This PR adds _Role Based Access-Control_ to the Alerting framework & Actions feature using Kibana Feature Controls, addressing most of the Meta issue: https://github.com/elastic/kibana/issues/43994 This also closes https://github.com/elastic/kibana/issues/62438 This PR includes the following: 1. Adds `alerting` specific Security Actions (not to be confused with Alerting Actions) to the `security` plugin which allows us to assign alerting specific privileges to users of other plugins using the `features` plugin. 2. Removes the security wrapper from the savedObjectsClient in AlertsClient and instead plugs in the new AlertsAuthorization which performs the privilege checks on each api call made to the AlertsClient. 3. Adds privileges in each plugin that is already using the Alerting Framework which mirror (as closely as possible) the existing api-level tag-based privileges and plugs them into the AlertsClient. 4. Adds feature granted privileges arounds Actions (by relying on Saved Object privileges under the hood) and plugs them into the ActionsClient 5. Removes the legacy api-level tag-based privilege system from both the Alerts and Action HTTP APIs |
||
---|---|---|
.. | ||
common | ||
server | ||
kibana.json | ||
README.md |
alerting_builtins plugin
This plugin provides alertTypes shipped with Kibana for use with the the alerts plugin. When enabled, it will register the built-in alertTypes with the alerting plugin, register associated HTTP routes, etc.
The plugin setup
and start
contracts for this plugin are the following
type, which provides some runtime capabilities. Each built-in alertType will
have it's own top-level property in the IService
interface, if it needs to
expose functionality.
export interface IService {
indexThreshold: {
timeSeriesQuery(params: TimeSeriesQueryParameters): Promise<TimeSeriesResult>;
}
}
Each built-in alertType is described in it's own README:
- index threshold:
server/alert_types/index_threshold