalla 2024-09-03 a les 15 31 09\"\r\nsrc=\"https://github.com/user-attachments/assets/2563675a-d956-4422-a887-d6d95bcad773\">\r\n\r\n\r\nThis is fixed now:\r\n\r\nBefore:\r\n<img width=\"1302\" alt=\"Security app incorrectly enabled\"\r\nsrc=\"https://github.com/user-attachments/assets/8031f054-7cfb-4098-93c2-eac402501887\">\r\n\r\nAfter:\r\n<img width=\"1302\" alt=\"Security app disabled properly\"\r\nsrc=\"https://github.com/user-attachments/assets/a4f38ec2-fb78-4b1b-8c2d-bac58b97ff99\">\r\n\r\n\r\n### Caveat\r\n\r\nAs per this PR changes: https://github.com/elastic/kibana/pull/113573\r\nIn the Kibana features of the role, under the Security catalog, both\r\nSecurity and Cases features need to be `none` for the Security Solution\r\nplugin to be disabled. Otherwise, we must enable the plugin and make the\r\nenabled features available. So, with a role with the following Kibana\r\nfeatures:\r\n\r\n<img width=\"737\" alt=\"Security disabled cases enabled\"\r\nsrc=\"https://github.com/user-attachments/assets/aca8288e-9dd9-49d0-b864-e60273d30759\">\r\n\r\nThe Security app needs to be available and display only Cases available:\r\n\r\n<img width=\"247\" alt=\"navigation with only cases\"\r\nsrc=\"https://github.com/user-attachments/assets/d4866edb-1d1d-4290-a399-76a37536b05c\">\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"e373e443770399d4b0401b02abc39f794a3ec321"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191965","number":191965,"mergeCommit":{"message":"[Security Solution] Fix the feature app list (#191965)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana-team/issues/1136\r\n\r\nThe Kibana feature definition for Security Solution was missing the\r\ncorrect plugin ID registered in the `app` definition. We were still\r\ndefining the old _\"securitySolution\"_ app ID in the `app` property,\r\ninstead of the new _\"securitySolutionUI\"_ ID.\r\n\r\nThe Security Solution plugin ID change (_\"securitySolution\"_ ->\r\n_\"securitySolutionUI\"_) was done a long time ago, the inconsistency with\r\nthe Security feature definition is causing the _Security_ app to still\r\nbe visible in the global search when the Security feature is disabled:\r\n\r\n- In the role features\r\n<img width=\"737\" alt=\"Security and Cases disabled\"\r\nsrc=\"https://github.com/user-attachments/assets/146b8205-90f7-4218-9f1a-7b55c3bad563\">\r\n\r\n- Or in the space features config\r\n<img width=\"1213\" alt=\"Captura de pantalla 2024-09-03 a les 15 31 09\"\r\nsrc=\"https://github.com/user-attachments/assets/2563675a-d956-4422-a887-d6d95bcad773\">\r\n\r\n\r\nThis is fixed now:\r\n\r\nBefore:\r\n<img width=\"1302\" alt=\"Security app incorrectly enabled\"\r\nsrc=\"https://github.com/user-attachments/assets/8031f054-7cfb-4098-93c2-eac402501887\">\r\n\r\nAfter:\r\n<img width=\"1302\" alt=\"Security app disabled properly\"\r\nsrc=\"https://github.com/user-attachments/assets/a4f38ec2-fb78-4b1b-8c2d-bac58b97ff99\">\r\n\r\n\r\n### Caveat\r\n\r\nAs per this PR changes: https://github.com/elastic/kibana/pull/113573\r\nIn the Kibana features of the role, under the Security catalog, both\r\nSecurity and Cases features need to be `none` for the Security Solution\r\nplugin to be disabled. Otherwise, we must enable the plugin and make the\r\nenabled features available. So, with a role with the following Kibana\r\nfeatures:\r\n\r\n<img width=\"737\" alt=\"Security disabled cases enabled\"\r\nsrc=\"https://github.com/user-attachments/assets/aca8288e-9dd9-49d0-b864-e60273d30759\">\r\n\r\nThe Security app needs to be available and display only Cases available:\r\n\r\n<img width=\"247\" alt=\"navigation with only cases\"\r\nsrc=\"https://github.com/user-attachments/assets/d4866edb-1d1d-4290-a399-76a37536b05c\">\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"e373e443770399d4b0401b02abc39f794a3ec321"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Sergi Massaneda <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes https://github.com/elastic/kibana-team/issues/1136
The Kibana feature definition for Security Solution was missing the correct plugin ID registered in the
appdefinition. We were still defining the old "securitySolution" app ID in theappproperty, instead of the new "securitySolutionUI" ID.The Security Solution plugin ID change ("securitySolution" -> "securitySolutionUI") was done a long time ago, the inconsistency with the Security feature definition is causing the Security app to still be visible in the global search when the Security feature is disabled:
This is fixed now:
Before:
After:
Caveat
As per this PR changes: #113573
In the Kibana features of the role, under the Security catalog, both Security and Cases features need to be
nonefor the Security Solution plugin to be disabled. Otherwise, we must enable the plugin and make the enabled features available. So, with a role with the following Kibana features:The Security app needs to be available and display only Cases available: