Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] fix(security, features): do not expose UI capabilities of the d…
…eprecated features (elastic#198656) (elastic#199147) # Backport This will backport the following commits from `main` to `8.x`: - [fix(security, features): do not expose UI capabilities of the deprecated features (elastic#198656)](elastic#198656) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Aleh Zasypkin","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-06T14:06:39Z","message":"fix(security, features): do not expose UI capabilities of the deprecated features (elastic#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI capabilities for deprecated\r\nfeatures since they’re unnecessary, and the code should rely on the UI\r\ncapabilities of the replacement features instead.\r\n\r\nAdditionally, this PR transforms the `disabledFeatures` property of\r\nSpace objects returned from our programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with the IDs of their replacement features,\r\nensuring that feature visibility toggles work for deprecated features as\r\nwell.\r\n\r\n## How to test\r\n\r\n1. Run Kibana FTR server with the following config (registers test\r\ndeprecated features):\r\n```shell\r\nnode scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2. Once server is up and running create Space with the\r\n`case_1_feature_a` **deprecated** feature disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space' -u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json' -H 'kbn-version: 9.0.0' \\\r\n --data-raw '{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3. Log in to Kibana and [navigate to a Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've just created. Observe that deprecated `Case #1 feature A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see that\r\nreplaces deprecated one - `Case #1 feature B` (`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17 40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-major"],"title":"fix(security, features): do not expose UI capabilities of the deprecated features","number":198656,"url":"https://github.com/elastic/kibana/pull/198656","mergeCommit":{"message":"fix(security, features): do not expose UI capabilities of the deprecated features (elastic#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI capabilities for deprecated\r\nfeatures since they’re unnecessary, and the code should rely on the UI\r\ncapabilities of the replacement features instead.\r\n\r\nAdditionally, this PR transforms the `disabledFeatures` property of\r\nSpace objects returned from our programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with the IDs of their replacement features,\r\nensuring that feature visibility toggles work for deprecated features as\r\nwell.\r\n\r\n## How to test\r\n\r\n1. Run Kibana FTR server with the following config (registers test\r\ndeprecated features):\r\n```shell\r\nnode scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2. Once server is up and running create Space with the\r\n`case_1_feature_a` **deprecated** feature disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space' -u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json' -H 'kbn-version: 9.0.0' \\\r\n --data-raw '{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3. Log in to Kibana and [navigate to a Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've just created. Observe that deprecated `Case #1 feature A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see that\r\nreplaces deprecated one - `Case #1 feature B` (`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17 40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198656","number":198656,"mergeCommit":{"message":"fix(security, features): do not expose UI capabilities of the deprecated features (elastic#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI capabilities for deprecated\r\nfeatures since they’re unnecessary, and the code should rely on the UI\r\ncapabilities of the replacement features instead.\r\n\r\nAdditionally, this PR transforms the `disabledFeatures` property of\r\nSpace objects returned from our programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with the IDs of their replacement features,\r\nensuring that feature visibility toggles work for deprecated features as\r\nwell.\r\n\r\n## How to test\r\n\r\n1. Run Kibana FTR server with the following config (registers test\r\ndeprecated features):\r\n```shell\r\nnode scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2. Once server is up and running create Space with the\r\n`case_1_feature_a` **deprecated** feature disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space' -u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json' -H 'kbn-version: 9.0.0' \\\r\n --data-raw '{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3. Log in to Kibana and [navigate to a Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've just created. Observe that deprecated `Case #1 feature A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see that\r\nreplaces deprecated one - `Case #1 feature B` (`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17 40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f"}}]}] BACKPORT--> Co-authored-by: Aleh Zasypkin <[email protected]>
- Loading branch information