Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(security, features): do not expose UI capabilities of the deprecated features #198656

Merged
merged 2 commits into from
Nov 6, 2024

Conversation

azasypkin
Copy link
Member

@azasypkin azasypkin commented Nov 1, 2024

Summary

This PR ensures that we don’t expose UI capabilities for deprecated features since they’re unnecessary, and the code should rely on the UI capabilities of the replacement features instead.

Additionally, this PR transforms the disabledFeatures property of Space objects returned from our programmatic and HTTP APIs to replace any deprecated feature IDs with the IDs of their replacement features, ensuring that feature visibility toggles work for deprecated features as well.

How to test

  1. Run Kibana FTR server with the following config (registers test deprecated features):
node scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts
  1. Once server is up and running create Space with the case_1_feature_a deprecated feature disabled:
curl 'http://localhost:5620/api/spaces/space' -u elastic:changeme \
  -X POST -H 'Content-Type: application/json' -H 'kbn-version: 9.0.0' \
  --data-raw '{"name":"space-alpha","id":"space-alpha","initials":"s","color":"#D6BF57","disabledFeatures":["case_1_feature_a"],"imageUrl":""}'
  1. Log in to Kibana and navigate to a Space space-alpha you've just created. Observe that deprecated Case #1 feature A (case_1_feature_a) isn't displayed, and instead you should see that replaces deprecated one - Case #1 feature B (case_1_feature_b):

Screen Shot 2024-11-01 at 17 40 59

@azasypkin azasypkin added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! release_note:skip Skip the PR/issue when compiling release notes Feature:Security/Authorization Platform Security - Authorization backport:prev-major Backport to (8.x, 8.17, 8.16) the previous major branch and other branches in development labels Nov 1, 2024
@azasypkin azasypkin self-assigned this Nov 1, 2024
@azasypkin azasypkin force-pushed the issue-xxx-deprecated-ui-caps branch from 6558b95 to c96f20c Compare November 1, 2024 13:30
@azasypkin azasypkin marked this pull request as ready for review November 4, 2024 08:14
@azasypkin azasypkin requested review from a team as code owners November 4, 2024 08:14
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

Copy link
Contributor

@SiddharthMantri SiddharthMantri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good! Also confirm that deprecated features are not displayed

image

@azasypkin
Copy link
Member Author

@elasticmachine merge upstream

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

cc @azasypkin

Copy link
Contributor

@jloleysens jloleysens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, did not test locally!

@azasypkin azasypkin merged commit deeb9fe into elastic:main Nov 6, 2024
22 checks passed
@azasypkin azasypkin deleted the issue-xxx-deprecated-ui-caps branch November 6, 2024 14:06
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.15, 8.16, 8.x

https://github.com/elastic/kibana/actions/runs/11705186380

@azasypkin azasypkin added v8.17.0 and removed backport:prev-major Backport to (8.x, 8.17, 8.16) the previous major branch and other branches in development labels Nov 6, 2024
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 6, 2024
…ted features (elastic#198656)

## Summary

This PR ensures that we don’t expose UI capabilities for deprecated
features since they’re unnecessary, and the code should rely on the UI
capabilities of the replacement features instead.

Additionally, this PR transforms the `disabledFeatures` property of
Space objects returned from our programmatic and HTTP APIs to replace
any deprecated feature IDs with the IDs of their replacement features,
ensuring that feature visibility toggles work for deprecated features as
well.

## How to test

1. Run Kibana FTR server with the following config (registers test
deprecated features):
```shell
node scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts
```
2. Once server is up and running create Space with the
`case_1_feature_a` **deprecated** feature disabled:
```shell
curl 'http://localhost:5620/api/spaces/space' -u elastic:changeme \
  -X POST -H 'Content-Type: application/json' -H 'kbn-version: 9.0.0' \
  --data-raw '{"name":"space-alpha","id":"space-alpha","initials":"s","color":"#D6BF57","disabledFeatures":["case_1_feature_a"],"imageUrl":""}'
```
3. Log in to Kibana and [navigate to a Space
`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)
you've just created. Observe that deprecated `Case elastic#1 feature A`
(`case_1_feature_a`) isn't displayed, and instead you should see that
replaces deprecated one - `Case elastic#1 feature B` (`case_1_feature_b`):

![Screen Shot 2024-11-01 at 17 40
59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit deeb9fe)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 6, 2024
…ted features (elastic#198656)

## Summary

This PR ensures that we don’t expose UI capabilities for deprecated
features since they’re unnecessary, and the code should rely on the UI
capabilities of the replacement features instead.

Additionally, this PR transforms the `disabledFeatures` property of
Space objects returned from our programmatic and HTTP APIs to replace
any deprecated feature IDs with the IDs of their replacement features,
ensuring that feature visibility toggles work for deprecated features as
well.

## How to test

1. Run Kibana FTR server with the following config (registers test
deprecated features):
```shell
node scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts
```
2. Once server is up and running create Space with the
`case_1_feature_a` **deprecated** feature disabled:
```shell
curl 'http://localhost:5620/api/spaces/space' -u elastic:changeme \
  -X POST -H 'Content-Type: application/json' -H 'kbn-version: 9.0.0' \
  --data-raw '{"name":"space-alpha","id":"space-alpha","initials":"s","color":"#D6BF57","disabledFeatures":["case_1_feature_a"],"imageUrl":""}'
```
3. Log in to Kibana and [navigate to a Space
`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)
you've just created. Observe that deprecated `Case elastic#1 feature A`
(`case_1_feature_a`) isn't displayed, and instead you should see that
replaces deprecated one - `Case elastic#1 feature B` (`case_1_feature_b`):

