[8.x] [index management] Better privilege checking for component inde…

…x templates (elastic#202251) (elastic#204778)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[index management] Better privilege checking for component index
templates (elastic#202251)](elastic#202251)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Matthew
Kime","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-18T15:05:22Z","message":"[index
management] Better privilege checking for component index templates
(elastic#202251)\n\n## Summary\r\n\r\nBuilds on
https://github.com/elastic/kibana/pull/201717\r\n\r\nPart of
https://github.com/elastic/kibana/issues/178654\r\n\r\n`manage_index_templates`
cluster privilege determines access to\r\ncomponent index templates tab
within index
management.","sha":"17569187b6992252eff68a7ba408dd8b88fd883d","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Feature:Index
Management","Team:Kibana
Management","v9.0.0","backport:prev-minor"],"number":202251,"url":"https://github.com/elastic/kibana/pull/202251","mergeCommit":{"message":"[index
management] Better privilege checking for component index templates
(elastic#202251)\n\n## Summary\r\n\r\nBuilds on
https://github.com/elastic/kibana/pull/201717\r\n\r\nPart of
https://github.com/elastic/kibana/issues/178654\r\n\r\n`manage_index_templates`
cluster privilege determines access to\r\ncomponent index templates tab
within index
management.","sha":"17569187b6992252eff68a7ba408dd8b88fd883d"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/202251","number":202251,"mergeCommit":{"message":"[index
management] Better privilege checking for component index templates
(elastic#202251)\n\n## Summary\r\n\r\nBuilds on
https://github.com/elastic/kibana/pull/201717\r\n\r\nPart of
https://github.com/elastic/kibana/issues/178654\r\n\r\n`manage_index_templates`
cluster privilege determines access to\r\ncomponent index templates tab
within index
management.","sha":"17569187b6992252eff68a7ba408dd8b88fd883d"}}]}]
BACKPORT-->

x-pack/platform/plugins/private/translations/translations/fr-FR.json

@@ -22500,8 +22500,6 @@
     "xpack.idxMgmt.goToDiscover.discoverIndexButtonLabel": "Découvrir les index",
     "xpack.idxMgmt.goToDiscover.showIndexToolTip": "Montrer {indexName} dans Discover",
     "xpack.idxMgmt.home.appTitle": "Gestion des index",
-    "xpack.idxMgmt.home.componentTemplates.checkingPrivilegesDescription": "Vérification des privilèges…",
-    "xpack.idxMgmt.home.componentTemplates.checkingPrivilegesErrorMessage": "Erreur lors de la récupération des privilèges utilisateur depuis le serveur.",
     "xpack.idxMgmt.home.componentTemplates.confirmButtonLabel": "Supprimer {numComponentTemplatesToDelete, plural, one {le modèle de composant} other {les modèles de composants} }",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.cancelButtonLabel": "Annuler",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.deleteDescription": "Vous êtes sur le point de supprimer {numComponentTemplatesToDelete, plural, one {ce modèle de composant} other {ces modèles de composants} } :",
@@ -22510,8 +22508,6 @@
     "xpack.idxMgmt.home.componentTemplates.deleteModal.multipleErrorsNotificationMessageText": "Erreur lors de la suppression de {count} modèles de composants",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteMultipleNotificationMessageText": "{numSuccesses, plural, one {# modèle de composant supprimé} other {# modèles de composants supprimés}}",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteSingleNotificationMessageText": "Le modèle de composant \"{componentTemplateName}\" a bien été supprimé",
-    "xpack.idxMgmt.home.componentTemplates.deniedPrivilegeDescription": "Pour utiliser les modèles de composants, vous devez posséder {privilegesCount, plural, one {ce privilège de cluster} other {ces privilèges de cluster}} : {missingPrivileges}.",
-    "xpack.idxMgmt.home.componentTemplates.deniedPrivilegeTitle": "Privilèges de cluster requis",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptButtonLabel": "Créer un modèle de composant",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptDescription": "Par exemple, vous pouvez créer un modèle de composant pour les paramètres d'index réutilisables dans tous les modèles d'index.",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptDocumentionLink": "En savoir plus.",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

@@ -22357,8 +22357,6 @@
     "xpack.idxMgmt.goToDiscover.discoverIndexButtonLabel": "Discoverインデックス",
     "xpack.idxMgmt.goToDiscover.showIndexToolTip": "Discoverで{indexName}を表示",
     "xpack.idxMgmt.home.appTitle": "インデックス管理",
-    "xpack.idxMgmt.home.componentTemplates.checkingPrivilegesDescription": "権限を確認中…",
-    "xpack.idxMgmt.home.componentTemplates.checkingPrivilegesErrorMessage": "サーバーからユーザー特権を取得中にエラーが発生。",
     "xpack.idxMgmt.home.componentTemplates.confirmButtonLabel": "{numComponentTemplatesToDelete, plural, other  {個のコンポーネントテンプレート} }を削除",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.cancelButtonLabel": "キャンセル",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.deleteDescription": "{numComponentTemplatesToDelete, plural, one {このコンポーネントテンプレート} other {これらのコンポーネントテンプレート} }を削除しようとしています。",
@@ -22367,8 +22365,6 @@
     "xpack.idxMgmt.home.componentTemplates.deleteModal.multipleErrorsNotificationMessageText": "{count}個のコンポーネントテンプレートの削除エラー",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteMultipleNotificationMessageText": "{numSuccesses, plural, other  {# 個のコンポーネントテンプレート}}を削除しました",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteSingleNotificationMessageText": "コンポーネントテンプレート''{componentTemplateName}''を削除しました",
-    "xpack.idxMgmt.home.componentTemplates.deniedPrivilegeDescription": "コンポーネントテンプレートを使用するには、{privilegesCount, plural, one {このクラスター特権} other {これらのクラスター特権}}が必要です：{missingPrivileges}。",
-    "xpack.idxMgmt.home.componentTemplates.deniedPrivilegeTitle": "クラスターの権限が必要です",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptButtonLabel": "コンポーネントテンプレートを作成",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptDescription": "たとえば、インデックステンプレート全体で再利用できるインデックス設定のコンポーネントテンプレートを作成できます。",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptDocumentionLink": "詳細情報",

x-pack/platform/plugins/private/translations/translations/zh-CN.json

@@ -22436,8 +22436,6 @@
     "xpack.idxMgmt.goToDiscover.discoverIndexButtonLabel": "Discover 索引",
     "xpack.idxMgmt.goToDiscover.showIndexToolTip": "在 Discover 中显示 {indexName}",
     "xpack.idxMgmt.home.appTitle": "索引管理",
-    "xpack.idxMgmt.home.componentTemplates.checkingPrivilegesDescription": "正在检查权限……",
-    "xpack.idxMgmt.home.componentTemplates.checkingPrivilegesErrorMessage": "从服务器获取用户权限时出错。",
     "xpack.idxMgmt.home.componentTemplates.confirmButtonLabel": "删除{numComponentTemplatesToDelete, plural, other {组件模板} }",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.cancelButtonLabel": "取消",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.deleteDescription": "您即将删除{numComponentTemplatesToDelete, plural, other {以下组件模板} }:",
@@ -22446,8 +22444,6 @@
     "xpack.idxMgmt.home.componentTemplates.deleteModal.multipleErrorsNotificationMessageText": "删除 {count} 个组件模板时出错",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteMultipleNotificationMessageText": "已删除 {numSuccesses, plural, other {# 个组件模板}}",
     "xpack.idxMgmt.home.componentTemplates.deleteModal.successDeleteSingleNotificationMessageText": "已删除组件模板“{componentTemplateName}”",
-    "xpack.idxMgmt.home.componentTemplates.deniedPrivilegeDescription": "要使用“组件模板”，必须具有{privilegesCount, plural, other {以下集群权限}}：{missingPrivileges}。",
-    "xpack.idxMgmt.home.componentTemplates.deniedPrivilegeTitle": "需要集群权限",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptButtonLabel": "创建组件模板",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptDescription": "例如，您可以为可在多个索引模板上重复使用的索引设置创建组件模板。",
     "xpack.idxMgmt.home.componentTemplates.emptyPromptDocumentionLink": "了解详情。",

x-pack/plugins/index_management/__jest__/client_integration/helpers/setup_environment.tsx

@@ -95,6 +95,7 @@ const appDependencies = {
     monitor: true,
     manageEnrich: true,
     monitorEnrich: true,
+    manageIndexTemplates: true,
   },
 } as any;
 

x-pack/plugins/index_management/public/application/app_context.tsx

@@ -84,6 +84,7 @@ export interface AppDependencies {
     monitor: boolean;
     manageEnrich: boolean;
     monitorEnrich: boolean;
+    manageIndexTemplates: boolean;
   };
 }
 

x-pack/plugins/index_management/public/application/components/component_templates/component_template_list/component_template_list_container.tsx

@@ -11,8 +11,6 @@ import { RouteComponentProps } from 'react-router-dom';
 import qs from 'query-string';
 import { useExecutionContext } from '../shared_imports';
 import { useComponentTemplatesContext } from '../component_templates_context';
-import { ComponentTemplatesAuthProvider } from './auth_provider';
-import { ComponentTemplatesWithPrivileges } from './with_privileges';
 import { ComponentTemplateList } from './component_template_list';
 
 interface MatchParams {
@@ -39,14 +37,10 @@ export const ComponentTemplateListContainer: React.FunctionComponent<
   const filter = urlParams.filter ?? '';
 
