Skip to content

Grouped features for role management #78152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 2, 2020
Merged

Grouped features for role management #78152

merged 3 commits into from
Oct 2, 2020

Conversation

@legrego
Copy link
Member

@legrego legrego commented Sep 22, 2020
edited
Loading

Groups features by category for Role Management

The role management screen has been updated to take advantage of the feature categories introduced in #74151. The old implementation displayed a flat table of features, and the ordering was not always predictable.

The updated interface organizes features according to the category in which they exist. Features can be configured independently as before. Unlike #74151, the categories for role management do not allow toggling privileges for entire categories. This was done to reduce confusion on an already complex form.

image

image

image

Out of scope

  • Additional design edits for role management are out-of-scope for this PR, and will be addressed in a followup as time permits.

Relates: #72659
Resolves #54794
Resolves #74526

@legrego legrego force-pushed the fc/grouped-features-roles branch 3 times, most recently from 3503921 to 34365ee Compare September 25, 2020 20:08
@legrego legrego force-pushed the fc/grouped-features-roles branch from 34365ee to 60d4f22 Compare September 27, 2020 17:28
legrego
legrego commented Sep 28, 2020
View reviewed changes
...rity/public/management/roles/edit_role/privileges/kibana/feature_table/__fixtures__/index.ts Outdated
Copy link
Member Author

@legrego legrego Sep 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fixture is responsible for parsing the rendered component tree to extract the displayed privileges.

As a result of the refactoring here, dependent tests were updated to always expect a subFeaturePrivileges array in the response, whereas before it was optionally defined.

x-pack/plugins/spaces/public/management/edit_space/section_panel/section_panel.tsx Outdated
Copy link
Member Author

@legrego legrego Sep 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing dead code now that the spaces panels cannot be collapsed. Technically unrelated to this PR 😬

@legrego legrego marked this pull request as ready for review September 28, 2020 17:23
@legrego legrego requested a review from a team as a code owner September 28, 2020 17:23
@legrego legrego added :Security/Feature Controls release_note:enhancement Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v7.10.0 v8.0.0 labels Sep 28, 2020
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 28, 2020

Pinging @elastic/kibana-security (Team:Security)

@kobelb kobelb mentioned this pull request Sep 29, 2020
Merged
@azasypkin
Copy link
Member

azasypkin commented Oct 1, 2020

ACK: will review today

@azasypkin azasypkin self-requested a review October 1, 2020 13:30
azasypkin
azasypkin approved these changes Oct 1, 2020
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Tested locally all the scenarios I could think of and everything worked as expected.

docs/user/security/authorization/index.asciidoc Outdated
available; otherwise, it is not visible.

To apply your changes, click **Create space privilege**. The space privilege shows up under the Kibana privileges section of the role.
To apply your changes, click **Add Kibana privilege**. The space privilege shows up under the Kibana privileges section of the role.
Copy link
Member

@azasypkin azasypkin Oct 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: any reason you use {kib} in some places and hardcoded Kibana in others in this file? Also we still reference to privileges as space privileges in this document in some places, are these just leftovers or we want to explicitly say that these are Kibana privileges that are specific to some spaces?

Copy link
Member Author

@legrego legrego Oct 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nope, just oversights! I will be overhauling these docs after FF, but I'll correct now and adjust after with fresh screenshots and the like

...ecurity/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.scss
background-color: $euiColorLightestShade;
padding-left: $euiSizeXXL;
padding-top: $euiSizeS;
} No newline at end of file
Copy link
Member

@azasypkin azasypkin Oct 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: missing new line at the EOF?

Suggested change
}
}

...security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx

if (feature2.reserved && !feature1.reserved) {
return -1;
const label: string = i18n.translate(
Copy link
Member

@azasypkin azasypkin Oct 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

optional nit: you could also use FormattedMessage react component. It's not a big deal, "theoretically" it's supposed to be more optimized for React, but I haven't seen any evidence yet, so up to you.

