Currently, the streams UI doesn't deal well with partial permissions.
This PR improves that. As a lot of things come together in streams, we
could do even better, but I think it's OK to draw a line somewhere.
The logic is now as follows:
When reading a stream, the privileges of the current user are returned
along with the stream itself. These are grouped like this:
```
interface IngestStreamPrivileges {
// User can change everything about the stream
manage: boolean;
// User can read stats (like size in bytes) about the stream
monitor: boolean;
// User can change the retention policy of the stream
lifecycle: boolean;
// User can simulate changes to the processing or the mapping of the stream
simulate: boolean;
}
```
This is part of the definition response and is passed around to the
components and disabled buttons and similar in the places where this is
necessary.
The "advanced" tab is only shown when full `manage` permissions are
present - there constellations of permissions that would allow some
access but not all (e.g. having `read_pipelines` but not
`manage_index_templates`), but these should be rather rare and not worth
the additional effort.
## Conditions
In the following places privileges are checked:
* Overview
* Without `monitor`, the overall stats are not shown
* Enrichment
* Without `manage`, you can't save changes
* Without `simulate`, the UI is readonly
* Partitioning
* Without `manage`, you can't save changes
* Without `simulate`, the UI is readonly
* Schema editor
* Without `manage`, the UI is readonly
* Retention
* Without `monitor`, the ingest stats are not shown
* Without `lifecycle`, the retention can't be changed and ILM breakdown
is not rendered
* Advanced
* Without `manage`, the tab is hidden completely
## Drive-by fix
I noticed that we still register the app header action menu which adds
an empty bar on serverless, removed that code.
## Testing
Check
https://github.com/elastic/kibana/pull/217353/files#diff-d8f33d7021058bf90cbeea908bf399da2af50d8b8bfac8a07f160ddc0cdff12bR747
for which Elasticsearch level privileges you need for different
permutations. Then set up a role and a user and log in as that user.
Also test the different pre-defined roles on serverless.
(cherry picked from commit fd37446)
# Conflicts:
# x-pack/platform/plugins/shared/streams/server/routes/streams/crud/read_stream.ts
Backport
This will backport the following commits from
mainto8.x:Questions ?
Please refer to the Backport tool documentation