Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds Role Based Access-Control to the Alerting & Action plugins based on Kibana Feature Controls #67157
Adds Role Based Access-Control to the Alerting & Action plugins based on Kibana Feature Controls #67157
Changes from 38 commits
c62a8fc
764f515
52a153e
4b95c81
95da803
341afdb
c8e23f0
1afad8e
06495a6
77348f1
412f684
541a871
492f78a
076ebdf
bdd5d28
711fdba
a15c7d9
87d099f
ade2c4c
0ace530
efdb521
665c427
11bbf16
2b84902
e15946c
445710f
ee79c9c
168ce21
6910165
6b789ec
0aaaef5
86f7d73
ba40757
74a886a
f56a849
c055216
399493b
8ecba62
e4e6590
08541d3
87bd206
e1e560c
b012ae1
34b7cf9
64e802b
f287766
acd9961
54ad8dd
867b7c3
f34d031
289a85b
c9453f1
244874c
606081b
213b330
35a9971
c18ab7f
9937143
f2f3c2b
ac37d1b
0d2c859
80fe0fd
270ecb1
9ff6666
d78822c
3c77b85
554e7ce
c177be0
bae77e4
0370e9d
19d38aa
3c66ba0
8f82baf
04cd6f5
75a5fcb
cc06e67
3ccb14f
a3082b0
e00ffe4
adefb2f
8b2a423
44a0c4e
9de574c
2e75199
b094910
17fba6a
611061e
bd0f78c
1a20848
970656d
0ffe4a2
025ed9e
f4f2f09
29c9cc7
99e5ab0
f22c7aa
90d0df4
036a082
33ef0b0
3c4a7a9
353dd25
c0d09cc
0e001e6
ee05baa
6c42c92
a7d36e4
ae38572
a67950e
8f30d0f
e454e59
b3ed832
e4a16c7
f0f82f3
541cdfd
f56574f
169789a
c426139
1611aff
49b40be
53916fd
0e0d175
e6025ba
e919958
d7f0b27
d78b918
14ebe0e
a2d25cf
5671159
9cc3753
a4f1a7d
2ae533a
3cc2cb5
7f5099c
76d2818
a449385
6a2b64d
3fd2309
da1f944
ae3c7a7
22efe49
61626a0
a73fff5
d412665
23dafe8
a3f6142
5c5ff2d
6c84a9d
96dfb5a
12f2049
84947d2
57ffda5
4d6d96e
a84a263
5e2f0dd
abbb2c0
84da270
8d8ea54
f33ac25
7b8cbe2
9e74773
6c0f72c
98a00b6
4efb5e7
053ca76
9f004db
acc5f55
662e4a2
048e769
cd0522e
d2c732f
46845fc
97b4262
67e913a
6b090eb
d1cc1cd
e9ac83c
cdef95d
d6616db
a6989b5
07e1a1c
cbee849
16ab6c6
46f0d74
6b14aaf
e2fff84
d7ecd86
46f46c7
a894e5a
81978c3
7febd47
5582f06
12f6536
407b09a
7bafd5d
e794518
53aa8e9
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sure we've talked about this and I'm sure we will again. But to refresh my memory; I was thinking this was automatic and not controlled?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it's confusing, no worries.
It works like this:
Producer privilege throughout Kibana & Consumer privilege to create built-in types in Alerts Management are automatic.
Consumer privilege to create built-in types in a consumer that isn't Alerts Management is not automatic.
We did this so that:
all
access to create alerts insiem
, for example, doesn't automatically grant you the right to create any built-in withsiem
as consumer- as that might mean that if they run afind
for allsiem
alerts they'll get back AlertTypes they don't support or expect.siem
do actually want to allow a built-in type, but only to a certain role or as a sub-privilege? We'd have to provide for that and doing so automatically now isn't something we can (necessarily) easily dial back, so best to keep this explicit for now (I think).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I'll process this soon.
It looks like @kobelb has a similar question as well: #43994 (comment).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the change from Array to Set, we'll potentially lose some ordering we had with the Array - although in practice Sets may end up with the same "ordered as added" pattern that ordinary objects have. I don't think we have any dependencies on the order, but does make me wonder if we want them sorted by id in the HTTP response to make things more consistent. Nothing directly actionable, thought I'd mention it in case anyone else knows of any ordering dependency here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm we can... the reason I changed this to a set was that it made it cleaner and easier to check if a type was in there and it is a more "correct" description of what this API returns.
Leaving it as an array ended up making the code around it a bit messier, so this was done mostly to make the code easier to follow.
The effect on the order is interesting as, like you said, Set orders by insertion order, which is exactly what we had in the array before hand, so nothing changed here... we could add some kind of ordering but as it's the same as it was before, I'd defer that to another time.