-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Infinite loading state on the rule install page when user doesn't have write privileges #161543
Comments
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
…ty:Read privileges (#176598) Fixes: #161543 ## Summary Original bug issue reported an infinite loading state in the **Add Elastic rules** page when user doesn't have write privileges, i.e. has `Security: Read`. However, that seems to have been fixed already, as the list of rules to install is shown, but no individual "Install button" for each row is showed. **This is expected behaviour**. ![image](https://github.com/elastic/kibana/assets/5354282/f57adc2b-9073-4019-a15e-8c05e48f1b9d) However, when displaying the Rule Details flyout, the button for Installation in the flyout is still enabled due to missing checks. This PR fixes that and now displays a disabled button for users with no privileges. ![image](https://github.com/elastic/kibana/assets/5354282/70a6b209-59bb-4199-99f9-f2222fb78d68) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
…ty:Read privileges (elastic#176598) Fixes: elastic#161543 ## Summary Original bug issue reported an infinite loading state in the **Add Elastic rules** page when user doesn't have write privileges, i.e. has `Security: Read`. However, that seems to have been fixed already, as the list of rules to install is shown, but no individual "Install button" for each row is showed. **This is expected behaviour**. ![image](https://github.com/elastic/kibana/assets/5354282/f57adc2b-9073-4019-a15e-8c05e48f1b9d) However, when displaying the Rule Details flyout, the button for Installation in the flyout is still enabled due to missing checks. This PR fixes that and now displays a disabled button for users with no privileges. ![image](https://github.com/elastic/kibana/assets/5354282/70a6b209-59bb-4199-99f9-f2222fb78d68) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit c3c1b66)
… Security:Read privileges (#176598) (#176616) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution] Disable installation button for users with Security:Read privileges (#176598)](#176598) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Juan Pablo Djeredjian","email":"jpdjeredjian@gmail.com"},"sourceCommit":{"committedDate":"2024-02-09T16:47:13Z","message":"[Security Solution] Disable installation button for users with Security:Read privileges (#176598)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nOriginal bug issue reported an infinite loading state in the **Add\r\nElastic rules** page when user doesn't have write privileges, i.e. has\r\n`Security: Read`.\r\n\r\nHowever, that seems to have been fixed already, as the list of rules to\r\ninstall is shown, but no individual \"Install button\" for each row is\r\nshowed. **This is expected behaviour**.\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/5354282/f57adc2b-9073-4019-a15e-8c05e48f1b9d)\r\n\r\nHowever, when displaying the Rule Details flyout, the button for\r\nInstallation in the flyout is still enabled due to missing checks. This\r\nPR fixes that and now displays a disabled button for users with no\r\nprivileges.\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/5354282/70a6b209-59bb-4199-99f9-f2222fb78d68)\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"c3c1b667c1de1aa36955528098ce0be15e7272b1","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.12.0","8.13 candidate","v8.13.0"],"title":"[Security Solution] Disable installation button for users with Security:Read privileges","number":176598,"url":"https://github.com/elastic/kibana/pull/176598","mergeCommit":{"message":"[Security Solution] Disable installation button for users with Security:Read privileges (#176598)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nOriginal bug issue reported an infinite loading state in the **Add\r\nElastic rules** page when user doesn't have write privileges, i.e. has\r\n`Security: Read`.\r\n\r\nHowever, that seems to have been fixed already, as the list of rules to\r\ninstall is shown, but no individual \"Install button\" for each row is\r\nshowed. **This is expected behaviour**.\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/5354282/f57adc2b-9073-4019-a15e-8c05e48f1b9d)\r\n\r\nHowever, when displaying the Rule Details flyout, the button for\r\nInstallation in the flyout is still enabled due to missing checks. This\r\nPR fixes that and now displays a disabled button for users with no\r\nprivileges.\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/5354282/70a6b209-59bb-4199-99f9-f2222fb78d68)\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"c3c1b667c1de1aa36955528098ce0be15e7272b1"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/176598","number":176598,"mergeCommit":{"message":"[Security Solution] Disable installation button for users with Security:Read privileges (#176598)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nOriginal bug issue reported an infinite loading state in the **Add\r\nElastic rules** page when user doesn't have write privileges, i.e. has\r\n`Security: Read`.\r\n\r\nHowever, that seems to have been fixed already, as the list of rules to\r\ninstall is shown, but no individual \"Install button\" for each row is\r\nshowed. **This is expected behaviour**.\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/5354282/f57adc2b-9073-4019-a15e-8c05e48f1b9d)\r\n\r\nHowever, when displaying the Rule Details flyout, the button for\r\nInstallation in the flyout is still enabled due to missing checks. This\r\nPR fixes that and now displays a disabled button for users with no\r\nprivileges.\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/5354282/70a6b209-59bb-4199-99f9-f2222fb78d68)\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"c3c1b667c1de1aa36955528098ce0be15e7272b1"}}]}] BACKPORT--> Co-authored-by: Juan Pablo Djeredjian <jpdjeredjian@gmail.com>
…ty:Read privileges (elastic#176598) Fixes: elastic#161543 ## Summary Original bug issue reported an infinite loading state in the **Add Elastic rules** page when user doesn't have write privileges, i.e. has `Security: Read`. However, that seems to have been fixed already, as the list of rules to install is shown, but no individual "Install button" for each row is showed. **This is expected behaviour**. ![image](https://github.com/elastic/kibana/assets/5354282/f57adc2b-9073-4019-a15e-8c05e48f1b9d) However, when displaying the Rule Details flyout, the button for Installation in the flyout is still enabled due to missing checks. This PR fixes that and now displays a disabled button for users with no privileges. ![image](https://github.com/elastic/kibana/assets/5354282/70a6b209-59bb-4199-99f9-f2222fb78d68) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
@vgomez-el Another related bug has been fixed in #176598 and we couldn't reproduce the one decribed in this ticket's description. Could you please validate both? The fix should be available in |
@banderror I am still able to reproduce the bug on 8.13 BC2. The hint is directly typing on browser url bar the /app/security/rules/add_rules page URL directly. See attached video: REC-20240229180442.mp4On the other hand, the bug looks fixed in a 8.12.2 version: REC-20240229181308.mp4 |
Related with the task that you mentioned, In 8.12.2 the visibility of the install button on rule details flyout is fixed for a user with read only privileges: |
…ty:Read privileges (elastic#176598) Fixes: elastic#161543 ## Summary Original bug issue reported an infinite loading state in the **Add Elastic rules** page when user doesn't have write privileges, i.e. has `Security: Read`. However, that seems to have been fixed already, as the list of rules to install is shown, but no individual "Install button" for each row is showed. **This is expected behaviour**. ![image](https://github.com/elastic/kibana/assets/5354282/f57adc2b-9073-4019-a15e-8c05e48f1b9d) However, when displaying the Rule Details flyout, the button for Installation in the flyout is still enabled due to missing checks. This PR fixes that and now displays a disabled button for users with no privileges. ![image](https://github.com/elastic/kibana/assets/5354282/70a6b209-59bb-4199-99f9-f2222fb78d68) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Update: Initially failed to tried to reproduce the issue in PROD 8.13 BC 3. @vgomez-el wasn't able to reproduce it as well on the same env, so we investigated further. The issue was finally reproduced on an edge case: if the I'll change this logic so the No rules to Install display is shown (or similar solution) |
@jpdjere @vgomez-el Thank you for localizing the bug. Don't we already show an "empty screen" for this table when there are no rules to install? I think it shows a button like "go back to the Rule Management page". I mean we could probably just reuse it for the case when |
@banderror Yes, exactly. That's the UI I think we should show for this case |
…users with `Security: Read` permissions (#178005) Fixes: #161543 ## Summary Solves edge case of a `Security: Read` user visiting the Add Rules page before a user with permissions does (therefore the space has no permissions). This would cause the `/install/_review` call to never happen, and the page to get stuck in an infinite loading state. - Encapsulates logic to calculate if the `/install/_review` endpoint should be called - Allows `Security: Read` users to make the endpoint call `/install/_review` - The "All Elastic rules already installed" screen is shown to users in this edge case. - Adds frontend integration tests to Add Tables page ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
@vgomez-el I merged the PR that fixes this issue. Leaving the ticket open for QA to close. |
…users with `Security: Read` permissions (elastic#178005) Fixes: elastic#161543 ## Summary Solves edge case of a `Security: Read` user visiting the Add Rules page before a user with permissions does (therefore the space has no permissions). This would cause the `/install/_review` call to never happen, and the page to get stuck in an infinite loading state. - Encapsulates logic to calculate if the `/install/_review` endpoint should be called - Allows `Security: Read` users to make the endpoint call `/install/_review` - The "All Elastic rules already installed" screen is shown to users in this edge case. - Adds frontend integration tests to Add Tables page ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit b8396f4)
Recreated backport to 8.13: #178603 |
…users with `Security: Read` permissions (elastic#178005) Fixes: elastic#161543 ## Summary Solves edge case of a `Security: Read` user visiting the Add Rules page before a user with permissions does (therefore the space has no permissions). This would cause the `/install/_review` call to never happen, and the page to get stuck in an infinite loading state. - Encapsulates logic to calculate if the `/install/_review` endpoint should be called - Allows `Security: Read` users to make the endpoint call `/install/_review` - The "All Elastic rules already installed" screen is shown to users in this edge case. - Adds frontend integration tests to Add Tables page ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit b8396f4)
…ge for users with `Security: Read` permissions (#178005) (#178603) # Backport This will backport the following commits from `main` to `8.13`: - [[Security Solution] Fix infinite loading state on Add Rules page for users with `Security: Read` permissions (#178005)](#178005) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Juan Pablo Djeredjian","email":"jpdjeredjian@gmail.com"},"sourceCommit":{"committedDate":"2024-03-12T23:16:20Z","message":"[Security Solution] Fix infinite loading state on Add Rules page for users with `Security: Read` permissions (#178005)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nSolves edge case of a `Security: Read` user visiting the Add Rules page\r\nbefore a user with permissions does (therefore the space has no\r\npermissions). This would cause the `/install/_review` call to never\r\nhappen, and the page to get stuck in an infinite loading state.\r\n\r\n- Encapsulates logic to calculate if the `/install/_review` endpoint\r\nshould be called\r\n- Allows `Security: Read` users to make the endpoint call\r\n`/install/_review`\r\n- The \"All Elastic rules already installed\" screen is shown to users in\r\nthis edge case.\r\n- Adds frontend integration tests to Add Tables page\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"b8396f48ce05f2c16d2fd9890f921260dd6a5a7d","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.13.0","v8.14.0"],"number":178005,"url":"https://github.com/elastic/kibana/pull/178005","mergeCommit":{"message":"[Security Solution] Fix infinite loading state on Add Rules page for users with `Security: Read` permissions (#178005)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nSolves edge case of a `Security: Read` user visiting the Add Rules page\r\nbefore a user with permissions does (therefore the space has no\r\npermissions). This would cause the `/install/_review` call to never\r\nhappen, and the page to get stuck in an infinite loading state.\r\n\r\n- Encapsulates logic to calculate if the `/install/_review` endpoint\r\nshould be called\r\n- Allows `Security: Read` users to make the endpoint call\r\n`/install/_review`\r\n- The \"All Elastic rules already installed\" screen is shown to users in\r\nthis edge case.\r\n- Adds frontend integration tests to Add Tables page\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"b8396f48ce05f2c16d2fd9890f921260dd6a5a7d"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/178588","number":178588,"state":"OPEN"},{"branch":"main","label":"v8.14.0","labelRegex":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/178005","number":178005,"mergeCommit":{"message":"[Security Solution] Fix infinite loading state on Add Rules page for users with `Security: Read` permissions (#178005)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nSolves edge case of a `Security: Read` user visiting the Add Rules page\r\nbefore a user with permissions does (therefore the space has no\r\npermissions). This would cause the `/install/_review` call to never\r\nhappen, and the page to get stuck in an infinite loading state.\r\n\r\n- Encapsulates logic to calculate if the `/install/_review` endpoint\r\nshould be called\r\n- Allows `Security: Read` users to make the endpoint call\r\n`/install/_review`\r\n- The \"All Elastic rules already installed\" screen is shown to users in\r\nthis edge case.\r\n- Adds frontend integration tests to Add Tables page\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"b8396f48ce05f2c16d2fd9890f921260dd6a5a7d"}}]}] BACKPORT--> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Bug is fixed and validated for 8.13 BC5. Thanks @jpdjere for the fix! |
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Summary
Users lacking write privileges encounter an endless loading screen when attempting to navigate to the 'Add Rules' page.
Steps to Reproduce
Security: Read
privilege./kbn/app/security/rules/add_rules
.Expected Result
The page should display a 'No rules available' message.
Actual Result
The page shows an infinite loader.
The text was updated successfully, but these errors were encountered: