[Guided onboarding] Use Kibana features to grant access #155065
Conversation
…dle permissions issues
yuliacech
added
Team:Journey/Onboarding
…te/redirection when guided onboarding is disabled
| @@ -57,7 +57,8 @@ export default function navLinksTests({ getService }: FtrProviderContext) { | |||
| 'enterpriseSearchContent', | |||
| 'enterpriseSearchAnalytics', | |||
| 'appSearch', | |||
| 'workplaceSearch' | |||
| 'workplaceSearch', | |||
| 'guidedOnboarding' | |||
There was a problem hiding this comment.
I'm not quite sure what is the correct approach to fix these tests
There was a problem hiding this comment.
@elastic/kibana-security Another question for the team: if you own these tests, could you please provide some guidance on what is being tested here and what is the best approach to fix those?
There was a problem hiding this comment.
Hi @yuliacech Sorry for the delay. The except method matches the feature ID to set the expected value to false. The feature ID is actually 'guidedOnboardingFeature',
This explains why it was still being set to true and those 3 tests were failing. I think you'll want to move the 'everything_space_all at everything_space' case. If I understand the feature/privileges correctly, this case should enable the navlink.
|
Pinging @elastic/platform-onboarding (Team:Journey/Onboarding) |
There was a problem hiding this comment.
Thanks for working on this @yuliacech! Changes LGTM. Verified locally. I see some tests are failing, but it looks like you're already aware and looking into it.
I have one question about Kibana features. This is probably more for Kibana Security team, but - do we document the features anywhere? I'm just wondering if users are going to know what "Setup guides" is when it appears in the list.
|
Thanks a lot for your review, @alisonelizabeth! |
There was a problem hiding this comment.
Thanks for jumping on this so quickly @yuliacech!
I'm just wondering if users are going to know what "Setup guides" is when it appears in the list.
Probably something I should know the answer to, but @elastic/kibana-security is there a way to hide this from the privileges UI altogether? I don't think there's a reason someone would ever want/need to remove these permissions?
| @@ -10,3 +10,5 @@ export const PLUGIN_ID = 'guidedOnboarding'; | |||
| export const PLUGIN_NAME = 'guidedOnboarding'; | |||
|
|
|||
| export const API_BASE_PATH = '/api/guided_onboarding'; | |||
There was a problem hiding this comment.
This API really should be /internal/guided_onboarding. I can't think of any reason why a user would need to use this API directly, and by using the /api path prefix, we are indicating it is public, meaning you can't make any breaking changes to it without approvals, a long deprecation period, etc.
There was a problem hiding this comment.
Agree @lukeelmers, I opened this issue to change the route's prefix. Our team was not aware of this convention when setting up the plugin.
What do you think, do we have to handle the prefix issue as a breaking change or can we update it in the next minor? The plugin was first released in 8.7
There was a problem hiding this comment.
Since it was introduced recently & is undocumented (and also something folks would be unlikely to discover and get much utility out of), then IMO if you fix it quickly, you are probably safe to change it, treat this as a bug, and document it in the release notes.
@lukeelmers Yes, there are two ways for us to do this, depending on the privileges required: we can either enable this for all users, or we can enable this for users with the I discussed these options with @yuliacech, and IIUC the product team decided that exposing it was the best approach for their needs. I don't want to put words into their mouths, so perhaps Yulia can confirm this. |
@yuliacech we don't document these toggles in a central location. There is a public API that can be called to get the list of available features, but it doesn't offer any additional information than what you see in the UI: https://www.elastic.co/guide/en/kibana/master/features-api-get.html |
|
@lukeelmers @legrego Yes, I can confirm that we want to show the guided onboarding feature in the capabilities UI. I think it's important for deployment admins to be able to configure this feature for different roles. |
| @@ -57,7 +57,8 @@ export default function navLinksTests({ getService }: FtrProviderContext) { | |||
| 'enterpriseSearchContent', | |||
| 'enterpriseSearchAnalytics', | |||
| 'appSearch', | |||
| 'workplaceSearch' | |||
| 'workplaceSearch', | |||
| 'guidedOnboarding' | |||
There was a problem hiding this comment.
| 'guidedOnboarding' | |
| 'guidedOnboardingFeature' |
There was a problem hiding this comment.
Alternative - change the ID to 'guidedOnboarding'. This may be more consistent with other feature ID's.
There was a problem hiding this comment.
Thanks a lot for this suggestions, @jeramysoucy! I think that should fix the tests.
| @@ -57,7 +57,8 @@ export default function navLinksTests({ getService }: FtrProviderContext) { | |||
| 'enterpriseSearchContent', | |||
| 'enterpriseSearchAnalytics', | |||
| 'appSearch', | |||
| 'workplaceSearch' | |||
| 'workplaceSearch', | |||
| 'guidedOnboarding' | |||
There was a problem hiding this comment.
Hi @yuliacech Sorry for the delay. The except method matches the feature ID to set the expected value to false. The feature ID is actually 'guidedOnboardingFeature',
This explains why it was still being set to true and those 3 tests were failing. I think you'll want to move the 'everything_space_all at everything_space' case. If I understand the feature/privileges correctly, this case should enable the navlink.
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
References to deprecated APIs
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
* main: (1294 commits) [SecuritySolution] Refactor security packages (elastic#155365) [Discover] Show "Temporary" badge for ad-hoc data views in Alerts flyout (elastic#155717) [RAM] Conditional actions feedback on pr review (elastic#155804) [Files] Adds bulk delete method (elastic#155628) [Lens] Use proper way to generate absolute short URL (elastic#155512) [Guided onboarding] Use Kibana features to grant access (elastic#155065) [Index Management] Fix duped mock (elastic#155844) [Lens] Enhance visualization modifier popup with layer palette (elastic#155280) Fix flaky combobox tests on role management screen (elastic#155711) [Infrastructure UI] Create InventoryViewsService and InventoryViewsClient (elastic#155126) [Fleet] always create agent upload write indices (elastic#155729) [Fleet] [Cloud Security Posture] Add CloudFormation agent install method (elastic#155045) Add tech preview label for search applications (elastic#155649) [ML] AIOps: Stabilize flaky functional tests. (elastic#155710) [ES UI Shared] Migrate JsonEditor to monaco (elastic#155610) [Security Solution] Fixes security_solution storybooks always rendering in a flyout (elastic#155814) [Synthetics] Make error popover disappear `onMouseLeave` of metric item card (elastic#155800) Remove Exploratory View components from Observability (elastic#155629) [Discover] Remove redundant "Filter was added" toast (elastic#155645) [RAM][Security Solution][Alerts] Support the ability to trigger a rule action per alert generated (elastic#153611) (elastic#155384) ...
## Summary This PR fixes a bug introduced in #155065 that I noticed when testing guided onboarding for v8.9.0: the help link was missing from the help menu. I added a functional test for the help link but we also need a test that the link is hidden when the user doesn't have access to guided onboarding (opened an issue for that [here](#156410)). ### How to test 1. Add xpack.cloud.id: 'testID' to /config/kibana.dev.yml 2. Start ES with yarn es snapshot and Kibana with `yarn start`` 3. Check that the help link "Setup guides" is displayed in the help menu ### Screenshot <img width="336" alt="Screenshot 2023-05-02 at 17 27 20" src="https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png">
## Summary This PR fixes a bug introduced in elastic#155065 that I noticed when testing guided onboarding for v8.9.0: the help link was missing from the help menu. I added a functional test for the help link but we also need a test that the link is hidden when the user doesn't have access to guided onboarding (opened an issue for that [here](elastic#156410)). ### How to test 1. Add xpack.cloud.id: 'testID' to /config/kibana.dev.yml 2. Start ES with yarn es snapshot and Kibana with `yarn start`` 3. Check that the help link "Setup guides" is displayed in the help menu ### Screenshot <img width="336" alt="Screenshot 2023-05-02 at 17 27 20" src="https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png"> (cherry picked from commit d00e2a3)
# Backport This will backport the following commits from `main` to `8.8`: - [[Guided onboarding] Fix the missing help link (#156399)](#156399) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Yulia Čech","email":"6585477+yuliacech@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-05-03T14:00:09Z","message":"[Guided onboarding] Fix the missing help link (#156399)\n\n## Summary\r\n\r\nThis PR fixes a bug introduced in\r\nhttps://github.com//pull/155065/ that I noticed when\r\ntesting guided onboarding for v8.9.0: the help link was missing from the\r\nhelp menu. I added a functional test for the help link but we also need\r\na test that the link is hidden when the user doesn't have access to\r\nguided onboarding (opened an issue for that\r\n[here](https://github.com/elastic/kibana/issues/156410)).\r\n\r\n### How to test\r\n1. Add xpack.cloud.id: 'testID' to /config/kibana.dev.yml\r\n2. Start ES with yarn es snapshot and Kibana with `yarn start``\r\n3. Check that the help link \"Setup guides\" is displayed in the help menu\r\n\r\n### Screenshot \r\n<img width=\"336\" alt=\"Screenshot 2023-05-02 at 17 27 20\"\r\nsrc=\"https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Journey/Onboarding","v8.8.0","v8.9.0"],"number":156399,"url":"https://github.com/elastic/kibana/pull/156399","mergeCommit":{"message":"[Guided onboarding] Fix the missing help link (#156399)\n\n## Summary\r\n\r\nThis PR fixes a bug introduced in\r\nhttps://github.com//pull/155065/ that I noticed when\r\ntesting guided onboarding for v8.9.0: the help link was missing from the\r\nhelp menu. I added a functional test for the help link but we also need\r\na test that the link is hidden when the user doesn't have access to\r\nguided onboarding (opened an issue for that\r\n[here](https://github.com/elastic/kibana/issues/156410)).\r\n\r\n### How to test\r\n1. Add xpack.cloud.id: 'testID' to /config/kibana.dev.yml\r\n2. Start ES with yarn es snapshot and Kibana with `yarn start``\r\n3. Check that the help link \"Setup guides\" is displayed in the help menu\r\n\r\n### Screenshot \r\n<img width=\"336\" alt=\"Screenshot 2023-05-02 at 17 27 20\"\r\nsrc=\"https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/156399","number":156399,"mergeCommit":{"message":"[Guided onboarding] Fix the missing help link (#156399)\n\n## Summary\r\n\r\nThis PR fixes a bug introduced in\r\nhttps://github.com//pull/155065/ that I noticed when\r\ntesting guided onboarding for v8.9.0: the help link was missing from the\r\nhelp menu. I added a functional test for the help link but we also need\r\na test that the link is hidden when the user doesn't have access to\r\nguided onboarding (opened an issue for that\r\n[here](https://github.com/elastic/kibana/issues/156410)).\r\n\r\n### How to test\r\n1. Add xpack.cloud.id: 'testID' to /config/kibana.dev.yml\r\n2. Start ES with yarn es snapshot and Kibana with `yarn start``\r\n3. Check that the help link \"Setup guides\" is displayed in the help menu\r\n\r\n### Screenshot \r\n<img width=\"336\" alt=\"Screenshot 2023-05-02 at 17 27 20\"\r\nsrc=\"https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399"}}]}] BACKPORT--> Co-authored-by: Yulia Čech <6585477+yuliacech@users.noreply.github.com>
![https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Journey/Onboarding","v8.8.0","v8.9.0"],"number":156399,"url":"https://github.com/elastic/kibana/pull/156399","mergeCommit":{"message":"[Guided](https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Journey/Onboarding","v8.8.0","v8.9.0"],"number":156399,"url":"https://github.com/elastic/kibana/pull/156399","mergeCommit":{"message":"[Guided){kind=link}
![https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/156399","number":156399,"mergeCommit":{"message":"[Guided](https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/156399","number":156399,"mergeCommit":{"message":"[Guided){kind=link}
![https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399](https://user-images.githubusercontent.com/6585477/235712599-812b422d-3092-45b3-a726-37f6b90e81c1.png\">","sha":"d00e2a366f872d80b5cd598765f8a5aee50cc399){kind=link}
Summary
Fixes #149132
This PR adds a Kibana feature for the guided onboarding plugin for better permissions handling. By default
kibana_adminandeditorroles are granted access to guided onboarding. The rolevieweron the other hand doesn't have enough permissions to see or use guided onboarding. For any roles that don't have the correct permissions, guided onboarding is completely disabled, the same as it's disabled on-prem.When creating a new role, the feature "Setup guides" can be enabled or disabled.
How to test
xpack.cloud.id: 'testID'to/config/kibana.dev.ymlyarn es snapshotand Kibana with `yarn start``viewer/app/home#/getting_startedis unknown and redirects back to the home pageChecklist