Skip to content

Commit b40a8f3

Browse files
legregolegrego
committed
Role Management - use ES Builtin Privilege API to drive list o… (elastic#40270)
* use ES builtin privileges API for role management * Exclude 'none' from privilege lists * additional cleanup
1 parent 004572c commit b40a8f3

23 files changed

+231
-217
lines changed

x-pack/legacy/plugins/security/common/model/builtin_es_privileges.ts

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
7+
export interface BuiltinESPrivileges {
8+
cluster: string[];
9+
index: string[];
10+
}

x-pack/legacy/plugins/security/common/model/index.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,4 @@ export { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_pr
1010
export { KibanaPrivileges } from './kibana_privileges';
1111
export { User, EditUser, getUserDisplayName } from './user';
1212
export { AuthenticatedUser, canUserChangePassword } from './authenticated_user';
13+
export { BuiltinESPrivileges } from './builtin_es_privileges';

x-pack/legacy/plugins/security/index.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import { initUsersApi } from './server/routes/api/v1/users';
1212
import { initExternalRolesApi } from './server/routes/api/external/roles';
1313
import { initPrivilegesApi } from './server/routes/api/external/privileges';
1414
import { initIndicesApi } from './server/routes/api/v1/indices';
15+
import { initGetBuiltinPrivilegesApi } from './server/routes/api/v1/builtin_privileges';
1516
import { initOverwrittenSessionView } from './server/routes/views/overwritten_session';
1617
import { initLoginView } from './server/routes/views/login';
1718
import { initLogoutView } from './server/routes/views/logout';
@@ -230,6 +231,7 @@ export const security = (kibana) => new kibana.Plugin({
230231
initExternalRolesApi(server);
231232
initIndicesApi(server);
232233
initPrivilegesApi(server);
234+
initGetBuiltinPrivilegesApi(server);
233235
initLoginView(server, xpackMainPlugin);
234236
initLogoutView(server);
235237
initLoggedOutView(server);

x-pack/legacy/plugins/security/public/services/application_privilege.js

Lines changed: 0 additions & 18 deletions
This file was deleted.

x-pack/legacy/plugins/security/public/services/role_privileges.js

Lines changed: 0 additions & 57 deletions
This file was deleted.

x-pack/legacy/plugins/security/public/views/management/edit_role/components/edit_role_page.test.tsx

Lines changed: 55 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,13 @@ const buildRawKibanaPrivileges = () => {
6565
return privilegesFactory(actions, xpackMainPlugin as any).get();
6666
};
6767

68+
const buildBuiltinESPrivileges = () => {
69+
return {
70+
cluster: ['all', 'manage', 'monitor'],
71+
index: ['all', 'read', 'write', 'index'],
72+
};
73+
};
74+
6875
const buildUICapabilities = (canManageSpaces = true) => {
6976
return {
7077
catalogue: {},
@@ -132,7 +139,8 @@ describe('<EditRolePage />', () => {
132139
const features: Feature[] = buildFeatures();
133140
const mockHttpClient = jest.fn();
134141
const indexPatterns: string[] = ['foo*', 'bar*'];
135-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
142+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
143+
const builtinESPrivileges = buildBuiltinESPrivileges();
136144
const spaces: Space[] = buildSpaces();
137145
const uiCapabilities: UICapabilities = buildUICapabilities();
138146

@@ -146,7 +154,8 @@ describe('<EditRolePage />', () => {
146154
features={features}
147155
httpClient={mockHttpClient}
148156
indexPatterns={indexPatterns}
149-
privileges={privileges}
157+
kibanaPrivileges={kibanaPrivileges}
158+
builtinESPrivileges={builtinESPrivileges}
150159
spaces={spaces}
151160
spacesEnabled={true}
152161
uiCapabilities={uiCapabilities}
@@ -180,7 +189,8 @@ describe('<EditRolePage />', () => {
180189
const features: Feature[] = buildFeatures();
181190
const mockHttpClient = jest.fn();
182191
const indexPatterns: string[] = ['foo*', 'bar*'];
183-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
192+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
193+
const builtinESPrivileges = buildBuiltinESPrivileges();
184194
const spaces: Space[] = buildSpaces();
185195
const uiCapabilities: UICapabilities = buildUICapabilities();
186196

@@ -194,7 +204,8 @@ describe('<EditRolePage />', () => {
194204
features={features}
195205
httpClient={mockHttpClient}
196206
indexPatterns={indexPatterns}
197-
privileges={privileges}
207+
kibanaPrivileges={kibanaPrivileges}
208+
builtinESPrivileges={builtinESPrivileges}
198209
spaces={spaces}
199210
spacesEnabled={true}
200211
uiCapabilities={uiCapabilities}
@@ -222,7 +233,8 @@ describe('<EditRolePage />', () => {
222233
const features: Feature[] = buildFeatures();
223234
const mockHttpClient = jest.fn();
224235
const indexPatterns: string[] = ['foo*', 'bar*'];
225-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
236+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
237+
const builtinESPrivileges = buildBuiltinESPrivileges();
226238
const spaces: Space[] = buildSpaces();
227239
const uiCapabilities: UICapabilities = buildUICapabilities();
228240

@@ -236,7 +248,8 @@ describe('<EditRolePage />', () => {
236248
features={features}
237249
httpClient={mockHttpClient}
238250
indexPatterns={indexPatterns}
239-
privileges={privileges}
251+
kibanaPrivileges={kibanaPrivileges}
252+
builtinESPrivileges={builtinESPrivileges}
240253
spaces={spaces}
241254
spacesEnabled={true}
242255
uiCapabilities={uiCapabilities}
@@ -280,7 +293,8 @@ describe('<EditRolePage />', () => {
280293
const features: Feature[] = buildFeatures();
281294
const mockHttpClient = jest.fn();
282295
const indexPatterns: string[] = ['foo*', 'bar*'];
283-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
296+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
297+
const builtinESPrivileges = buildBuiltinESPrivileges();
284298
const spaces: Space[] = buildSpaces();
285299
const uiCapabilities: UICapabilities = buildUICapabilities();
286300

@@ -294,7 +308,8 @@ describe('<EditRolePage />', () => {
294308
features={features}
295309
httpClient={mockHttpClient}
296310
indexPatterns={indexPatterns}
297-
privileges={privileges}
311+
kibanaPrivileges={kibanaPrivileges}
312+
builtinESPrivileges={builtinESPrivileges}
298313
spaces={spaces}
299314
spacesEnabled={true}
300315
uiCapabilities={uiCapabilities}
@@ -327,7 +342,8 @@ describe('<EditRolePage />', () => {
327342
const features: Feature[] = buildFeatures();
328343
const mockHttpClient = jest.fn();
329344
const indexPatterns: string[] = ['foo*', 'bar*'];
330-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
345+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
346+
const builtinESPrivileges = buildBuiltinESPrivileges();
331347
const spaces: Space[] = buildSpaces();
332348
const uiCapabilities: UICapabilities = buildUICapabilities(false);
333349

@@ -341,7 +357,8 @@ describe('<EditRolePage />', () => {
341357
features={features}
342358
httpClient={mockHttpClient}
343359
indexPatterns={indexPatterns}
344-
privileges={privileges}
360+
kibanaPrivileges={kibanaPrivileges}
361+
builtinESPrivileges={builtinESPrivileges}
345362
spaces={spaces}
346363
spacesEnabled={true}
347364
uiCapabilities={uiCapabilities}
@@ -374,7 +391,8 @@ describe('<EditRolePage />', () => {
374391
const features: Feature[] = buildFeatures();
375392
const mockHttpClient = jest.fn();
376393
const indexPatterns: string[] = ['foo*', 'bar*'];
377-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
394+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
395+
const builtinESPrivileges = buildBuiltinESPrivileges();
378396
const spaces: Space[] = buildSpaces();
379397
const uiCapabilities: UICapabilities = buildUICapabilities(false);
380398

@@ -388,7 +406,8 @@ describe('<EditRolePage />', () => {
388406
features={features}
389407
httpClient={mockHttpClient}
390408
indexPatterns={indexPatterns}
391-
privileges={privileges}
409+
kibanaPrivileges={kibanaPrivileges}
410+
builtinESPrivileges={builtinESPrivileges}
392411
spaces={spaces}
393412
spacesEnabled={true}
394413
uiCapabilities={uiCapabilities}
@@ -424,7 +443,8 @@ describe('<EditRolePage />', () => {
424443
const features: Feature[] = buildFeatures();
425444
const mockHttpClient = jest.fn();
426445
const indexPatterns: string[] = ['foo*', 'bar*'];
427-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
446+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
447+
const builtinESPrivileges = buildBuiltinESPrivileges();
428448
const uiCapabilities: UICapabilities = buildUICapabilities();
429449

430450
const wrapper = mountWithIntl(
@@ -437,7 +457,8 @@ describe('<EditRolePage />', () => {
437457
features={features}
438458
httpClient={mockHttpClient}
439459
indexPatterns={indexPatterns}
440-
privileges={privileges}
460+
kibanaPrivileges={kibanaPrivileges}
461+
builtinESPrivileges={builtinESPrivileges}
441462
spaces={[]}
442463
spacesEnabled={false}
443464
uiCapabilities={uiCapabilities}
@@ -471,7 +492,8 @@ describe('<EditRolePage />', () => {
471492
const features: Feature[] = buildFeatures();
472493
const mockHttpClient = jest.fn();
473494
const indexPatterns: string[] = ['foo*', 'bar*'];
474-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
495+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
496+
const builtinESPrivileges = buildBuiltinESPrivileges();
475497
const uiCapabilities: UICapabilities = buildUICapabilities();
476498

477499
const wrapper = mountWithIntl(
@@ -484,7 +506,8 @@ describe('<EditRolePage />', () => {
484506
features={features}
485507
httpClient={mockHttpClient}
486508
indexPatterns={indexPatterns}
487-
privileges={privileges}
509+
kibanaPrivileges={kibanaPrivileges}
510+
builtinESPrivileges={builtinESPrivileges}
488511
spaces={[]}
489512
spacesEnabled={false}
490513
uiCapabilities={uiCapabilities}
@@ -512,7 +535,8 @@ describe('<EditRolePage />', () => {
512535
const features: Feature[] = buildFeatures();
513536
const mockHttpClient = jest.fn();
514537
const indexPatterns: string[] = ['foo*', 'bar*'];
515-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
538+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
539+
const builtinESPrivileges = buildBuiltinESPrivileges();
516540
const uiCapabilities: UICapabilities = buildUICapabilities();
517541

518542
const wrapper = mountWithIntl(
@@ -525,7 +549,8 @@ describe('<EditRolePage />', () => {
525549
features={features}
526550
httpClient={mockHttpClient}
527551
indexPatterns={indexPatterns}
528-
privileges={privileges}
552+
kibanaPrivileges={kibanaPrivileges}
553+
builtinESPrivileges={builtinESPrivileges}
529554
spaces={[]}
530555
spacesEnabled={false}
531556
uiCapabilities={uiCapabilities}
@@ -568,7 +593,8 @@ describe('<EditRolePage />', () => {
568593
const features: Feature[] = buildFeatures();
569594
const mockHttpClient = jest.fn();
570595
const indexPatterns: string[] = ['foo*', 'bar*'];
571-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
596+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
597+
const builtinESPrivileges = buildBuiltinESPrivileges();
572598
const uiCapabilities: UICapabilities = buildUICapabilities();
573599

574600
const wrapper = mountWithIntl(
@@ -581,7 +607,8 @@ describe('<EditRolePage />', () => {
581607
features={features}
582608
httpClient={mockHttpClient}
583609
indexPatterns={indexPatterns}
584-
privileges={privileges}
610+
kibanaPrivileges={kibanaPrivileges}
611+
builtinESPrivileges={builtinESPrivileges}
585612
spaces={[]}
586613
spacesEnabled={false}
587614
uiCapabilities={uiCapabilities}
@@ -613,7 +640,8 @@ describe('<EditRolePage />', () => {
613640
const features: Feature[] = buildFeatures();
614641
const mockHttpClient = jest.fn();
615642
const indexPatterns: string[] = ['foo*', 'bar*'];
616-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
643+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
644+
const builtinESPrivileges = buildBuiltinESPrivileges();
617645
const uiCapabilities: UICapabilities = buildUICapabilities(false);
618646

619647
const wrapper = mountWithIntl(
@@ -626,7 +654,8 @@ describe('<EditRolePage />', () => {
626654
features={features}
627655
httpClient={mockHttpClient}
628656
indexPatterns={indexPatterns}
629-
privileges={privileges}
657+
kibanaPrivileges={kibanaPrivileges}
658+
builtinESPrivileges={builtinESPrivileges}
630659
spaces={[]}
631660
spacesEnabled={false}
632661
uiCapabilities={uiCapabilities}
@@ -659,7 +688,8 @@ describe('<EditRolePage />', () => {
659688
const features: Feature[] = buildFeatures();
660689
const mockHttpClient = jest.fn();
661690
const indexPatterns: string[] = ['foo*', 'bar*'];
662-
const privileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
691+
const kibanaPrivileges: RawKibanaPrivileges = buildRawKibanaPrivileges();
692+
const builtinESPrivileges = buildBuiltinESPrivileges();
663693
const uiCapabilities: UICapabilities = buildUICapabilities(false);
664694

665695
const wrapper = mountWithIntl(
@@ -672,7 +702,8 @@ describe('<EditRolePage />', () => {
672702
features={features}
673703
httpClient={mockHttpClient}
674704
indexPatterns={indexPatterns}
675-
privileges={privileges}
705+
kibanaPrivileges={kibanaPrivileges}
706+
builtinESPrivileges={builtinESPrivileges}
676707
spaces={[]}
677708
spacesEnabled={false}
678709
uiCapabilities={uiCapabilities}

0 commit comments

Comments
 (0)