github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.15] [Fleet] Disable selecting standalone instructions for user without agent policies READ permissions (#187517) (#187605)

Browse source 
# Backport

This will backport the following commits from `main` to `8.15`:
- [[Fleet] Disable selecting standalone instructions for user without
agent policies READ permissions
(#187517)](https://github.com/elastic/kibana/pull/187517)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Nicolas
Chaulet","email":"nicolas.chaulet@elastic.co"},"sourceCommit":{"committedDate":"2024-07-04T13:45:20Z","message":"[Fleet]
Disable selecting standalone instructions for user without agent
policies READ permissions
(#187517)","sha":"c27ca409a4fcfa4a16e44558ab1302fa26f7f3b8","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","backport:prev-minor","v8.15.0","v8.16.0"],"title":"[Fleet]
Disable selecting standalone instructions for user without agent
policies READ
permissions","number":187517,"url":"https://github.com/elastic/kibana/pull/187517","mergeCommit":{"message":"[Fleet]
Disable selecting standalone instructions for user without agent
policies READ permissions
(#187517)","sha":"c27ca409a4fcfa4a16e44558ab1302fa26f7f3b8"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/187517","number":187517,"mergeCommit":{"message":"[Fleet]
Disable selecting standalone instructions for user without agent
policies READ permissions
(#187517)","sha":"c27ca409a4fcfa4a16e44558ab1302fa26f7f3b8"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Nicolas Chaulet <nicolas.chaulet@elastic.co>
This commit is contained in:
Kibana Machine 2024-07-05 00:54:09 +02:00 committed by GitHub
parent c616ed3da0
commit 2f4f5fff12
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 55 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

3
x-pack/plugins/fleet/common/authz.ts
View file

@ -144,8 +144,7 @@ export const calculateAuthz = ({
// These are currently used by Fleet Server setup
setup: fleet.all || fleet.setup,
readEnrollmentTokens: (fleet.all || fleet.setup || fleet.agents?.all) ?? false,
readAgentPolicies:
(fleet.all || fleet.read || fleet.setup || fleet.agentPolicies?.read) ?? false,
readAgentPolicies: (fleet.all || fleet.setup) ?? false,
};
return {

9
x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx
View file

@ -14,7 +14,7 @@ import type { RenderResult } from '@testing-library/react';
import { createFleetTestRendererMock } from '../../mock';
import type { AgentPolicy } from '../../../common';
import { sendGetOneAgentPolicy } from '../../hooks/use_request';
import { useAgentEnrollmentFlyoutData, useFleetServerStandalone } from '../../hooks';
import { useAgentEnrollmentFlyoutData, useAuthz, useFleetServerStandalone } from '../../hooks';
import { useAdvancedForm } from '../../applications/fleet/components/fleet_server_instructions/hooks';
import { useFleetServerUnhealthy } from '../../applications/fleet/sections/agents/hooks/use_fleet_server_unhealthy';
@ -22,6 +22,8 @@ import { useFleetServerUnhealthy } from '../../applications/fleet/sections/agent
import type { FlyOutProps } from './types';
import { AgentEnrollmentFlyout } from '.';
jest.mock('../../hooks/use_authz');
const render = (props?: Partial<FlyOutProps>) => {
cleanup();
const renderer = createFleetTestRendererMock();
@ -47,6 +49,11 @@ describe('<AgentEnrollmentFlyout />', () => {
let results: RenderResult;
beforeEach(async () => {
jest.mocked(useAuthz).mockReturnValue({
fleet: {
readAgentPolicies: true,
},
} as any);
jest.mocked(useFleetServerStandalone).mockReturnValue({ isFleetServerStandalone: false });
(useFleetServerUnhealthy as jest.Mock).mockReturnValue({

5
x-pack/plugins/fleet/public/components/agent_enrollment_flyout/index.tsx
View file

@ -28,6 +28,7 @@ import {
useFleetStatus,
useAgentEnrollmentFlyoutData,
useFleetServerHostsForPolicy,
useAuthz,
} from '../../hooks';
import { FLEET_SERVER_PACKAGE, MAX_FLYOUT_WIDTH } from '../../constants';
import type { PackagePolicy, AgentPolicy } from '../../types';
@ -61,6 +62,8 @@ export const AgentEnrollmentFlyout: React.FunctionComponent<FlyOutProps> = ({
return policies.find((p) => p.id === id);
};
const authz = useAuthz();
const fleetStatus = useFleetStatus();
const { docLinks } = useStartServices();
@ -172,6 +175,8 @@ export const AgentEnrollmentFlyout: React.FunctionComponent<FlyOutProps> = ({
data-test-subj="standaloneTab"
isSelected={mode === 'standalone'}
onClick={() => setMode('standalone')}
// Standalone need read access to agent policies
disabled={!authz.fleet.readAgentPolicies}
>
<FormattedMessage
id="xpack.fleet.agentEnrollment.enrollStandaloneTabLabel"

57
x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/installation_mode_selection_step.tsx
View file

@ -6,14 +6,34 @@
*/
import React from 'react';
import { EuiRadioGroup } from '@elastic/eui';
import { EuiRadioGroup, EuiToolTip } from '@elastic/eui';
import { FormattedMessage } from '@kbn/i18n-react';
import { i18n } from '@kbn/i18n';
import type { EuiContainedStepProps } from '@elastic/eui/src/components/steps/steps';
import { useAuthz } from '../../../hooks';
import type { FlyoutMode } from '../types';
const PermissionWrapper: React.FunctionComponent<{
showTooltip: boolean;
}> = ({ children, showTooltip }) => {
return showTooltip && children ? (
<EuiToolTip
content={
<FormattedMessage
id="xpack.fleet.agentFlyout.standaloneMissingPermissions"
defaultMessage="Read access to Agent Policies is required to see the standalone instructions."
/>
}
>
{children as React.ReactElement}
</EuiToolTip>
) : (
<>{children}</>
);
};
export const InstallationModeSelectionStep = ({
selectedPolicyId,
mode,
@ -23,6 +43,7 @@ export const InstallationModeSelectionStep = ({
mode: FlyoutMode;
setMode: (v: FlyoutMode) => void;
}): EuiContainedStepProps => {
const authz = useAuthz();
// radio id has to be unique so that the component works even if appears twice in DOM
const radioSuffix = 'installation_mode_agent_selection';
@ -63,22 +84,26 @@ export const InstallationModeSelectionStep = ({
},
{
id: `standalone_${radioSuffix}`,
// Disabled if no agentPolicies read permission
disabled: !authz.fleet.readAgentPolicies,
label: (
<FormattedMessage
data-test-subj="agentFlyoutStandaloneRadioButtons"
id="xpack.fleet.agentFlyout.standaloneRadioOption"
defaultMessage="{standaloneMessage} Run an Elastic Agent standalone to configure and update the agent manually on the host where the agent is installed."
values={{
standaloneMessage: (
<strong>
<FormattedMessage
id="xpack.fleet.agentFlyout.standaloneMessage"
defaultMessage="Run standalone"
/>
</strong>
),
}}
/>
<PermissionWrapper showTooltip={!authz.fleet.readAgentPolicies}>
<FormattedMessage
data-test-subj="agentFlyoutStandaloneRadioButtons"
id="xpack.fleet.agentFlyout.standaloneRadioOption"
defaultMessage="{standaloneMessage} Run an Elastic Agent standalone to configure and update the agent manually on the host where the agent is installed."
values={{
standaloneMessage: (
<strong>
<FormattedMessage
id="xpack.fleet.agentFlyout.standaloneMessage"
defaultMessage="Run standalone"
/>
</strong>
),
}}
/>
</PermissionWrapper>
),
},
]}