From daf35f9da88e77fabc7ece57bb32fb20952e1850 Mon Sep 17 00:00:00 2001
From: Patrick Mueller <pmuellr@gmail.com>
Date: Tue, 24 Mar 2020 12:40:30 -0400
Subject: [PATCH] [Alerting] add alerting privileges for uptime and metrics

resolves https://github.com/elastic/kibana/issues/60135

See the reference issue for how to configure Kibana to test this manually.
There are no automated tests for this ATM.

The basic test scenario is to create a role with just the Uptime space
privilege, make sure it get to the Alerts and Actions management app,
make sure you can create an action (server log), and alert (index threshold),
and that the alert and action run successfully.

Then repeat with just the Metrics space privilege.
---
 x-pack/plugins/infra/server/features.ts       | 30 ++++++++++++---
 .../public/application/lib/capabilities.ts    |  2 +-
 x-pack/plugins/uptime/server/kibana.index.ts  | 37 ++++++++++++++++---
 3 files changed, 56 insertions(+), 13 deletions(-)

diff --git a/x-pack/plugins/infra/server/features.ts b/x-pack/plugins/infra/server/features.ts
index 5301e1e9cbd0bb..fa228e03194a93 100644
--- a/x-pack/plugins/infra/server/features.ts
+++ b/x-pack/plugins/infra/server/features.ts
@@ -20,22 +20,40 @@ export const METRICS_FEATURE = {
     all: {
       app: ['infra', 'kibana'],
       catalogue: ['infraops'],
-      api: ['infra'],
+      api: ['infra', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'],
       savedObject: {
-        all: ['infrastructure-ui-source'],
+        all: ['infrastructure-ui-source', 'alert', 'action', 'action_task_params'],
         read: ['index-pattern'],
       },
-      ui: ['show', 'configureSource', 'save'],
+      ui: [
+        'show',
+        'configureSource',
+        'save',
+        'alerting:show',
+        'actions:show',
+        'alerting:save',
+        'actions:save',
+        'alerting:delete',
+        'actions:delete',
+      ],
     },
     read: {
       app: ['infra', 'kibana'],
       catalogue: ['infraops'],
-      api: ['infra'],
+      api: ['infra', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'],
       savedObject: {
-        all: [],
+        all: ['alert', 'action', 'action_task_params'],
         read: ['infrastructure-ui-source', 'index-pattern'],
       },
-      ui: ['show'],
+      ui: [
+        'show',
+        'alerting:show',
+        'actions:show',
+        'alerting:save',
+        'actions:save',
+        'alerting:delete',
+        'actions:delete',
+      ],
     },
   },
 };
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts b/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts
index f8102189c425ce..a216498d68b552 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts
+++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/capabilities.ts
@@ -12,7 +12,7 @@
 
 type Capabilities = Record<string, any>;
 
-const apps = ['apm', 'siem'];
+const apps = ['apm', 'siem', 'uptime', 'infrastructure'];
 
 function hasCapability(capabilities: Capabilities, capability: string) {
   return apps.some(app => capabilities[app]?.[capability]);
diff --git a/x-pack/plugins/uptime/server/kibana.index.ts b/x-pack/plugins/uptime/server/kibana.index.ts
index da208e13acdad0..1242de55746586 100644
--- a/x-pack/plugins/uptime/server/kibana.index.ts
+++ b/x-pack/plugins/uptime/server/kibana.index.ts
@@ -41,22 +41,47 @@ export const initServerWithKibana = (server: UptimeCoreSetup, plugins: UptimeCor
       all: {
         app: ['uptime', 'kibana'],
         catalogue: ['uptime'],
-        api: ['uptime-read', 'uptime-write'],
+        api: [
+          'uptime-read',
+          'uptime-write',
+          'actions-read',
+          'actions-all',
+          'alerting-read',
+          'alerting-all',
+        ],
         savedObject: {
-          all: [umDynamicSettings.name],
+          all: [umDynamicSettings.name, 'alert', 'action', 'action_task_params'],
           read: [],
         },
-        ui: ['save', 'configureSettings', 'show'],
+        ui: [
+          'save',
+          'configureSettings',
+          'show',
+          'alerting:show',
+          'actions:show',
+          'alerting:save',
+          'actions:save',
+          'alerting:delete',
+          'actions:delete',
+        ],
       },
       read: {
         app: ['uptime', 'kibana'],
         catalogue: ['uptime'],
-        api: ['uptime-read'],
+        api: ['uptime-read', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'],
         savedObject: {
-          all: [],
+          all: ['alert', 'action', 'action_task_params'],
           read: [umDynamicSettings.name],
         },
-        ui: ['show'],
+        ui: [
+          'show',
+          'alerting:show',
+          'actions:show',
+          'alerting:save',
+          'actions:save',
+          'alerting:delete',
+          'actions:delete',
+        ],
       },
     },
   });