[9.2] [Roles] Added error reasons for role malformed message (#239098) by kibanamachine · Pull Request #239413 · elastic/kibana

kibanamachine · 2025-10-16T17:22:32Z

Backport

This will backport the following commits from main to 9.2:

[Roles] Added error reasons for role malformed message (#239098)

Questions ?

Please refer to the Backport tool documentation

## Summary Added error reasons for role malformed message. ### How to test <details> <summary>1. Create a couple of malformed roles</summary> ``` POST _security/role { "roles": { "malformed-reserved-privileges-wrong-app-role": { "cluster": [], "remote_cluster": [], "indices": [], "applications": [ { "application": "kibana-.kibana", "privileges": [ "reserved_ml_admin" ], "resources": [ "*" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } }, "malformed-space-privileges-global-role": { "cluster": [], "remote_cluster": [], "indices": [], "applications": [ { "application": "kibana-.kibana", "privileges": [ "space_read" ], "resources": [ "*" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } }, "malformed-global-privileges-space-role": { "cluster": [], "remote_cluster": [], "indices": [], "applications": [ { "application": "kibana-.kibana", "privileges": [ "all" ], "resources": [ "space:default" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } }, "malformed-base-feature-privileges-mixed-role": { "cluster": [], "remote_cluster": [], "indices": [], "applications": [ { "application": "kibana-.kibana", "privileges": [ "all", "feature_dashboard.read" ], "resources": [ "*" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } }, "malformed-invalid-resource-format-role": { "cluster": [], "remote_cluster": [], "indices": [], "applications": [ { "application": "kibana-.kibana", "privileges": [ "feature_dashboard.read" ], "resources": [ "invalid:resource:format" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } }, "malformed-duplicated-resources-role": { "cluster": [], "remote_cluster": [], "indices": [], "applications": [ { "application": "kibana-.kibana", "privileges": [ "feature_dashboard.read" ], "resources": [ "space:default", "space:default" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } }, "malformed-reserved-privileges-mixed-role": { "cluster": [], "remote_cluster": [], "indices": [], "applications": [ { "application": "kibana-.kibana", "privileges": [ "reserved_ml_admin", "feature_dashboard.read" ], "resources": [ "*" ] } ], "run_as": [], "metadata": {}, "transient_metadata": { "enabled": true } } } } ``` </details> 2. Go to Stack Management -> Roles -> [MALFORMED_ROLE] and check the displayed error messages. The code block for kibana applications has been added underneath the message as well. <img width="613" height="309" alt="Screenshot 2025-10-15 at 14 59 58" src="https://github.com/user-attachments/assets/9dea2b55-031a-484f-87e1-4a183d3db3be" /> | Error Reason | Client Message | | ------------- | ------------- | | `RESERVED_PRIVILEGES_WRONG_APP` | <img width="608" height="225" alt="Screenshot 2025-10-15 at 12 39 04" src="https://github.com/user-attachments/assets/be2d79da-2f4c-4529-9f80-e08dd1301e29" /> | | `GLOBAL_PRIVILEGES_SPACE` | <img width="578" height="204" alt="Screenshot 2025-10-15 at 12 43 20" src="https://github.com/user-attachments/assets/f9a5f2a2-fb13-4d2b-bc31-d28ea67cf48c" />| | `GLOBAL_RESOURCE_MIXED` | <img width="388" height="184" alt="Screenshot 2025-10-15 at 12 38 36" src="https://github.com/user-attachments/assets/4854a4f1-197a-45de-a57e-14d3bf291a5f" />| | `BASE_FEATURE_PRIVILEGES_MIXED ` | <img width="478" height="186" alt="Screenshot 2025-10-15 at 12 42 59" src="https://github.com/user-attachments/assets/0c63547e-05b1-485d-97da-a2df5955baaa" /> | | `INVALID_RESOURCE_FORMAT ` | <img width="435" height="195" alt="Screenshot 2025-10-15 at 12 47 05" src="https://github.com/user-attachments/assets/b2448a23-ba7f-44d7-8621-95293946d3f0" /> | | `DUPLICATED_RESOURCES ` | <img width="390" height="190" alt="Screenshot 2025-10-15 at 12 48 26" src="https://github.com/user-attachments/assets/ba8c982c-4e46-471f-b891-d73fc8526f1c" /> | | `SPACE_PRIVILEGES_GLOBAL` | <img width="398" height="188" alt="Screenshot 2025-10-15 at 12 50 14" src="https://github.com/user-attachments/assets/0b3f1fa6-7b40-4586-bf20-cb0dabff71d8" /> | | `RESERVED_PRIVILEGES_MIXED` | <img width="566" height="203" alt="Screenshot 2025-10-15 at 12 53 54" src="https://github.com/user-attachments/assets/c063f965-18be-460b-821f-c814a8d08100" />| | `DISABLED_FEATURE_PRIVILEGES` | <img width="382" height="198" alt="Screenshot 2025-10-15 at 12 54 41" src="https://github.com/user-attachments/assets/a42bbacd-0df7-4ceb-85fb-457e7b28abbc" /> | ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. __Closes: https://github.com/elastic/kibana/issues/224053__ ## Release Note Enhanced the error message to include detailed information about why the role is considered malformed. (cherry picked from commit 762bed0)

elasticmachine · 2025-10-16T20:01:45Z

💚 Build Succeeded

Buildkite Build
Commit: c00f959

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
`security`	549	551	+2

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
`@kbn/security-plugin-types-common`	68	76	+8

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`security`	482.2KB	485.5KB	+3.3KB

Unknown metric groups

API count

id	before	after	diff
`@kbn/security-plugin-types-common`	129	137	+8

cc @elena-shostak

kibanamachine assigned elena-shostak Oct 16, 2025

kibanamachine added the backport This PR is a backport of another PR label Oct 16, 2025

kibanamachine enabled auto-merge (squash) October 16, 2025 17:22

kibanamachine mentioned this pull request Oct 16, 2025

[Roles] Added error reasons for role malformed message #239098

Merged

4 tasks

github-actions bot approved these changes Oct 16, 2025

View reviewed changes

kibanamachine merged commit 1878e8f into elastic:9.2 Oct 16, 2025
16 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[9.2] [Roles] Added error reasons for role malformed message (#239098)#239413

[9.2] [Roles] Added error reasons for role malformed message (#239098)#239413
kibanamachine merged 1 commit intoelastic:9.2from
kibanamachine:backport/9.2/pr-239098

kibanamachine commented Oct 16, 2025

Uh oh!

elasticmachine commented Oct 16, 2025

API count

Labels

3 participants

Conversation

kibanamachine commented Oct 16, 2025

Backport

Questions ?

Uh oh!

elasticmachine commented Oct 16, 2025

💚 Build Succeeded

Metrics [docs]

Module Count

Public APIs missing comments

Async chunks

API count

Labels

3 participants