@legrego
Copy link
Member Author

legrego commented Oct 2, 2020

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

kibanamachine commented Oct 2, 2020

💛 Build succeeded, but was flaky

Test Failures

X-Pack Alerting API Integration Tests.x-pack/test/alerting_api_integration/spaces_only/tests/alerting/execution_status·ts.alerting api integration spaces only Alerting executionStatus should eventually be "ok" for no-op alert

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: alerting api integration spaces only
[00:00:00]           │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1601598532327042654] [.kibana_1/-JE4UuVDR_WL7UkJ-MQdZA] update_mapping [_doc]
[00:00:00]           └-> "before all" hook
[00:00:39]           └-: Alerting
[00:00:39]             └-> "before all" hook
[00:00:39]             └-> "before all" hook
[00:00:39]               │ debg creating space
[00:00:39]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1601598532327042654] [.kibana_2/zFBqp_LbRBuuqMMDtKPcTg] update_mapping [_doc]
[00:00:40]               │ debg created space
[00:00:40]               │ debg creating space
[00:00:41]               │ debg created space
[00:02:17]             └-: executionStatus
[00:02:17]               └-> "before all" hook
[00:02:17]               └-> should be "pending" for newly created alert
[00:02:17]                 └-> "before each" hook: global before each
[00:02:19]                 └- ✓ pass  (1.9s) "alerting api integration spaces only Alerting executionStatus should be "pending" for newly created alert"
[00:02:19]               └-> should eventually be "ok" for no-op alert
[00:02:19]                 └-> "before each" hook: global before each
[00:02:21]                 │ proc [kibana]   log   [01:31:00.034] [info][eventLog][plugins] event logged: {"event":{"provider":"alerting","action":"execute","start":"2020-10-02T01:31:00.032Z","end":"2020-10-02T01:31:00.032Z","duration":0,"outcome":"success"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"736e6131-1bfe-4877-a393-dd4a5ae2ab76","namespace":"space1"}],"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: test.noop:736e6131-1bfe-4877-a393-dd4a5ae2ab76: 'abc'","@timestamp":"2020-10-02T01:31:00.032Z","ecs":{"version":"1.5.0"}}
[00:02:21]                 │ proc [kibana]   log   [01:31:00.038] [info][eventLog][plugins] event logged: {"event":{"provider":"alerting","action":"execute","start":"2020-10-02T01:31:00.037Z","end":"2020-10-02T01:31:00.037Z","duration":0,"outcome":"success"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"b92e8b3b-747c-4a24-9fe5-9692176bb7de","namespace":"space1"}],"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: test.noop:b92e8b3b-747c-4a24-9fe5-9692176bb7de: 'abc'","@timestamp":"2020-10-02T01:31:00.037Z","ecs":{"version":"1.5.0"}}
[00:02:21]                 └- ✖ fail: alerting api integration spaces only Alerting executionStatus should eventually be "ok" for no-op alert
[00:02:21]                 │       Error: expected [ '2020-10-02T01:30:58.118Z',
[00:02:21]                 │   '2020-10-02T01:30:58.126Z',
[00:02:21]                 │   '2020-10-02T01:31:00.125Z',
[00:02:21]                 │   '2020-10-02T01:31:00.038Z',
[00:02:21]                 │   '2020-10-02T01:31:00.136Z' ] to sort of equal [ '2020-10-02T01:30:58.118Z',
[00:02:21]                 │   '2020-10-02T01:30:58.126Z',
[00:02:21]                 │   '2020-10-02T01:31:00.038Z',
[00:02:21]                 │   '2020-10-02T01:31:00.125Z',
[00:02:21]                 │   '2020-10-02T01:31:00.136Z' ]
[00:02:21]                 │       + expected - actual
[00:02:21]                 │ 
[00:02:21]                 │        [
[00:02:21]                 │          "2020-10-02T01:30:58.118Z"
[00:02:21]                 │          "2020-10-02T01:30:58.126Z"
[00:02:21]                 │       +  "2020-10-02T01:31:00.038Z"
[00:02:21]                 │          "2020-10-02T01:31:00.125Z"
[00:02:21]                 │       -  "2020-10-02T01:31:00.038Z"
[00:02:21]                 │          "2020-10-02T01:31:00.136Z"
[00:02:21]                 │        ]
[00:02:21]                 │       
[00:02:21]                 │       at Assertion.assert (/dev/shm/workspace/parallel/2/kibana/packages/kbn-expect/expect.js:100:11)
[00:02:21]                 │       at Assertion.eql (/dev/shm/workspace/parallel/2/kibana/packages/kbn-expect/expect.js:244:8)
[00:02:21]                 │       at ensureDatetimesAreOrdered (test/alerting_api_integration/common/lib/test_assertions.ts:22:26)
[00:02:21]                 │       at Context.it (test/alerting_api_integration/spaces_only/tests/alerting/execution_status.ts:73:7)
[00:02:21]                 │ 
[00:02:21]                 │

