support migrating from reserved feature privileges

Author: legrego

x-pack/plugins/security/public/management/roles/__fixtures__/kibana_features.ts

@@ -7,35 +7,41 @@
 import { Feature, FeatureConfig } from '../../../../../features/public';
 
 export const createFeature = (
-  config: Pick<FeatureConfig, 'id' | 'name' | 'subFeatures' | 'reserved' | 'privilegesTooltip'> & {
+  config: Pick<
+    FeatureConfig,
+    'id' | 'name' | 'privileges' | 'subFeatures' | 'reserved' | 'privilegesTooltip'
+  > & {
     excludeFromBaseAll?: boolean;
     excludeFromBaseRead?: boolean;
   }
 ) => {
-  const { excludeFromBaseAll, excludeFromBaseRead, ...rest } = config;
+  const { excludeFromBaseAll, excludeFromBaseRead, privileges, ...rest } = config;
   return new Feature({
     icon: 'discoverApp',
     navLinkId: 'discover',
     app: [],
     catalogue: [],
-    privileges: {
-      all: {
-        excludeFromBasePrivileges: excludeFromBaseAll,
-        savedObject: {
-          all: ['all-type'],
-          read: ['read-type'],
-        },
-        ui: ['read-ui', 'all-ui', `read-${config.id}`, `all-${config.id}`],
-      },
-      read: {
-        excludeFromBasePrivileges: excludeFromBaseRead,
-        savedObject: {
-          all: [],
-          read: ['read-type'],
-        },
-        ui: ['read-ui', `read-${config.id}`],
-      },
-    },
+    privileges:
+      privileges === null
+        ? null
+        : {
+            all: {
+              excludeFromBasePrivileges: excludeFromBaseAll,
+              savedObject: {
+                all: ['all-type'],
+                read: ['read-type'],
+              },
+              ui: ['read-ui', 'all-ui', `read-${config.id}`, `all-${config.id}`],
+            },
+            read: {
+              excludeFromBasePrivileges: excludeFromBaseRead,
+              savedObject: {
+                all: [],
+                read: ['read-type'],
+              },
+              ui: ['read-ui', `read-${config.id}`],
+            },
+          },
     ...rest,
   });
 };

x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx

@@ -762,4 +762,88 @@ describe('FeatureTable', () => {
       },
     });
   });
+
+  it('renders a description for features with only reserved privileges (omitting the primary feature controls)', () => {
+    const role = createRole([
+      {
+        spaces: ['foo'],
+        base: [],
+        feature: {},
+      },
+    ]);
+    const reservedFeature = createFeature({
+      id: 'reserved_feature',
+      name: 'Reserved Feature',
+      privileges: null,
+      reserved: {
+        description: 'this is my reserved feature description',
+        privileges: [
+          {
+            id: 'priv_1',
+            privilege: {
+              api: [],
+              savedObject: { all: [], read: [] },
+              ui: [],
+            },
+          },
+        ],
+      },
+    });
+
+    const { wrapper } = setup({
+      role,
+      features: [reservedFeature],
+      privilegeIndex: 0,
+      calculateDisplayedPrivileges: false,
+      canCustomizeSubFeaturePrivileges: false,
+    });
+
+    expect(findTestSubject(wrapper, 'reservedFeatureDescription').text()).toMatchInlineSnapshot(
+      `"this is my reserved feature description"`
+    );
+
+    expect(findTestSubject(wrapper, 'primaryFeaturePrivilegeControl')).toHaveLength(0);
+  });
+
+  it('renders renders the primary feature controls when both primary and reserved privileges are specified', () => {
+    const role = createRole([
+      {
+        spaces: ['foo'],
+        base: [],
+        feature: {},
+      },
+    ]);
+    const reservedFeature = createFeature({
+      id: 'reserved_feature',
+      name: 'Reserved Feature with primary feature privileges',
+      reserved: {
+        description: 'this is my reserved feature description',
+        privileges: [
+          {
+            id: 'priv_1',
+            privilege: {
+              api: [],
+              savedObject: { all: [], read: [] },
+              ui: [],
+            },
+          },
+        ],
+      },
+    });
+
+    const { displayedPrivileges, wrapper } = setup({
+      role,
+      features: [reservedFeature],
+      privilegeIndex: 0,
+      calculateDisplayedPrivileges: true,
+      canCustomizeSubFeaturePrivileges: false,
+    });
+
+    expect(findTestSubject(wrapper, 'reservedFeatureDescription')).toHaveLength(0);
+    expect(displayedPrivileges).toEqual({
+      reserved_feature: {
+        primaryFeaturePrivilege: 'none',
+      },
+    });
+  });
 });

x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx

@@ -193,12 +193,16 @@ export class FeatureTable extends Component<Props, State> {
         render: (roleEntry: Role, record: TableRow) => {
           const { feature } = record;
 
-          if (feature.reserved) {
-            return <EuiText size={'s'}>{feature.reserved.description}</EuiText>;
-          }
-
           const primaryFeaturePrivileges = feature.getPrimaryFeaturePrivileges();
 
+          if (feature.reserved && primaryFeaturePrivileges.length === 0) {
+            return (
+              <EuiText size={'s'} data-test-subj="reservedFeatureDescription">
+                {feature.reserved.description}
+              </EuiText>
+            );
+          }
+
           if (primaryFeaturePrivileges.length === 0) {
             return null;
           }