Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet]: Unable to view integration Assets when logged in as User with role: Fleet-All, Integrations-Read and Saved Objects Management- Read. #161058

Closed
amolnater-qasource opened this issue Jul 3, 2023 · 6 comments · Fixed by #161233
Closed

[Fleet]: Unable to view integration Assets when logged in as User with role: Fleet-All, Integrations-Read and Saved Objects Management- Read. #161058

amolnater-qasource opened this issue Jul 3, 2023 · 6 comments · Fixed by #161233
Assignees
@criamico
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Fleet Team label for Observability Data Collection Fleet team

Comments

@amolnater-qasource
Copy link

Kibana Build details:

VERSION: 8.9.0 BC2
BUILD: 64459
COMMIT: 6950a2b8207d8388ee8c842d6c0e2b1e1031fd36

Host OS and Browser version: All, All

Preconditions:

  1. 8.9.0 BC2 Kibana cloud environment should be available.
  2. Create a User with Role: Fleet- All and Integrations- Read and Saved Objects Management- Read.
  3. Any integration should be installed, say Nginx.

Steps to reproduce:

  1. Login with User having Role: Fleet- All and Integrations- Read and Saved Objects Management- Read.
  2. Navigate to Integrations>Installed integrations.
  3. Select Nginx>Navigate to Assets tab.
  4. Observe Permission error.

Expected Result:
User should be able to view integration Assets when logged in as User with role: Fleet-All, Integrations-Read and Saved Objects Management- Read.

Screen Recording:

Assets.Issue.mp4

8
9

Note:

  • This issue is not reproducible on 8.8.2 kibana cloud environment.

Impacted Testcase:
#T2110055
@amolnater-qasource amolnater-qasource added bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Fleet Team label for Observability Data Collection Fleet team labels Jul 3, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@amolnater-qasource
Copy link
Author

@manishgupta-qasource Please review.

@manishgupta-qasource
Copy link

Secondary review for this ticket is Done

@jlind23
Copy link
Contributor

jlind23 commented Jul 3, 2023

@criamico could this be related to one of the recent changes you did around saved objects?

@criamico
Copy link
Contributor

criamico commented Jul 3, 2023

@jlind23 Because it's in the Assets tab it could be, yes. I recall adding permission checks for the new endpoint that were the same as similar endpoints, but it's possible that it broke some other case. I'll take a look.

@criamico criamico mentioned this issue Jul 5, 2023
Merged
criamico added a commit that referenced this issue Jul 5, 2023
@criamico
[Fleet] Fix permissions in integrations Assets page (#161233)
38b487a 
Fixes #161058

## Summary
Fix permissions for Integrations assets tab. A user with role "Fleet All
- Integration Read" wasn't able to visualize the assets tab.

### Test

- Create a user with "Fleet All - Integration Read" as shown in this
video:


https://github.com/elastic/kibana/assets/16084106/a13c6ddd-a3d1-4e15-9c9d-9d56e1dbb0f0

- Log in with this new user
- Navigate to any installed integration, then to the Assets tab
- Verify that the assets are shown as usual (no warnings are shown)

<img width="2556" alt="Screenshot 2023-07-05 at 10 22 36"
src="https://github.com/elastic/kibana/assets/16084106/b050d7ee-3794-41c4-b429-50eb6291697a">
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Jul 5, 2023
@criamico
[Fleet] Fix permissions in integrations Assets page (elastic#161233)
ef9a3a3 
Fixes elastic#161058

## Summary
Fix permissions for Integrations assets tab. A user with role "Fleet All
- Integration Read" wasn't able to visualize the assets tab.

### Test

- Create a user with "Fleet All - Integration Read" as shown in this
video:

https://github.com/elastic/kibana/assets/16084106/a13c6ddd-a3d1-4e15-9c9d-9d56e1dbb0f0

- Log in with this new user
- Navigate to any installed integration, then to the Assets tab
- Verify that the assets are shown as usual (no warnings are shown)

<img width="2556" alt="Screenshot 2023-07-05 at 10 22 36"
src="https://github.com/elastic/kibana/assets/16084106/b050d7ee-3794-41c4-b429-50eb6291697a">

(cherry picked from commit 38b487a)
kibanamachine referenced this issue Jul 5, 2023
@kibanamachine @criamico
[8.9] [Fleet] Fix permissions in integrations Assets page (#161233) (#…
1428940 
…161236)

# Backport

This will backport the following commits from `main` to `8.9`:
- [[Fleet] Fix permissions in integrations Assets page
(#161233)](#161233)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Cristina
Amico","email":"criamico@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-07-05T09:27:54Z","message":"[Fleet]
Fix permissions in integrations Assets page (#161233)\n\nFixes
https://github.com/elastic/kibana/issues/161058\r\n\r\n## Summary\r\nFix
permissions for Integrations assets tab. A user with role \"Fleet
All\r\n- Integration Read\" wasn't able to visualize the assets
tab.\r\n\r\n### Test\r\n\r\n- Create a user with \"Fleet All -
Integration Read\" as shown in
this\r\nvideo:\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/16084106/a13c6ddd-a3d1-4e15-9c9d-9d56e1dbb0f0\r\n\r\n-
Log in with this new user\r\n- Navigate to any installed integration,
then to the Assets tab\r\n- Verify that the assets are shown as usual
(no warnings are shown)\r\n\r\n<img width=\"2556\" alt=\"Screenshot
2023-07-05 at 10 22
36\"\r\nsrc=\"https://github.com/elastic/kibana/assets/16084106/b050d7ee-3794-41c4-b429-50eb6291697a\">","sha":"38b487a879ba12a2a6b37930fd05d60aa3c7ae10","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","backport:prev-minor","v8.10.0"],"number":161233,"url":"https://github.com/elastic/kibana/pull/161233","mergeCommit":{"message":"[Fleet]
Fix permissions in integrations Assets page (#161233)\n\nFixes
https://github.com/elastic/kibana/issues/161058\r\n\r\n## Summary\r\nFix
permissions for Integrations assets tab. A user with role \"Fleet
All\r\n- Integration Read\" wasn't able to visualize the assets
tab.\r\n\r\n### Test\r\n\r\n- Create a user with \"Fleet All -
Integration Read\" as shown in
this\r\nvideo:\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/16084106/a13c6ddd-a3d1-4e15-9c9d-9d56e1dbb0f0\r\n\r\n-
Log in with this new user\r\n- Navigate to any installed integration,
then to the Assets tab\r\n- Verify that the assets are shown as usual
(no warnings are shown)\r\n\r\n<img width=\"2556\" alt=\"Screenshot
2023-07-05 at 10 22
36\"\r\nsrc=\"https://github.com/elastic/kibana/assets/16084106/b050d7ee-3794-41c4-b429-50eb6291697a\">","sha":"38b487a879ba12a2a6b37930fd05d60aa3c7ae10"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/161233","number":161233,"mergeCommit":{"message":"[Fleet]
Fix permissions in integrations Assets page (#161233)\n\nFixes
https://github.com/elastic/kibana/issues/161058\r\n\r\n## Summary\r\nFix
permissions for Integrations assets tab. A user with role \"Fleet
All\r\n- Integration Read\" wasn't able to visualize the assets
tab.\r\n\r\n### Test\r\n\r\n- Create a user with \"Fleet All -
Integration Read\" as shown in
this\r\nvideo:\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/16084106/a13c6ddd-a3d1-4e15-9c9d-9d56e1dbb0f0\r\n\r\n-
Log in with this new user\r\n- Navigate to any installed integration,
then to the Assets tab\r\n- Verify that the assets are shown as usual
(no warnings are shown)\r\n\r\n<img width=\"2556\" alt=\"Screenshot
2023-07-05 at 10 22
36\"\r\nsrc=\"https://github.com/elastic/kibana/assets/16084106/b050d7ee-3794-41c4-b429-50eb6291697a\">","sha":"38b487a879ba12a2a6b37930fd05d60aa3c7ae10"}}]}]
BACKPORT-->

Co-authored-by: Cristina Amico <criamico@users.noreply.github.com>
@amolnater-qasource amolnater-qasource added the QA:Ready for Testing Code is merged and ready for QA to validate label Jul 5, 2023
@amolnater-qasource
Copy link
Author

Hi Team,

We have revalidated this issue on latest 8.9.0 BC4 kibana cloud environment and found it fixed now.

Observations:

  • User is able to view integration Assets when logged in as User with role: Fleet-All, Integrations-Read and Saved Objects Management- Read.

Screenshot:
image

Build details:
VERSION: 8.9.0 BC4
BUILD: 64661
COMMIT: ddf0c19
Artifact Link: https://staging.elastic.co/8.9.0-c6bb8f7a/summary-8.9.0.html#elastic-agent

Hence we are marking this issue as QA:Validated.

Thanks!

@amolnater-qasource amolnater-qasource added QA:Validated Issue has been validated by QA and removed QA:Ready for Testing Code is merged and ready for QA to validate labels Jul 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@criamico criamico

Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Fleet] Fix permissions in integrations Assets page criamico/kibana
5 participants
@elasticmachine @criamico @jlind23 @manishgupta-qasource @amolnater-qasource