Add created_by to saved objects
#179344
Merged
Add created_by to saved objects
#179344
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/ci |
1 similar comment
|
/ci |
…eated-by # Conflicts: # packages/core/saved-objects/core-saved-objects-migration-server-internal/src/__snapshots__/kibana_migrator.test.ts.snap # packages/core/saved-objects/core-saved-objects-migration-server-internal/src/core/__snapshots__/build_active_mappings.test.ts.snap
|
/ci |
…to d/2024-03-25-created-by # Conflicts: # packages/core/saved-objects/core-saved-objects-server/tsconfig.json
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
Dosant
changed the title
created_by to saved objects
Dosant
changed the title
created_by to saved objectscreated_by to saved objects
pgayvallet
reviewed
Apr 2, 2024
Comment on lines
18
to
20
| getCurrentUserId(): string | null { | ||
| return this.securityExtension?.getCurrentUser()?.profile_uid ?? null; | ||
| } |
There was a problem hiding this comment.
Question to @azasypkin regarding the naming. Are userId and profile_uid the same thing? Are we fine with getCurrentUserId here?
There was a problem hiding this comment.
We don't have such a thing as userId yet, and I'm somewhat hesitant to introduce a new concept at this point. Considering userProfiles and uids are already exposed through our public APIs, would getCurrentUserProfileUid be that bad? If a larger API surface within SOR/SOC isn't an issue, we can also consider just re-exposing getCurrentUser...
There was a problem hiding this comment.
I'll update to getCurrentUserProfileUid
|
ACK: will review today |
Dosant
added
the
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
Dosant
commented
Apr 3, 2024
| @@ -52,7 +52,7 @@ export const createUserActionFindSO = ( | |||
| }); | |||
|
|
|||
| export const createConnectorUserAction = ( | |||
| overrides?: Partial<CaseUserActionWithoutReferenceIds> | |||
| overrides?: Partial<SavedObject<CaseUserActionWithoutReferenceIds>> | |||
There was a problem hiding this comment.
@elastic/response-ops-cases, the overrides from these utils are unused, but adding a created_by on a root saved object found a type issue with the types
|
@elasticmachine merge upstream |
jloleysens
approved these changes
Apr 4, 2024
|
@elasticmachine merge upstream |
|
buildkite test this |
…eated-by # Conflicts: # x-pack/plugins/security/tsconfig.json
💚 Build Succeeded
Metrics [docs]Public APIs missing comments
Page load bundle
Saved Objects .kibana field count
Unknown metric groupsAPI count
ESLint disabled line counts
References to deprecated APIs
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @Dosant |
kibanamachine
added
v8.14.0
backport:skip
gsoldevila
added a commit
that referenced
this pull request
Apr 9, 2024
) ## Summary Align V2 behavior with ZDT after #179595 Under the assumption that whenever we want to add new root fields (e.g. [created_by](#179344)), we will systematically add mappings for them, we can skip the `updateAndPickupMappings` operation iif ONLY root fields' mappings have changed during an upgrade (aka if none of the SO types have updated their mappings). Up until now, the logic was updating ALL SO types whenever a `root` field was added / updated. This is expensive and unnecessary, and can cause a noticeable impact to large customers during migrations.
Dosant
added a commit
that referenced
this pull request
Apr 30, 2024
Part of elastic/kibana-team#769 ## Summary This PR adds a "created by" filter to the dashboard listing page. We've added the created_by field recently [here](#179344) so only newly created by interactive users dashboards will be populated with `created_by` ### Demo <img width="1510" alt="Screenshot 2024-04-25 at 16 32 03" src="https://github.com/elastic/kibana/assets/7784120/ac70ffea-05be-4d70-bbfa-c1cc9d5dd747"> <img width="1510" alt="Screenshot 2024-04-25 at 16 32 11" src="https://github.com/elastic/kibana/assets/7784120/9889ccae-08d0-4fb6-977e-c42e85337e0e"> ### Implementation notes #### Suggesting users We suggest only the users that have at least one dashboard. We do this by aggregating dashboard saved objects by `created_by`. Because we don't have server-side pagination or sorting yet, in this initial version, I decided to do this client-side to keep it as simple as possible for now. Initially, I did this server-side inside a dashboard plugin as an internal API route. In the long term, this should probably be moved to content management in some form, but it is not clear how it should look yet. This is the commit where I reverted and moved it to client-side 06316ee #### Clint side filtering The user filter is simply a client-side filter because we anyway currently have an in-memory table with client-side sorting and pagination. There is no much practical value in server-side filter atm The filter allows to filter-in by multiple users. It also allows to filter items without creators #### `created_by` filter isn't part of the query string I introduced a separate state for this filter, similar to `tableSort` and `pagination`. The reason why the `created_by` filter isn't a part of the `searchQuery` is because we use `profile_id` which looks ugly for the user, e.g. `u_mGBROF_q5bmFCATLXAcCwKa0k8JvONAwSruelyKA5E_0` so we can't just add it to a user-facing search query like we do with tags. `profile_id` is the correct identified we should use, `username` might not be enough in some cases + `username` in cloud is unreadble account number. The best alternative could be email, but it isn't always available. This is why I decided to keep the `created_by` filter hidden from the user behind the user picker popover and not expose it to the search bar. The `created_by` filter is synced into the URL just like the rest of the table state. #### No distinguishing the current user There is no logic in place that somehow highlights or renames the current user in the filter. This can be added, but to limit the scope of the MVP I didn't do it. #### User filter component We use the `UsersProfilePopover` provided by the security team. We use it without any overrides, so the component decides how to show users in a popover. I noticed a small visual issue with an email truncation in a smaller popover. Might be worth a separate issue. ### Testing 1. Create multiple new users 2. Login for each of them 3. Created a dashboard for each of them 4. Play with the filter #### Next Steps The next step would be to add a column with the user: 
yuliacech
pushed a commit
to yuliacech/kibana
that referenced
this pull request
May 3, 2024
Part of https://github.com/elastic/kibana-team/issues/769 ## Summary This PR adds a "created by" filter to the dashboard listing page. We've added the created_by field recently [here](elastic#179344) so only newly created by interactive users dashboards will be populated with `created_by` ### Demo <img width="1510" alt="Screenshot 2024-04-25 at 16 32 03" src="https://github.com/elastic/kibana/assets/7784120/ac70ffea-05be-4d70-bbfa-c1cc9d5dd747"> <img width="1510" alt="Screenshot 2024-04-25 at 16 32 11" src="https://github.com/elastic/kibana/assets/7784120/9889ccae-08d0-4fb6-977e-c42e85337e0e"> ### Implementation notes #### Suggesting users We suggest only the users that have at least one dashboard. We do this by aggregating dashboard saved objects by `created_by`. Because we don't have server-side pagination or sorting yet, in this initial version, I decided to do this client-side to keep it as simple as possible for now. Initially, I did this server-side inside a dashboard plugin as an internal API route. In the long term, this should probably be moved to content management in some form, but it is not clear how it should look yet. This is the commit where I reverted and moved it to client-side elastic@06316ee #### Clint side filtering The user filter is simply a client-side filter because we anyway currently have an in-memory table with client-side sorting and pagination. There is no much practical value in server-side filter atm The filter allows to filter-in by multiple users. It also allows to filter items without creators #### `created_by` filter isn't part of the query string I introduced a separate state for this filter, similar to `tableSort` and `pagination`. The reason why the `created_by` filter isn't a part of the `searchQuery` is because we use `profile_id` which looks ugly for the user, e.g. `u_mGBROF_q5bmFCATLXAcCwKa0k8JvONAwSruelyKA5E_0` so we can't just add it to a user-facing search query like we do with tags. `profile_id` is the correct identified we should use, `username` might not be enough in some cases + `username` in cloud is unreadble account number. The best alternative could be email, but it isn't always available. This is why I decided to keep the `created_by` filter hidden from the user behind the user picker popover and not expose it to the search bar. The `created_by` filter is synced into the URL just like the rest of the table state. #### No distinguishing the current user There is no logic in place that somehow highlights or renames the current user in the filter. This can be added, but to limit the scope of the MVP I didn't do it. #### User filter component We use the `UsersProfilePopover` provided by the security team. We use it without any overrides, so the component decides how to show users in a popover. I noticed a small visual issue with an email truncation in a smaller popover. Might be worth a separate issue. ### Testing 1. Create multiple new users 2. Login for each of them 3. Created a dashboard for each of them 4. Play with the filter #### Next Steps The next step would be to add a column with the user: 
Dosant
added a commit
that referenced
this pull request
May 29, 2024
## Summary close elastic/kibana-team#899 - Adds `updated_by` to saved object, similar to recently added `created_by` #179344 - Fixes `created_by` / `created_at` should be set during upsert - Improves functional tests coverage
rshen91
pushed a commit
to rshen91/kibana
that referenced
this pull request
May 30, 2024
## Summary close elastic/kibana-team#899 - Adds `updated_by` to saved object, similar to recently added `created_by` elastic#179344 - Fixes `created_by` / `created_at` should be set during upsert - Improves functional tests coverage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Blocked by #179258Summary
This PR adds an optional
created_byfield to root saved object fields.We're doing for adding a filter by an author to the dashboard listing page (and then other listings)
Implementation
created_by: {type: keyword}In this implementation, I added
created_byas a simple keyword field assuming we will storeprofile_uidonlyThe
profile_uidis not always available, as @azasypkin described hereIt is not available for anonymous users, for users authenticated via proxy, and, in some cases, for API users authenticated with API keys.
But this is the best way to globally identify users and longer term we might get
profile_uidfor all the usersAccessing
getCurrentUserfrom saved object repoAfter exploring different options and discussing with @pgayvallet we decided to provide
getCurrentUserthrough existing security extensions as it's a better isolation of concern, and we avoid leaking the request down to the SOR.