Support for sub-feature privileges (#60563)

* initial server-side support for sub-feature privileges (#57507)

* initial server-side support for sub-feature privileges

* start addressing PR feedback

* renaming interfaces

* move privilege id collision check to security plugin

* additional testing

* change featurePrivilegeIterator import location

* fix link assertions following rebase from master

* Initial UI support for sub-feature privileges (#59198)

* Initial UI support for sub-feature privileges

* Address PR feedback

* display deleted spaces correctly in the privilege summary

* additional testing

* update snapshot

* Enables sub-feature privileges for gold+ licenses (#59750)

* enables sub-feature privileges for gold+ licenses

* Address PR feedback

* address platform review feedback

x-pack/test/api_integration/apis/security/privileges_basic.ts

@@ -0,0 +1,75 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import util from 'util';
+import { isEqual } from 'lodash';
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function({ getService }: FtrProviderContext) {
+  const supertest = getService('supertest');
+
+  describe('Privileges', () => {
+    describe('GET /api/security/privileges', () => {
+      it('should return a privilege map with all known privileges, without actions', async () => {
+        // If you're adding a privilege to the following, that's great!
+        // If you're removing a privilege, this breaks backwards compatibility
+        // Roles are associated with these privileges, and we shouldn't be removing them in a minor version.
+        const expected = {
+          features: {
+            discover: ['all', 'read'],
+            visualize: ['all', 'read'],
+            dashboard: ['all', 'read'],
+            dev_tools: ['all', 'read'],
+            advancedSettings: ['all', 'read'],
+            indexPatterns: ['all', 'read'],
+            savedObjectsManagement: ['all', 'read'],
+            timelion: ['all', 'read'],
+            graph: ['all', 'read'],
+            maps: ['all', 'read'],
+            canvas: ['all', 'read'],
+            infrastructure: ['all', 'read'],
+            logs: ['all', 'read'],
+            uptime: ['all', 'read'],
+            apm: ['all', 'read'],
+            siem: ['all', 'read'],
+            endpoint: ['all', 'read'],
+            ingestManager: ['all', 'read'],
+          },
+          global: ['all', 'read'],
+          space: ['all', 'read'],
+          reserved: ['ml', 'monitoring'],
+        };
+
+        await supertest
+          .get('/api/security/privileges')
+          .set('kbn-xsrf', 'xxx')
+          .send()
+          .expect(200)
+          .expect((res: any) => {
+            // when comparing privileges, the order of the privileges doesn't matter.
+            // supertest uses assert.deepStrictEqual.
+            // expect.js doesn't help us here.
+            // and lodash's isEqual doesn't know how to compare Sets.
+            const success = isEqual(res.body, expected, (value, other, key) => {
+              if (Array.isArray(value) && Array.isArray(other)) {
+                return isEqual(value.sort(), other.sort());
+              }
+
+              // Lodash types aren't correct, `undefined` should be supported as a return value here and it
+              // has special meaning.
+              return undefined as any;
+            });
+
+            if (!success) {
+              throw new Error(
+                `Expected ${util.inspect(res.body)} to equal ${util.inspect(expected)}`
+              );
+            }
+          })
+          .expect(200);
+      });
+    });
+  });
+}