![Screen Shot 2024-11-01 at 17 40
59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit deeb9fe)
@kibanamachine
Copy link
Contributor

💔 Some backports could not be created

Status Branch Result
8.15 Backport failed because of merge conflicts
8.16
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Manual backport

To create the backport manually run:

node scripts/backport --pr 198656

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Nov 6, 2024
…eprecated features (#198656) (#199147)

# Backport

This will backport the following commits from `main` to `8.x`:
- [fix(security, features): do not expose UI capabilities of the
deprecated features
(#198656)](#198656)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Aleh
Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2024-11-06T14:06:39Z","message":"fix(security,
features): do not expose UI capabilities of the deprecated features
(#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI
capabilities for deprecated\r\nfeatures since they’re unnecessary, and
the code should rely on the UI\r\ncapabilities of the replacement
features instead.\r\n\r\nAdditionally, this PR transforms the
`disabledFeatures` property of\r\nSpace objects returned from our
programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with
the IDs of their replacement features,\r\nensuring that feature
visibility toggles work for deprecated features as\r\nwell.\r\n\r\n##
How to test\r\n\r\n1. Run Kibana FTR server with the following config
(registers test\r\ndeprecated features):\r\n```shell\r\nnode
scripts/functional_tests_server.js --config
x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2.
Once server is up and running create Space with
the\r\n`case_1_feature_a` **deprecated** feature
disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space'
-u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json'
-H 'kbn-version: 9.0.0' \\\r\n --data-raw
'{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3.
Log in to Kibana and [navigate to a
Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've
just created. Observe that deprecated `Case #1 feature
A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see
that\r\nreplaces deprecated one - `Case #1 feature B`
(`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17
40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-major"],"title":"fix(security,
features): do not expose UI capabilities of the deprecated
features","number":198656,"url":"https://github.com/elastic/kibana/pull/198656","mergeCommit":{"message":"fix(security,
features): do not expose UI capabilities of the deprecated features
(#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI
capabilities for deprecated\r\nfeatures since they’re unnecessary, and
the code should rely on the UI\r\ncapabilities of the replacement
features instead.\r\n\r\nAdditionally, this PR transforms the
`disabledFeatures` property of\r\nSpace objects returned from our
programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with
the IDs of their replacement features,\r\nensuring that feature
visibility toggles work for deprecated features as\r\nwell.\r\n\r\n##
How to test\r\n\r\n1. Run Kibana FTR server with the following config
(registers test\r\ndeprecated features):\r\n```shell\r\nnode
scripts/functional_tests_server.js --config
x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2.
Once server is up and running create Space with
the\r\n`case_1_feature_a` **deprecated** feature
disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space'
-u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json'
-H 'kbn-version: 9.0.0' \\\r\n --data-raw
'{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3.
Log in to Kibana and [navigate to a
Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've
just created. Observe that deprecated `Case #1 feature
A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see
that\r\nreplaces deprecated one - `Case #1 feature B`
(`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17
40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198656","number":198656,"mergeCommit":{"message":"fix(security,
features): do not expose UI capabilities of the deprecated features
(#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI
capabilities for deprecated\r\nfeatures since they’re unnecessary, and
the code should rely on the UI\r\ncapabilities of the replacement
features instead.\r\n\r\nAdditionally, this PR transforms the
`disabledFeatures` property of\r\nSpace objects returned from our
programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with
the IDs of their replacement features,\r\nensuring that feature
visibility toggles work for deprecated features as\r\nwell.\r\n\r\n##
How to test\r\n\r\n1. Run Kibana FTR server with the following config
(registers test\r\ndeprecated features):\r\n```shell\r\nnode
scripts/functional_tests_server.js --config
x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2.
Once server is up and running create Space with
the\r\n`case_1_feature_a` **deprecated** feature
disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space'
-u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json'
-H 'kbn-version: 9.0.0' \\\r\n --data-raw
'{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3.
Log in to Kibana and [navigate to a
Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've
just created. Observe that deprecated `Case #1 feature
A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see
that\r\nreplaces deprecated one - `Case #1 feature B`
(`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17
40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f"}}]}]
BACKPORT-->

Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
mgadewoll pushed a commit to mgadewoll/kibana that referenced this pull request Nov 7, 2024
…ted features (elastic#198656)

## Summary

This PR ensures that we don’t expose UI capabilities for deprecated
features since they’re unnecessary, and the code should rely on the UI
capabilities of the replacement features instead.

Additionally, this PR transforms the `disabledFeatures` property of
Space objects returned from our programmatic and HTTP APIs to replace
any deprecated feature IDs with the IDs of their replacement features,
ensuring that feature visibility toggles work for deprecated features as
well.

## How to test

1. Run Kibana FTR server with the following config (registers test
deprecated features):
```shell
node scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts
```
2. Once server is up and running create Space with the
`case_1_feature_a` **deprecated** feature disabled:
```shell
curl 'http://localhost:5620/api/spaces/space' -u elastic:changeme \
  -X POST -H 'Content-Type: application/json' -H 'kbn-version: 9.0.0' \
  --data-raw '{"name":"space-alpha","id":"space-alpha","initials":"s","color":"#D6BF57","disabledFeatures":["case_1_feature_a"],"imageUrl":""}'
```
3. Log in to Kibana and [navigate to a Space
`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)
you've just created. Observe that deprecated `Case elastic#1 feature A`
(`case_1_feature_a`) isn't displayed, and instead you should see that
replaces deprecated one - `Case elastic#1 feature B` (`case_1_feature_b`):

![Screen Shot 2024-11-01 at 17 40
59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Security/Authorization Platform Security - Authorization release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.17.0 v9.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants