[Security Solution] Infinite loading state on the rule install page when user doesn't have write privileges #161543
Assignees
Labels
8.14 candidate
bug
Fixes for quality problems that affect the customer experience
Feature:Detection Alerts/Rules RBAC
Security Solution RBAC for rules and alerts
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules
fixed
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
QA:Validated
Issue has been validated by QA
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.12.2
v8.13.0
v8.14.0
Comments
xcrzx
added
bug
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
banderror
added
impact:medium
Merged
1 task
jpdjere
added a commit
that referenced
this issue
Feb 9, 2024
…ty:Read privileges (#176598) Fixes: #161543 ## Summary Original bug issue reported an infinite loading state in the **Add Elastic rules** page when user doesn't have write privileges, i.e. has `Security: Read`. However, that seems to have been fixed already, as the list of rules to install is shown, but no individual "Install button" for each row is showed. **This is expected behaviour**.  However, when displaying the Rule Details flyout, the button for Installation in the flyout is still enabled due to missing checks. This PR fixes that and now displays a disabled button for users with no privileges.  ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 9, 2024
…ty:Read privileges (elastic#176598) Fixes: elastic#161543 ## Summary Original bug issue reported an infinite loading state in the **Add Elastic rules** page when user doesn't have write privileges, i.e. has `Security: Read`. However, that seems to have been fixed already, as the list of rules to install is shown, but no individual "Install button" for each row is showed. **This is expected behaviour**.  However, when displaying the Rule Details flyout, the button for Installation in the flyout is still enabled due to missing checks. This PR fixes that and now displays a disabled button for users with no privileges.  ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit c3c1b66)
kibanamachine
referenced
this issue
Feb 9, 2024
… Security:Read privileges (#176598) (#176616) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution] Disable installation button for users with Security:Read privileges (#176598)](#176598) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Juan Pablo Djeredjian","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-02-09T16:47:13Z","message":"[Security Solution] Disable installation button for users with Security:Read privileges (#176598)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nOriginal bug issue reported an infinite loading state in the **Add\r\nElastic rules** page when user doesn't have write privileges, i.e. has\r\n`Security: Read`.\r\n\r\nHowever, that seems to have been fixed already, as the list of rules to\r\ninstall is shown, but no individual \"Install button\" for each row is\r\nshowed. **This is expected behaviour**.\r\n\r\n\r\n\r\n\r\nHowever, when displaying the Rule Details flyout, the button for\r\nInstallation in the flyout is still enabled due to missing checks. This\r\nPR fixes that and now displays a disabled button for users with no\r\nprivileges.\r\n\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"c3c1b667c1de1aa36955528098ce0be15e7272b1","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.12.0","8.13 candidate","v8.13.0"],"title":"[Security Solution] Disable installation button for users with Security:Read privileges","number":176598,"url":"https://github.com/elastic/kibana/pull/176598","mergeCommit":{"message":"[Security Solution] Disable installation button for users with Security:Read privileges (#176598)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nOriginal bug issue reported an infinite loading state in the **Add\r\nElastic rules** page when user doesn't have write privileges, i.e. has\r\n`Security: Read`.\r\n\r\nHowever, that seems to have been fixed already, as the list of rules to\r\ninstall is shown, but no individual \"Install button\" for each row is\r\nshowed. **This is expected behaviour**.\r\n\r\n\r\n\r\n\r\nHowever, when displaying the Rule Details flyout, the button for\r\nInstallation in the flyout is still enabled due to missing checks. This\r\nPR fixes that and now displays a disabled button for users with no\r\nprivileges.\r\n\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"c3c1b667c1de1aa36955528098ce0be15e7272b1"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/176598","number":176598,"mergeCommit":{"message":"[Security Solution] Disable installation button for users with Security:Read privileges (#176598)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nOriginal bug issue reported an infinite loading state in the **Add\r\nElastic rules** page when user doesn't have write privileges, i.e. has\r\n`Security: Read`.\r\n\r\nHowever, that seems to have been fixed already, as the list of rules to\r\ninstall is shown, but no individual \"Install button\" for each row is\r\nshowed. **This is expected behaviour**.\r\n\r\n\r\n\r\n\r\nHowever, when displaying the Rule Details flyout, the button for\r\nInstallation in the flyout is still enabled due to missing checks. This\r\nPR fixes that and now displays a disabled button for users with no\r\nprivileges.\r\n\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"c3c1b667c1de1aa36955528098ce0be15e7272b1"}}]}] BACKPORT--> Co-authored-by: Juan Pablo Djeredjian <[email protected]>
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this issue
Feb 15, 2024
…ty:Read privileges (elastic#176598) Fixes: elastic#161543 ## Summary Original bug issue reported an infinite loading state in the **Add Elastic rules** page when user doesn't have write privileges, i.e. has `Security: Read`. However, that seems to have been fixed already, as the list of rules to install is shown, but no individual "Install button" for each row is showed. **This is expected behaviour**.  However, when displaying the Rule Details flyout, the button for Installation in the flyout is still enabled due to missing checks. This PR fixes that and now displays a disabled button for users with no privileges.  ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
|
@vgomez-el Another related bug has been fixed in #176598 and we couldn't reproduce the one decribed in this ticket's description. Could you please validate both? The fix should be available in |
|
@banderror I am still able to reproduce the bug on 8.13 BC2. The hint is directly typing on browser url bar the /app/security/rules/add_rules page URL directly. See attached video: REC-20240229180442.mp4On the other hand, the bug looks fixed in a 8.12.2 version: REC-20240229181308.mp4 |
|
Related with the task that you mentioned, In 8.12.2 the visibility of the install button on rule details flyout is fixed for a user with read only privileges: |
fkanout
pushed a commit
to fkanout/kibana
that referenced
this issue
Mar 4, 2024
…ty:Read privileges (elastic#176598) Fixes: elastic#161543 ## Summary Original bug issue reported an infinite loading state in the **Add Elastic rules** page when user doesn't have write privileges, i.e. has `Security: Read`. However, that seems to have been fixed already, as the list of rules to install is shown, but no individual "Install button" for each row is showed. **This is expected behaviour**.  However, when displaying the Rule Details flyout, the button for Installation in the flyout is still enabled due to missing checks. This PR fixes that and now displays a disabled button for users with no privileges.  ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
|
Update: Initially failed to tried to reproduce the issue in PROD 8.13 BC 3. @vgomez-el wasn't able to reproduce it as well on the same env, so we investigated further. The issue was finally reproduced on an edge case: if the I'll change this logic so the No rules to Install display is shown (or similar solution) |
|
@jpdjere @vgomez-el Thank you for localizing the bug. Don't we already show an "empty screen" for this table when there are no rules to install? I think it shows a button like "go back to the Rule Management page". I mean we could probably just reuse it for the case when |
|
@banderror Yes, exactly. That's the UI I think we should show for this case |
2 tasks
jpdjere
added a commit
that referenced
this issue
Mar 12, 2024
…users with `Security: Read` permissions (#178005) Fixes: #161543 ## Summary Solves edge case of a `Security: Read` user visiting the Add Rules page before a user with permissions does (therefore the space has no permissions). This would cause the `/install/_review` call to never happen, and the page to get stuck in an infinite loading state. - Encapsulates logic to calculate if the `/install/_review` endpoint should be called - Allows `Security: Read` users to make the endpoint call `/install/_review` - The "All Elastic rules already installed" screen is shown to users in this edge case. - Adds frontend integration tests to Add Tables page ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
|
@vgomez-el I merged the PR that fixes this issue. Leaving the ticket open for QA to close. |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Mar 13, 2024
…users with `Security: Read` permissions (elastic#178005) Fixes: elastic#161543 ## Summary Solves edge case of a `Security: Read` user visiting the Add Rules page before a user with permissions does (therefore the space has no permissions). This would cause the `/install/_review` call to never happen, and the page to get stuck in an infinite loading state. - Encapsulates logic to calculate if the `/install/_review` endpoint should be called - Allows `Security: Read` users to make the endpoint call `/install/_review` - The "All Elastic rules already installed" screen is shown to users in this edge case. - Adds frontend integration tests to Add Tables page ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit b8396f4)
|
Recreated backport to 8.13: #178603 |
jpdjere
added a commit
to jpdjere/kibana
that referenced
this issue
Mar 13, 2024
…users with `Security: Read` permissions (elastic#178005) Fixes: elastic#161543 ## Summary Solves edge case of a `Security: Read` user visiting the Add Rules page before a user with permissions does (therefore the space has no permissions). This would cause the `/install/_review` call to never happen, and the page to get stuck in an infinite loading state. - Encapsulates logic to calculate if the `/install/_review` endpoint should be called - Allows `Security: Read` users to make the endpoint call `/install/_review` - The "All Elastic rules already installed" screen is shown to users in this edge case. - Adds frontend integration tests to Add Tables page ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit b8396f4)
jpdjere
referenced
this issue
Mar 13, 2024
…ge for users with `Security: Read` permissions (#178005) (#178603) # Backport This will backport the following commits from `main` to `8.13`: - [[Security Solution] Fix infinite loading state on Add Rules page for users with `Security: Read` permissions (#178005)](#178005) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Juan Pablo Djeredjian","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-03-12T23:16:20Z","message":"[Security Solution] Fix infinite loading state on Add Rules page for users with `Security: Read` permissions (#178005)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nSolves edge case of a `Security: Read` user visiting the Add Rules page\r\nbefore a user with permissions does (therefore the space has no\r\npermissions). This would cause the `/install/_review` call to never\r\nhappen, and the page to get stuck in an infinite loading state.\r\n\r\n- Encapsulates logic to calculate if the `/install/_review` endpoint\r\nshould be called\r\n- Allows `Security: Read` users to make the endpoint call\r\n`/install/_review`\r\n- The \"All Elastic rules already installed\" screen is shown to users in\r\nthis edge case.\r\n- Adds frontend integration tests to Add Tables page\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"b8396f48ce05f2c16d2fd9890f921260dd6a5a7d","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.13.0","v8.14.0"],"number":178005,"url":"https://github.com/elastic/kibana/pull/178005","mergeCommit":{"message":"[Security Solution] Fix infinite loading state on Add Rules page for users with `Security: Read` permissions (#178005)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nSolves edge case of a `Security: Read` user visiting the Add Rules page\r\nbefore a user with permissions does (therefore the space has no\r\npermissions). This would cause the `/install/_review` call to never\r\nhappen, and the page to get stuck in an infinite loading state.\r\n\r\n- Encapsulates logic to calculate if the `/install/_review` endpoint\r\nshould be called\r\n- Allows `Security: Read` users to make the endpoint call\r\n`/install/_review`\r\n- The \"All Elastic rules already installed\" screen is shown to users in\r\nthis edge case.\r\n- Adds frontend integration tests to Add Tables page\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"b8396f48ce05f2c16d2fd9890f921260dd6a5a7d"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/178588","number":178588,"state":"OPEN"},{"branch":"main","label":"v8.14.0","labelRegex":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/178005","number":178005,"mergeCommit":{"message":"[Security Solution] Fix infinite loading state on Add Rules page for users with `Security: Read` permissions (#178005)\n\nFixes: https://github.com/elastic/kibana/issues/161543\r\n\r\n## Summary\r\n\r\nSolves edge case of a `Security: Read` user visiting the Add Rules page\r\nbefore a user with permissions does (therefore the space has no\r\npermissions). This would cause the `/install/_review` call to never\r\nhappen, and the page to get stuck in an infinite loading state.\r\n\r\n- Encapsulates logic to calculate if the `/install/_review` endpoint\r\nshould be called\r\n- Allows `Security: Read` users to make the endpoint call\r\n`/install/_review`\r\n- The \"All Elastic rules already installed\" screen is shown to users in\r\nthis edge case.\r\n- Adds frontend integration tests to Add Tables page\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"b8396f48ce05f2c16d2fd9890f921260dd6a5a7d"}}]}] BACKPORT--> Co-authored-by: Kibana Machine <[email protected]>
|
Bug is fixed and validated for 8.13 BC5. Thanks @jpdjere for the fix! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Summary
Users lacking write privileges encounter an endless loading screen when attempting to navigate to the 'Add Rules' page.
Steps to Reproduce
Security: Readprivilege./kbn/app/security/rules/add_rules.Expected Result
The page should display a 'No rules available' message.
Actual Result
The page shows an infinite loader.
The text was updated successfully, but these errors were encountered: