Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Inventory] Check permissions before registering the Inventory plugin in observabilityShared navigation #195557

Merged
merged 11 commits into from
Oct 10, 2024
Merged

[Inventory] Check permissions before registering the Inventory plugin in observabilityShared navigation #195557

merged 11 commits into from
Oct 10, 2024

Conversation

iblancof
Copy link
Contributor

@iblancof iblancof commented Oct 9, 2024
edited by kibanamachine
Loading

Summary

Fixes #195360 and #195560

This PR fixes a bug where the Inventory plugin is improperly registered in the ObservabilityShared navigation, even in spaces that lack the required permissions or for user roles that don't have permissions. As a result, the Inventory link appears in the navigation whenever the space/user has access to any other Observability plugin.

Space permissions

Before

Space config ObservabilityShared navigation
Image Image
After
Space config ObservabilityShared navigation
Screenshot 2024-10-09 at 11 47 34 Screenshot 2024-10-09 at 11 47 12
Screenshot 2024-10-09 at 11 47 59 Screenshot 2024-10-09 at 11 48 09

User permissions

Before

Role config ObservabilityShared navigation
Image Image

After

Role config ObservabilityShared navigation
Image Screenshot 2024-10-09 at 12 52 48

@iblancof iblancof added release_note:skip Skip the PR/issue when compiling release notes backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) Team:obs-ux-infra_services Observability Infrastructure & Services User Experience Team v8.16.0 labels Oct 9, 2024
@iblancof iblancof self-assigned this Oct 9, 2024
@iblancof iblancof requested review from a team as code owners October 9, 2024 10:02
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services)

@botelastic botelastic bot added the ci:project-deploy-observability Create an Observability project label Oct 9, 2024
@iblancof
Merge branch 'main' into 195360-inventory-plugin-incorrectly-displaye…
f475c04 
…d-in-observability-navigation-without-necessary-permissions
@iblancof
Copy link
Contributor Author

iblancof commented Oct 9, 2024
edited
Loading

Warning

Converting the PR to draft to include the fix for this other issue too #195560

@iblancof iblancof marked this pull request as draft October 9, 2024 10:48
@iblancof
Check app capabilities before registering the Inventory plugin
3b1d39b
@iblancof
Merge branch '195360-inventory-plugin-incorrectly-displayed-in-observ…
084f255 
…ability-navigation-without-necessary-permissions' of https://github.com/iblancof/kibana into 195360-inventory-plugin-incorrectly-displayed-in-observability-navigation-without-necessary-permissions
@iblancof iblancof changed the title [Inventory] Check space configuration before registering the Inventory plugin in observabilityShared navigation [Inventory] Check permissions before registering the Inventory plugin in observabilityShared navigation Oct 9, 2024
@iblancof iblancof marked this pull request as ready for review October 9, 2024 11:55
@iblancof iblancof linked an issue Oct 9, 2024 that may be closed by this pull request
[Inventory] Plugin incorrectly displayed in Observability navigation without user permissions #195560
Closed
cauemarcondes
cauemarcondes approved these changes Oct 9, 2024
View reviewed changes
Copy link
Contributor

@cauemarcondes cauemarcondes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

crespocarlos
crespocarlos approved these changes Oct 10, 2024
View reviewed changes
Copy link
Contributor

@crespocarlos crespocarlos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@elasticmachine
Copy link
Contributor

elasticmachine commented Oct 10, 2024
edited
Loading

💚 Build Succeeded

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
inventory 10.0KB 10.2KB +237.0B

History

cc @iblancof

@iblancof iblancof merged commit 7927ebf into elastic:main Oct 10, 2024
27 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11274086035

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 10, 2024
@iblancof
[Inventory] Check permissions before registering the Inventory plugin…
d9fb414 
… in observabilityShared navigation (elastic#195557)

## Summary

Fixes elastic#195360 and
elastic#195560

This PR fixes a bug where the Inventory plugin is improperly registered
in the ObservabilityShared navigation, even in spaces that lack the
required permissions or for user roles that don't have permissions. As a
result, the Inventory link appears in the navigation whenever the
space/user has access to any other Observability plugin.

### Space permissions
#### Before
|Space config|ObservabilityShared navigation|
|-|-|

|![Image](https://github.com/user-attachments/assets/53f51d01-faae-4795-b84b-da636a2e46d3)|![Image](https://github.com/user-attachments/assets/d6c98df5-6975-4e95-be24-7e53e6e1ee02)|

##### After
|Space config|ObservabilityShared navigation|
|-|-|
|![Screenshot 2024-10-09 at 11 47
34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot
2024-10-09 at 11 47
12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|
|![Screenshot 2024-10-09 at 11 47
59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot
2024-10-09 at 11 48
09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|

### User permissions

#### Before
|Role config|ObservabilityShared navigation|
|-|-|

|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|![Image](https://github.com/user-attachments/assets/4ffb48a9-81f0-48bd-9156-a98e3361c279)|

#### After
|Role config|ObservabilityShared navigation|
|-|-|

|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img
width="1266" alt="Screenshot 2024-10-09 at 12 52 48"
src="https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3">|

(cherry picked from commit 7927ebf)
@kibanamachine kibanamachine mentioned this pull request Oct 10, 2024
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

@iblancof iblancof deleted the 195360-inventory-plugin-incorrectly-displayed-in-observability-navigation-without-necessary-permissions branch October 10, 2024 12:38
@kibanamachine kibanamachine mentioned this pull request Oct 10, 2024
Merged
kibanamachine added a commit that referenced this pull request Oct 10, 2024
@kibanamachine @iblancof
[8.x] [Inventory] Check permissions before registering the Inventory …
013bfca 
…plugin in observabilityShared navigation (#195557) (#195758)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Inventory] Check permissions before registering the Inventory plugin
in observabilityShared navigation
(#195557)](#195557)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Irene
Blanco","email":"irene.blanco@elastic.co"},"sourceCommit":{"committedDate":"2024-10-10T12:32:37Z","message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
#195360
and\r\nhttps://github.com//issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/53f51d01-faae-4795-b84b-da636a2e46d3)|![Image](https://github.com/user-attachments/assets/d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|![Image](https://github.com/user-attachments/assets/4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-infra_services","v8.16.0"],"title":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared
navigation","number":195557,"url":"https://github.com/elastic/kibana/pull/195557","mergeCommit":{"message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
#195360
and\r\nhttps://github.com//issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/53f51d01-faae-4795-b84b-da636a2e46d3)|![Image](https://github.com/user-attachments/assets/d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|![Image](https://github.com/user-attachments/assets/4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195557","number":195557,"mergeCommit":{"message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
#195360
and\r\nhttps://github.com//issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/53f51d01-faae-4795-b84b-da636a2e46d3)|![Image](https://github.com/user-attachments/assets/d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|![Image](https://github.com/user-attachments/assets/4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Irene Blanco <irene.blanco@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cauemarcondes cauemarcondes cauemarcondes approved these changes

@jloleysens jloleysens jloleysens approved these changes

@crespocarlos crespocarlos crespocarlos approved these changes

Assignees

@iblancof iblancof

Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) ci:project-deploy-observability Create an Observability project release_note:skip Skip the PR/issue when compiling release notes Team:obs-ux-infra_services Observability Infrastructure & Services User Experience Team v8.16.0 v9.0.0
Projects
None yet
Milestone
No milestone
6 participants
@iblancof @elasticmachine @kibanamachine @crespocarlos @jloleysens @cauemarcondes