[Reporting] Add deprecation messages for roles mapped to reporting_user #115125
Conversation
tsullivan
added
deprecation_warnings
(Deprecated) Feature:Reporting
tsullivan
force-pushed
the
reporting/roles-deprecation-errorhandling-7.x
branch
2 times, most recently
from
a14b4ad
to
e2f4f7d
Compare
tsullivan
force-pushed
the
reporting/roles-deprecation-errorhandling-7.x
branch
4 times, most recently
from
52e9b8b
to
a8865bd
Compare
| @@ -64,7 +64,7 @@ export const config: PluginConfigDescriptor<ReportingConfigType> = { | |||
| defaultMessage: | |||
| `Use Kibana application privileges to grant reporting privileges.` + | |||
| ` Using "{fromPath}.roles.allow" to grant reporting privileges` + | |||
| ` prevents users from using API Keys to create reports.` + | |||
| ` is deprecated.` + | |||
There was a problem hiding this comment.
This is unrelated to this PR, but the existing text in this config deprecation was really hard to read on the page.
| @@ -72,6 +72,7 @@ export class ReportingCore { | |||
| public getContract: () => ReportingSetup; | |||
|
|
|||
| constructor(private logger: LevelLogger, context: PluginInitializerContext<ReportingConfigType>) { | |||
| // TODO: capture the entire packageInfo so we can form documentation links on the server | |||
There was a problem hiding this comment.
This applies this this PR, as the doc links are hardcoded to the current version, which is an issue.
There was a problem hiding this comment.
+1 would be a good idea to address it in this PR
This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow
tsullivan
force-pushed
the
reporting/roles-deprecation-errorhandling-7.x
branch
from
a8865bd
to
4847e72
Compare
| config, | ||
| createMockPluginSetup({ | ||
| router: httpSetup.createRouter(''), | ||
| security: null, |
There was a problem hiding this comment.
This is a side effect of not having the security dependency not mocked well in createMockReportingCore before this PR.
| config, | ||
| createMockPluginSetup({ | ||
| router: httpSetup.createRouter(''), | ||
| security: null, |
There was a problem hiding this comment.
This is a side effect of not having the security dependency not mocked well in createMockReportingCore before this PR.
| @@ -39,9 +41,9 @@ export const createMockPluginSetup = (setupMock?: any): ReportingInternalSetup = | |||
| features: featuresPluginMock.createSetup(), | |||
| basePath: { set: jest.fn() }, | |||
| router: setupMock.router, | |||
| security: setupMock.security, | |||
| security: securityMock.createSetup(), | |||
There was a problem hiding this comment.
The tests in this PR needed a better security mock from the reporting test utilities
| licensing: { license$: Rx.of({ isAvailable: true, isActive: true, type: 'basic' }) } as any, | ||
| taskManager: { registerTaskDefinitions: jest.fn() } as any, | ||
| taskManager: taskManagerMock.createSetup(), |
|
Pinging @elastic/kibana-reporting-services (Team:Reporting Services) |
tsullivan
changed the title
There was a problem hiding this comment.
This is looking great @tsullivan, I did a few tests locally and it seemed to be working as expected (I didn't test the role map deprecation manually).
I left a few non-blocker comments but I think it'd be good to address the formatting of markdown before merging.
| describe('roles mapped to a deprecated role', () => { | ||
| test('logs a deprecation when a role was found that maps to the deprecated reporting_user role', async () => { | ||
| esClient.asCurrentUser.security.getRoleMapping = jest.fn().mockResolvedValue({ | ||
| body: { dungeon_master: { roles: ['reporting_user'] } }, |
x-pack/plugins/reporting/server/deprecations/reporting_role.test.ts
Outdated
Show resolved
Hide resolved
| return [ | ||
| { | ||
| title, | ||
| level: 'fetch_error', // NOTE: is fetch_error not shown in the Upgrade Assistant UI? |
There was a problem hiding this comment.
Should we follow up on this with the Stack Management team?
There was a problem hiding this comment.
I added some suggestions below!
A general suggestion/comment: we don't need to use template strings to prevent things from being translated. For example, instead of this:
'Set "{upgradableConfig}" in kibana.yml'
you can write thisL
'Set "xpack.reporting.roles.enabled: false" in kibana.yml'
I confirmed this with @Bamieh
…ecation-errorhandling-7.x
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
| @@ -85,8 +86,8 @@ export class ReportingCore { | |||
| this.executing = new Set(); | |||
| } | |||
|
|
|||
| public getKibanaVersion() { | |||
| return this.kibanaVersion; | |||
| public getKibanaPackageInfo() { | |||
There was a problem hiding this comment.
This change is to allow documentation links generated on the server to use the current branch.
💚 Build Succeeded
Metrics [docs]
To update your PR or re-run it, just comment with: |
…er (elastic#115125) * [Reporting] Add deprecation messages for roles mapped to reporting_user This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow * updates to content per feedback * updates per feedback * store packageInfo in reportingCore * use branch in the documentation links generated in the server * add tests for scenario where config does not need to be changed
…er (#115125) (#115875) * [Reporting] Add deprecation messages for roles mapped to reporting_user This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow * updates to content per feedback * updates per feedback * store packageInfo in reportingCore * use branch in the documentation links generated in the server * add tests for scenario where config does not need to be changed
Closes #115096
Follows: #100427, #94966
Summary
xpack.reporting.roles.allowScreenshots
manage_securityprivileges, they will see this error state:and these messages in the Kibana server log:
Checklist
xpack.reporting.roles.allowTesting
Security disabled
Default deprecation
reporting_userroleCustomized xpack.reporting.roles.allow
my_test_reporting_role)xpack.reporting.roles.allow: ['my_test_reporting_role']my_test_reporting_userroleMapped roles
reporting_userin Stack Management > Role MappingsInvalid privileges for Reporting deprecations
managecluster privilege, and then some privileges to Kibana (so they can login)