Skip to content

Role Management - use ES Builtin Privilege API to drive list of privileges #40270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 10, 2019
Merged

Role Management - use ES Builtin Privilege API to drive list of privileges #40270

merged 5 commits into from
Jul 10, 2019

Conversation

@legrego
Copy link
Member

@legrego legrego commented Jul 3, 2019

Summary

Replaces hard-coded cluster and index privileges with a list generated from the ES builtin privileges endpoint (/_security/privilege/_builtin).

Closes #40247

Note: CI will fail until the ES snapshot is updated with the new endpoint.

@legrego legrego changed the title Security/es privs api Role Management - use ES Builtin Privilege API to drive list of privileges Jul 3, 2019
@elasticmachine

This comment has been minimized.

Sign in to view
legrego
legrego commented Jul 8, 2019
View reviewed changes
x-pack/legacy/plugins/security/common/model/builtin_es_privileges.ts
* you may not use this file except in compliance with the Elastic License.
*/

export interface BuiltinESPrivileges {
Copy link
Member Author

@legrego legrego Jul 8, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not married to the name, but I thought I'd keep it consistent with what ES chose to call this.

@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 8, 2019

💚 Build Succeeded

legrego
legrego commented Jul 8, 2019
View reviewed changes
x-pack/legacy/plugins/security/public/views/management/edit_role/index.js
kibanaPrivileges() {
return kfetch({ method: 'get', pathname: '/api/security/privileges', query: { includeActions: true } });
},
builtinESPrivileges() {
Copy link
Member Author

@legrego legrego Jul 8, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once we de-angularize, I think it'd make sense to make the ElasticsearchPrivileges component (or similar) responsible for this, rather than passing it down from the EditRolesPage component. I opted for this approach to stay consistent with the rest of the page, and we can come up with a holistic data-access approach for the entire screen once we remove angular.

@legrego legrego added Feature:Security/Authorization Platform Security - Authorization Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// labels Jul 8, 2019
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 8, 2019

Pinging @elastic/kibana-security

@legrego legrego marked this pull request as ready for review July 8, 2019 11:28
@legrego legrego requested a review from a team as a code owner July 8, 2019 11:28
@legrego legrego requested a review from kobelb July 8, 2019 11:28
@legrego legrego added the release_note:skip Skip the PR/issue when compiling release notes label Jul 8, 2019
@legrego legrego added the review label Jul 10, 2019
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 10, 2019

💚 Build Succeeded

@legrego legrego merged commit 0a527c6 into elastic:master Jul 10, 2019
@legrego legrego deleted the security/es-privs-api branch July 10, 2019 13:49
@legrego legrego mentioned this pull request Jul 10, 2019
Merged
legrego added a commit to legrego/kibana that referenced this pull request Jul 10, 2019
@legrego
Role Management - use ES Builtin Privilege API to drive list o… (elas…
b40a8f3 
…tic#40270)

* use ES builtin privileges API for role management

* Exclude 'none' from privilege lists

* additional cleanup
@jakelandis jakelandis mentioned this pull request Oct 15, 2019
Closed
55 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kobelb kobelb kobelb approved these changes

Assignees

No one assigned

Labels

Feature:Security/Authorization Platform Security - Authorization release_note:skip Skip the PR/issue when compiling release notes Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v7.4.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Roles Management - use privilege list from ES

3 participants

@legrego @elasticmachine @kobelb