mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
225cfa14a3
This PR adds _Role Based Access-Control_ to the Alerting framework & Actions feature using Kibana Feature Controls, addressing most of the Meta issue: https://github.com/elastic/kibana/issues/43994 This also closes https://github.com/elastic/kibana/issues/62438 This PR includes the following: 1. Adds `alerting` specific Security Actions (not to be confused with Alerting Actions) to the `security` plugin which allows us to assign alerting specific privileges to users of other plugins using the `features` plugin. 2. Removes the security wrapper from the savedObjectsClient in AlertsClient and instead plugs in the new AlertsAuthorization which performs the privilege checks on each api call made to the AlertsClient. 3. Adds privileges in each plugin that is already using the Alerting Framework which mirror (as closely as possible) the existing api-level tag-based privileges and plugs them into the AlertsClient. 4. Adds feature granted privileges arounds Actions (by relying on Saved Object privileges under the hood) and plugs them into the ActionsClient 5. Removes the legacy api-level tag-based privilege system from both the Alerts and Action HTTP APIs Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
75 lines
2.6 KiB
TypeScript
75 lines
2.6 KiB
TypeScript
/*
|
|
* Licensed to Elasticsearch B.V. under one or more contributor
|
|
* license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright
|
|
* ownership. Elasticsearch B.V. licenses this file to you under
|
|
* the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing,
|
|
* software distributed under the License is distributed on an
|
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
* KIND, either express or implied. See the License for the
|
|
* specific language governing permissions and limitations
|
|
* under the License.
|
|
*/
|
|
|
|
import { Plugin, CoreSetup } from 'kibana/server';
|
|
import { i18n } from '@kbn/i18n';
|
|
import { PluginSetupContract as AlertingSetup } from '../../../x-pack/plugins/alerts/server';
|
|
import { PluginSetupContract as FeaturesPluginSetup } from '../../../x-pack/plugins/features/server';
|
|
|
|
import { alertType as alwaysFiringAlert } from './alert_types/always_firing';
|
|
import { alertType as peopleInSpaceAlert } from './alert_types/astros';
|
|
import { INDEX_THRESHOLD_ID } from '../../../x-pack/plugins/alerting_builtins/server';
|
|
import { ALERTING_EXAMPLE_APP_ID } from '../common/constants';
|
|
|
|
// this plugin's dependendencies
|
|
export interface AlertingExampleDeps {
|
|
alerts: AlertingSetup;
|
|
features: FeaturesPluginSetup;
|
|
}
|
|
|
|
export class AlertingExamplePlugin implements Plugin<void, void, AlertingExampleDeps> {
|
|
public setup(core: CoreSetup, { alerts, features }: AlertingExampleDeps) {
|
|
alerts.registerType(alwaysFiringAlert);
|
|
alerts.registerType(peopleInSpaceAlert);
|
|
|
|
features.registerFeature({
|
|
id: ALERTING_EXAMPLE_APP_ID,
|
|
name: i18n.translate('alertsExample.featureRegistry.alertsExampleFeatureName', {
|
|
defaultMessage: 'Alerts Example',
|
|
}),
|
|
app: [],
|
|
alerting: [alwaysFiringAlert.id, peopleInSpaceAlert.id, INDEX_THRESHOLD_ID],
|
|
privileges: {
|
|
all: {
|
|
alerting: {
|
|
all: [alwaysFiringAlert.id, peopleInSpaceAlert.id, INDEX_THRESHOLD_ID],
|
|
},
|
|
savedObject: {
|
|
all: [],
|
|
read: [],
|
|
},
|
|
ui: ['alerting:show'],
|
|
},
|
|
read: {
|
|
alerting: {
|
|
read: [alwaysFiringAlert.id, peopleInSpaceAlert.id, INDEX_THRESHOLD_ID],
|
|
},
|
|
savedObject: {
|
|
all: [],
|
|
read: [],
|
|
},
|
|
ui: ['alerting:show'],
|
|
},
|
|
},
|
|
});
|
|
}
|
|
|
|
public start() {}
|
|
public stop() {}
|
|
}
|