[Reporting] Add deprecation messages for roles mapped to reporting_user#115125
Conversation
tsullivan
added
deprecation_warnings
zDeprecated Feature:Reporting
tsullivan
force-pushed
the
reporting/roles-deprecation-errorhandling-7.x
branch
2 times, most recently
from
a14b4ad to
e2f4f7d
Compare
tsullivan
force-pushed
the
reporting/roles-deprecation-errorhandling-7.x
branch
4 times, most recently
from
52e9b8b to
a8865bd
Compare
There was a problem hiding this comment.
This is unrelated to this PR, but the existing text in this config deprecation was really hard to read on the page.
There was a problem hiding this comment.
This applies this this PR, as the doc links are hardcoded to the current version, which is an issue.
There was a problem hiding this comment.
+1 would be a good idea to address it in this PR
This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow
tsullivan
force-pushed
the
reporting/roles-deprecation-errorhandling-7.x
branch
from
a8865bd to
4847e72
Compare
| config, | ||
| createMockPluginSetup({ | ||
| router: httpSetup.createRouter(''), | ||
| security: null, |
There was a problem hiding this comment.
This is a side effect of not having the security dependency not mocked well in createMockReportingCore before this PR.
| config, | ||
| createMockPluginSetup({ | ||
| router: httpSetup.createRouter(''), | ||
| security: null, |
There was a problem hiding this comment.
This is a side effect of not having the security dependency not mocked well in createMockReportingCore before this PR.
| basePath: { set: jest.fn() }, | ||
| router: setupMock.router, | ||
| security: setupMock.security, | ||
| security: securityMock.createSetup(), |
There was a problem hiding this comment.
The tests in this PR needed a better security mock from the reporting test utilities
| security: securityMock.createSetup(), | ||
| licensing: { license$: Rx.of({ isAvailable: true, isActive: true, type: 'basic' }) } as any, | ||
| taskManager: { registerTaskDefinitions: jest.fn() } as any, | ||
| taskManager: taskManagerMock.createSetup(), |
|
Pinging @elastic/kibana-reporting-services (Team:Reporting Services) |
tsullivan
changed the title
dokmic
left a comment
dokmic
left a comment
There was a problem hiding this comment.
Code changes LGTM, but I haven't tested that.
jloleysens
left a comment
jloleysens
left a comment
There was a problem hiding this comment.
This is looking great @tsullivan, I did a few tests locally and it seemed to be working as expected (I didn't test the role map deprecation manually).
I left a few non-blocker comments but I think it'd be good to address the formatting of markdown before merging.
| describe('roles mapped to a deprecated role', () => { | ||
| test('logs a deprecation when a role was found that maps to the deprecated reporting_user role', async () => { | ||
| esClient.asCurrentUser.security.getRoleMapping = jest.fn().mockResolvedValue({ | ||
| body: { dungeon_master: { roles: ['reporting_user'] } }, |
x-pack/plugins/reporting/server/deprecations/reporting_role.test.ts
Outdated
Show resolved
Hide resolved
| return [ | ||
| { | ||
| title, | ||
| level: 'fetch_error', // NOTE: is fetch_error not shown in the Upgrade Assistant UI? |
There was a problem hiding this comment.
Should we follow up on this with the Stack Management team?
jportner
left a comment
jportner
left a comment
There was a problem hiding this comment.
I added some suggestions below!
A general suggestion/comment: we don't need to use template strings to prevent things from being translated. For example, instead of this:
'Set "{upgradableConfig}" in kibana.yml'
you can write thisL
'Set "xpack.reporting.roles.enabled: false" in kibana.yml'
I confirmed this with @Bamieh
…ecation-errorhandling-7.x
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
|
|
||
| public getKibanaVersion() { | ||
| return this.kibanaVersion; | ||
| public getKibanaPackageInfo() { |
There was a problem hiding this comment.
This change is to allow documentation links generated on the server to use the current branch.
💚 Build Succeeded
Metrics [docs]
To update your PR or re-run it, just comment with: |
…er (elastic#115125) * [Reporting] Add deprecation messages for roles mapped to reporting_user This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow * updates to content per feedback * updates per feedback * store packageInfo in reportingCore * use branch in the documentation links generated in the server * add tests for scenario where config does not need to be changed
…er (#115125) (#115875) * [Reporting] Add deprecation messages for roles mapped to reporting_user This fixes the deprecations for various edge cases: - when security was disabled, users saw a meaningless error message - when users did not have manage_security privilege they saw a meaningless error message Adds support for checking deprecations related to xpack.reporting.roles.allow * updates to content per feedback * updates per feedback * store packageInfo in reportingCore * use branch in the documentation links generated in the server * add tests for scenario where config does not need to be changed
7 participants
Closes #115096
Follows: #100427, #94966
Summary
xpack.reporting.roles.allowScreenshots
manage_securityprivileges, they will see this error state:and these messages in the Kibana server log:
Checklist
xpack.reporting.roles.allowTesting
Security disabled
Default deprecation
reporting_userroleCustomized xpack.reporting.roles.allow
my_test_reporting_role)xpack.reporting.roles.allow: ['my_test_reporting_role']my_test_reporting_userroleMapped roles
reporting_userin Stack Management > Role MappingsInvalid privileges for Reporting deprecations
managecluster privilege, and then some privileges to Kibana (so they can login)