c77c7fbedb
An MVP of the RBAC work required for the "alerts as data" effort. An example of the existing implementation for alerts would be that of the security solution. The security solution stores its alerts generated from rules in a single data index - .siem-signals. In order to gain or restrict access to alerts, users do so by following the Elasticsearch privilege architecture. A user would need to go into the Kibana role access UI and give explicit read/write/manage permissions for the index itself. Kibana as a whole is moving away from this model and instead having all user interactions run through the Kibana privilege model. When solutions use saved objects, this authentication layer is abstracted away for them. Because we have chosen to use data indices for alerts, we cannot rely on this abstracted out layer that saved objects provide - we need to provide our own RBAC! Instead of giving users explicit permission to an alerts index, users are instead given access to features. They don't need to know anything about indices, that work we do under the covers now. Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com> Co-authored-by: Yara Tercero <yara.tercero@elastic.co> |
||
|---|---|---|
| .. | ||
| elastic-datemath | ||
| elastic-eslint-config-kibana | ||
| elastic-safer-lodash-set | ||
| kbn-ace | ||
| kbn-analytics | ||
| kbn-apm-config-loader | ||
| kbn-apm-utils | ||
| kbn-babel-code-parser | ||
| kbn-babel-preset | ||
| kbn-cli-dev-mode | ||
| kbn-common-utils | ||
| kbn-config | ||
| kbn-config-schema | ||
| kbn-crypto | ||
| kbn-dev-utils | ||
| kbn-docs-utils | ||
| kbn-es | ||
| kbn-es-archiver | ||
| kbn-eslint-import-resolver-kibana | ||
| kbn-eslint-plugin-eslint | ||
| kbn-expect | ||
| kbn-i18n | ||
| kbn-interpreter | ||
| kbn-io-ts-utils | ||
| kbn-legacy-logging | ||
| kbn-logging | ||
| kbn-mapbox-gl | ||
| kbn-monaco | ||
| kbn-optimizer | ||
| kbn-plugin-generator | ||
| kbn-plugin-helpers | ||
| kbn-pm | ||
| kbn-rule-data-utils | ||
| kbn-securitysolution-es-utils | ||
| kbn-securitysolution-hook-utils | ||
| kbn-securitysolution-io-ts-alerting-types | ||
| kbn-securitysolution-io-ts-list-types | ||
| kbn-securitysolution-io-ts-types | ||
| kbn-securitysolution-io-ts-utils | ||
| kbn-securitysolution-list-api | ||
| kbn-securitysolution-list-constants | ||
| kbn-securitysolution-list-hooks | ||
| kbn-securitysolution-list-utils | ||
| kbn-securitysolution-t-grid | ||
| kbn-securitysolution-utils | ||
| kbn-server-http-tools | ||
| kbn-server-route-repository | ||
| kbn-spec-to-console | ||
| kbn-std | ||
| kbn-storybook | ||
| kbn-telemetry-tools | ||
| kbn-test | ||
| kbn-test-subj-selector | ||
| kbn-tinymath | ||
| kbn-ui-framework | ||
| kbn-ui-shared-deps | ||
| kbn-utility-types | ||
| kbn-utils | ||
| BUILD.bazel | ||
| README.md | ||
Kibana-related packages
This folder contains packages that are intended for use in Kibana and Kibana plugins.
tl;dr:
- Don't publish to npm registry
- Always use the
@kbnnamespace - Always set
"private": trueinpackage.json
Using these packages
We no longer publish these packages to the npm registry. Now, instead of specifying a version when including these packages, we rely on yarn workspaces, which sets up a symlink to the package.
For example if you want to use the @kbn/i18n package in Kibana itself, you
can specify the dependency like this:
"@kbn/i18n": "1.0.0"
However, if you want to use this from a Kibana plugin, you need to use a link:
dependency and account for the relative location of the Kibana repo, so it would
instead be:
"@kbn/i18n": "link:../../kibana/packages/kbn-i18n"
How all of this works is described in more detail in the
@kbn/pm docs.
Creating a new package
Create a new sub-folder. The name of the folder should mirror the name in the
package's package.json. E.g. if the name is @kbn/i18n the folder name
should be kbn-i18n.
All new packages should use the @kbn namespace, and should be marked with
"private": true.
Unit tests for a package
Currently there is only one tool being used in order to test packages which is Jest. Below we will explain how it should be done.
Jest
A package should follow the pattern of having .test.js files as siblings of the source code files, and these run by Jest.
A package using the .test.js naming convention will have those tests automatically picked up by Jest and run by the unit test runner, currently mapped to the Kibana test script in the root package.json.
yarn testoryarn grunt testruns all unit tests.yarn jestruns all Jest tests in Kibana.
In order for the plugin or package to use Jest, a jest.config.js file must be present in it's root. However, there are safeguards for this in CI should a test file be added without a corresponding config file.
Each package can also specify its own test script in the package's package.json, for cases where you'd prefer to run the tests from the local package directory.