* Add method to detect oss in settings pages
- if it's not OSS, than 'Maps' is added to the expected chart types
Co-authored-by: liza-mae <liza-mae@users.noreply.github.com>
* [services/web_element_wrapper] add actions API methods
* fixes
* [services/browser] fix dragAnDrop to work in both w3c/non-w3c modes
* small review changes
* dragAndDrop: add default values for offset
* Add core-only bundle
* Add ApplicationService mounting
* Add LegacyCore{Setup,Start}
* Fix PR comments
* Add functional tests
* Fix PR comments
* Fix PR comments
* Remove other usages of rootRoute
* Use state field notation
* Add support for open in new tab
* Fix PR comments
* Fix pesky await from the dead
* Update docs
* Bump @types/history
* skip and adjust functional tests for Firefox
* downgrade geckodriver to 0.22.0
* [ftr] add firefox specific config file
* remove hard coded firefox adjustments
* remove firefox specific screenshot directory
* run functional tests in firefox in x-pack
* pass the logger to readConfigFile()
* rename local var
* skip xpack firefox config
* run xpack firefox functional tests in separate command
* update report name for XPack firefox results
* adjust viz shared item test
* skip shared item test
* [test/feature_controls] increase timeout to 20 sec & use forceLogout
* FF timeout on TSVB, refresh page on failure for url navigation
* [feature_controls/visualize_security] increase timeout to 20 sec
* skip dev_tools_spaces tests on FF
* run all groups 3 times
* skip more func tests
* skip more tests
* skip all feature controls tests for Firefox
* revert back changes in feature controls tests
* rename xpack report for chrome
* skip tile map for FF, wait for render before saving
* Revert "run all groups 3 times"
This reverts commit 12b4f69627.
* revert refresh on login
* apply feedback
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Introducing uiCapabilities, removing config providers & user profile (#25387)
## Summary
Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions.
* GAP - Actions Restructured and Extensible (#25347)
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Fixing saved object capability checking
* Beginning to restructure actions to be used for all action building
* Using actions to build ui capabilities
* dropping /read from client-side userprovide ui capabilities
* Adding some actions
* Using different syntax which will hopefully help with allowing apps to
specify the privileges themselves
* Exposing all saved object operations in the capabilities
* Using actions in security's onPostAuth
* Only loading the default index pattern when it's required
* Only using the navlinks for the "ui capabilities"
* Redirecting from the discover application if the user can't access
kibana:discover
* Redirecting from dashboard if they're hidden
* Features register their privileges now
* Introducing a FeaturesPrivilegesBuilder
* REmoving app from the feature definition
* Adding navlink specific ations
* Beginning to break out the serializer
* Exposing privileges from the authorization service
* Restructuring the privilege/resource serialization to support features
* Adding actions unit tests
* Adding features privileges builders tests
* Adding PrivilegeSerializer tests
* Renaming missed usages
* Adding tests for the privileges serializer
* Adding privileges tests
* Adding registerPrivilegesWithCluster tests
* Better tests
* Fixing authorization service tests
* Adding ResourceSerializer tests
* Fixing Privileges tests
* Some PUT role tests
* Fixing read ui/api actions
* Exposing features from xpackMainPlugin
* Adding navlink:* to the "reserved privileges"
* navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink ->
navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link
* Automatically determining navlink based ui capabilities
* Backing out changes that got left behind
* Using ui actions for navlinks
* Adding TODOs
* Ui -> UI
* Deleting unused file
* Removing api: [] as it's not necessary anymore
* Fixing graph saved object privileges
* Privileges are now async
* Pushing the asycnchronicity to the privileges "service"
* Adding TODO
* Providing initial value for reduce
* adds uiCapabilities to test_entry_template
* Adding config to APM/ML feature privileges
* Commenting out obviously failing test so we can get CI greeenn
* Fixing browser tests
* Goodbyyeee
* Adding app actions to the reserved privileges
* update snapshot
* UI/API changes to facilitate disabling features within spaces (#24235)
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Introducing uiCapabilities, removing config providers & user profile (#25387)
## Summary
Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions.
* GAP - Actions Restructured and Extensible (#25347)
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Fixing saved object capability checking
* Beginning to restructure actions to be used for all action building
* Using actions to build ui capabilities
* dropping /read from client-side userprovide ui capabilities
* Adding some actions
* Using different syntax which will hopefully help with allowing apps to
specify the privileges themselves
* Exposing all saved object operations in the capabilities
* Using actions in security's onPostAuth
* Only loading the default index pattern when it's required
* Only using the navlinks for the "ui capabilities"
* Redirecting from the discover application if the user can't access
kibana:discover
* Redirecting from dashboard if they're hidden
* Features register their privileges now
* Introducing a FeaturesPrivilegesBuilder
* REmoving app from the feature definition
* Adding navlink specific ations
* Beginning to break out the serializer
* Exposing privileges from the authorization service
* Restructuring the privilege/resource serialization to support features
* Adding actions unit tests
* Adding features privileges builders tests
* Adding PrivilegeSerializer tests
* Renaming missed usages
* Adding tests for the privileges serializer
* Adding privileges tests
* Adding registerPrivilegesWithCluster tests
* Better tests
* Fixing authorization service tests
* Adding ResourceSerializer tests
* Fixing Privileges tests
* Some PUT role tests
* Fixing read ui/api actions
* Exposing features from xpackMainPlugin
* Adding navlink:* to the "reserved privileges"
* navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink ->
navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link
* Automatically determining navlink based ui capabilities
* Backing out changes that got left behind
* Using ui actions for navlinks
* Adding TODOs
* Ui -> UI
* Deleting unused file
* Removing api: [] as it's not necessary anymore
* Fixing graph saved object privileges
* Privileges are now async
* Pushing the asycnchronicity to the privileges "service"
* Adding TODO
* Providing initial value for reduce
* adds uiCapabilities to test_entry_template
* Adding config to APM/ML feature privileges
* Commenting out obviously failing test so we can get CI greeenn
* Fixing browser tests
* Goodbyyeee
* Adding app actions to the reserved privileges
* Begin to allow features to be disabled within spaces
typescript fixes
additional cleanup
attempt to resolve build error
fix tests
more ts updates
fix typedefs on manage_spaces_button
more import fixes
test fixes
move user profile into xpack common
Restructure space management screen
fix SASS references
design edits
remove Yes/No language from feature toggles
fix casing
removed unused imports
update snapshot
fix sass reference for collapsible panel
Fix sass reference, take 2
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* extract migration logic into testable unit
* Introducing uiCapabilities, removing config providers & user profile (#25387)
## Summary
Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions.
* Design edits (#12)
enables customize avatar popover
update tests, and simplify editing space identifier
remove references to user profile
remove unused test suite
remove unnecessary sass import
removes security's capability_decorator
* fix i18n
* updates toggleUiCapabilities to use new feature definitions
* cleanup and testing
* remove references to old feature interface
* readd lost spacer
* adds feature route testing
* additional i18n
* snapshot update
* copy edits
* fix ml app icon
* add missing export
* remove unnecessary sass import
* attempt to fix build
* fix spaces api tests
* esArchiver mapping updates
* rename toggleUiCapabilities -> toggleUICapabilities
* removes shared collapsible_panel component in favor of plugin-specific components
* some copy and style adjustments
* fix test following rebase
* add lost types file
* design edits
* remove stale export
* feature feedback; fixes cached disabled features
* GAP: Security disables UI capabilities (#25809)
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Fixing saved object capability checking
* Beginning to restructure actions to be used for all action building
* Using actions to build ui capabilities
* dropping /read from client-side userprovide ui capabilities
* Adding some actions
* Using different syntax which will hopefully help with allowing apps to
specify the privileges themselves
* Exposing all saved object operations in the capabilities
* Using actions in security's onPostAuth
* Only loading the default index pattern when it's required
* Only using the navlinks for the "ui capabilities"
* Redirecting from the discover application if the user can't access
kibana:discover
* Redirecting from dashboard if they're hidden
* Features register their privileges now
* Introducing a FeaturesPrivilegesBuilder
* REmoving app from the feature definition
* Adding navlink specific ations
* Beginning to break out the serializer
* Exposing privileges from the authorization service
* Restructuring the privilege/resource serialization to support features
* Adding actions unit tests
* Adding features privileges builders tests
* Adding PrivilegeSerializer tests
* Renaming missed usages
* Adding tests for the privileges serializer
* Adding privileges tests
* Adding registerPrivilegesWithCluster tests
* Better tests
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Fixing authorization service tests
* Adding ResourceSerializer tests
* Fixing Privileges tests
* Some PUT role tests
* Fixing read ui/api actions
* Introducing uiCapabilities, removing config providers & user profile (#25387)
## Summary
Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions.
* Exposing features from xpackMainPlugin
* Adding navlink:* to the "reserved privileges"
* navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink ->
navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link
* Automatically determining navlink based ui capabilities
* Backing out changes that got left behind
* Using ui actions for navlinks
* Adding TODOs
* Ui -> UI
* Deleting unused file
* Removing api: [] as it's not necessary anymore
* Fixing graph saved object privileges
* Privileges are now async
* Pushing the asycnchronicity to the privileges "service"
* Adding TODO
* Providing initial value for reduce
* adds uiCapabilities to test_entry_template
* Adding config to APM/ML feature privileges
* Commenting out obviously failing test so we can get CI greeenn
* Fixing browser tests
* First, very crappy implementation
* Adding tests for disabling ui capabilities
* All being set to false no longer requires a clone
* Using _.mapValues makes this a lot more readable
* Checking those privileges dynamically
* Fixing some broken stuff when i introduced checkPrivilegesDynamically
* Adding conditional plugin tests
* Renaming conditional plugin to optional plugin
* Fixing type errors
* GAP - Actions Restructured and Extensible (#25347)
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Fixing saved object capability checking
* Beginning to restructure actions to be used for all action building
* Using actions to build ui capabilities
* dropping /read from client-side userprovide ui capabilities
* Adding some actions
* Using different syntax which will hopefully help with allowing apps to
specify the privileges themselves
* Exposing all saved object operations in the capabilities
* Using actions in security's onPostAuth
* Only loading the default index pattern when it's required
* Only using the navlinks for the "ui capabilities"
* Redirecting from the discover application if the user can't access
kibana:discover
* Redirecting from dashboard if they're hidden
* Features register their privileges now
* Introducing a FeaturesPrivilegesBuilder
* REmoving app from the feature definition
* Adding navlink specific ations
* Beginning to break out the serializer
* Exposing privileges from the authorization service
* Restructuring the privilege/resource serialization to support features
* Adding actions unit tests
* Adding features privileges builders tests
* Adding PrivilegeSerializer tests
* Renaming missed usages
* Adding tests for the privileges serializer
* Adding privileges tests
* Adding registerPrivilegesWithCluster tests
* Better tests
* Fixing authorization service tests
* Adding ResourceSerializer tests
* Fixing Privileges tests
* Some PUT role tests
* Fixing read ui/api actions
* Exposing features from xpackMainPlugin
* Adding navlink:* to the "reserved privileges"
* navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink ->
navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link
* Automatically determining navlink based ui capabilities
* Backing out changes that got left behind
* Using ui actions for navlinks
* Adding TODOs
* Ui -> UI
* Deleting unused file
* Removing api: [] as it's not necessary anymore
* Fixing graph saved object privileges
* Privileges are now async
* Pushing the asycnchronicity to the privileges "service"
* Adding TODO
* Providing initial value for reduce
* adds uiCapabilities to test_entry_template
* Adding config to APM/ML feature privileges
* Commenting out obviously failing test so we can get CI greeenn
* Fixing browser tests
* Goodbyyeee
* Adding app actions to the reserved privileges
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Introducing uiCapabilities, removing config providers & user profile (#25387)
## Summary
Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions.
* GAP - Actions Restructured and Extensible (#25347)
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Fixing saved object capability checking
* Beginning to restructure actions to be used for all action building
* Using actions to build ui capabilities
* dropping /read from client-side userprovide ui capabilities
* Adding some actions
* Using different syntax which will hopefully help with allowing apps to
specify the privileges themselves
* Exposing all saved object operations in the capabilities
* Using actions in security's onPostAuth
* Only loading the default index pattern when it's required
* Only using the navlinks for the "ui capabilities"
* Redirecting from the discover application if the user can't access
kibana:discover
* Redirecting from dashboard if they're hidden
* Features register their privileges now
* Introducing a FeaturesPrivilegesBuilder
* REmoving app from the feature definition
* Adding navlink specific ations
* Beginning to break out the serializer
* Exposing privileges from the authorization service
* Restructuring the privilege/resource serialization to support features
* Adding actions unit tests
* Adding features privileges builders tests
* Adding PrivilegeSerializer tests
* Renaming missed usages
* Adding tests for the privileges serializer
* Adding privileges tests
* Adding registerPrivilegesWithCluster tests
* Better tests
* Fixing authorization service tests
* Adding ResourceSerializer tests
* Fixing Privileges tests
* Some PUT role tests
* Fixing read ui/api actions
* Exposing features from xpackMainPlugin
* Adding navlink:* to the "reserved privileges"
* navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink ->
navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link
* Automatically determining navlink based ui capabilities
* Backing out changes that got left behind
* Using ui actions for navlinks
* Adding TODOs
* Ui -> UI
* Deleting unused file
* Removing api: [] as it's not necessary anymore
* Fixing graph saved object privileges
* Privileges are now async
* Pushing the asycnchronicity to the privileges "service"
* Adding TODO
* Providing initial value for reduce
* adds uiCapabilities to test_entry_template
* Adding config to APM/ML feature privileges
* Commenting out obviously failing test so we can get CI greeenn
* Fixing browser tests
* Goodbyyeee
* Adding app actions to the reserved privileges
* Update x-pack/plugins/security/server/lib/authorization/disable_ui_capabilities.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/plugins/security/server/lib/authorization/check_privileges_dynamically.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Disabling all ui capabilities if route is anonymous
* More typescript
* Even more typescript
* Updating snapshot
* Less any
* More safer
* Another one
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Introducing uiCapabilities, removing config providers & user profile (#25387)
## Summary
Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions.
* GAP - Actions Restructured and Extensible (#25347)
* Restructure user profile for granular app privs (#23750)
merging to feature branch for further development
* Fixing saved object capability checking
* Beginning to restructure actions to be used for all action building
* Using actions to build ui capabilities
* dropping /read from client-side userprovide ui capabilities
* Adding some actions
* Using different syntax which will hopefully help with allowing apps to
specify the privileges themselves
* Exposing all saved object operations in the capabilities
* Using actions in security's onPostAuth
* Only loading the default index pattern when it's required
* Only using the navlinks for the "ui capabilities"
* Redirecting from the discover application if the user can't access
kibana:discover
* Redirecting from dashboard if they're hidden
* Features register their privileges now
* Introducing a FeaturesPrivilegesBuilder
* REmoving app from the feature definition
* Adding navlink specific ations
* Beginning to break out the serializer
* Exposing privileges from the authorization service
* Restructuring the privilege/resource serialization to support features
* Adding actions unit tests
* Adding features privileges builders tests
* Adding PrivilegeSerializer tests
* Renaming missed usages
* Adding tests for the privileges serializer
* Adding privileges tests
* Adding registerPrivilegesWithCluster tests
* Better tests
* Fixing authorization service tests
* Adding ResourceSerializer tests
* Fixing Privileges tests
* Some PUT role tests
* Fixing read ui/api actions
* Exposing features from xpackMainPlugin
* Adding navlink:* to the "reserved privileges"
* navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink ->
navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink |
nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link
* Automatically determining navlink based ui capabilities
* Backing out changes that got left behind
* Using ui actions for navlinks
* Adding TODOs
* Ui -> UI
* Deleting unused file
* Removing api: [] as it's not necessary anymore
* Fixing graph saved object privileges
* Privileges are now async
* Pushing the asycnchronicity to the privileges "service"
* Adding TODO
* Providing initial value for reduce
* adds uiCapabilities to test_entry_template
* Adding config to APM/ML feature privileges
* Commenting out obviously failing test so we can get CI greeenn
* Fixing browser tests
* Goodbyyeee
* Adding app actions to the reserved privileges
* update snapshot
* Update x-pack/plugins/security/server/lib/authorization/check_privileges.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/plugins/security/server/lib/authorization/check_privileges.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Fixing type errors
* Only disabling navLinks if a feature is registered for them
* Adding non i18n'ed tooltip
* Making metadata and tooltip optional
* i18n'ing tooltips
* Responding to peer review comments
* GAP - Role API Structure (#26740)
* Updated the role api PUT structure
* Minimum is an array now
* Updating get route to naively support the new structure
* Renaming and removing some serialized methods
* Updating Role PUT api tests
* Fixing PUT jest tests
* Fixing GET tests
* Updating PrivilegeSerializer tests
* Renaming features to feature for the GET, so we're consistent
* Validating features and feature privileges
* Update x-pack/plugins/security/server/lib/authorization/privilege_serializer.test.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/plugins/security/server/lib/authorization/privilege_serializer.test.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/plugins/security/server/lib/authorization/privilege_serializer.test.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Renaming some variables/members of the PrivilegesSerializer
* Fixing privileges serializer tests
* Fixing register privileges with cluster tests
* Fixing the role creation for the api integration tests
* Generalizing regex within the feature registry
* update tests
* [GAP] - Support infra features (#26955)
## Summary
This PR adds the `Infrastructure` and `Logs` apps as toggle-able features via Granular Application Privileges.
* [GAP] - Enables xpack_main to populate UI Capabilities (#27031)
## Summary
Currently, plugins that register features via `xpackMainPlugin.registerFeature({...})` also have to specify their own `uiCapabilities` via `injectDefaultVars`, which is counter-intuitive and cumbersome. We've accepted this complexity for OSS plugins, but x-pack and third-party plugins should not have to concern themselves with such implementation details.
This PR removes that requirement for x-pack and third-party plugins, so all they have to do is register features, and ensure that their feature privileges contain the appropriate UI Capabilities in the `ui` property.
### Notes
This implementation intentionally does not alter UI Capabilities that come in via OSS Kibana. The capabilities defined there should be the source of truth, regardless of which distribution is used.
### Example
<pre>
xpackMainPlugin.registerFeature({
id: 'graph',
name: 'Graph',
icon: 'graphApp',
<b>navLinkId: 'graph',</b>
privileges: {
all: {
app: [],
savedObject: { ... },
<b>ui: ['showWriteControls'],</b>
},
read: {
app: [],
savedObject: { ... },
<b>ui: ['someOtherCapability],</b>
}
}
});
</pre>
Will be translated to the following UI Capabilities:
```
uiCapabilities: {
navLinks: {
graph: true
},
graph: {
showWriteControls: true,
someOtherCapability: true,
}
}
```
xpack_main is **not responsible** for disabling UI capabilities, so this will initialize all capabilities with a value of `true`.
* Hide write controls for the visualization application (#26536)
* Hide write controls for the timelion application (#26537)
* blacklist feature ids (#27493)
* [GAP] - Support management links (#27055)
## Summary
This enables management links to be toggled via UI Capabilities.
## TODO
- [x] Implement spaces controls
- [x] Implement security controls
- [x] Testing
- [ ] (optional) - dedicated display for managing management links?
* Enables the feature catalogue registry to be controlled via uiCapabil… (#27945)
* Enables the feature catalogue registry to be controlled via uiCapabilities
* update snapshot
* xpack_main populates uiCapabilities with the full list of catalogue entries
* builds application privileges using catalogue actions
* prevent 'catalogue' from being registered as a feature id
* fix mocha tests
* fix merge
* update snapshots
* GAP - Discover and NavLinks Functional Testing (#27414)
* Adding very basic Discover tests
* Ensuring discover is visible in both spaces
* Parsing the DOM to determine the uiCapabilities
* Making this.wreck `any` because the type definitions suck
* Specifying auth when requesting ui capabilities
* Beginning architecture to support permutation testing
* Adding documentation of the different configurations we'd like to test
* Fixing type errors
* Beginning to work on the framework to test the combinations
* Adding some factories
* Pushing forward, not a huge fan of what I have right now
* The new-new
* Less weird types
* Revising some things after talking with Larry
* Switching from wreck to axios
* Restructuring some files
* Changing to a space with all features, and a space with no features
* Beginning to add the security only tests
* Adding a navLinksBuilder
* Adding spaces only tests
* Not disabling ui capabilities, or authing app/api access when we
shouldn't be
* Can't get rid of management
* Adding more user types
* More users, this is starting to really suck
* Renaming some things...
* Revising which users we'll test in which ui capabilities "test suite"
* Adding some more user scenarios for the security_only configuration
* Adding security_only user scenarios
* Adding space scenarios
* Fixing type errors
* Udpating the readme for the spaces we're testing with
* Adding global read discover security ui functional tests
* Adding tests to make sure save buttons are shown/hidden
The actual implementation is broken somewhere
* Fixing tests after GIS is added and conflicts happened for infra
* Adding discover ui capability tests
* Fixing navlinks tests
* Adding discover view tests
* Adding UI tests for spaces being disabled
* Fixing tests
* Removing wreck dependency, it's garbage
* Fixing typo
* Updating ui capabilities README.md and adding another user for the
security and spaces ui capability tests
* Updating yarn lock file
* Consolidation some types
* Adding VisualizeDisabledSpace to the scenarios.
* Fixing esArchives with .kibana_2
* Disable features optional again
* Adding ensureCurrentUrl: false
* Fixing space selector tests
* Fixing gis privileges, they use saved objects
* Fixing find's element staleness checks
* Update x-pack/test/functional/es_archives/spaces/disabled_features/data.json
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Generalizing logic to get appNavLinksText
* Removing duplicate license header
* Adding GIS mappingst
* Fixing readme
* We love our future selfs
* Adding GisRead scenario
* Whoops
* Adding note about funky syntax for use with exhaustive switches
* Using a centralized list of features
* Give it some time
* Even more time?
* Space Management - accessibility & i18n improvements (#28195)
## Summary
1) Improves the accessibility for the spaces management screen:
- Customize Space Avatar popover now receives focus when toggled
- Labels are more descriptive, providing context
- Delete Space modal correctly focuses
2) Improves i18n support
- fixed a couple hard-coded strings
3) Adds a "Features" column to the spaces grid page, which shows a brief summary of the number of features enabled for each space:
Related: https://github.com/elastic/kibana/issues/28184
* Feature Controls - spaces - functional tests (#28213)
* adds tests for /api/features/v1 endpoint
* update failing management test
* Fc/run ui capability tests (#28362)
* Running the UI Capability Tests as part of the normal CI runs
* Adding uptime feature to get these tests passing
* Adding features and sorting
* Adding uptime security_only uiCapability tests, and fixing devTools
* Fixing the docs
* Fixing section panel i18n issue
* Removing unused import
* Updating snapshots
* Feature Controls - The new new role API (#28441)
These changes allow us to build the most recent UI where spaces can be "grouped" and edited at once. This changes the kibana section of the role definition to the following:
```
{
kibana: [
{
base: ['read'],
feature: {
discover: ['all'],
dashboard: ['all']
},
spaces: ['*']
},
{
base: ['read'],
feature: {
discover: ['all'],
dashboard: ['all']
},
spaces: ['marketing', 'sales']
}
]
}
```
If the `spaces` property isn't provided (for example if the user isn't using Spaces) then it'll default to `['*']`.
There are a few other stipulations that we're implementing with this approach.
1. Each "item" can be for 1 to many spaces OR globally. We can't specify both space privileges and global privileges in the same "item" because for Spaces we translate `all` to `space_all`, etc. so we can give them different privileges, and this becomes problematic when trying to serialize/deserialize to ES.
2. Additionally, each space can only appear once. The ES model would allow this, but the role management UI becomes more complicated if we were to allow this when calculating effective privileges.
* Feature Controls - Discover Save Button Test #28500 (#28501)
* Adding some debug logs
* Setting ui settings using the functional services
* Doing the same for the spaces disabled features
* Removing console.log debug statements
* Using save instead of showWriteControls
* Reload when adjusting visible features within the users active space (#28409)
## Summary
Changes to the visible features within a space are not visible until the page is refreshed. Because of this, when a user is editing their active space, their changes are not immediately visible.
This updates the space management screen to force a refresh when updating the visible features inside the active space. It also introduces a modal warning that this will happen:
* Throwing error if we register a feature after getAll is called (#29030)
* Throwing error if we register a feature after getAll is called
* Fixing some tests
* Fixing feature route tests
* Removing unused imports
* Fixing merge conflict
* Feature Controls - Fixing fallout of removing the legacy fallback (#29141)
* Fixing use of mode.useRbacFoRequest to mode.useRbac
* Fixing ui capability tests
* [Feature Controls] - Fix a11y for customize feature section (#29174)
## Summary
Fixes the displayed and announced text for the "show"/"hide" button of the Customize Visible Features section of the spaces management page.
This was inadvertently broken following a merge from master at some point.
* Feature Controls: Fixing k7's new "nav links" (#29198)
* Fixing k7's new applist for feature controls
* Renaming appSwitcher to appsMenu
* Feature Controls - Dashboard (#29139)
* Using addRouteSetupWork to implement the redirect
* Using centralized addSetupWork
* Fixing dashboard functional feature privileges tests
* Ensuring landing page and create dashboard redirect to the home-page
* Adding more tests to ensure the redirects work properly
* Adding disabled space feature tests for Dashboards
* Update src/ui/public/capabilities/route_setup.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update test/functional/page_objects/common_page.js
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Fixing ui capability tests after adding createNew
* Removing unnecessary `return undefined`
* requireUICapabilities -> requireUICapability
* Updating dashboard ui capability tests
* Fixing issue with the selection column appearing on Dashboards
* Fixing ui capability dashboard space only tests
* [FC] - Move management and catalogue entries out of privilege definition (#28354)
* Moves catalogue and management entries from privilege defintion to base feature definition
* Update new management menu to respect items disabled via UI Capabilities
* add test
* re-add index pattern entries
* re-add advanced settings icon
* fix tests
* remove management and catalogue entries from read-only users
* bring it back now y'all
* catalogue updates for xpack plugins
* Introduces 'grantWithBaseRead' flag
* update privileges from all -> read where necessary
* rename feature builder functions
* catalogue and management items should cascade to privileges when not specified
* add catalogue entry for uptime app
* Simplify feature registrations using inherited catalogue/management entries
* consolidate and fix privilege building logic
* rename variables
* remove debug code
* remove duplicate lodash import
* Update x-pack/plugins/xpack_main/server/lib/feature_registry/feature_registry.ts
Co-Authored-By: legrego <lgregorydev@gmail.com>
* [GAP] - Role Management UI (#26840)
---------
Edge-case scenarios:
1) [x] '*' and spaces in the same "entry"
Handled via `_transform_errors` at the API level. Renders a partial read-only view in the UI.
2) [x] same space appearing in multiple "entries"
Handled via `_transform_errors` at the API level. Renders a partial read-only view in the UI.
3) [x] base and feature privileges being set on the same "entry"
UI does not allow this to be set, but UI is smart enough to display the correct effective privilege in this case.
4) [x] multiple base privileges set in the same "entry"
UI does not allow this to be set, but UI is smart enough to apply the most permissive base privilege when displaying and performing privilege calculations.
5) [x] multiple feature privileges for the same "entry" (ml_all and ml_read)
UI does not allow for this to be set, but UI is smart enough to apply the most permissive base privilege when displaying and performing privilege calculations.
--------
## Summary
This updates the role management UI to allow application privileges to be customized globally and per-space.
## TODO:
- [x] [First Design review](https://github.com/legrego/kibana/pull/13)
- [ ] Second Design review
- [ ] Copy review
- [x] i18n
- [x] Handle deleted/unknown features
- [x] Handle deleted/unknown spaces
- [x] Cleanup & refactoring
- [x] Testing
* [Feature Controls, Spaces] - Don't load bundles for hidden apps (#29617)
## Summary
This enables the spaces plugin to issue a 404 if the requested application is disabled within the users active space.
To enable this functionality, the `app` property was moved to the root feature level, with the option to override at the privilege level. This follows the same logic as `catalogue` and `management` sections.
This will enable automatic app "protections" for those which only specify a single UI application, including:
1) Timelion
2) Canvas
3) Monitoring
4) APM
5) Code (when it merges)
6) GIS
7) Graph
8) ML
* [Feature Controls] - Copy Edits (#29651)
## Summary
Copy edits from today's session
* [Feature Controls] - Rename-a-thon (#29709)
* post-merge cleanup
* [Feature Controls] - fixes from recent merge from master (#29826)
## Summary
this pr will contain any required changes to fix CI from the recent merge from master, which includes the new k7 redesign design and dark mode
* Feature Controls: Adding privileges tooltip for Dev Tools (#30008)
* Adding privileges tooltip for Dev Tools
* appeasing the linter
* [Feature Controls] - Fix displayed space base privilege (#30133)
## Summary
This fixes the displayed space base privilege when a global base privilege is influencing the dropdown control:
1) Add global 'read' privilege
2) Configure space privilege -- note default base privilege of 'read'
3) Change space base privilege to 'custom'
Prior to this fix, the dropdown would not honor the change; it would keep 'read' as the selected option.
* Feature Controls: Adding read privileges for advanced settings and index patterns (#30106)
* Adding read privileges for advanced settings and index patterns
* Fixing the tests and the actual code itself
* Feature Controls - spaces not a security mechanism warning (#29853)
* Changing copy for the spaces not a security mechanism warning
* Using Gail's wording
* [Feature Controls] - Fixes from merging from master (8.0) (#30267)
* improve typings
* fix xpack_main type definitions
* test updates
* Fc/functional test move (#29835)
* Moving dashboard feature control tests to the dashboard application
* Moving more tests around
* Fixing some tests, no longer using uiSettings service, doesn't play
nicely with spaces
* Fixing esarchived issue
* Renaming some files
* [Feature Controls] - Readonly view for Advanced Settings using UICapabilities (#30243)
## Summary
This builds on the work done in https://github.com/elastic/kibana/pull/30106 to enable a read-only mode for the Advanced Settings screen:
- Input fields are disabled
- Save options are not displayed
- "Reset to default" options are not displayed
* Feature Controls: No Wildcards (#30169)
* A poorly named abstraction enters the room
* No more wildcards, starting to move some stuff around
* Splitting out the feature privilege builders
* Using actions instead of relying on their implementation
* We don't need the saved object types any longer
* Explicitly specifying some actions that used to rely on wildcards
* Fixing api integration test for privileges
* Test fixture plugin which adds the globaltype now specifies a feature
* Unauthorized to find unknown types now
* Adding tests for features with no privileges
* Update x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Adding back accidentally deleted test
* Using the shared XPackMainPlugin definition
* Fixing privileges
* [Feature Controls] - Readonly mode for Canvas using UICapabilities (#29264)
## Summary
Updates Canvas to respect UICapabilities when determining if a user has read or read/write access to the application:
1) Adds a `showWriteControls` UI Capability to the Canvas's `all` privilege.
2) Removes the `setCanUserWrite` Redux action
3) Sets the initial (and only) state for `state.transient.canUserWrite` based on the UI Capability.
Closes https://github.com/elastic/kibana/issues/27695
* [Feature Controls] - Readonly mode for Maps using UICapabilities (#30437)
## Summary
This updates the maps application to support a read-only mode:
1) Removes selection/delete from Maps listing page
2) Removes "save" option
## TODO:
- [x] Functional UI Tests
* Add typings for x-pack/test to support .html imports (#30570)
We're importing `ui/capabilities` from the x-pack/test project, which
implicitly traverses into typings which are potentially importing .html
files, so we have to teach TypeScript about it.
* [Feature Controls] - Readonly mode for Timelion using UICapabilities (#30128)
## Summary
Updates Timelion to respect UICapabilities when determining if a user has read or read/write access to the application.
A previous PR was responsible for hiding the save controls, but this PR adds testing and the appropriate UICapabilities to the registered privilege definition.
* remove stray debug code
* [Feature Controls] - Updates from src/ui move to src/legacy/ui (#30678)
* dummy commit
* fix import path
* update message identifier
* fix snapshot
* remove unused translations
* Feature Controls: Adding read/write privileges for all applications (#30732)
* Adding read/write privileges for all applications
* Using default for advanced settings, canvas, maps and timelion
* Update x-pack/test/ui_capabilities/security_only/tests/canvas.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/test/ui_capabilities/security_only/tests/canvas.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/test/ui_capabilities/security_only/tests/maps.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/test/ui_capabilities/security_only/tests/maps.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/test/ui_capabilities/security_only/tests/timelion.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* [Feature Controls] - Readonly mode for Visualize using UICapabilities (#29714)
* enable read-only view, and enable app redirection for visualize app
* Hide 'Edit Visualization' dashboard context menu item if visualizations are not editable
* Hide 'Add new visualization' button if action is not available
* show 'Visualize' button on discover view only if viz app is available
* update tests
* allow visualizations to be created, but not saved for read-only users
* adds functional tests for visualize
* add tests for showing/hiding the visualize button in the discover app
* fix visualize tests following merge from master
* tests for edit viz feature from dashboards
* cleanup
* remove unnecessary call to set ui settings
* remove unused variables
* reduce flakyness of tsvb tests
* renames visualize.showWriteControls => visualize.save
* fix ui capability tests
* fix tests
* fix references to timePicker page object
* fix ts errors
* adds 'editable' property to embeddable metadata instead of hardcoded capability checks
* Remove unnecessary read-only considerations
* revert unnecessary mock changes
* [Feature Controls] - Adds missing uptime icon (#30716)
## Summary
Adds missing feature icon for Uptime application.
Needs https://github.com/elastic/kibana/pull/30678 to merge before this will go green.
* Feature Controls - Fix branch (#31135)
* Updating snapshot
* Switching visualize to use the default branch of the switch
* Fixing esarchive
* Feature Controls - Graph (#30762)
* Adding graph functional tests
* Fixing Privilieges API test
* Adding graph ui capability tests
* Update x-pack/test/ui_capabilities/security_only/tests/graph.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/test/ui_capabilities/security_only/tests/graph.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/test/ui_capabilities/security_and_spaces/tests/graph.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/test/ui_capabilities/security_only/tests/graph.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update x-pack/test/ui_capabilities/spaces_only/tests/graph.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Apply suggestions from code review
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Removing hard-coded constants
* Adding Graph delete button
* Fixing ui capability tests
* [Feature Controls] - Fixes page width for spaces management screen (#30723)
## Summary
Fixes the skinny spaces management screen following the redesign of the overall management area.
Needs https://github.com/elastic/kibana/pull/30678 to merge before this will go green.
* Feature Controls - Dev Tools (#30712)
* Adding functional tests
* Addingn Dev_Tools ui capability tests
* Adding some api tests for console's API
* Apply suggestions from code review
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Moving uiCapability definition
* Giving user_1 dashboard access to space_2
* Using the default in the switch for devtools/visualize
* Using forceLogout, maps are leaving us on a 404 page
* Fixing privileges API tests
* Feature Controls- Fix Merge Conflicts (#31651)
* Removing duplicated and outdated tests
* Updating snapshot
* Fixing type script errors
* Getting rid of some double quotes
* Adding saved_object:url access to discover temporarily to fix tests
* Fixing dashboard tests, updating snapshots
* Fixing security only find tests
* Removing reduntant test
* Trying to give it more time
* Fixing it 20 seconds to redirect away from the create new dashboard
* Feature Controls - No more route defaults for dashboards (#31767)
* No more route defaults for dashboards
* Verbose logging...
* Changing some ciGroups to try to narrow down the problem
* Revert "Verbose logging..."
This reverts commit 3198e73b61.
* Revert "No more route defaults for dashboards"
This reverts commit 525cd94dc5.
* Chaning the method in which we do the redirect
* Fixing type issue
* Update index.ts
* Update index.ts
* Feature Controls - Only allowing features to register all and read privileges (#31526)
* Only allowing features to register all and read privileges
* Making all and read optional properties required some existence checks
* Using Aleh's superior solution!
* No more unnecessary `as any`
* Feature Controls - Saved Object Management (#31332)
* Adding savedObject uiCapabilities that mirror the savedobject actions
* Using uiCapabilities to limit which types to search for
* Restricting which saved objects can be deleted based on type
* Hiding "view in app" button when we aren't allowed to
* Filtering the saved objects relationships based on the valid saved
object types
* Using dedicated savedObjectsManagement ui capabilities
* Adding readonly mode of viewing an object
* Displaying View In App if you can actually do so
* No more operations
* Moving saved objects ui capability population to kibana plugin
* Updating x-pack jest tests
* Adding security only saved objects management ui capability tests
* Adding security and spaces tests
* Adding spaces only saved objects managment ui capability tests
* Adding saved object management listing page functional tests
* Adding functional tests for edit visualization
* Consolidating canViewInApp and getInAppUrl into the same file
* Fixing imports
* One more stray import/export
* Adding back esFrom source
* Revert "Adding back esFrom source"
This reverts commit dfb626ace3.
* Updating jest snapshots
* Updating privileges
* Adding some logging
* Back to 10 seconds
* Trying to get more logs...
* Back to normal logging levels
* Fixing ui capability tests
* Putting timeouts back.
* Feature Controls - UI capability API integration tests with fixture plugins (#32086)
* Only testing the foo plugin for security and spaces
* Using the foo plugin with the security_only tests
* Changing spaces only tests to use the foo plugin
* Using list of features from api, and fixing bug with the spaces
interceptor
* Adding catalogue tests, which are alluding to another bug
* saved_objects catalogue aren't driven by ui capabilites presently
* Expanding the coverage for the spaces only catalogue tests
* Fixing some catalogue asserts
* Fixing catalogue tests for spaces_only, I had it backwards
* Adjusting Readme, adding "global read" scenario for security only tests
* Responding to PR feedback
* Adding back saved objects tests I accidentally deleted
* Fixing typescript issues, we can't import EUI on the server
* Fixing eslint error
* Updating Jest snapshots, fixing chrome mock
* Fixing dashboard listing test
* Adding missing await and forcing logout for graph functional tests
* Putting i18n string back
* Fixing type script issue
* Fixing canvas assert because of merge
* Fixing saved object api error assertations
* user-action is now a saved object type
* Fixing typescript error
* Fixing saved object actions as a result of the merge
* Feature Controls - Infrastructure and Logging (#31843)
* hide infra/logs apps if disabled via UICapabilities
* adds tests
* adds UICapability tests for infra and log apps
* update expected privilege/action mapping
* adds feature controls security tests for infraHome
* adds infra spaces feature control tests
* remove debug code
* a sample readonly implementation, ignoring 'logs' privileges
* ts fixes
* fix capability expectations
* Removing RequiresUICapability component, since there are no usages
* Driving the source configuration seperately for logs/infrastructure
* Adding infrastructure feature controls security functional tests
* Adding spaces infrastructure tests
* Adding logs functional tests
* Reworking the ui capability tests to be more consistent
* Fixing privileges API
* Forcing logout
* Fixing comma issue introduced by merge
* Fix merge conflicts and loading/unloading esarchives more consistently
* Removing unnecessary !!
* Fixing saved object management tests
* Fixing more tests
* Using the new context APIs
* Revert "Using the new context APIs"
This reverts commit 4776f1fc86.
