[Logs UI] Add missing ML capabilities checks

[weltenwort]

Summary

This adds several missing Machine Learning capabilities checks to the UI to make sure the user doesn't run into downstream errors resulting from the lack of permissions. It also updates the messages of the permission prompt screens to refer to the new Kibana Machine Learning permissions instead of the old built-in roles.

closes #72416
closes #72590

Details

These buttons are now disabled without "All" Machine Learning permissions:

• the "Recreate" button on the "Categories" result page
• the "Enable" and "Recreate" buttons on the module list cards in the "Anomalies" flyout
• the "Recreate" buttons in the job status callouts (for oudated jobs)

Previews

Testing

The changes affect both the "Anomalies" and the "Categories" tabs, except for the module setup list changes, which only exist in the former.

For testing the cartesian product of the permission scenarios

• user has "All" ML permissions
• user has "Read" ML permissions
• user has no ML permissions

and the ML job presence scenarios

• relevant ML jobs exist
• relevant ML jobs don't exist

could be of particular interest.

[apmmachine]

💚 Build Succeeded

Expand to view the summary

Build stats

• Build Cause: [Pull request #72606 updated]

• Start Time: 2020-07-21T14:05:15.935+0000

• Duration: 4 min 2 sec

[elasticmachine]

Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui)

[Kerry350]

Code looks good 👌 Feel free to ignore, or push to a followup, my minor comments.

Testing the functionality now.

[Kerry350]

For the default text here should it be job instead of jobs?

[weltenwort]

I would say, it depends on whether we want to abstract away the fact that this module happens to only contain one job. 🤷

[Kerry350]

Would there be any harm in rolling missingMlResultsPrivilegesTitle and missingMlSetupPrivilegesTitle into a singular translation as they use the same text?

[weltenwort]

good point, I didn't realize that when I factored them out 👍

[Kerry350]

👍

[Kerry350]

@weltenwort Hmm, so I'm seeing some weird behaviour with the anomalies and categories tabs. It's really inconsistent, and I can't find the common thread that makes it happen, but I'll try to describe what I'm seeing. It could also be the case that I've misunderstood Kibana roles / privileges, but even if that was the case I'd expect one behaviour rather than multiple.

Context:

Against the dev-next shared cluster I've created a kerry_test_ml_all role (which is still on the cluster if that helps at all), that role is assigned to one user kerry_test_ml, and it's the only role the user has. The role assigns everything - full index privileges and space privileges - as far as I can tell there's nothing I could do to make this user more privileged.

I then log in to Kibana as that user. Within that single login, I see all of the following behaviours accessing the anomalies tab:

So there's a mixture of asking for elevated privileges, saying there's no data, and showing results.

What's really curious is the User not authorized for "/api/ml/jobs/jobs_summary" failures, these happen just hitting the ML APIs, without hitting our internal APIs at all. In the screenshot of the network panel it can be seen that they fail, and then succeed straight after, with a call for results also managing to succeed.

I don't understand the mixture of behaviours here?

[Kerry350]

Logging in and out 3 or 4 times I was able to at least get consistency between my roles (I set up all, read, and none roles), still not sure how I managed to see such a mixture of behaviours in one session (also using a private window) 🤔

All works as expected, read works as expected, but I do see a difference for none between the two tabs:

[weltenwort]

Thanks for checking all the permutations so thoroughly! I couldn't quite reproduce the "Anomalies" tab situation, though. 🤔 This is what it looks like for me for a user with "None" as the "Machine Learning" permissions:

[Kerry350]

(After talking on Slack / Zoom I had one part of my none role misconfigured).

Approving 🎉

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: a417a7a

Build metrics

async chunks size

id	value	diff	baseline
infra	3.6MB	+3.8KB	3.6MB

History

• 💚 Build #63292 succeeded 964f54f
• 💔 Build #63238 failed 80ee0b7

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream