github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Ent Search Deprecation] Remove permission check for capabilities catalogue (#202060)

Browse source 
This change is related to removing the permission check for capabilities
catalogue in enterprise search.

This PR resolves this
[issue](https://github.com/elastic/search-team/issues/8521).

### Description
Currently, this
[line](01de887060/x-pack/plugins/enterprise_search/server/plugin.ts (L234))
is registering kibana capabilities for app search and workplace search.
Enterprise search has it's own RBAC and this registration is an
extension of kibana's RBAC. Once we get rid of enterprisesearch nodes,
we do not need this any more.

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This commit is contained in:
Saikat Sarkar 2024-12-10 10:51:28 -07:00 committed by GitHub
parent 80f915f9e3
commit 7ca3b8e857
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 8 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

46
x-pack/plugins/enterprise_search/server/plugin.ts
View file

@ -13,7 +13,6 @@ import {
Logger,
SavedObjectsServiceStart,
IRouter,
KibanaRequest,
DEFAULT_APP_CATEGORIES,
} from '@kbn/core/server';
import { CustomIntegrationsPluginSetup } from '@kbn/custom-integrations-plugin/server';
@ -65,7 +64,6 @@ import { registerTelemetryUsageCollector as registerESTelemetryUsageCollector }
import { registerTelemetryUsageCollector as registerWSTelemetryUsageCollector } from './collectors/workplace_search/telemetry';
import { registerEnterpriseSearchIntegrations } from './integrations';
import { checkAccess } from './lib/check_access';
import { entSearchHttpAgent } from './lib/enterprise_search_http_agent';
import {
EnterpriseSearchRequestHandler,
@ -141,17 +139,9 @@ export class EnterpriseSearchPlugin implements Plugin {
}
public setup(
{
capabilities,
elasticsearch,
http,
savedObjects,
getStartServices,
uiSettings,
}: CoreSetup<PluginsStart>,
{ elasticsearch, http, savedObjects, getStartServices, uiSettings }: CoreSetup<PluginsStart>,
{
usageCollection,
security,
features,
globalSearch,
logsShared,
@ -285,40 +275,6 @@ export class EnterpriseSearchPlugin implements Plugin {
*/
uiSettings.register(enterpriseSearchUISettings);
/**
* Register user access to the Enterprise Search plugins
*/
capabilities.registerSwitcher(
async (request: KibanaRequest) => {
const [, { spaces }] = await getStartServices();
const dependencies = {
config,
security,
spaces,
request,
log,
ml,
};
const { hasAppSearchAccess, hasWorkplaceSearchAccess } = await checkAccess(dependencies);
return {
navLinks: {
appSearch: hasAppSearchAccess && config.canDeployEntSearch,
workplaceSearch: hasWorkplaceSearchAccess && config.canDeployEntSearch,
},
catalogue: {
appSearch: hasAppSearchAccess && config.canDeployEntSearch,
workplaceSearch: hasWorkplaceSearchAccess && config.canDeployEntSearch,
},
};
},
{
capabilityPath: ['navLinks.*', 'catalogue.*'],
}
);
/**
* Register routes
*/

10
x-pack/test/ui_capabilities/security_and_spaces/tests/catalogue.ts
View file

@ -59,15 +59,9 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
case 'everything_space_all at everything_space': {
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('catalogue');
// everything except spaces, monitoring, the classic enterprise search suite (app search/workplace search), and ES features are enabled
// everything except spaces, monitoring, and ES features are enabled
// (easier to say: all "proper" Kibana features are enabled)
const exceptions = [
'monitoring',
'appSearch',
'workplaceSearch',
'spaces',
...esFeatureExceptions,
];
const exceptions = ['monitoring', 'spaces', ...esFeatureExceptions];
const expected = mapValues(
uiCapabilities.value!.catalogue,
(enabled, catalogueId) => !exceptions.includes(catalogueId)

7
x-pack/test/ui_capabilities/security_and_spaces/tests/nav_links.ts
View file

@ -47,12 +47,7 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
case 'everything_space_all at everything_space':
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('navLinks');
expect(uiCapabilities.value!.navLinks).to.eql(
navLinksBuilder.except('monitoring', {
feature: 'enterpriseSearch',
apps: ['appSearch', 'workplaceSearch'],
})
);
expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.except('monitoring'));
break;
case 'global_read at everything_space':
case 'dual_privileges_read at everything_space':

15
x-pack/test/ui_capabilities/spaces_only/tests/catalogue.ts
View file

@ -25,13 +25,6 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
'watcher',
];
const uiCapabilitiesExceptions = [
// appSearch and workplace Search are loaded but disabled because the ent-search application isn't running.
// That means the following capabilities are disabled:
'appSearch',
'workplaceSearch',
];
describe('catalogue', () => {
SpaceScenarios.forEach((scenario) => {
it(`${scenario.name}`, async () => {
@ -41,10 +34,7 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('catalogue');
// everything is enabled
const expected = mapValues(
uiCapabilities.value!.catalogue,
(enabled, catalogueId) => !uiCapabilitiesExceptions.includes(catalogueId)
);
const expected = mapValues(uiCapabilities.value!.catalogue, (enabled) => enabled);
expect(uiCapabilities.value!.catalogue).to.eql(expected);
break;
}
@ -66,8 +56,7 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
// only foo is disabled
const expected = mapValues(
uiCapabilities.value!.catalogue,
(enabled, catalogueId) =>
!uiCapabilitiesExceptions.includes(catalogueId) && catalogueId !== 'foo'
(enabled, catalogueId) => catalogueId !== 'foo' && enabled
);
expect(uiCapabilities.value!.catalogue).to.eql(expected);
break;

15
x-pack/test/ui_capabilities/spaces_only/tests/nav_links.ts
View file

@ -17,13 +17,6 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
const uiCapabilitiesService: UICapabilitiesService = getService('uiCapabilities');
const featuresService: FeaturesService = getService('features');
const uiCapabilitiesExceptions = {
// appSearch and workplace Search are loaded but disabled because the ent-search application isn't running.
// That means the following capabilities are disabled:
feature: 'enterpriseSearch',
apps: ['appSearch', 'workplaceSearch'],
};
describe('navLinks', () => {
let navLinksBuilder: NavLinksBuilder;
before(async () => {
@ -38,9 +31,7 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
case 'everything_space':
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('navLinks');
expect(uiCapabilities.value!.navLinks).to.eql(
navLinksBuilder.except(uiCapabilitiesExceptions)
);
expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.all());
break;
case 'nothing_space':
expect(uiCapabilities.success).to.be(true);
@ -50,9 +41,7 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
case 'foo_disabled_space':
expect(uiCapabilities.success).to.be(true);
expect(uiCapabilities.value).to.have.property('navLinks');
expect(uiCapabilities.value!.navLinks).to.eql(
navLinksBuilder.except('foo', uiCapabilitiesExceptions)
);
expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.except('foo'));
break;
default:
throw new UnreachableError(scenario);