This PR adds _Role Based Access-Control_ to the Alerting framework & Actions feature using Kibana Feature Controls, addressing most of the Meta issue: https://github.com/elastic/kibana/issues/43994
This also closes https://github.com/elastic/kibana/issues/62438
This PR includes the following:
1. Adds `alerting` specific Security Actions (not to be confused with Alerting Actions) to the `security` plugin which allows us to assign alerting specific privileges to users of other plugins using the `features` plugin.
2. Removes the security wrapper from the savedObjectsClient in AlertsClient and instead plugs in the new AlertsAuthorization which performs the privilege checks on each api call made to the AlertsClient.
3. Adds privileges in each plugin that is already using the Alerting Framework which mirror (as closely as possible) the existing api-level tag-based privileges and plugs them into the AlertsClient.
4. Adds feature granted privileges arounds Actions (by relying on Saved Object privileges under the hood) and plugs them into the ActionsClient
5. Removes the legacy api-level tag-based privilege system from both the Alerts and Action HTTP APIs
* First draft, not quite working but a good start
* More working
* Support configuring throttle
* Get the other alerts working too
* More
* Separate into individual files
* Menu support as well as better integration in existing UIs
* Red borders!
* New overview style, and renamed alert
* more visual updates
* Update cpu usage and improve settings configuration in UI
* Convert cluster health and license expiration alert to use legacy data model
* Remove most of the custom UI and use the flyout
* Add the actual alerts
* Remove more code
* Fix formatting
* Fix up some errors
* Remove unnecessary code
* Updates
* add more links here
* Fix up linkage
* Added nodes changed alert
* Most of the version mismatch working
* Add kibana mismatch
* UI tweaks
* Add timestamp
* Support actions in the enable api
* Move this around
* Better support for changing legacy alerts
* Add missing files
* Update alerts
* Enable alerts whenever any page is visited in SM
* Tweaks
* Use more practical default
* Remove the buggy renderer and ensure setup mode can show all alerts
* Updates
* Remove unnecessary code
* Remove some dead code
* Cleanup
* Fix snapshot
* Fixes
* Fixes
* Fix test
* Add alerts to kibana and logstash listing pages
* Fix test
* Add disable/mute options
* Tweaks
* Fix linting
* Fix i18n
* Adding a couple tests
* Fix localization
* Use http
* Ensure we properly handle when an alert is resolved
* Fix tests
* Hide legacy alerts if not the right license
* Design tweaks
* Fix tests
* PR feedback
* Moar tests
* Fix i18n
* Ensure we have a control over the messaging
* Fix translations
* Tweaks
* More localization
* Copy changes
* Type
* chore(NA): upgrade oss to lodash4
chore(NA): migrate cli, cli_plugin, cli_keystore, dev, test_utils and apm src script to lodash4
chore(NA): missing file for cli plugin
chore(NA): add src core
chore(NA): es archiver and fixtures
chore(NA): try to fix functional test failure
chore(NA): migrate src/legacy entirely to lodash4 except src/legacy/core_plugins
chore(NA): move legacy core plugins to lodash4
chore(NA): upgrade optimize to lodash4
chore(NA): upgrade to lodash4 on advanced_settings, charts, console and dashboard
chore(NA): migrate to lodash4 on dev_tools, discover, embeddable, es_ui)shared, expressions, home plugins
chore(NA): upgrade data plugin to lodash4
chore(NA): upgrade usage_collection, ui_actions, tile_map, telemtry, share, saved_objects, saved_objects_management, region_map and navigation to lodash4
chore(NA): missing data upgrades to lodash4
Revert "chore(NA): upgrade usage_collection, ui_actions, tile_map, telemtry, share, saved_objects, saved_objects_management, region_map and navigation to lodash4"
This reverts commit 137055c5fed2fc52bb26547e0bc1ad2e3d4fe309.
Revert "Revert "chore(NA): upgrade usage_collection, ui_actions, tile_map, telemtry, share, saved_objects, saved_objects_management, region_map and navigation to lodash4""
This reverts commit f7e73688782998513d9fb6d7e8f0765e9beb28d1.
Revert "chore(NA): missing data upgrades to lodash4"
This reverts commit 92b85bf947a89bfc70cc4052738a6b2128ffb076.
Revert "chore(NA): upgrade data plugin to lodash4"
This reverts commit 88fdb075ee1e26c4ac979b6681d8a2b002df74c6.
chore(NA): upgrade idx_pattern_mgt, input_control_vis, inspector, kbn_legacy, kbn_react, kbn_usage_collections, kbn_utils, management and maps_legacy to lodash4
chore(NA): map src plugin data to lodash3
chore(NA): missing lodash.clonedeep dep
chore(NA): change packages kbn-config-schema deps
chore(NA): update renovate config
chore(NA): upgrade vis_type plugins to lodash4
chore(NA): move vis_type_vislib to lodash3
chore(NA): update visualizations and visualize to lodash4
chore(NA): remove lodash 3 types from src and move test to lodash4
chore(NA): move home, usage_collection and management to lodash 3
Revert "chore(NA): move home, usage_collection and management to lodash 3"
This reverts commit f86e8585f02d21550746569af54215b076a79a3d.
chore(NA): move kibana_legacy, saved_objects saved_objects_management into lodash3
chore(NA): update x-pack test to mock lodash4
Revert "chore(NA): move kibana_legacy, saved_objects saved_objects_management into lodash3"
This reverts commit 2d10fe450533e1b36db21d99cfae3ce996a244e0.
* chore(NA): move x-pack and packages to lodash 4
* chore(NA): remove mention to lodash from main package.json
* chore(NA): remove helper alias for lodash4 and make it the default lodash
* chore(NA): fix last failing types in the repo
* chore(NA): fix public api
* chore(NA): fix types for agg_row.tsx
* chore(NA): fix increment of optimizer modules in the rollup plugin
* chore(NA): migrate `src/core/public/http/fetch.ts` (#5)
* omit undefined query props
* just remove merge usage
* fix types
* chore(NA): fixes for feedback from apm team
* chore(NA): recover old behaviour on apm LoadingIndeicatorContext.tsx
* chore(NA): fixes for feedback from watson
* Platform lodash4 tweaks (#6)
* chore(NA): fix types and behaviour on src/core/server/elasticsearch/errors.ts
* Canvas fixes for lodash upgrade
* [APM] Adds unit test for APM service maps transform (#7)
* Adds a snapshot unit test for getConnections and rearranges some code to make testing easier
* reverts `ArrayList` back to `String[]` in the painless script within `fetch_service_paths_from_trace_ids.ts`
* chore(NA): update yarn.lock
* chore(NA): remove any and use a real type for alerts task runner
Co-authored-by: Gidi Meir Morris <github@gidi.io>
* chore(NA): used named import for triggers_actions_ui file
* chore(NA): fix eslint
* chore(NA): fix types
* Delete most uptime lodash references.
* Simplify. Clean up types.
* [Uptime] Delete most uptime lodash references (#8)
* Delete most uptime lodash references.
* Simplify. Clean up types.
* chore(NA): add eslint rule to avoid using lodash3
* chore(NA): apply changes on feedback from es-ui team
* fix some types (#9)
* Clean up some expressions types.
* chore(NA): missing ts-expect-error statements
* Upgrade lodash 4 vislib (#11)
* replace lodash 3 with lodash 4 on vislib plugin
* Further changes
* further replacement of lodash3 to 4
* further work on upgrading to lodash 4
* final changes to update lodash
* chore(NA): upgrade data plugin to lodash4
chore(NA): upgrade data plugin public to lodash4
chore(NA): fix typecheck task
chore(NA): fix agg_config with hasIn
chore(NA): assign to assignIn and has to hasIn
chore(NA): upgrade data plugin server to lodash4
chore(NA): new signature for core api
fix(NA): match behaviour between lodash3 and lodash4 for set in search_source
* chore(NA): remove lodash3 completely from the repo
* chore(NA): fix x-pack/test/api_integration/apis/metrics_ui/snapshot.ts missing content
* chore(NA): fix lodash usage on apm
* chore(NA): fix typecheck for maps
* Patch lodash template (#12)
* Applying changes from https://github.com/elastic/kibana/pull/64985
* Using isIterateeCall, because it seems less brittle
* Also patching `lodash/template` and `lodash/fp/template`
* Reorganizing some files...
* Revising comment
* Ends up `_` is a function also... I hate JavaScript
Co-authored-by: Pierre Gayvallet <pierre.gayvallet@gmail.com>
Co-authored-by: Josh Dover <me@joshdover.com>
Co-authored-by: Clint Andrew Hall <clint.hall@elastic.co>
Co-authored-by: Oliver Gupte <ogupte@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Gidi Meir Morris <github@gidi.io>
Co-authored-by: Justin Kambic <justin.kambic@elastic.co>
Co-authored-by: Stratoula Kalafateli <stratoula1@gmail.com>
Co-authored-by: Luke Elmers <luke.elmers@elastic.co>
Co-authored-by: Brandon Kobel <brandon.kobel@gmail.com>
Co-authored-by: kobelb <brandon.kobel@elastic.co>
* move last snapshot to inline
* move legacy files to legacy subfolder
* move request types out of legacy
* export Headers from http instead of elasticsearch
* renaming - first pass
* renaming - second pass
* fix core mocks
* adapt new calls
* update generated doc
* fix IT test mocks
* fix new usages
* Ensure we use existing Elasticsearch config
* Use separate type for this to ensure custom properties work
* PR suggestions
* PR feedback
* PR feedback
* Fix type issues
* PR feedback
* Migrated uiSettings items to new platform
* API changes
* Fixed translations
* Fixed comment and i18n
* Fixed tests
* Fixed internalization
* Fix karma tests
* made code more explicit
* Fixed plugin
* Added consts for ui settings ids.
* Added id for another settings
* Fixed tests.
* Improved imports
* Fix imports to public which were happening from the server.
* Fixed paths
* Moved styles to plugin.ts
* Moved styles
* Fixed docs
* Fix ci
* Fix ci
* fix documentation
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Alexey Antonov <alexwizp@gmail.com>
Co-authored-by: Luke Elmers <luke.elmers@elastic.co>
* [New Platform Migration]: Management - Implement NP API
Part of #47432
* partial progress on a number of management sections
* fix passing history
* Fixed types
* Fixed routing for Ingest Node Pipelines
* introduce and use react router wrapped eui components
* react router utils
* work in progress => hashRouter to router
* more partial progress
* remove console.log
* use reactRouterNavigate for management_sidebar
* Breadcrumbs will need to make use of the reactRouterNavigate function
* [triggersActions] app. Hash Router -> Router
* Replace /app/kibana#/management urls to /app/management
* remove ui/public/management
* fix some links to management apps
* fix management url for functional tests
* add data-test-subj for EuiSideNavItem
* partial progress
* fix some of ts issues
* Fixed breadcrumbs for data index management
* [kibana/spaces] section
* fix functional test
* [role_management] fix Breadcrumbs
* [api_keys] fix Breadcrumbs and Navigation
* Fixed routing for remote cluster
* [role_mapping] Partial progress
* [users] partial progress
* [watcher] partial progress
* fix eslint issues
* [snapshot_restore] partial progress
* [rollup_jobs] partial progress
* Fixed routing for cross cluster replications (partial progress). Enhanced reactRouterNavigate
* Perf optimization: fix extra re-rendering
* fix TS errors
* x-pack fix config for functional tests
* Fixed routing for index lifecycle management
* fix some broken CI tests
* fix PR comment
* [snapshot_restore] move onClick into reactRouterNavigate
* fix some jest
* fix some functional tests
* fix functiona test: management scripted fields testing regression for issue
* fix some functional tests
* [licence_management] partial progress
* Fixed x-pack jest tests
* [saved_object_management] partial progress
* Fixed some tests
* fix functional test: should add new role myroleEast
* Reverted part of changes for ml
* [transforms] partial progress
* fix TS errors
* fix functional: redirects to Kibana home
* add support of Backward compatibility
* fix functional: Saved objects management feature controls saved objects management global visualize all privileges listing redirects to Kibana home
* fix PR comment
* fix TS issues
* Fixed x-pack jest tests
* fix oss JEST
* Fixed functional test
* fix functional test
* fix PR comment
* Fixed i18n
* fix typo
* fix Styles
* Fixed paths for cross_cluster_replication
* fix wrong link
* Fixed jest
* Fixed some comments
* fix sorting
* fix type check
* fixed x-pack jest
* fixed x-pack jest
* reverted using of parentHistory
* Add debugging toasts to CCR.
* Comment out non-CCR functional tests.
* Fix typo.
* Uncomment non-CCR functional tests.
* Enable CCR.
* fix CI
* Add comment to explain why CCR is enabled by default and move config variable back to original location in CCR plugin.
* revert some changes in APM
* add space between index pattern name and tags
* fix function test
* Update x-pack/plugins/security/public/management/management_urls.ts
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* Update x-pack/plugins/security/public/management/api_keys/api_keys_management_app.tsx
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* Update x-pack/plugins/spaces/public/management/spaces_management_app.tsx
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* Update x-pack/plugins/security/public/management/roles/roles_management_app.tsx
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* Update x-pack/plugins/security/public/management/users/users_management_app.tsx
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* Update x-pack/plugins/security/public/management/management_urls.ts
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* Update x-pack/plugins/security/public/management/management_urls.ts
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* [security] getUrlForApp -> navigateToApp
* [mp] fix Uncaught (in promise) undefined
Co-authored-by: Matt Kime <matt@mattki.me>
Co-authored-by: Uladzislau Lasitsa <Uladzislau_Lasitsa@epam.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: CJ Cenizal <cj@cenizal.com>
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* Changed actions API endpoints urls to follow Kibana STYLEGUIDE
* Fixed tests
* fixed test
* fixed test
* resolved conflicts
* Fixed siem tests
* Fixed failing test
* fixed readme and test
* Changed actions api urls to follow the template 'api/{plugin}/{type}/{id}
* Fixed type checks
* Fixed tests and API
* fixed tests
* Fixed type checks
* fixed type check
* line restricted zones for export exressions
* more robust rule
* fix or mute eslint errors
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Allow registered alert types to be non-editable
* Fixed isUiEditEnabled values
* Fixed due to comments
* fixed failing tests
* Enable alert type selection per alert consumer, only 'alerting' consumer can display other consumers alert types, but in case if it isEditable
* fixed tests
* Removed consumer property from the client side alert type registry and added server side property producer which purpose is to manage a feature logic
* fixed type check
* Fixed tests and type checks
* Removed error message for non registered plugins
* Fixed failing tests
* Fixed due to comments
* fixed test
* -
* revert logic for requiresAppContext
* Added close toast after saving alert
* Final phase before the complete cutover
* NP migration
* lint fix
* More NP stuff
* Moved Stack Monitoring client plugin outside legacy and fixed all tests
* ...
* Removed unused files
* Fix for main links
* Fixed more tests
* Fixed redirect when clicking on SM icon again
* Code review feedback
* Addressed code review feedback
* Fixed return value
Completes the migration of all Alerting Services plugins onto the Kibana Platform
It includes:
1. Actions plugin
2. Alerting plugin
3. Task Manager plugin
4. Triggers UI plugin
And touches the Uptime and Siem plugins as their use of the Task Manager relied on some of the legacy lifecycle to work (registering AlertTypes and Telemetry tasks after the Start stage has already began). The fix was simply to moves these registrations to the Setup stage.
Work on #61313 has revealed that we don't have amock for AlertServices, which creates coupling between us and any solution depending on us, which makes it harder to make changes in our own code.
This PR adds mocks and uses them in SIEM, Monitoring and Uptime, so that we can make future changes without having to change outside solutions.
* [Telemetry] Add posibility of regitering exclusive collectors for collections
* [Telemetry] Filter unwanted fields from the kibana.os telemetry payload
* Filter the collectors properly in bulkFetch
* Move "kibana" usage collector from Monitoring to OSS Telemetry
* Remove exclusivity of the "kibana_settings" collector
* Unify "kibana_stats" collector from Monitoring and Legacy
* Remove unused legacy constants
* Proper type for UsageCollectionSetup in monitoring
* Missed one undo
* Add unit tests to the migrated collectors
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>