simplify authorized indices function (#15)

* simplify authorized indices function * remove duplicate setup / start interfaces * remove unused function from rule data plugin service * removes references to 'alerts' privileges in apm feature definition in favor of using subfeature definition in apm
dhurley14 · Jun 22, 2021 · 691c470 · 691c470
1 parent 437dd59
commit 691c470
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 48 deletions.
diff --git a/x-pack/plugins/apm/server/feature.ts b/x-pack/plugins/apm/server/feature.ts
@@ -42,9 +42,6 @@ export const APM_FEATURE = {
         rule: {
           all: Object.values(AlertType),
         },
-        alert: {
-          read: Object.values(AlertType),
-        },
       },
       management: {
         insightsAndAlerting: ['triggersActions'],
@@ -63,9 +60,6 @@ export const APM_FEATURE = {
         rule: {
           read: Object.values(AlertType),
         },
-        alert: {
-          read: Object.values(AlertType),
-        },
       },
       management: {
         insightsAndAlerting: ['triggersActions'],

diff --git a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts
@@ -196,15 +196,13 @@ export class AlertsClient {
       AlertingAuthorizationEntity.Alert
     );
 
-    const arrayOfAuthorizedRuleTypes = Array.from(augmentedRuleTypes.authorizedRuleTypes);
-
     // As long as the user can read a minimum of one type of rule type produced by the provided feature,
     // the user should be provided that features' alerts index.
     // Limiting which alerts that user can read on that index will be done via the findAuthorizationFilter
-    const authorizedFeatures = arrayOfAuthorizedRuleTypes.reduce(
-      (acc, ruleType) => acc.add(ruleType.producer),
-      new Set<string>()
-    );
+    const authorizedFeatures = new Set();
+    for (const ruleType of augmentedRuleTypes.authorizedRuleTypes) {
+      authorizedFeatures.add(ruleType.producer);
+    }
 
     const toReturn = Array.from(authorizedFeatures).flatMap((feature) => {
       switch (feature) {

diff --git a/x-pack/plugins/rule_registry/server/plugin.ts b/x-pack/plugins/rule_registry/server/plugin.ts
@@ -24,24 +24,15 @@ import { RuleRegistryPluginConfig } from './config';
 import { RuleDataPluginService } from './rule_data_plugin_service';
 import { EventLogService, IEventLogService } from './event_log';
 
-interface RuleRegistryPluginSetupDependencies {
+export interface RuleRegistryPluginSetupDependencies {
   security: SecurityPluginSetup;
 }
 
-interface RuleRegistryPluginStartDependencies {
+export interface RuleRegistryPluginStartDependencies {
   spaces: SpacesPluginStart;
   alerting: AlertingStart;
 }
 
-export interface RuleRegistryPluginsStart {
-  alerting: AlertingStart;
-  spaces?: SpacesPluginStart;
-}
-
-export interface RuleRegistryPluginsSetup {
-  security?: SecurityPluginSetup;
-}
-
 export interface RuleRegistryPluginSetupContract {
   ruleDataService: RuleDataPluginService;
   eventLogService: IEventLogService;
@@ -74,7 +65,7 @@ export class RuleRegistryPlugin
 
   public setup(
     core: CoreSetup<RuleRegistryPluginStartDependencies, RuleRegistryPluginStartContract>,
-    plugins: RuleRegistryPluginsSetup
+    plugins: RuleRegistryPluginSetupDependencies
   ): RuleRegistryPluginSetupContract {
     const { logger } = this;
 
@@ -132,7 +123,7 @@ export class RuleRegistryPlugin
     return { ruleDataService: this.ruleDataService, eventLogService };
   }
 
-  public start(core: CoreStart, plugins: RuleRegistryPluginsStart) {
+  public start(core: CoreStart, plugins: RuleRegistryPluginStartDependencies) {
     const { logger, alertsClientFactory, security } = this;
 
     alertsClientFactory.initialize({

diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index.ts
@@ -158,11 +158,4 @@ export class RuleDataPluginService {
   getFullAssetName(assetName?: string) {
     return [this.fullAssetName, assetName].filter(Boolean).join('-');
   }
-
-  async assertFullAssetNameExists(assetName?: string) {
-    const fullAssetName = this.getFullAssetName(assetName);
-    const clusterClient = await this.getClusterClient();
-    const { body } = await clusterClient.indices.exists({ index: fullAssetName });
-    return body;
-  }
 }
diff --git a/x-pack/test/api_integration/apis/security/privileges.ts b/x-pack/test/api_integration/apis/security/privileges.ts
@@ -21,7 +21,23 @@ export default function ({ getService }: FtrProviderContext) {
         // If you're removing a privilege, this breaks backwards compatibility
         // Roles are associated with these privileges, and we shouldn't be removing them in a minor version.
         const expected = {
+          global: ['all', 'read'],
+          space: ['all', 'read'],
           features: {
+            graph: ['all', 'read'],
+            savedObjectsTagging: ['all', 'read'],
+            canvas: ['all', 'read', 'minimal_all', 'minimal_read', 'generate_report'],
+            maps: ['all', 'read'],
+            fleet: ['all', 'read'],
+            actions: ['all', 'read'],
+            stackAlerts: ['all', 'read'],
+            ml: ['all', 'read'],
+            siem: ['all', 'read', 'minimal_all', 'minimal_read', 'cases_all', 'cases_read'],
+            observabilityCases: ['all', 'read'],
+            uptime: ['all', 'read'],
+            infrastructure: ['all', 'read'],
+            logs: ['all', 'read'],
+            apm: ['all', 'read', 'minimal_all', 'minimal_read', 'alerts_all', 'alerts_read'],
             discover: [
               'all',
               'read',
@@ -53,24 +69,8 @@ export default function ({ getService }: FtrProviderContext) {
             advancedSettings: ['all', 'read'],
             indexPatterns: ['all', 'read'],
             savedObjectsManagement: ['all', 'read'],
-            savedObjectsTagging: ['all', 'read'],
             timelion: ['all', 'read'],
-            graph: ['all', 'read'],
-            maps: ['all', 'read'],
-            canvas: ['all', 'read', 'minimal_all', 'minimal_read', 'generate_report'],
-            infrastructure: ['all', 'read'],
-            logs: ['all', 'read'],
-            observabilityCases: ['all', 'read'],
-            uptime: ['all', 'read'],
-            apm: ['all', 'read', 'minimal_all', 'minimal_read', 'alert_manage'],
-            ml: ['all', 'read'],
-            siem: ['all', 'read', 'minimal_all', 'minimal_read', 'cases_all', 'cases_read'],
-            fleet: ['all', 'read'],
-            stackAlerts: ['all', 'read'],
-            actions: ['all', 'read'],
           },
-          global: ['all', 'read'],
-          space: ['all', 'read'],
           reserved: ['ml_user', 'ml_admin', 'ml_apm_user', 'monitoring'],
         };