Skip to content

Commit

Permalink
[8.x] [Inventory] Check permissions before registering the Inventory …
Browse files Browse the repository at this point in the history 
…plugin in observabilityShared navigation (#195557) (#195758)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Inventory] Check permissions before registering the Inventory plugin
in observabilityShared navigation
(#195557)](#195557)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Irene
Blanco","email":"irene.blanco@elastic.co"},"sourceCommit":{"committedDate":"2024-10-10T12:32:37Z","message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
#195360
and\r\nhttps://github.com//issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/53f51d01-faae-4795-b84b-da636a2e46d3)|![Image](https://github.com/user-attachments/assets/d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|![Image](https://github.com/user-attachments/assets/4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-infra_services","v8.16.0"],"title":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared
navigation","number":195557,"url":"https://github.com/elastic/kibana/pull/195557","mergeCommit":{"message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
#195360
and\r\nhttps://github.com//issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/53f51d01-faae-4795-b84b-da636a2e46d3)|![Image](https://github.com/user-attachments/assets/d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|![Image](https://github.com/user-attachments/assets/4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195557","number":195557,"mergeCommit":{"message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
#195360
and\r\nhttps://github.com//issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/53f51d01-faae-4795-b84b-da636a2e46d3)|![Image](https://github.com/user-attachments/assets/d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|![Image](https://github.com/user-attachments/assets/4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Irene Blanco <irene.blanco@elastic.co>
  • Loading branch information
@kibanamachine @iblancof
kibanamachine and iblancof authored Oct 10, 2024
1 parent a6f4228 commit 013bfca
Show file tree
Hide file tree
Showing 5 changed files with 54 additions and 30 deletions.
2 changes: 2 additions & 0 deletions x-pack/plugins/observability_solution/inventory/.storybook/get_mock_inventory_context.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import type { InferencePublicStart } from '@kbn/inference-plugin/public';
import type { ObservabilitySharedPluginStart } from '@kbn/observability-shared-plugin/public';
import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
import type { SharePluginStart } from '@kbn/share-plugin/public';
import type { SpacesPluginStart } from '@kbn/spaces-plugin/public';
import type { InventoryKibanaContext } from '../public/hooks/use_kibana';
import type { ITelemetryClient } from '../public/services/telemetry/types';

Expand All @@ -33,5 +34,6 @@ export function getMockInventoryContext(): InventoryKibanaContext {
fetch: jest.fn(),
stream: jest.fn(),
},
spaces: {} as unknown as SpacesPluginStart,
};
}
2 changes: 1 addition & 1 deletion x-pack/plugins/observability_solution/inventory/kibana.jsonc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
"share"
],
"requiredBundles": ["kibanaReact"],
"optionalPlugins": [],
"optionalPlugins": ["spaces"],
"extraPublicDirs": []
}
}
75 changes: 47 additions & 28 deletions x-pack/plugins/observability_solution/inventory/public/plugin.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import {
import { INVENTORY_APP_ID } from '@kbn/deeplinks-observability/constants';
import { i18n } from '@kbn/i18n';
import type { Logger } from '@kbn/logging';
import { from, map } from 'rxjs';
import { from, map, mergeMap, of } from 'rxjs';
import { createCallInventoryAPI } from './api';
import { TelemetryService } from './services/telemetry/telemetry_service';
import { InventoryServices } from './services/types';
Expand Down Expand Up @@ -54,34 +54,53 @@ export class InventoryPlugin
'observability:entityCentricExperience',
true
);
const getStartServices = coreSetup.getStartServices();

if (isEntityCentricExperienceSettingEnabled) {
pluginsSetup.observabilityShared.navigation.registerSections(
from(coreSetup.getStartServices()).pipe(
map(([coreStart, pluginsStart]) => {
return [
{
label: '',
sortKey: 300,
entries: [
{
label: i18n.translate('xpack.inventory.inventoryLinkTitle', {
defaultMessage: 'Inventory',
}),
app: INVENTORY_APP_ID,
path: '/',
matchPath(currentPath: string) {
return ['/', ''].some((testPath) => currentPath.startsWith(testPath));
},
isTechnicalPreview: true,
const hideInventory$ = from(getStartServices).pipe(
mergeMap(([coreStart, pluginsStart]) => {
if (pluginsStart.spaces) {
return from(pluginsStart.spaces.getActiveSpace()).pipe(
map(
(space) =>
space.disabledFeatures.includes(INVENTORY_APP_ID) ||
!coreStart.application.capabilities.inventory.show
)
);
}

return of(!coreStart.application.capabilities.inventory.show);
})
);

const sections$ = hideInventory$.pipe(
map((hideInventory) => {
if (isEntityCentricExperienceSettingEnabled && !hideInventory) {
return [
{
label: '',
sortKey: 300,
entries: [
{
label: i18n.translate('xpack.inventory.inventoryLinkTitle', {
defaultMessage: 'Inventory',
}),
app: INVENTORY_APP_ID,
path: '/',
matchPath(currentPath: string) {
return ['/', ''].some((testPath) => currentPath.startsWith(testPath));
},
],
},
];
})
)
);
}
isTechnicalPreview: true,
},
],
},
];
}
return [];
})
);

pluginsSetup.observabilityShared.navigation.registerSections(sections$);

this.telemetry.setup({ analytics: coreSetup.analytics });
const telemetry = this.telemetry.start();

Expand All @@ -102,7 +121,7 @@ export class InventoryPlugin
// Load application bundle and Get start services
const [{ renderApp }, [coreStart, pluginsStart]] = await Promise.all([
import('./application'),
coreSetup.getStartServices(),
getStartServices,
]);

const services: InventoryServices = {
Expand Down
2 changes: 2 additions & 0 deletions x-pack/plugins/observability_solution/inventory/public/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/publi
import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
import type { DataViewsPublicPluginStart } from '@kbn/data-views-plugin/public';
import type { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public';
import type { SpacesPluginStart } from '@kbn/spaces-plugin/public';

/* eslint-disable @typescript-eslint/no-empty-interface*/

Expand All @@ -38,6 +39,7 @@ export interface InventoryStartDependencies {
data: DataPublicPluginStart;
entityManager: EntityManagerPublicPluginStart;
share: SharePluginStart;
spaces?: SpacesPluginStart;
}

export interface InventoryPublicSetup {}
Expand Down
3 changes: 2 additions & 1 deletion x-pack/plugins/observability_solution/inventory/tsconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
"@kbn/config-schema",
"@kbn/elastic-agent-utils",
"@kbn/custom-icons",
"@kbn/ui-theme"
"@kbn/ui-theme",
"@kbn/spaces-plugin"
]
}

0 comments on commit 013bfca

Please sign in to comment.