Fleet Privileges Display #204402
Fleet Privileges Display #204402
Conversation
|
/ci |
1 similar comment
|
/ci |
elena-shostak
added
Team:Security
|
@elasticmachine merge upstream |
|
/ci |
|
Pinging @elastic/kibana-security (Team:Security) |
|
ACK: will review today, sorry for the delay! |
| @@ -218,7 +218,7 @@ export class SpaceAwarePrivilegeSection extends Component<Props, State> { | |||
| const viewMatrixButton = ( | |||
| <PrivilegeSummary | |||
| role={this.props.role} | |||
| spaces={this.getDisplaySpaces()} | |||
| spaces={this.getSelectedSpaces()} | |||
There was a problem hiding this comment.
Caution
There is something definitely off here when I select different access variations. See the video. Do you see the same?
Screen.Recording.2024-12-24.at.14.16.13.mov
There was a problem hiding this comment.
Confirmed, can reproduce, will take a look
There was a problem hiding this comment.
6c631b4 pushed fix, but please hold on review for now, need to check tests
There was a problem hiding this comment.
@azasypkin ready for review 🙂
There was a problem hiding this comment.
It looks like we have another issue now. If Read/All access to Fleet is granted through a Kibana privilege entry with “All Spaces”, the privilege summary for any space-specific privileges should reflect what is granted by the “All Spaces” privilege.
Screen.Recording.2024-12-30.at.16.01.07.mov
There was a problem hiding this comment.
Screen.Recording.2024-12-31.at.11.34.58.mov
@azasypkin pushed a fix and checked it with multiple spaces, should work as expected 🙌
|
@elasticmachine merge upstream |
| @@ -52,7 +52,7 @@ function showPrivilege(allSpacesSelected: boolean, primaryFeature?: PrimaryFeatu | |||
| if ( | |||
| primaryFeature?.name == null || | |||
| primaryFeature?.disabled || | |||
| (primaryFeature.requireAllSpaces && !allSpacesSelected) | |||
| (primaryFeature?.requireAllSpaces && !allSpacesSelected) | |||
| ) { | |||
| return 'None'; | |||
There was a problem hiding this comment.
question: I know it was here before your PR, but shouldn't None be a localized string instead of hardcoded English one?
There was a problem hiding this comment.
As far as I see we don't localize other privileges as well (Read, All). And some feature/subfeature names.
There was a problem hiding this comment.
Interesting, thanks for checking. I wonder if that was a deliberate decision. In any case, it’s outside the scope of this PR.
| @@ -210,11 +212,20 @@ export const PrivilegeSummaryTable = (props: PrivilegeSummaryTableProps) => { | |||
| </EuiFlexGroup> | |||
| ); | |||
|
|
|||
| const categoryPrivileges = Object.keys(privileges).reduce((acc, key) => { | |||
There was a problem hiding this comment.
optional nit: since you retrieve value using the key anyway, Object.values might have been a slightly better choice. Or even something like this would be simpler:
const categoryPrivileges = Object.fromEntries(
Object.entries(privileges).map(([key, [, featurePrivileges]]) => [key, featurePrivileges])
);| @@ -218,7 +218,7 @@ export class SpaceAwarePrivilegeSection extends Component<Props, State> { | |||
| const viewMatrixButton = ( | |||
| <PrivilegeSummary | |||
| role={this.props.role} | |||
| spaces={this.getDisplaySpaces()} | |||
| spaces={this.getSelectedSpaces()} | |||
There was a problem hiding this comment.
It looks like we have another issue now. If Read/All access to Fleet is granted through a Kibana privilege entry with “All Spaces”, the privilege summary for any space-specific privileges should reflect what is granted by the “All Spaces” privilege.
Screen.Recording.2024-12-30.at.16.01.07.mov
elena-shostak
force-pushed
the
194686-fleet-privileges
branch
from
64cb61d to
017dad8
Compare
elena-shostak
force-pushed
the
194686-fleet-privileges
branch
from
017dad8 to
ab901f5
Compare
There was a problem hiding this comment.
Looks like we have a new weird behavior 😬
There are so many edge cases, and it’s very tricky to handle them all. It would be even trickier to ensure they aren’t accidentally broken in the future. Thanks for updating the tests to include more cases. We might need to incorporate all these cases into our unit or functional tests, even if they are specifically around Fleet.
Screen.Recording.2025-01-06.at.15.41.15.mov
elena-shostak
force-pushed
the
194686-fleet-privileges
branch
from
45cfb91 to
f0c1c9b
Compare
|
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
|
Summary
Fixed privileges display for features/subFeatures that require all spaces.
Before
Role privileges display for only
Defaultspace selectedPrivileges summary display for only
Defaultspace selectedAfter
Role privileges display for only
Defaultspace selectedPrivileges summary display for only
Defaultspace selectedHow to test
With
Defaultspace:DefaultSpace and the privilege level to All.None.None.With
*All Spaces:*All Spacesand the privilege level to All.AllAllChecklist
Check the PR satisfies following conditions.
release_note:*label is applied per the guidelinesFixes: #194686
Release Note
Fixed privileges display for features/subFeatures that require all spaces.