New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Load FLS suggestions on-demand #98681
Conversation
Pinging @elastic/kibana-security (Team:Security) |
@elasticmachine merge upstream |
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks and works perfectly except for one weird thing: for some reason, I cannot select fields with the mouse clicks anymore, only with the keyboard (for Chromium and Firefox). I tried to re-bootstrap, but it didn't help. Do you see the same, or I just messed up with my environment somehow?
x-pack/plugins/security/public/management/roles/indices_api_client.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security/public/management/roles/indices_api_client.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security/public/management/roles/indices_api_client.ts
Outdated
Show resolved
Hide resolved
@@ -25,6 +25,7 @@ export function defineGetFieldsRoutes({ router }: RouteDefinitionParams) { | |||
fields: '*', | |||
allow_no_indices: false, | |||
include_defaults: true, | |||
filter_path: '*.mappings.*.mapping.*.type', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great find! 🏅
x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privileges.tsx
Show resolved
Hide resolved
// This is distinct from the field within `this.state`. | ||
// We want to make sure that only one request for fields is in-flight at a time, | ||
// and relying on state for this is error prone. | ||
private isFieldListLoading: boolean = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: just for my own education, would you mind explaining a bit when storing this flag only is state
leads to errors?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
React can decide to batch/defer state updates, so calling this.setState()
doesn't guarantee that your state will be updated within a specific period of time. Having this private field outside of state works around this by giving us a synchronously updating field that always reflects reality.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to backport this to 7.13.1. It seems more like a feature than a bug fix to me
...ck/plugins/security/public/management/roles/edit_role/privileges/es/index_privilege_form.tsx
Show resolved
Hide resolved
Not a strict requirement. We originally marked this as an enhancement, but recently decided to mark it as a bug due to the rather nasty side effects the current implementation has (OOM on the Kibana server, ES cluster instability, etc.). Happy to wait for |
Sounds reasonable - Just wanted to hear if it was intentional |
@azasypkin great catch! It looks like the |
💚 Build SucceededMetrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
Summary
Improves the loading of field-level security ("FLS") suggestions on the role management page:
Fields suggestions are no longer eagerly loaded
Previously, the role management page would load all FLS suggestions on page load. This caused a lot of unnecessary overhead, and has resulted in a number of failure conditions over the past couple of years.
With this change, FLS suggestions are loaded "just in time":
As with the previous implementation, the suggestions are cached on the client, so that we do not unnecessarily tax the cluster or Kibana's server.
The field mapping response has been filtered to only include the necessary fields from Elasticsearch
The response from Elasticsearch's Get Field Mappings API is quite verbose. If we are trying to retrieve field names for a large number of indices, or for indices with a large number of fields, then this can put undue strain on the cluster or Kibana server. We have seen OOM errors on the Kibana side in the past as a result of this.
It turns out that we only need a small subset of the response in order to retrieve the available fields. Luckily, ES has a common
filter_path
query parameter that we can use to prevent including unneeded fields in the response.In my local testing, this dramatically reduced the number of bytes sent over the wire, which is both faster to send, and faster to parse/process in Node.js.
My test had an initial payload of ~1.2MB, while the filtered payload was merely 260KB - this is roughly a 76% payload reduction!
Resolves #47378