4abe864f10
This PR adds _Role Based Access-Control_ to the Alerting framework & Actions feature using Kibana Feature Controls, addressing most of the Meta issue: https://github.com/elastic/kibana/issues/43994 This also closes https://github.com/elastic/kibana/issues/62438 This PR includes the following: 1. Adds `alerting` specific Security Actions (not to be confused with Alerting Actions) to the `security` plugin which allows us to assign alerting specific privileges to users of other plugins using the `features` plugin. 2. Removes the security wrapper from the savedObjectsClient in AlertsClient and instead plugs in the new AlertsAuthorization which performs the privilege checks on each api call made to the AlertsClient. 3. Adds privileges in each plugin that is already using the Alerting Framework which mirror (as closely as possible) the existing api-level tag-based privileges and plugs them into the AlertsClient. 4. Adds feature granted privileges arounds Actions (by relying on Saved Object privileges under the hood) and plugs them into the ActionsClient 5. Removes the legacy api-level tag-based privilege system from both the Alerts and Action HTTP APIs |
||
---|---|---|
.. | ||
common | ||
dev_docs | ||
e2e | ||
public | ||
scripts | ||
server | ||
typings | ||
.prettierrc | ||
CONTRIBUTING.md | ||
jest.config.js | ||
kibana.json | ||
readme.md |
Documentation for APM UI developers
Setup local environment
Kibana
git clone git@github.com:elastic/kibana.git
cd kibana/
yarn kbn bootstrap
yarn start --no-base-path
APM Server, Elasticsearch and data
To access an elasticsearch instance that has live data you have two options:
A. Connect to Elasticsearch on Cloud (internal devs only)
Find the credentials for the cluster here
B. Start Elastic Stack and APM data generators
git clone git@github.com:elastic/apm-integration-testing.git
cd apm-integration-testing/
./scripts/compose.py start master --all --no-kibana
Docker Compose is required
E2E (Cypress) tests
x-pack/plugins/apm/e2e/run-e2e.sh
Starts Kibana (:5701), APM Server (:8201) and Elasticsearch (:9201). Ingests sample data into Elasticsearch via APM Server and runs the Cypress tests
Unit testing
Note: Run the following commands from kibana/x-pack/plugins/apm
.
Run unit tests
npx jest --watch
Update snapshots
npx jest --updateSnapshot
Coverage
HTML coverage report can be found in target/coverage/jest after tests have run.
open target/coverage/jest/index.html
Functional tests
Start server
node scripts/functional_tests_server --config x-pack/test/functional/config.js
Run tests
node scripts/functional_test_runner --config x-pack/test/functional/config.js --grep='APM specs'
APM tests are located in x-pack/test/functional/apps/apm
.
For debugging access Elasticsearch on http://localhost:9220` (elastic/changeme)
API integration tests
Our tests are separated in two suites: one suite runs with a basic license, and the other with a trial license (the equivalent of gold+). This requires separate test servers and test runners.
Basic
# Start server
node scripts/functional_tests_server --config x-pack/test/apm_api_integration/basic/config.ts
# Run tests
node scripts/functional_test_runner --config x-pack/test/apm_api_integration/basic/config.ts
The API tests for "basic" are located in x-pack/test/apm_api_integration/basic/tests
.
Trial
# Start server
node scripts/functional_tests_server --config x-pack/test/apm_api_integration/trial/config.ts
# Run tests
node scripts/functional_test_runner --config x-pack/test/apm_api_integration/trial/config.ts
The API tests for "trial" are located in x-pack/test/apm_api_integration/trial/tests
.
For debugging access Elasticsearch on http://localhost:9220` (elastic/changeme)
Linting
Note: Run the following commands from kibana/
.
Prettier
yarn prettier "./x-pack/plugins/apm/**/*.{tsx,ts,js}" --write
ESLint
yarn eslint ./x-pack/plugins/apm --fix
Setup default APM users
APM behaves differently depending on which the role and permissions a logged in user has. For testing purposes APM uses 3 custom users:
apm_read_user: Apps: read. Indices: read (apm-*
)
apm_write_user: Apps: read/write. Indices: read (apm-*
)
kibana_write_user Apps: read/write. Indices: None
To create the users with the correct roles run the following script:
node x-pack/plugins/apm/scripts/setup-kibana-security.js --role-suffix <github-username-or-something-unique>
The users will be created with the password specified in kibana.dev.yml for elasticsearch.password
Debugging Elasticsearch queries
All APM api endpoints accept _debug=true
as a query param that will result in the underlying ES query being outputted in the Kibana backend process.
Example:
/api/apm/services/my_service?_debug=true
Storybook
Start the Storybook development environment with
yarn storybook apm
. All files with a .stories.tsx extension will be loaded.
You can access the development environment at http://localhost:9001.