-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Reporting] Kibana Application Privileges for Reporting #94966
[Reporting] Kibana Application Privileges for Reporting #94966
Conversation
4269cf8
to
d756567
Compare
d756567
to
ad7f7a3
Compare
ad7f7a3
to
3d6609c
Compare
52f7b11
to
c061a0e
Compare
@elasticmachine merge upstream |
79f0501
to
c2b50ac
Compare
@elasticmachine merge upstream |
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsAPI count
API count missing comments
History
To update your PR or re-run it, just comment with: |
* Implement Reporting features as subfeatures of applications * add setting to the docker list * update doc images * finish docs * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * typo fix * "PDF / PNG Reports" => "Reporting" * Update x-pack/plugins/reporting/server/config/index.ts Co-authored-by: Larry Gregory <lgregorydev@gmail.com> * Update x-pack/test/functional/apps/security/secure_roles_perm.js Co-authored-by: Larry Gregory <lgregorydev@gmail.com> * update ids of report privileges * combine dashboard privileges into 1 group * update jest snapshot * fix tests * fix tests * updates from feedback * add note * update screenshot * fix grammer * fix bad link breaks in doc * update doc heading * Apply suggestions documentation feedback Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * simplify * use const assertions * Apply text change suggestion from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * more test for oss_features and reporting subFeatures * reduce loc diff * fix snapshot * fix flakiness in licensing plugin public functional tests Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> Co-authored-by: Larry Gregory <lgregorydev@gmail.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> # Conflicts: # x-pack/plugins/reporting/server/core.ts # x-pack/plugins/reporting/server/lib/enqueue_job.test.ts # x-pack/plugins/reporting/server/lib/store/store.test.ts # x-pack/plugins/reporting/server/lib/tasks/execute_report.test.ts # x-pack/plugins/reporting/server/lib/tasks/monitor_report.test.ts # x-pack/plugins/reporting/server/plugin.ts # x-pack/plugins/reporting/server/test_helpers/create_mock_reportingplugin.ts
FYI, this backport to 7.x is going to go into 7.14, not 7.13, unless an backport is opened to the 7.13 branch.
|
#97777) * [Reporting] Kibana Application Privileges for Reporting (#94966) * Implement Reporting features as subfeatures of applications * add setting to the docker list * update doc images * finish docs * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * typo fix * "PDF / PNG Reports" => "Reporting" * Update x-pack/plugins/reporting/server/config/index.ts Co-authored-by: Larry Gregory <lgregorydev@gmail.com> * Update x-pack/test/functional/apps/security/secure_roles_perm.js Co-authored-by: Larry Gregory <lgregorydev@gmail.com> * update ids of report privileges * combine dashboard privileges into 1 group * update jest snapshot * fix tests * fix tests * updates from feedback * add note * update screenshot * fix grammer * fix bad link breaks in doc * update doc heading * Apply suggestions documentation feedback Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * simplify * use const assertions * Apply text change suggestion from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * more test for oss_features and reporting subFeatures * reduce loc diff * fix snapshot * fix flakiness in licensing plugin public functional tests Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> Co-authored-by: Larry Gregory <lgregorydev@gmail.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> # Conflicts: # x-pack/plugins/reporting/server/core.ts # x-pack/plugins/reporting/server/lib/enqueue_job.test.ts # x-pack/plugins/reporting/server/lib/store/store.test.ts # x-pack/plugins/reporting/server/lib/tasks/execute_report.test.ts # x-pack/plugins/reporting/server/lib/tasks/monitor_report.test.ts # x-pack/plugins/reporting/server/plugin.ts # x-pack/plugins/reporting/server/test_helpers/create_mock_reportingplugin.ts * fix ci * fix eslint * skip flaky suite (#53575) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Tiago Costa <tiagoffcc@hotmail.com>
This didn't make 7.13 BCs because of the missing backport. Zoomed with @tsullivan and @LeeDr and this is what we get for setting the key in kibana.yml - xpack.reporting.roles.enabled: true
Removing 7.13.0 label from this. Thanks! |
…c#94966) (elastic#97777) * [Reporting] Kibana Application Privileges for Reporting (elastic#94966) * Implement Reporting features as subfeatures of applications * add setting to the docker list * update doc images * finish docs * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * Apply suggestions from code review Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> * typo fix * "PDF / PNG Reports" => "Reporting" * Update x-pack/plugins/reporting/server/config/index.ts Co-authored-by: Larry Gregory <lgregorydev@gmail.com> * Update x-pack/test/functional/apps/security/secure_roles_perm.js Co-authored-by: Larry Gregory <lgregorydev@gmail.com> * update ids of report privileges * combine dashboard privileges into 1 group * update jest snapshot * fix tests * fix tests * updates from feedback * add note * update screenshot * fix grammer * fix bad link breaks in doc * update doc heading * Apply suggestions documentation feedback Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * simplify * use const assertions * Apply text change suggestion from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * more test for oss_features and reporting subFeatures * reduce loc diff * fix snapshot * fix flakiness in licensing plugin public functional tests Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co> Co-authored-by: Larry Gregory <lgregorydev@gmail.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> # Conflicts: # x-pack/plugins/reporting/server/core.ts # x-pack/plugins/reporting/server/lib/enqueue_job.test.ts # x-pack/plugins/reporting/server/lib/store/store.test.ts # x-pack/plugins/reporting/server/lib/tasks/execute_report.test.ts # x-pack/plugins/reporting/server/lib/tasks/monitor_report.test.ts # x-pack/plugins/reporting/server/plugin.ts # x-pack/plugins/reporting/server/test_helpers/create_mock_reportingplugin.ts * fix ci * fix eslint * skip flaky suite (elastic#53575) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Tiago Costa <tiagoffcc@hotmail.com>
Release note: added an option to have Reporting features controlled by Kibana application privileges instead of by the
reporting_user
role.Depends on #96097
Closes #19914
Closes #76210
Before, any user with the
reporting_user
role could use any Reporting feature. This PR allows Reporting be turned on and off by Kibana application privileges. A new configuration setting for kibana.yml toggles Reporting access privilege control between using security roles (deprecated) and UI Feature Controls (new platform).The new setting is
xpack.reporting.roles.enabled
. It allows the Kibana admins to migrate Reporting from the deprecated scheme to the Kibana Platform scheme. The default value istrue
. This enables the legacy behavior of usingxpack.reporting.roles.allowed
as Elasticsearch security roles which identify the user as being granted Reporting privilege everywhere in Kibana. When the value is true, a warning is logged at startup that users should be migrated from the deprecated scheme to the new platform scheme. The warning will continue to be logged until the user migration is done. When the value is false, Reporting does not register itself as an Elasticsearch feature. Instead, applications take over and register Reporting as a sub-privilege. Administrators will give Reporting feature privileges through the Roles UI the Stack Management Security app.Screenshot of the changes that this PR makes to the Edit role > Kibana privileges screen:
When
xpack.reporting.roles.enabled
isfalse
and users have been granted privilege using feature controls, the migration from Reporting's legacy scheme to the new platform is done.In 8.0, the only allowed value will be
false
.Changes to plugins: Reporting, Features and Canvas
A method had to be added to the
FeaturesSetup
contract to allow Reporting to update internal state that triggers Reporting to be included when privileges are registered for the OSS applications. This isfeaturesSetup.enableReportingUiCapabilities()
It is meant to only be called by Reporting.A method had to be added to the
ReportingSetup
contract to allow Reporting-enabled applications to check if Reporting is configured for the New Platform behavior. If so, the application should register Reporting subfeature privileges. This isreportingSetup.usesUiCapabilities
. Canvas was updated to call this method it itssetup()
phase before registering itself as a Kibana feature.The following diagram shows the behavioral connections between the affected plugins. The parts added in this PR are highlighted in green.
Checklist
Delete any items that are not applicable to this PR.
For maintainers