github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.x] [Inventory] Check permissions before registering the Inventory plugin in observabilityShared navigation (#195557) (#195758)

Browse source 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Inventory] Check permissions before registering the Inventory plugin
in observabilityShared navigation
(#195557)](https://github.com/elastic/kibana/pull/195557)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Irene
Blanco","email":"irene.blanco@elastic.co"},"sourceCommit":{"committedDate":"2024-10-10T12:32:37Z","message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
https://github.com/elastic/kibana/issues/195360
and\r\nhttps://github.com/elastic/kibana/issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-infra_services","v8.16.0"],"title":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared
navigation","number":195557,"url":"https://github.com/elastic/kibana/pull/195557","mergeCommit":{"message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
https://github.com/elastic/kibana/issues/195360
and\r\nhttps://github.com/elastic/kibana/issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195557","number":195557,"mergeCommit":{"message":"[Inventory]
Check permissions before registering the Inventory plugin in
observabilityShared navigation (#195557)\n\n## Summary\r\n\r\nFixes
https://github.com/elastic/kibana/issues/195360
and\r\nhttps://github.com/elastic/kibana/issues/195560\r\n\r\nThis PR
fixes a bug where the Inventory plugin is improperly registered\r\nin
the ObservabilityShared navigation, even in spaces that lack
the\r\nrequired permissions or for user roles that don't have
permissions. As a\r\nresult, the Inventory link appears in the
navigation whenever the\r\nspace/user has access to any other
Observability plugin.\r\n\r\n\r\n### Space permissions\r\n####
Before\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](d6c98df5-6975-4e95-be24-7e53e6e1ee02)|\r\n\r\n\r\n#####
After\r\n|Space config|ObservabilityShared
navigation|\r\n|-|-|\r\n|![Screenshot 2024-10-09 at 11
47\r\n34](https://github.com/user-attachments/assets/2f5be4c0-4f32-4103-b43a-059e435f730c)|![Screenshot\r\n2024-10-09
at 11
47\r\n12](https://github.com/user-attachments/assets/9dce6095-0a65-4c1d-973f-8a96c330fd08)|\r\n|![Screenshot
2024-10-09 at 11
47\r\n59](https://github.com/user-attachments/assets/f697e646-c034-41d8-b546-925ba4c9fb3a)|![Screenshot\r\n2024-10-09
at 11
48\r\n09](https://github.com/user-attachments/assets/200cf3d3-b7a3-4a42-84ec-48dcf563ad37)|\r\n\r\n\r\n###
User permissions\r\n\r\n#### Before\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](4ffb48a9-81f0-48bd-9156-a98e3361c279)|\r\n\r\n\r\n####
After\r\n|Role config|ObservabilityShared
navigation|\r\n|-|-|\r\n\r\n|![Image](https://github.com/user-attachments/assets/74e52c43-0da9-4878-813d-049c1f9f2f83)|<img\r\nwidth=\"1266\"
alt=\"Screenshot 2024-10-09 at 12 52
48\"\r\nsrc=\"https://github.com/user-attachments/assets/5d21bbef-53ca-4d83-84b7-d471a12a40e3\">|","sha":"7927ebf2a6e3bc459acb6d3217cb87ba8f837e09"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Irene Blanco <irene.blanco@elastic.co>
This commit is contained in:
Kibana Machine 2024-10-11 01:24:45 +11:00 committed by GitHub
parent a6f4228d2b
commit 013bfcac67
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 54 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/observability_solution/inventory/.storybook/get_mock_inventory_context.tsx
View file

@ -13,6 +13,7 @@ import type { InferencePublicStart } from '@kbn/inference-plugin/public';
import type { ObservabilitySharedPluginStart } from '@kbn/observability-shared-plugin/public';
import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
import type { SharePluginStart } from '@kbn/share-plugin/public';
import type { SpacesPluginStart } from '@kbn/spaces-plugin/public';
import type { InventoryKibanaContext } from '../public/hooks/use_kibana';
import type { ITelemetryClient } from '../public/services/telemetry/types';
@ -33,5 +34,6 @@ export function getMockInventoryContext(): InventoryKibanaContext {
fetch: jest.fn(),
stream: jest.fn(),
},
spaces: {} as unknown as SpacesPluginStart,
};
}

2
x-pack/plugins/observability_solution/inventory/kibana.jsonc
View file

@ -19,7 +19,7 @@
"share"
],
"requiredBundles": ["kibanaReact"],
"optionalPlugins": [],
"optionalPlugins": ["spaces"],
"extraPublicDirs": []
}
}

75
x-pack/plugins/observability_solution/inventory/public/plugin.ts
View file

@ -17,7 +17,7 @@ import {
import { INVENTORY_APP_ID } from '@kbn/deeplinks-observability/constants';
import { i18n } from '@kbn/i18n';
import type { Logger } from '@kbn/logging';
import { from, map } from 'rxjs';
import { from, map, mergeMap, of } from 'rxjs';
import { createCallInventoryAPI } from './api';
import { TelemetryService } from './services/telemetry/telemetry_service';
import { InventoryServices } from './services/types';
@ -54,34 +54,53 @@ export class InventoryPlugin
'observability:entityCentricExperience',
true
);
const getStartServices = coreSetup.getStartServices();
if (isEntityCentricExperienceSettingEnabled) {
pluginsSetup.observabilityShared.navigation.registerSections(
from(coreSetup.getStartServices()).pipe(
map(([coreStart, pluginsStart]) => {
return [
{
label: '',
sortKey: 300,
entries: [
{
label: i18n.translate('xpack.inventory.inventoryLinkTitle', {
defaultMessage: 'Inventory',
}),
app: INVENTORY_APP_ID,
path: '/',
matchPath(currentPath: string) {
return ['/', ''].some((testPath) => currentPath.startsWith(testPath));
},
isTechnicalPreview: true,
const hideInventory$ = from(getStartServices).pipe(
mergeMap(([coreStart, pluginsStart]) => {
if (pluginsStart.spaces) {
return from(pluginsStart.spaces.getActiveSpace()).pipe(
map(
(space) =>
space.disabledFeatures.includes(INVENTORY_APP_ID) ||
!coreStart.application.capabilities.inventory.show
)
);
}
return of(!coreStart.application.capabilities.inventory.show);
})
);
const sections$ = hideInventory$.pipe(
map((hideInventory) => {
if (isEntityCentricExperienceSettingEnabled && !hideInventory) {
return [
{
label: '',
sortKey: 300,
entries: [
{
label: i18n.translate('xpack.inventory.inventoryLinkTitle', {
defaultMessage: 'Inventory',
}),
app: INVENTORY_APP_ID,
path: '/',
matchPath(currentPath: string) {
return ['/', ''].some((testPath) => currentPath.startsWith(testPath));
},
],
},
];
})
)
);
}
isTechnicalPreview: true,
},
],
},
];
}
return [];
})
);
pluginsSetup.observabilityShared.navigation.registerSections(sections$);
this.telemetry.setup({ analytics: coreSetup.analytics });
const telemetry = this.telemetry.start();
@ -102,7 +121,7 @@ export class InventoryPlugin
// Load application bundle and Get start services
const [{ renderApp }, [coreStart, pluginsStart]] = await Promise.all([
import('./application'),
coreSetup.getStartServices(),
getStartServices,
]);
const services: InventoryServices = {

2
x-pack/plugins/observability_solution/inventory/public/types.ts
View file

@ -17,6 +17,7 @@ import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/publi
import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
import type { DataViewsPublicPluginStart } from '@kbn/data-views-plugin/public';
import type { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public';
import type { SpacesPluginStart } from '@kbn/spaces-plugin/public';
/* eslint-disable @typescript-eslint/no-empty-interface*/
@ -38,6 +39,7 @@ export interface InventoryStartDependencies {
data: DataPublicPluginStart;
entityManager: EntityManagerPublicPluginStart;
share: SharePluginStart;
spaces?: SpacesPluginStart;
}
export interface InventoryPublicSetup {}

3
x-pack/plugins/observability_solution/inventory/tsconfig.json
View file

@ -45,6 +45,7 @@
"@kbn/config-schema",
"@kbn/elastic-agent-utils",
"@kbn/custom-icons",
"@kbn/ui-theme"
"@kbn/ui-theme",
"@kbn/spaces-plugin"
]
}