[SecuritySolution] Check user permissions before initialising entity engine#198661
[SecuritySolution] Check user permissions before initialising entity engine#198661machadoum merged 11 commits intoelastic:mainfrom
Conversation
machadoum
force-pushed
the
siem-ea-10926
branch
from
5360934 to
919e657
Compare
machadoum
force-pushed
the
siem-ea-10926
branch
from
919e657 to
65f119b
Compare
machadoum
added
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
machadoum
changed the title
|
Discussion Topic: I am checking privileges for all security solution indices. Is that the best approach? |
|
@machadoum My initial feedback from just looking at the screenshots is that maybe we should not show all the missing privileges by default if there are a lot, we could have a "see more" to reveal all the permissions issues after the first 5 or so maybe? |
I found one place using this pattern inside Security Solution. I will reuse it. |
...on/public/entity_analytics/components/entity_store/components/missing_privileges_callout.tsx
Outdated
Show resolved
Hide resolved
tiansivive
left a comment
tiansivive
left a comment
There was a problem hiding this comment.
a few comments, no blockers but worth discussing a bit imo
| data-test-subj={`callout-${id}`} | ||
| data-test-messages={`[${id}]`} | ||
| > | ||
| <LineClamp maxHeight="100%" lineClampHeight={4.4}> |
There was a problem hiding this comment.
maybe extract these magic values?
There was a problem hiding this comment.
or is this component copy pasta?
There was a problem hiding this comment.
maxHeight is 100% because I don't wanna the container to have a scroll bar.
But lineClampHeight was trial and error. The LineClamp component doesn't work well with non-text content, so I used decimals to compensate.
I will add `lineClampHeight' to a constant and add comments.
| type: boolean | ||
| manage_transform: | ||
| type: boolean | ||
| additionalProperties: |
There was a problem hiding this comment.
this is outside the scope of this ticket but it's weird to me that we're using OpenAPI to type the privileges object, when we already have TS types for it on kibana side, right?
There was a problem hiding this comment.
Yeah, but from what I know, we can't reuse TS types inside OpenAPi schemas. 😞
💔 Build Failed
Failed CI StepsHistory
cc @machadoum |
logeekal
left a comment
logeekal
left a comment
There was a problem hiding this comment.
@elastic/security-threat-hunting-investigations code review looks good 🚀 .
Thanks.
tiansivive
left a comment
tiansivive
left a comment
There was a problem hiding this comment.
Thanks!
I'm approving this PR as I think we can afford to merge this as is.
However, I noticed some inconsistencies.
For example, if we dont have risk score privileges, we also dont have enough privileges for enabling the store. Yet, we can open the modal and the risk score toggle will still be enabled, whilst the entity store one will show the missing privileges callout.
|
@tiansivive Good call. I create a follow-up issue to kick-start the discussion. https://github.com/elastic/security-team/issues/11065 |
|
Starting backport for target branches: 8.18 https://github.com/elastic/kibana/actions/runs/11701634666 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…engine (elastic#198661) ## Summary * Create privileges API for the Entity Store * Create missing privileges callout * Add missing Entity Store privileges callout to Entity Store * Add missing Entity Store privileges callout to Dashboard   https://github.com/user-attachments/assets/30cdb096-24cd-4a1c-a20b-abbbece865d7 ### Update: I added a "Line clamp" and "Read More" button as requested by Mark:  ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) (cherry picked from commit 0e3b83b)
|
Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync. |
kibanamachine
added
the
backport missing
…ntity engine (#198661) (#199162) # Backport This will backport the following commits from `main` to `8.x`: - [[SecuritySolution] Check user permissions before initialising entity engine (#198661)](#198661) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Pablo Machado","email":"pablo.nevesmachado@elastic.co"},"sourceCommit":{"committedDate":"2024-11-06T10:23:30Z","message":"[SecuritySolution] Check user permissions before initialising entity engine (#198661)\n\n## Summary\r\n\r\n* Create privileges API for the Entity Store\r\n* Create missing privileges callout\r\n* Add missing Entity Store privileges callout to Entity Store \r\n* Add missing Entity Store privileges callout to Dashboard\r\n\r\n\r\n\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/30cdb096-24cd-4a1c-a20b-abbbece865d7\r\n\r\n### Update:\r\n\r\nI added a \"Line clamp\" and \"Read More\" button as requested by Mark:\r\n\r\n\r\n\r\n### Checklist\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))","sha":"0e3b83b595906b42fc386e19451759399ee3e74e","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","v9.0.0","Team: SecuritySolution","Theme: entity_analytics","Feature:Entity Analytics","Team:Entity Analytics","backport:version","v8.18.0"],"number":198661,"url":"https://github.com/elastic/kibana/pull/198661","mergeCommit":{"message":"[SecuritySolution] Check user permissions before initialising entity engine (#198661)\n\n## Summary\r\n\r\n* Create privileges API for the Entity Store\r\n* Create missing privileges callout\r\n* Add missing Entity Store privileges callout to Entity Store \r\n* Add missing Entity Store privileges callout to Dashboard\r\n\r\n\r\n\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/30cdb096-24cd-4a1c-a20b-abbbece865d7\r\n\r\n### Update:\r\n\r\nI added a \"Line clamp\" and \"Read More\" button as requested by Mark:\r\n\r\n\r\n\r\n### Checklist\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))","sha":"0e3b83b595906b42fc386e19451759399ee3e74e"}},"sourceBranch":"main","suggestedTargetBranches":["8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198661","number":198661,"mergeCommit":{"message":"[SecuritySolution] Check user permissions before initialising entity engine (#198661)\n\n## Summary\r\n\r\n* Create privileges API for the Entity Store\r\n* Create missing privileges callout\r\n* Add missing Entity Store privileges callout to Entity Store \r\n* Add missing Entity Store privileges callout to Dashboard\r\n\r\n\r\n\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/30cdb096-24cd-4a1c-a20b-abbbece865d7\r\n\r\n### Update:\r\n\r\nI added a \"Line clamp\" and \"Read More\" button as requested by Mark:\r\n\r\n\r\n\r\n### Checklist\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))","sha":"0e3b83b595906b42fc386e19451759399ee3e74e"}},{"branch":"8.18","label":"v8.18.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
kibanamachine
added
v8.17.0
and removed
backport missing
6 participants
Summary
Nov-04-2024.15-56-55.mp4
Update:
I added a "Line clamp" and "Read More" button as requested by Mark:
Checklist