Skip to content

Commit a636454

Browse files
elena-shostakkibanamachine
elena-shostak
and
kibanamachine
authored
[Spaces] API endpoint for roles which have access to a given space (#181165)
## Summary Added endpoint `GET kbn:/internal/security/roles/{space-id}` to get all roles for provided space id. **Note**: changes needed for application `*` privileges were cherry-picked [to a separate PR].(#181400) ## Example Request `GET kbn:/internal/security/roles/space-b` Response ``` [ { "name": "role-a", "metadata": {}, "transient_metadata": { "enabled": true }, "elasticsearch": { "cluster": [ "all" ], "indices": [], "run_as": [] }, "kibana": [ { "base": [], "feature": { "dev_tools": [ "all" ] }, "spaces": [ "default", "space-b" ] } ], "_transform_error": [], "_unrecognized_applications": [] }, { "name": "superuser", "metadata": { "_reserved": true }, "transient_metadata": {}, "elasticsearch": { "cluster": [ "all" ], "indices": [ { "names": [ "*" ], "privileges": [ "all" ], "allow_restricted_indices": false }, { "names": [ "*" ], "privileges": [ "monitor", "read", "view_index_metadata", "read_cross_cluster" ], "allow_restricted_indices": true } ], "remote_indices": [ { "names": [ "*" ], "privileges": [ "all" ], "allow_restricted_indices": false, "clusters": [ "*" ] }, { "names": [ "*" ], "privileges": [ "monitor", "read", "view_index_metadata", "read_cross_cluster" ], "allow_restricted_indices": true, "clusters": [ "*" ] } ], "run_as": [ "*" ] }, "kibana": [ { "base": [ "all" ], "feature": {}, "spaces": [ "*" ] } ], "_transform_error": [], "_unrecognized_applications": [ "*" ] } ] ``` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) __Fixes: https://github.com/elastic/kibana/issues/180718__ --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
1 parent f5d7eb6 commit a636454

10 files changed

Lines changed: 506 additions & 14 deletions

File tree

x-pack/plugins/security/server/authorization/index.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,5 +9,5 @@ export { Actions } from './actions';
99
export type { AuthorizationServiceSetupInternal } from './authorization_service';
1010
export { AuthorizationService } from './authorization_service';
1111
export type { ElasticsearchRole } from './roles';
12-
export { transformElasticsearchRoleToRole } from './roles';
12+
export { transformElasticsearchRoleToRole, compareRolesByName } from './roles';
1313
export type { CasesSupportedOperations } from './privileges';

x-pack/plugins/security/server/authorization/privileges/privileges.test.ts

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -282,6 +282,7 @@ describe('features', () => {
282282
...(expectDecryptedTelemetry ? [actions.api.get('decryptedTelemetry')] : []),
283283
...(expectGetFeatures ? [actions.api.get('features')] : []),
284284
...(expectGetFeatures ? [actions.api.get('taskManager')] : []),
285+
...(expectGetFeatures ? [actions.api.get('manageSpaces')] : []),
285286
...(expectManageSpaces
286287
? [
287288
actions.space.manage,
@@ -506,6 +507,7 @@ describe('features', () => {
506507
...(expectDecryptedTelemetry ? [actions.api.get('decryptedTelemetry')] : []),
507508
...(expectGetFeatures ? [actions.api.get('features')] : []),
508509
...(expectGetFeatures ? [actions.api.get('taskManager')] : []),
510+
...(expectGetFeatures ? [actions.api.get('manageSpaces')] : []),
509511
...(expectManageSpaces
510512
? [
511513
actions.space.manage,
@@ -574,6 +576,7 @@ describe('features', () => {
574576
...(expectDecryptedTelemetry ? [actions.api.get('decryptedTelemetry')] : []),
575577
...(expectGetFeatures ? [actions.api.get('features')] : []),
576578
...(expectGetFeatures ? [actions.api.get('taskManager')] : []),
579+
...(expectGetFeatures ? [actions.api.get('manageSpaces')] : []),
577580
...(expectManageSpaces
578581
? [
579582
actions.space.manage,
@@ -643,6 +646,7 @@ describe('features', () => {
643646
...(expectDecryptedTelemetry ? [actions.api.get('decryptedTelemetry')] : []),
644647
...(expectGetFeatures ? [actions.api.get('features')] : []),
645648
...(expectGetFeatures ? [actions.api.get('taskManager')] : []),
649+
...(expectGetFeatures ? [actions.api.get('manageSpaces')] : []),
646650
...(expectManageSpaces
647651
? [
648652
actions.space.manage,
@@ -910,6 +914,7 @@ describe('subFeatures', () => {
910914
actions.api.get('decryptedTelemetry'),
911915
actions.api.get('features'),
912916
actions.api.get('taskManager'),
917+
actions.api.get('manageSpaces'),
913918
actions.space.manage,
914919
actions.ui.get('spaces', 'manage'),
915920
actions.ui.get('management', 'kibana', 'spaces'),
@@ -1068,6 +1073,7 @@ describe('subFeatures', () => {
10681073
actions.api.get('decryptedTelemetry'),
10691074
actions.api.get('features'),
10701075
actions.api.get('taskManager'),
1076+
actions.api.get('manageSpaces'),
10711077
actions.space.manage,
10721078
actions.ui.get('spaces', 'manage'),
10731079
actions.ui.get('management', 'kibana', 'spaces'),
@@ -1303,6 +1309,7 @@ describe('subFeatures', () => {
13031309
actions.api.get('decryptedTelemetry'),
13041310
actions.api.get('features'),
13051311
actions.api.get('taskManager'),
1312+
actions.api.get('manageSpaces'),
13061313
actions.space.manage,
13071314
actions.ui.get('spaces', 'manage'),
13081315
actions.ui.get('management', 'kibana', 'spaces'),
@@ -1441,6 +1448,7 @@ describe('subFeatures', () => {
14411448
actions.api.get('decryptedTelemetry'),
14421449
actions.api.get('features'),
14431450
actions.api.get('taskManager'),
1451+
actions.api.get('manageSpaces'),
14441452
actions.space.manage,
14451453
actions.ui.get('spaces', 'manage'),
14461454
actions.ui.get('management', 'kibana', 'spaces'),
@@ -1619,6 +1627,7 @@ describe('subFeatures', () => {
16191627
actions.api.get('decryptedTelemetry'),
16201628
actions.api.get('features'),
16211629
actions.api.get('taskManager'),
1630+
actions.api.get('manageSpaces'),
16221631
actions.space.manage,
16231632
actions.ui.get('spaces', 'manage'),
16241633
actions.ui.get('management', 'kibana', 'spaces'),
@@ -1755,6 +1764,7 @@ describe('subFeatures', () => {
17551764
actions.api.get('decryptedTelemetry'),
17561765
actions.api.get('features'),
17571766
actions.api.get('taskManager'),
1767+
actions.api.get('manageSpaces'),
17581768
actions.space.manage,
17591769
actions.ui.get('spaces', 'manage'),
17601770
actions.ui.get('management', 'kibana', 'spaces'),
@@ -1969,6 +1979,7 @@ describe('subFeatures', () => {
19691979
actions.api.get('decryptedTelemetry'),
19701980
actions.api.get('features'),
19711981
actions.api.get('taskManager'),
1982+
actions.api.get('manageSpaces'),
19721983
actions.space.manage,
19731984
actions.ui.get('spaces', 'manage'),
19741985
actions.ui.get('management', 'kibana', 'spaces'),
@@ -2202,6 +2213,7 @@ describe('subFeatures', () => {
22022213
actions.api.get('decryptedTelemetry'),
22032214
actions.api.get('features'),
22042215
actions.api.get('taskManager'),
2216+
actions.api.get('manageSpaces'),
22052217
actions.space.manage,
22062218
actions.ui.get('spaces', 'manage'),
22072219
actions.ui.get('management', 'kibana', 'spaces'),
@@ -2471,6 +2483,7 @@ describe('subFeatures', () => {
24712483
actions.api.get('decryptedTelemetry'),
24722484
actions.api.get('features'),
24732485
actions.api.get('taskManager'),
2486+
actions.api.get('manageSpaces'),
24742487
actions.space.manage,
24752488
actions.ui.get('spaces', 'manage'),
24762489
actions.ui.get('management', 'kibana', 'spaces'),

x-pack/plugins/security/server/authorization/privileges/privileges.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,7 @@ export function privilegesFactory(
109109
actions.api.get('decryptedTelemetry'),
110110
actions.api.get('features'),
111111
actions.api.get('taskManager'),
112+
actions.api.get('manageSpaces'),
112113
actions.space.manage,
113114
actions.ui.get('spaces', 'manage'),
114115
actions.ui.get('management', 'kibana', 'spaces'),

x-pack/plugins/security/server/authorization/roles/elasticsearch_role.ts

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -321,3 +321,15 @@ const extractUnrecognizedApplicationNames = (
321321
function getUniqueList<T>(list: T[]) {
322322
return Array.from(new Set<T>(list));
323323
}
324+
325+
export const compareRolesByName = (roleA: Role, roleB: Role) => {
326+
if (roleA.name < roleB.name) {
327+
return -1;
328+
}
329+
330+
if (roleA.name > roleB.name) {
331+
return 1;
332+
}
333+
334+
return 0;
335+
};

x-pack/plugins/security/server/authorization/roles/index.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,4 @@
66
*/
77

88
export type { ElasticsearchRole } from './elasticsearch_role';
9-
export { transformElasticsearchRoleToRole } from './elasticsearch_role';
9+
export { transformElasticsearchRoleToRole, compareRolesByName } from './elasticsearch_role';

x-pack/plugins/security/server/routes/authorization/roles/get_all.ts

Lines changed: 2 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
*/
77

88
import type { RouteDefinitionParams } from '../..';
9-
import { transformElasticsearchRoleToRole } from '../../../authorization';
9+
import { compareRolesByName, transformElasticsearchRoleToRole } from '../../../authorization';
1010
import { wrapIntoCustomErrorResponse } from '../../../errors';
1111
import { createLicensedRouteHandler } from '../../licensed_route_handler';
1212

@@ -45,17 +45,7 @@ export function defineGetAllRolesRoutes({
4545
.filter((role) => {
4646
return !hideReservedRoles || !role.metadata?._reserved;
4747
})
48-
.sort((roleA, roleB) => {
49-
if (roleA.name < roleB.name) {
50-
return -1;
51-
}
52-
53-
if (roleA.name > roleB.name) {
54-
return 1;
55-
}
56-
57-
return 0;
58-
}),
48+
.sort(compareRolesByName),
5949
});
6050
} catch (error) {
6151
return response.customError(wrapIntoCustomErrorResponse(error));

0 commit comments

Comments
 (0)