   return (
-    <ComponentTemplatesAuthProvider>
-      <ComponentTemplatesWithPrivileges>
-        <ComponentTemplateList
-          componentTemplateName={componentTemplateName}
-          history={history}
-          filter={String(filter)}
-        />
-      </ComponentTemplatesWithPrivileges>
-    </ComponentTemplatesAuthProvider>
+    <ComponentTemplateList
+      componentTemplateName={componentTemplateName}
+      history={history}
+      filter={String(filter)}
+    />
   );
 };

x-pack/plugins/index_management/public/application/mount_management_section.ts

@@ -73,7 +73,8 @@ export function getIndexManagementDependencies({
 }): AppDependencies {
   const { docLinks, application, uiSettings, settings } = core;
   const { url } = startDependencies.share;
-  const { monitor, manageEnrich, monitorEnrich } = application.capabilities.index_management;
+  const { monitor, manageEnrich, monitorEnrich, manageIndexTemplates } =
+    application.capabilities.index_management;
 
   return {
     core: {
@@ -109,6 +110,7 @@ export function getIndexManagementDependencies({
       monitor: !!monitor,
       manageEnrich: !!manageEnrich,
       monitorEnrich: !!monitorEnrich,
+      manageIndexTemplates: !!manageIndexTemplates,
     },
   };
 }

x-pack/plugins/index_management/public/application/sections/home/home.tsx

@@ -66,16 +66,19 @@ export const IndexManagementHome: React.FunctionComponent<RouteComponentProps<Ma
         />
       ),
     },
-    {
+  ];
+
+  if (privs.manageIndexTemplates) {
+    tabs.push({
       id: Section.ComponentTemplates,
       name: (
         <FormattedMessage
           id="xpack.idxMgmt.home.componentTemplatesTabTitle"
           defaultMessage="Component Templates"
         />
       ),
-    },
-  ];
+    });
+  }
 
   if (privs.monitorEnrich) {
     tabs.push({
@@ -139,14 +142,16 @@ export const IndexManagementHome: React.FunctionComponent<RouteComponentProps<Ma
           path={[`/${Section.IndexTemplates}`, `/${Section.IndexTemplates}/:templateName?`]}
           component={TemplateList}
         />
-        <Route
-          exact
-          path={[
-            `/${Section.ComponentTemplates}`,
-            `/${Section.ComponentTemplates}/:componentTemplateName?`,
-          ]}
-          component={ComponentTemplateList}
-        />
+        {privs.manageIndexTemplates && (
+          <Route
+            exact
+            path={[
+              `/${Section.ComponentTemplates}`,
+              `/${Section.ComponentTemplates}/:componentTemplateName?`,
+            ]}
+            component={ComponentTemplateList}
+          />
+        )}
         {privs.monitorEnrich && (
           <Route exact path={`/${Section.EnrichPolicies}`} component={EnrichPoliciesList} />
         )}

x-pack/plugins/index_management/public/plugin.ts

@@ -105,8 +105,12 @@ export class IndexMgmtUIPlugin
     const { fleet, usageCollection, management, cloud } = plugins;
 
     this.capabilities$.subscribe((capabilities) => {
-      const { monitor, manageEnrich, monitorEnrich } = capabilities.index_management;
-      if (this.config.isIndexManagementUiEnabled && (monitor || manageEnrich || monitorEnrich)) {
+      const { monitor, manageEnrich, monitorEnrich, manageIndexTemplates } =
+        capabilities.index_management;
+      if (
+        this.config.isIndexManagementUiEnabled &&
+        (monitor || manageEnrich || monitorEnrich || manageIndexTemplates)
+      ) {
         management.sections.section.data.registerApp({
           id: PLUGIN.id,
           title: i18n.translate('xpack.idxMgmt.appTitle', { defaultMessage: 'Index Management' }),

x-pack/plugins/index_management/server/plugin.ts

@@ -46,6 +46,10 @@ export class IndexMgmtServerPlugin implements Plugin<IndexManagementPluginSetup,
           requiredClusterPrivileges: ['manage_enrich'],
           ui: ['manageEnrich'],
         },
+        {
+          requiredClusterPrivileges: ['manage_index_templates'],
+          ui: ['manageIndexTemplates'],
+        },
         {
           // manage_index_templates is also required, but we will disable specific parts of the
           // UI if this privilege is missing.

x-pack/plugins/index_management/server/routes/api/component_templates/index.ts

@@ -11,7 +11,6 @@ import { registerGetAllRoute } from './register_get_route';
 import { registerCreateRoute } from './register_create_route';
 import { registerUpdateRoute } from './register_update_route';
 import { registerDeleteRoute } from './register_delete_route';
-import { registerPrivilegesRoute } from './register_privileges_route';
 import {
   registerGetDatastreams,
   registerReferencedIndexTemplateMeta,
@@ -24,5 +23,4 @@ export function registerComponentTemplateRoutes(dependencies: RouteDependencies)
   registerGetDatastreams(dependencies);
   registerReferencedIndexTemplateMeta(dependencies);
   registerDeleteRoute(dependencies);
-  registerPrivilegesRoute(dependencies);
 }