[Alerting] Split alerting feature privilege between rules and alerts and handle subfeature privilege specification (#100127)

* WIP - creating alerting authorization client factory and exposing authorization client on plugin start contract * Updating alerting feature privilege builder to handle different alerting types * Passing in alerting authorization type to AlertingActions class string builder * Passing in authorization type in each function call * Passing in exempt consumer ids. Adding authorization type to audit logger * Changing alertType to ruleType * Changing alertType to ruleType * Updating unit tests * Updating unit tests * Passing field names into authorization query builder. Adding kql/es dsl option * Converting to es query if requested * Fixing functional tests * Removing ability to specify feature privilege name in constructor * Fixing some types and tests * Consolidating alerting authorization kuery filter options * Cleanup and tests * Cleanup and tests * Initial commit with changes needed for subfeature privilege * Throwing error when AlertingAuthorizationClientFactory is not defined * Renaming authorizationType to entity * Renaming AlertsAuthorization to AlertingAuthorization * Fixing unit tests * Changing schema of alerting feature privilege * Changing schema of alerting feature privilege * Updating feature privilege iterator * Updating feature privilege builder * Fixing types check * Updating privilege string terminology * Updating privilege string terminology * Wip * Fixing unit tests * Unit tests * Updating README and removing stack subfeature privilege changes * Fixing README Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 17:59:23 -04:00 · 2021-05-27 14:59:02 -04:00 · 2021-05-27 14:59:02 -04:00 · 71379b755a
commit 71379b755a
parent f0e11bcd1b
22 changed files with 1652 additions and 358 deletions
--- a/x-pack/plugins/features/common/feature_kibana_privileges.ts
+++ b/x-pack/plugins/features/common/feature_kibana_privileges.ts
@ -82,27 +82,50 @@ export interface FeatureKibanaPrivileges {
   * Alert Types and Alert Types provided by other features to which you wish to grant access.
   */
  alerting?: {
-    /**
-     * List of alert types which users should have full read/write access to when granted this privilege.
-     * @example
-     * ```ts
-     *  {
-     *    all: ['my-alert-type-within-my-feature']
-     *  }
-     * ```
-     */
-    all?: readonly string[];
-
-    /**
-     * List of alert types which users should have read-only access to when granted this privilege.
-     * @example
-     * ```ts
-     *  {
-     *    read: ['my-alert-type']
-     *  }
-     * ```
-     */
-    read?: readonly string[];
+    rule?: {
+      /**
+       * List of rule types which users should have full read/write access to when granted this privilege.
+       * @example
+       * ```ts
+       *  {
+       *    all: ['my-alert-type-within-my-feature']
+       *  }
+       * ```
+       */
+      all?: readonly string[];
+      /**
+       * List of rule types which users should have read-only access to when granted this privilege.
+       * @example
+       * ```ts
+       *  {
+       *    read: ['my-alert-type']
+       *  }
+       * ```
+       */
+      read?: readonly string[];
+    };
+    alert?: {
+      /**
+       * List of rule types for which users should have full read/write access their alert data to when granted this privilege.
+       * @example
+       * ```ts
+       *  {
+       *    all: ['my-alert-type-within-my-feature']
+       *  }
+       * ```
+       */
+      all?: readonly string[];
+      /**
+       * List of rule types for which users should have read-only access to their alert data when granted this privilege.
+       * @example
+       * ```ts
+       *  {
+       *    read: ['my-alert-type']
+       *  }
+       * ```
+       */
+      read?: readonly string[];
+    };
  };
  /**
   * If your feature requires access to specific saved objects, then specify your access needs here.