kibana

mirror of https://github.com/elastic/kibana.git synced 2025-07-01 12:33:23 -04:00

Author	SHA1	Message	Date
Kibana Machine	641de501a2	[8.x] [Authz] Migrate outstanding SharedUX routes with access tags (#206260 ) (#206435 ) # Backport This will backport the following commits from `main` to `8.x`: - [[Authz] Migrate outstanding SharedUX routes with access tags (#206260)](https://github.com/elastic/kibana/pull/206260) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Eyo O. Eyo","email":"7893459+eokoneyo@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-01-13T13:52:06Z","message":"[Authz] Migrate outstanding SharedUX routes with access tags (#206260)\n\n## Summary\r\n\r\nRelates to https://github.com/elastic/kibana-team/issues/1235, this PR\r\ntackles routes could not have been migrated automatically by the\r\nsecurity team. Following the guidance by the security provided in the\r\naforementioned issue instances where the tag approach had been\r\npreviously used to configure access have been migrated to use the\r\n`requiredPrivilege` property on `security.authz` for route definitions.\r\n\r\n### Checklist\r\n<!--\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-->\r\n- [x] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n\r\n<!--\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...\r\n\r\n-->\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"e6e4eda1519c23c05ec9f36be639bc45ab7463ef","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:SharedUX","backport:prev-minor"],"title":"[Authz] Migrate outstanding SharedUX routes with access tags","number":206260,"url":"https://github.com/elastic/kibana/pull/206260","mergeCommit":{"message":"[Authz] Migrate outstanding SharedUX routes with access tags (#206260)\n\n## Summary\r\n\r\nRelates to https://github.com/elastic/kibana-team/issues/1235, this PR\r\ntackles routes could not have been migrated automatically by the\r\nsecurity team. Following the guidance by the security provided in the\r\naforementioned issue instances where the tag approach had been\r\npreviously used to configure access have been migrated to use the\r\n`requiredPrivilege` property on `security.authz` for route definitions.\r\n\r\n### Checklist\r\n<!--\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-->\r\n- [x] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n\r\n<!--\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...\r\n\r\n-->\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"e6e4eda1519c23c05ec9f36be639bc45ab7463ef"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/206260","number":206260,"mergeCommit":{"message":"[Authz] Migrate outstanding SharedUX routes with access tags (#206260)\n\n## Summary\r\n\r\nRelates to https://github.com/elastic/kibana-team/issues/1235, this PR\r\ntackles routes could not have been migrated automatically by the\r\nsecurity team. Following the guidance by the security provided in the\r\naforementioned issue instances where the tag approach had been\r\npreviously used to configure access have been migrated to use the\r\n`requiredPrivilege` property on `security.authz` for route definitions.\r\n\r\n### Checklist\r\n<!--\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] If a plugin configuration key changed, check if it needs to be\r\nallowlisted in the cloud and added to the [docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-->\r\n- [x] This was checked for breaking HTTP API changes, and any breaking\r\nchanges have been approved by the breaking-change committee. The\r\n`release_note:breaking` label should be applied in these situations.\r\n\r\n<!--\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n### Identify risks\r\n\r\nDoes this PR introduce any risks? For example, consider risks like hard\r\nto test bugs, performance regression, potential of data loss.\r\n\r\nDescribe the risk, its severity, and mitigation for each identified\r\nrisk. Invite stakeholders and evaluate how to proceed before merging.\r\n\r\n- [ ] [See some risk\r\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\r\n- [ ] ...\r\n\r\n-->\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"e6e4eda1519c23c05ec9f36be639bc45ab7463ef"}}]}] BACKPORT--> Co-authored-by: Eyo O. Eyo <7893459+eokoneyo@users.noreply.github.com>	2025-01-13 15:32:00 +00:00
Luke Elmers	b6287708f6	Adds AGPL 3.0 license (#192025 ) Updates files outside of x-pack to be triple-licensed under Elastic License 2.0, AGPL 3.0, or SSPL 1.0.	2024-09-06 19:02:41 -06:00
Jean-Louis Leysens	5a86b583df	[Files] Move `<FileUpload />` and `<FilePicker />` 👉🏻 `packages/shared-ux/file` (#146284 ) ## Summary This is a refactor: * Move `FilesContext`, `FilePicker` and `UploadFile` components to `packages/shared-ux/file` as packages * Renamed `UploadFile` to `FileUpload` for more consistency * Also created `packages/shared-ux/file/types` and added `useBehaviourSubject` to `packages/shared-ux/file/util` (we can consider moving this elsewhere since that function is not necessarily tied to the files domain). * Removed the storybook config from `files` public plugin since there are no more components there ## How to test 👉🏻 `yarn storybook shared_ux` to see the components in a lab environment OR 👉🏻 `yarn start --run-examples` then "Developer examples" > "Files example" to see the components being used in Kibana Look out for any regressions: for example, in the `FileImage` component importing `import bh from 'blurhash'` caused a regression because blurhash does not expose a default export. This was fixed by doing: `import * as bh from 'blurhash`. ## Notes * With this change, we needed to move `FilesClient` interface to packages since it is used by the components. However, we also wanted to keep `FilesClient` interface as it is currently exported from `files` plugin because it exposes methods that only the server of `files` plugin should know about (e.g., the metrics endpoint). I created the `BaseFilesClient` in the packages directory that is extended in the `files` plugin as needed. This is a snapshot of the types as they are provided from the server implementation and will need to be updated/maintained by hand from here on out. * With `BaseFilesClient` in `packages`, we lost the type check between `files` server endpoints and the client methods. To re-establish this link the `CreateRouteDefinition` type helper got a parameter where the client method can be passed in to do checks that the server inputs (query, param and body) as well as outputs (the responses) match what the client expects using the `X extends Y ? X : unknown` capability of TS. See this in action in, for example `src/plugins/files/server/routes/find.ts`. DX will be: if these ever get out of sync, the server values for `query`, `param` or `body` will map to `unknown` causing a type issue when trying to use these values. This can only be fixed by bringing the `FilesClient` types in sync with the server types. * Server endpoints that should match expected `FilesClient` inputs/outputs should use the `CreateRouteDefinition` type helper, but if the endpoint does not need to map to a client method we can always skip using `CreateRouteDefinition`. Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2022-11-29 08:48:23 +01:00
Jean-Louis Leysens	95c4d73a13	[Files] Move <Image /> component to `@kbn/shared-ux` package (#145995 ) ## Summary * Creates new packages `@kbn/shared-ux-file-image`, `@kbn/shared-ux-file-image-types`, `@kbn/shared-ux-file-image-mocks` * Replace all instance of usage to import from package (for now, just files example plugin) * Created a `@kbn/shared-ux-file-util` package for the helpers shared across components ## How to test See `yarn storbook shared_ux`'s new section "Files" ## Additional notes First step just focussed on moving `Image` component, we still need to move `FilePicker` and `UploadFile` Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2022-11-24 16:56:32 +01:00
Jean-Louis Leysens	a166fba83d	[Files] Files management (#144425 ) ## Summary Files management UI that rounds out the files MVP. This is UI is intended to be progressively enhanced and provides a way for system administrators get some insight and manage the files created and stored in Kibana. ## To reviewers * This is UI for retrieval and deletion of files (the R+D of CRUD) * Creating and deleting tags to be supported in a future version * This UI is intended to form part of the broader content management experience * We use the `TableListView` component as far as possible ## How to test 1. Start Kibana with `yarn start --run-examples` 2. Go to the "Developer Examples" from the left nav menu 3. Go to the "Files example" plugin 4. Click the "Upload file" button, upload a few different image types (PNG, JPG and WEBP) 5. Go to "Stack management" > "Files" 6. Behold your files in the management UI 7. (Bonus) check that the UI and API `GET /api/files/find`, `GET /api/files/metrics` and `DELETE /api/files/blobs` are not accessible to non-admin or appropriately privileged users (i.e., those with "Files management" access). ## List of functionality - [x] List all saved objects (scoped to admin) - [x] Is able to bulk-delete files - [x] Shows basic storage diagnostics - [x] Is able to search and filter files ## Screenshots <details> <summary>screenshots</summary> <img width="1545" alt="Screenshot 2022-11-08 at 13 56 54" src="https://user-images.githubusercontent.com/8155004/200570783-cfefdbf3-c5ff-4ece-ba24-48a455fcca75.png"> <img width="910" alt="Screenshot 2022-11-10 at 12 52 35" src="https://user-images.githubusercontent.com/8155004/201083812-bc9f25f5-b423-43a6-9229-5e2a4cdd943a.png"> <img width="451" alt="Screenshot 2022-11-10 at 12 37 07" src="https://user-images.githubusercontent.com/8155004/201081039-832a1980-684c-4abb-bb05-0c7c6a849d4d.png"> <img width="959" alt="Screenshot 2022-11-08 at 13 57 15" src="https://user-images.githubusercontent.com/8155004/200570797-f122cff5-7043-4e01-9b51-d5663c1b26d6.png"> <img width="500" alt="Screenshot 2022-11-08 at 13 57 38" src="https://user-images.githubusercontent.com/8155004/200570801-35cdbd99-0256-4dee-9f78-2f6ad853305f.png"> </details> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>	2022-11-17 05:53:31 -07:00
Jean-Louis Leysens	1ed2ec8e57	[Files] move to src (#144044 )	2022-10-31 06:46:52 -07:00

6 commits