Stack Trace

{ Error: expected [ '2020-10-02T01:30:58.118Z',
  '2020-10-02T01:30:58.126Z',
  '2020-10-02T01:31:00.125Z',
  '2020-10-02T01:31:00.038Z',
  '2020-10-02T01:31:00.136Z' ] to sort of equal [ '2020-10-02T01:30:58.118Z',
  '2020-10-02T01:30:58.126Z',
  '2020-10-02T01:31:00.038Z',
  '2020-10-02T01:31:00.125Z',
  '2020-10-02T01:31:00.136Z' ]
    at Assertion.assert (/dev/shm/workspace/parallel/2/kibana/packages/kbn-expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/parallel/2/kibana/packages/kbn-expect/expect.js:244:8)
    at ensureDatetimesAreOrdered (test/alerting_api_integration/common/lib/test_assertions.ts:22:26)
    at Context.it (test/alerting_api_integration/spaces_only/tests/alerting/execution_status.ts:73:7)
  actual:
   '[\n  "2020-10-02T01:30:58.118Z"\n  "2020-10-02T01:30:58.126Z"\n  "2020-10-02T01:31:00.125Z"\n  "2020-10-02T01:31:00.038Z"\n  "2020-10-02T01:31:00.136Z"\n]',
  expected:
   '[\n  "2020-10-02T01:30:58.118Z"\n  "2020-10-02T01:30:58.126Z"\n  "2020-10-02T01:31:00.038Z"\n  "2020-10-02T01:31:00.125Z"\n  "2020-10-02T01:31:00.136Z"\n]',
  showDiff: true }

Metrics [docs]

async chunks size

id before after diff
security 1.0MB 1.0MB +1.6KB

page load bundle size

id before after diff
spaces 346.9KB 345.5KB -1.4KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@legrego legrego merged commit b9a7983 into elastic:master Oct 2, 2020
@legrego legrego deleted the fc/grouped-features-roles branch October 2, 2020 12:45
@legrego legrego mentioned this pull request Oct 2, 2020
Merged
legrego added a commit that referenced this pull request Oct 2, 2020
@legrego @elasticmachine
[7.x] Grouped features for role management (#78152) (#79282)
550b20c 
* Grouped features for role management

* address PR feedback

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
# Conflicts:
#	docs/user/security/authorization/index.asciidoc
@legrego legrego mentioned this pull request Nov 4, 2020
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azasypkin azasypkin azasypkin approved these changes

Assignees

No one assigned

Labels

release_note:enhancement :Security/Feature Controls Team:Security Platform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t// v7.10.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Change "Spaces privileges" to "Kibana privileges" Grouped Role Management features

4 participants

@legrego @elasticmachine @azasypkin @kibanamachine