ML Kibana privileges opt-in using kibana.yml by kobelb · Pull Request #40073 · elastic/kibana

kobelb · 2019-07-01T18:29:02Z

No description provided.

elasticmachine · 2019-07-01T19:34:19Z

💔 Build Failed

continuous-integration/kibana-ci/pull-request

elasticmachine · 2019-07-01T20:48:53Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request

elasticmachine · 2019-07-08T23:49:57Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request

elasticmachine · 2019-07-09T21:34:23Z

💔 Build Failed

continuous-integration/kibana-ci/pull-request

kobelb · 2019-07-09T22:05:39Z

@legrego you mind giving the changes I made to the role management screens a review? I'm trying to determine whether we can avoid addressing #38101 as part of these changes.

kobelb · 2019-07-09T22:11:32Z

...it_role/components/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx

-          const isAllowedCustomizations =
-            allowedPrivileges[record.spacesIndex].base.privileges.length > 1;
+          const featureEntries = Object.values(allowedPrivileges[record.spacesIndex].feature);
+          const isAllowedCustomizations = featureEntries.some(entry => {


Without this change, if I gave the user global all and then a custom set of privileges at a space granting access to ML, it'd show "All" for the space specific privileges:

kobelb · 2019-07-09T22:14:22Z

...it_role/components/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx

            return (
              <PrivilegeDisplay
-                explanation={basePrivilege}
+                explanation={showCustomize ? undefined : basePrivilege}


Without this change, if I gave the user global all and then a custom set of privileges at a space granting access to ML, it'd show "Custom" with a lock even though it's truly just Custom:

kobelb · 2019-07-09T22:17:33Z

...dit_role/components/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx

      if (
        hasAssignedFeaturePrivileges(form) ||
-        explanation.actualPrivilege === NO_PRIVILEGE_VALUE ||
+        form.base.length === 0 ||


Without this change, if I gave the user global all and then created a new entry for the default space, the drop-down would default to "All" because this was the "actual privilege" which it inherited globally. Where-as elsewhere we default to "Custom" whenever we can:

elasticmachine · 2019-07-09T23:00:49Z

💔 Build Failed

continuous-integration/kibana-ci/pull-request

elasticmachine · 2019-07-10T00:09:37Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request

legrego · 2019-07-10T10:22:33Z

ACK, will look today

legrego

These changes seem reasonable enough to avoid rearchitecting the privilege calculator.

We're changing an assumption with this PR -- before, features could have either reserved or regular privileges, but never both. Now we have features with both..this is obviously expected as part of this effort, but I'm trying to think of any other places where this assumption is important...I can't think of anything right now, but I'll update if I come across anything else.

kobelb · 2019-07-10T15:45:16Z

Thanks @legrego, I'm gonna pull these changes out into another PR and add the necessary tests.

elasticmachine · 2019-07-16T16:42:54Z

💔 Build Failed

continuous-integration/kibana-ci/pull-request

elasticmachine · 2019-07-16T20:34:35Z

💔 Build Failed

continuous-integration/kibana-ci/pull-request

kobelb added 4 commits July 1, 2019 10:48

Allowing privileges to be excluded from the base privileges

cb8a0ba

ML now has reserved and actual privileges

08fb3b2

Allowing features with reserved and normal privileges to be listed

f0c84a3

Using a setting to control this

028f45a

Fixing linting issues

27e287a

kobelb added 3 commits July 3, 2019 06:55

Starting to update the privilege calculator

c41b469

Merge remote-tracking branch 'upstream/master' into poc/ml-opt-in

179d327

Reverting "Starting to update the privilege calculator"

c782e1b

Displaying "Custom" in the privilege table when it truly is custom

4b136cd

Defaulting to "custom" when there are no assigned base privileges

0dd5578

kobelb commented Jul 9, 2019

View reviewed changes

Removing unused variable

bb77943

legrego self-requested a review July 10, 2019 10:25

legrego reviewed Jul 10, 2019

View reviewed changes

Adjusting the logic for displaying "Custom" for feature privileges

60ab8d9

Fixing the privilege space table one more time

51e8ebd

kobelb mentioned this pull request Jul 18, 2019

Allow applications to register feature privileges which are excluded from the base privileges #41300

Merged

kobelb closed this Aug 2, 2019

Conversation

kobelb commented Jul 1, 2019

Uh oh!

elasticmachine commented Jul 1, 2019

💔 Build Failed

Uh oh!

elasticmachine commented Jul 1, 2019

💚 Build Succeeded

Uh oh!

elasticmachine commented Jul 8, 2019

💚 Build Succeeded

Uh oh!

elasticmachine commented Jul 9, 2019

💔 Build Failed

Uh oh!

kobelb commented Jul 9, 2019

Uh oh!

kobelb Jul 9, 2019

Choose a reason for hiding this comment

Uh oh!

kobelb Jul 9, 2019

Choose a reason for hiding this comment

Uh oh!

kobelb Jul 9, 2019

Choose a reason for hiding this comment

Uh oh!

elasticmachine commented Jul 9, 2019

💔 Build Failed

Uh oh!

elasticmachine commented Jul 10, 2019

💚 Build Succeeded

Uh oh!

legrego commented Jul 10, 2019

Uh oh!

legrego left a comment

Choose a reason for hiding this comment

Uh oh!

kobelb commented Jul 10, 2019

Uh oh!

elasticmachine commented Jul 16, 2019

💔 Build Failed

Uh oh!

elasticmachine commented Jul 16, 2019

💔 Build Failed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants