github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 01:13:23 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/config
History
Exact
Ash f6ad013220
[Ai4dSoc][Serverless] Hide Security feature sub-privileges in search_ai_lake tier (#217210) 
## Summary

Hides security sub-privileges for ai4soc/search_ai_lake tier.
![Screenshot 2025-04-11 at 10 22
09](https://github.com/user-attachments/assets/6f3294bc-82de-404e-b9d3-22e717d54b65)

### Reasoning for changes added to `x-pack/packages/security`:

Currently, the feature description of Security feature is tied to the
fact that it has a list of sub-privileges. This is true on ESS and
`essentials/complete` serverless tiers.

With the introduction of the lower `search_ai_lake` tier, security
feature would not have any sub-privileges available and thus it does not
make sense to show that description.

The ideal way to handle this would be to load feature privileges config
settings at the plugin level
(security_solution/security_solution_serverless) and set `description`
to `null | undefined` based on the tier, as currently the feature
privileges settings live in [kibana_features file
(v2_features)](795094d8c6/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts (L72))
(also another set in v1_features) and the plugins only select a set of
those based on the [feature keys
available](d4a33a2b61/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts)
on each tier. The refactoring to pass in feature configs at the plugin
level (instead of just feature keys) is not in the scope of the work cut
out for RSA conf.

Thus the other simpler approach in this PR is to allow overriding the
description field on the tier specific config file.

## How to Test

1. While on the Kibana root directory, run ES/Kibana on serverless mode
with:

```bash
yarn es serverless --kill --projectType security --kibanaUrl=http://0.0.0.0:5601
```
and on a new window
```bash
yarn serverless-security --no-base-path
```

Enable the AI for SOC tier, by adding the following to your
`serverless.security.dev.yaml` file:

```json5
xpack.securitySolutionServerless.productTypes:
  [
    { product_line: 'ai_soc', product_tier: 'search_ai_lake' },
  ]
```

2. Once Kibana is up and running login in with the `admin` role using
the role dropdown.
3. Navigate to `app/management/roles/edit`
4. Click on `Assign to space` button and assign a space to that role on
the `Assign role to spaces` flyout.
5. Expand the `Security` category and verify that `Security` feature is
listed in the list of features.
6. Also verify that there is neither an accordion icon beside `Security`
feature nor a description text under it about sub-privileges.

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

### Identify risks

Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.

- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
2025-04-16 15:40:09 -06:00
..
kibana.yml [docs] Update kibana.yml defaults (#206423) 2025-01-13 20:55:24 +01:00
node.options [artifacts] Remove default --openssl-legacy-provider (#213123) 2025-03-04 16:51:46 -06:00
README.md SKA: Extract list of Kibana solutions into a dedicated package (#213353) 2025-03-20 10:20:07 +01:00
serverless.chat.yml [Config stripUnknowns] Skip compatible mode when running in CI (#217536) 2025-04-14 17:52:51 +02:00
serverless.es.yml [Query Rules]Query rules UI plugin (#215029) 2025-03-21 15:19:25 +01:00
serverless.oblt.yml [ML] Moves job and trained model management features into Stack Management (#204290) 2025-04-08 19:52:16 +02:00
serverless.security.complete.yml [Ai4Soc] Tier specific security serverless config files (#213577) 2025-03-12 17:21:25 +01:00
serverless.security.essentials.yml [Ai4Soc] Tier specific security serverless config files (#213577) 2025-03-12 17:21:25 +01:00
serverless.security.search_ai_lake.yml [Ai4dSoc][Serverless] Hide Security feature sub-privileges in search_ai_lake tier (#217210) 2025-04-16 15:40:09 -06:00
serverless.security.yml Enabling Security's Entity store on Serverless (#216064) 2025-03-31 10:09:45 -05:00
serverless.yml [Advanced Settings] Move security settings validation config (#216440) 2025-03-31 15:59:07 +01:00

README.md

as work on serverless picks up we will add config values to these files that define how Kibana will run in "serverless" modes. To start Kibana locally with this configuration, pass --serverless={mode} or run yarn serverless-{mode}

valid modes are currently: es, oblt, security and chat

configuration is applied in the following order, later values override

  1. serverless.yml (serverless configs go first)
  2. serverless.{mode}.yml (serverless configs go first)
  3. base config, in this preference order:
  • my-config.yml(s) (set by --config)
  • env-config.yml (described by env.KBN_CONFIG_PATHS)
  • kibana.yml (default @ env.KBN_PATH_CONF/kibana.yml)
  1. kibana.dev.yml
  2. serverless.dev.yml
  3. serverless.{mode}.dev.yml