* Adding future version of ui capabilities react provider
* Switching the order of the HOC's for infra and making the future the
default
* Applying Felix's PR feedback
* Protecting Infra's GraphQL APIs
* Updating privileges list
* Using the introspection query
* No longer using apollo context library, rephrasing test descriptions
* Fixing issue introduced by merge conflict, I forgot a }
* Putting back missplaced data test subj
* Updating jest snapshots
* Feature Controls - Short URLs (#32418)
* Discover is showing creating short urls properly
* Adding Discover functional tests
* When dashboards show the share menu you can always create short urls
* Visualize now displays the short urls link appropriately
* Dashboard all gets access to saved objects and updating privileges api
test
* Updating and adding short url test to url panel content
* Fixing misspelling
* Updating jest snapshot
* Adding comment why allowShortUrl is always true for Dashboards
* Updating snapshots
* Fixing snapshots, mocking chrome.getInjected
* Feature Controls - Uptime (#32577)
* Adding uptime functional tests
* Enabling feature controls for uptime
* Updating the privileges API's actions
* Using a single access tag for limiting API access
* Revising the behavior of maps read-only mode (#33338)
* Feature Controls - APIs (#32915)
* Using HapiJS's scopes to perform authorization on api endpoints
* Revert "Using HapiJS's scopes to perform authorization on api endpoints"
This reverts commit f73810c22d.
* Switching the syntax of the api tags
* Fixing privileges API
* Typescriptifying some dependencies of the api authorization extensions
* Using dedicated typescript file for api post auth filtering
* Adding tests and restructuring the flow of the api authorization
* Adjusting uptime's usage of privileges and the privileges test
* Integrating PR feedback
* Fixing graph test subject, thanks Joe!
* Consolidating hideWriteControls dashboard listing test
* Reusing maps constants
* Adding type to saved object management ui capability tests
* Feature Controls - Index Pattern Management (#33314)
* Enabling feature controls for index patterns
* Updating privileges API tests
* Fixing saved object management's view index patterns in app logic
* Fixing forgotten canViewInApp tests
* Fixing maps spaces functional tests
* Feature Controls - Differentiating the privileges with the same actions (#32266)
* Differentiating the privileges with the same actions
* The types for the lodash.uniqwith packare aren't right, and we need to
customize the isEqual also, so we're gonna do it ourselves
* Fixing dev tools ui capability
* Removing are equivalent privileges prevention, it's not what we really
need
* Requiring all to be more permissive than read on startup
* Transparently differentiating "all" from "read" feature privileges
* Fixing jest tests
* Adding the allHack: action to the space and global base privileges
* Changing actions to be readonly
* Adding JSDoc's for the Actions class and specifically the `allHack`
action
* Making the import of xpack_main types consistent
* Feature Controls: APM (#32812)
* Adding APM read privilege and adding functional UI tests
* Beginning to validate the APM routes are protected properly
* Protecting APM's APIs
* Specifying CI group
* Fixing privileges
* Adding forgotten apm show ui capability
* Fixing apm's privileges
* Fixing merge-conflict with privileges allHack: and APM
* address canvas feedback (#34269)
* [Feature Controls] - Plugin postInit (#29172)
## Summary
Throwing this up as a straw ~man~ person. If we like it, I can split it out and point the OSS changes against master if we'd prefer.
Introduces a `postInit` plugin hook that is called after all plugins have gone through their `preInit` and `init` phases, which allows the security plugin to call `registerPrivilegesWithCluster` after all plugins have had an opportunity to register their features.
* Feature Controls - Adds bulk toggle for showing/hiding features within a space (#34288)
## Summary
Adds a "Change all" option to the spaces management screen to allow all features to be shown/hidden:
Closes#34184
* Feature Controls - Unregistered Applications Authorization (#34122)
* Converting the app authorization to use typescript
* Adding jest tests
* Only authorizing app routes that are registered for features
* Using ProtectedApplications to lazily get feature applications
* Removing unneeded mocked headers as part of the authorization
* Adding some logging for the app authorization
* Fixing imports, thanks tslint --fix!
* Updating snapshots
* Feature Controls - Disable privilege form until spaces are selected (#34386)
## Summary
This disables the privilege selection until one or more spaces are selected in the role management form:
* Feature Controls - Visualize read-only create new (#34209)
* Allowing users to create new visualizations, even if they can't be saved
* Fixing privileges and tests
* Updating snapshot
* Removing visualize edit ui capability
* Feature Controls - Actions Version Prefix (#34405)
* Prefixing actions with version
* Updating privileges api integration test
* Update x-pack/plugins/security/server/lib/authorization/actions/saved_object.ts
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Requiring version to be a not empty string
* Updating jest snapshots
* Changing the 403 messages for the saved object client
* Fixing ui/chrome mock
* Feature Controls - Displaying share menu on dashboards when in read-only mode (#34207)
* Displaying share menu on dashboards when in read-only mode
* Fixing test description, thanks Luke!
* Fixing dashboard view mode tests because the share menu is now visible
* migrate from tslint to eslint
* Feature Controls - Reserved Role Apps (#30525)
* Removing feature privileges from ml/monitoring/apm
* Adding monitoring/ml/apm as hard-coded global privileges
* A poorly named abstraction enters the room
* No more wildcards, starting to move some stuff around
* Splitting out the feature privilege builders
* Using actions instead of relying on their implementation
* We don't need the saved object types any longer
* Explicitly specifying some actions that used to rely on wildcards
* Fixing api integration test for privileges
* Test fixture plugin which adds the globaltype now specifies a feature
* Unauthorized to find unknown types now
* Adding reserved privileges tests
* Adding reserved privileges in a designated reserved bucket
* Fixing ui capability tests
* Adding spaces api tests for apm/ml/monitoring users
* Adding more roles to the security only ui capability tests
* You can put a role with reserved privileges using the API
* Adding support to get roles with _reserved privileges
* Adding APM functional tests
* Adding monitoring functional tests
* Fixing typo
* Ensuring apm_user, monitoring_user alone don't authorize you
* Adding ml functional tests
* Fixing test
* Fixing some type errors
* Updating snapshots
* Fixing privileges tests
* Trying to force this to run from source
* Fixing TS errors
* Being a less noisy neighbor
* Forcing logout for apm/dashboard feature controls security tests
* Fixing the security only ui capability tests
* Removing test that monitoring now tests itself
* Fixing some ui capability tests
* Cleaning up the error page services
* Fixing misspelling in comment
* Using forceLogout for monitoring
* Removing code that never should have been there, sorry Larry
* Less leniency with the get roles
* Barely alphabetical for a bit
* Apply suggestions from code review
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Removing errant timeout
* No more hard coded esFrom source
* More nits
* Adding back esFrom source
* APM no longer uses reserved privileges, reserved privileges are
pluggable
* Fixing typescript errors
* Fixing ui capability test themselves
* Displaying reserved privileges for the space aware and simple forms
* Removing ability to PUT roles with _reserved privileges.
Removing ability to GET roles that have entries with both reserved and
feature/base privileges.
* Updating jest snapshots
* Changing the interface for a feature to register a reserved privilege to
include a description as well
* Displaying features with reserved privileges in the feature table
* Adjusting the reserved role privileges unit tests
* Changing usages of expect.js to @kbn/expect
* Changing the CalculatedPrivilege's _reserved property to reserved
* Allowing reserved privileges to be assigned at kibana-*
* Updating forgotten snapshot
* Validating reserved privileges
* Updating imports
* Removing --esFrom flag, we don't need it anymore
* Switching from tslint's ignore to eslint's ignore
* Feature Controls - Adds feature registration to plugin generator (#34537)
## Summary
This updates the plugin generator to allow plugin authors to automatically register their feature with the Feature Registry, for control via Spaces/Security.
Running:
```
elastic-mbp:kibana larry$ node scripts/generate_plugin.js test-plugin
? Provide a short description An awesome Kibana plugin
? What Kibana version are you targeting? master
? Should an app component be generated? Yes
? Should translation files be generated? Yes
? Should a hack component be generated? Yes
? Should a server API be generated? Yes
? Should SCSS be used? Yes
```
Generates the following:
```js
import { resolve } from 'path';
import { existsSync } from 'fs';
import { i18n } from '@kbn/i18n';
import exampleRoute from './server/routes/example';
export default function (kibana) {
return new kibana.Plugin({
require: ['elasticsearch'],
name: 'test_plugin',
uiExports: {
app: {
title: 'Test Plugin',
description: 'An awesome Kibana plugin',
main: 'plugins/test_plugin/app',
},
hacks: [
'plugins/test_plugin/hack'
],
styleSheetPaths: [resolve(__dirname, 'public/app.scss'), resolve(__dirname, 'public/app.css')].find(p => existsSync(p)),
},
config(Joi) {
return Joi.object({
enabled: Joi.boolean().default(true),
}).default();
},
init(server, options) { // eslint-disable-line no-unused-vars
const xpackMainPlugin = server.plugins.xpack_main;
if (xpackMainPlugin) {
const featureId = 'test_plugin';
xpackMainPlugin.registerFeature({
id: featureId,
name: i18n.translate('testPlugin.featureRegistry.featureName', {
defaultMessage: 'test-plugin',
}),
navLinkId: featureId,
icon: 'discoverApp',
app: [featureId, 'kibana'],
catalogue: [],
privileges: {
all: {
api: [],
savedObject: {
all: [],
read: ['config'],
},
ui: ['show'],
},
read: {
api: [],
savedObject: {
all: [],
read: ['config'],
},
ui: ['show'],
},
},
});
}
// Add server routes and initialize the plugin here
exampleRoute(server);
}
});
}
```
* Updating core system docs
* Fixing infra's dates with data for the functional tests
* [Feature Controls] - Move UICapabilities to the new platform (#30585)
## Summary
This moves the UI Capabilities service into the new platform, shimming into the old platform in a way that is consistent with the `i18n` service.
* Fixing uptime functional api tests
* Removing .only...
* [@kbn/expect] "fork" expect.js into repo
* [eslint] autofix references to expect.js
* [tslint] autofix all expect.js imports
* now that expect.js is in strict mode, avoid reassigning fn.length
* [visualize] update breadcrumbs when updating visualization
* [ftr] auto-scroll elements passed the fixed header if necessary
* [uiSettings] enable the k7design by default
* [ftr/services/flyout] add ensureClosed() and ensureAllClosed()
* [ftr/services/globalNav] implement globalNav service
* [ftr/services/appsMenu] implement service for using app menu
* [ftr/services/userMenu] add service for using user menu
* [ftr/discover+visualize] update assertions that are based on the app width
* [ftr/monitoring] pass test subjects to new breadcrumbs
* [headerGlobalNav] don't offset the app container in embed mode
* update heights for slightly smaller header
* [pageObjects/common] remove unused runScript method
* [pageObjects/common] remove almost unused doesCssSelectorExist method
* [pageObjects/graph] convert to use find/testSubjects services
* [pageObjects/discover] refactor out remote service
* [pageObjects/pointSeries] refactor out remote service
* [pageObjects/monitoring] refactor out remote service
* [ftr] refactor uses of remote to use browser or find
* [ftr/services/remote] wrap remote with browser service
* [pageObjects/security] refactor out uses of remote
* [ftr/services/browser] isolate element calls to find
* [ftr] rename remote service to __leadfoot__
* [ftr/leadfoot] cleanup some renames in find, keep names in other tests
* conditionalize Monitoring tests for Cloud testing
* make security_page/login wait
* revert these files from another PR
* revert these files from another PR
* refactor login page check, turn off telemetry
* significant refactor of navigateTo
* replace slashes with _ in test failure output html files
* re-do out of date PR
I've seen a few failures recently like https://kibana-ci.elastic.co/job/elastic+kibana+pull-request+multijob-selenium/4940/console which are caused by the modal not being visible, but if you look at the screenshot you can see the the modal was just about to be displayed but the find didn't wait quite long enough. ~~To fix this temporarily I've increased the `isConfirmModalOpen()` timeout from 2 to 5 seconds.~~
These tests are actually trying to assert that the modal is gone, so rather than simply checking the state of the modal once, the `CommonPage#isConfirmModalOpen()` method has been renamed to `CommonPage#expectConfirmModalOpenState()` which expects a boolean and will assert the state of the confirm modal within a retry, so that as long as the modal eventually transitions to that state it will eventually resolve.
* update snapshot tests
* Update time ranges
* Add sleeps, adjust time, update snapshots
* Skip TSVB until the issue with vertical line placement and x-axis timestamps is fixed
* fix expectations of time range with saved search creation
* remove debug line
In order to make the license that applies to each file as clear as possible, and to be consistent with elasticsearch, we are adding Apache 2.0 license headers to the top of each file.
Existence of this header is enforced by eslint and tslint and missing headers were automatically added in the last commit by running:
```
node scripts/eslint --fix && node scripts/tslint --fix
```
* EUI add panel
* implement add functionallity
* style flyout so top nav is not covered
* add noItemsMessage
* add new visualization button
* remove angular add_panel template
* seperate search bar and table into its own component
* fix functional tests
* make slide out panel own focus to avoid weirdness of letting other buttons in nav from getting clicked and leaving slide out open
* remove deprecated method componentWillMount
* add jest test for DashboardAddPanel
* fix paging and replace EuiSearcBar with EuiFieldSearch
* fix functional tests
* fix dashboard filter bar functional test
* another functional test fix
* add more context to functional test failure message
* give search input a default value
* remove call to waitForRenderComplete to see if tests will pass
* fix dashboard filtering test
* updates from Stacey-Gammon review
* support filtering out lab visualizations
* add functional test for testing visualize:enableLabs with add panel
* add sorting by title to SavedObjectFinder componenet
* move add panel tabs to state
* clean up labs test differently
* Expand coverage of dashboard tests and decrease time
* Fix timing error when sub urls fail to save from too fast app link clicking
* discover doesn't have breadcrumbs
* Check top nav text so it works on both listing and saved object edit/view pages
* need to do the add panel operations one at a time
* Need both types of input in filter
* Give test data a title
* Remove incorrect and unnecessary comment
* Move data around and get rid of 6_3 specific naming as we will end up migrating the data as we progress
* Remove code accidentally checked in
* [eslint] upgrade to 4.10.0
* [eslint-config-kibana] limit jest config to jest test files
* [ui_framework] remove trailing comma from rest-spreads
* [dashboard/tests] tag jest helpers with .test.js suffix
* explicitly import expect.js where used
* [eslint] apply auto-fixes
* [eslint] manually add/wrap some parens for compliance
* [npm] point to local packages for testing/review
* [jest] remove .test extension from jest helpers
* [ui_framework] fix trailing comma removal from 3bc661a1c8
* [packages] upgrade eslint packages
* Adds ability to change index pattern on import
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
* UI changes. Use a table in the modal grouped by index pattern id instead of multiple modals.
* PR feedback
* PR feedback
* PR updates
* Handle skip properly
* Fix error when there were no existing index patterns
* Tests for the new import conflict logic
* Fix invisible filters caused by missing index pattern (#14131)
"invisible filters" occur when the mapping chain throws an error. If a single filter throws an error, the entire chain rejects. As a result, not even the valid filters appear in the filter bar because they never get added to the scope. However the filters still exist in app state and still get sent with each search request.
The most common error occurs when the filter's meta.index property points to a non-existing index pattern. Since this property is only used for looking up field formatters and it is not essential for a working filter, we now fall back on raw values instead of failing if the index pattern is not found. See the PR this one replaces for discussion about other solutions we tried and why we chose to go this route.
* Show query and filter bars even when there's a linked search (#14212)
The query bar used to be hidden in the presence of a linked search because unlike filters, queries didn't get merged when flattening a SearchSource hierarchy. That means a query in the query bar would override the query in the linked search. This is no longer the case. As of 6.0 we include all queries in the SearchSource hierarchy in the final request, so there's no longer any reason to hide the query bar.
Since filters created via a Vis show up in the query bar when Kuery is selected, these filters now appear correctly even when there's a linked search in the vis editor.
Previously when unlinking a saved search visualize would insert the query and filters from the saved search into app state before removing the SearchSource from the hierarcy. This posed a problem because combining two lucene query strings isn't as easy as combing two sets of filters. We decided this behavior was a bit counterintuitive anyway. If the user wants to unlink the saved search, they probably want to discard it, not combine it with their local changes. So I've also updated the unlinking functionality to discard the saved search.
* limit wait time for baselayer (#14047)
* adding scope appy back (#14269)
* remove junk tests (#14191)
* We are using the index pattern id now
* Use the index pattern id here too
* Use an isolated es env for these tests
* Revert "Fix invisible filters caused by missing index pattern (#14131)"
This reverts commit e09d7ad1f9.
* Revert "Show query and filter bars even when there's a linked search (#14212)"
This reverts commit 3aee7c2bf0.
* Revert "limit wait time for baselayer (#14047)"
This reverts commit 44a71071ac.
* Revert "adding scope appy back (#14269)"
This reverts commit 51b6b51aac.
* Revert "remove junk tests (#14191)"
This reverts commit f06c18332b.
* Revert these
* Make sure no one can show the chrome if the default setting is hidden.
add tests
Fixes https://github.com/elastic/kibana/issues/13040
* Improve variable and function names and fix tests
* Stabalize tests and bring back flaky test
* Try to fix flaky map radius visualize test
* fix flaky tile map zoom test
* Try to fix flaky zoom test by avoiding zooming in and out with spy panel open
* Remove duplicate wrapped retry around find methods
The retry was moved internally, around a check for stale elements as
well, so this should no longer be neccessary.
* Revert "When on an embedded page, bypass Getting Started gate check (#12040)"
This reverts commit 05293f1c8d.
* Revert "Making tweaks. (#12003)"
This reverts commit aa3fa06f61.
* Revert "Functional tests for the Getting Started page (#11850)"
This reverts commit 099178a7ca.
* Revert "Prevent flicker on Getting Started page (#11826)"
This reverts commit c4b3ade27d.
* Revert "Getting Started page (#11805)"
This reverts commit 32eff371f2.
* Remove check for Getting Started page from navigateToApp
* attempt to fix dashboard view/edit flaky test
hope to fix https://github.com/elastic/kibana/issues/12014
* Need to wait for global loading indicator to be hidden once top nav is visible
* use Error object for throw
* inline function only used once
* Adding some more functionality to the Getting Started page object
* Using optOut method from Getting Started page object
* Adding functional tests for Getting Started page
This set of tests specifically tests the scenarios under which a user should or should not get redirected to the Getting Started page
* Adding log.debug message
* Conforming to HTML style guide
* Using new GettingStarted page object methods + opting out
* Adding test for nav being shown
* Removing unnecessary line
* Navigate to Discover expecting to be redirected to the Getting Started page
* Trying beforeEach instead of before
* Remove LS data index + load empty kibana index
* Removing unnecessary line
* Fixing order of operations
* [tests/functional] automatically opt-out of getting started page on navigation
* [test/functional/commonPage] avoid circular reference
* [test/functional/commonPage] move check for getting started after url has settled
* [gettingStarted] prevent route resolution by returning halt promises
* [test/functional/commonPage] wait for kibana to load before checking for getting started
* [uiRoutes/setupWork] provide a token that can be thrown to halt setup work
* [ui/routes] rename reference to WAIT_FOR_URL_CHANGE_TOKEN
* address review feedback
* fix focused button not being set
Need to do it in a timeout because ng-react hasn’t loaded the react
code yet, so it can’t find the buttons.
* add a test
that would have caught the issue, and also change the default focused
button for the listing delete page since it’s a destructive action.
* Add a comment
* Push focusing of default button into react code
* Push ESC key handling into react as well
* Remove ESC tests in angular form
They don’t pass, I’m guessing because of the way it’s triggered, but
these test cases should now be handled in jest. Also confirmed it
works as expected with the modal.
* Address code review comments
* Use autoFocus
* Getting Started page (#11673)
* Initial code
* Renaming files/folders
* Notes and changes from HTML/CSS review
* CSS changes
* Fixing transform units
* Fleshing out logo circle
* Adding logos
* Un-nesting styles
* Adding kuiText class on <p> elements
* Making shield icon 404 go away
* Using trustAsHtml filter; using registry
* Adding code for registry
* Adding images
* Hooking up the opt-out link
* Fixing linter issues
* Fix issue with refresh bringing back nav
* Removing load_default module
* Use GETTING_STARTED_ROUTE constant
* Allow topMessage to be a directive
* Adding kuiLink CSS class to anchor elements
* Adding alt text to images
* Replace getters with regular methods
* Remove leftover comment
* Removing unnecessary comment
* Fixing typo in comment
* Adding comments for message properties
* Fixing typo in method name
* Defining custom CSS class
* Fixing method call
* Creating custom CSS classes
* Adding documentation links
* Use a instead of button for demo link
* Allow directives in manage and monitor messages
* Refactoring shared code into single ui/public/getting_started folder
* Adding README
* Fixing whitespace in/around links
* Trim messages before setting them
* Decorate in-app links with opt-out attribute
* Opt out of the Getting Started page if the user already has index patterns
* Adding more commentary around expectations of setTopMessage use
* Using ng-src and ng-href attributes where attr values are angular expressions
* Importing the directive before using it
* Using ui/registry for message registries
* Renaming service => helpers to clarify intent
* Adding explanatory comment
* Adding "or"
* Fixing div id
* Breaks out the inject logic into another directive
* Adding Getting Started page object for functional tests
* Consolidate into one registry
* Fixes incorrect classes
* Changes how styles are applied to injected-items items
* Modifying class name per CSS style guide
* Adding getting started doc link
* Removing unused import
* Attempting to fix breaking build
Apparently the Getting Started page is preventing access to Console (Dev Tools, really) so the functional tests for Console are failing. This commit opts the user out of the Getting Started page before attempting to navigate to Console.
* Cleanup on aisle testbed! (#11765)
* Navigate to getting started page so we can opt out of it
* [tests/functional] move screenshots to their own service
* [ftr] add testFailure and testHookFailure lifecycle hooks
* [tests/functional/screenshots] cleanup old screenshots at startup
* [test/functional/screenshots] take screenshots when tests fail
* [cli_plugin/install] fix test
* [ui/scanner] fix test
* [git] ignore the entire root optimize directory
* [ftr] fix readConfigFile export
* [ftr/config] set default hostname and protocols for urls
* [chrome] make top-level chrome a test-subject
* [ftr/CommonPage] only auto-login when not navigating to the login page
* [functional_test_runner] replace functional testing tools with custom/pluggable solution
* [functional_test_runner] Convert unit tests to commonjs format
* [functional_test_runner] Fix dashboard test in wrong mode
* [functional_test_runner] Add dashboardLandingPage test subject
* [functional_test_runner] Get Visualize page object
* [functional_test_runner] Fix outdated references
* [functional_test_runner] Fix more outdated refs
* [functional_test_runner] Remove duplicate tests
* [functional_test_runner] Improve test readability
* [functional_test_runner] 😞 So many duplicate methods
* [functional_test_runner] Move mgmt `before` outside toplevel describe
* [functional_test_runner] Settings page obj missing methods
* [functional_test_runner] Add improvements from @gammon
* [functional_test_runner] Fix return statements in async funcs
* [functional_test_runner] Move before() to correct scope
* [functional_test_runner] Add after() hooks to remove index patterns
* [functional_test_runner] Attempt to fix vertical bar chart tests
* [functional_test_runner] Clean up
* [functional_test_runner] Reinstate unit tests
* [functional_test_runner] Set default loglevel back to info
* [functional_test_runner] Replace `context`s with `describe`s
* [functional_test_runner] Better error handling
* [functional_test_runner] Add in new Tile Map tests
* Incorporate changes from master
* [functional_test_runner] validate that every test file has a single top-level suite
* Update contributing doc with link to full doc
* [docs] Spelling and grammar fixes
* docs: writing and running functional tests
* [docs] Move plugin doc to plugin area
* [docs] Housekeeping. Doc in wrong place
* [docs] Remove dup doc file
* [grunt] Only run mocha_setup when running tests, not every grunt task
Dmitry Lemeshko
Matthias Wilhelm
Lee Drengenberg
Josh Dover
Liza Katz
Thomas Neirynck
Spencer
Alexey Antonov
Brandon Kobel
Joe Reuter
Luke Elmers
Rashmi Kulkarni
Bhavya RM
Stacey Gammon
Nathan Reese
CJ Cenizal
Spencer
Kim Joar Bekkelund
Chris Roberson
Shaunak Kashyap
