Skip to content

Commit

Permalink
[Landing page] update UI text and make learn more link active (opense…
Browse files Browse the repository at this point in the history 
…arch-project#371)
  • Loading branch information
@bandinib-amzn
bandinib-amzn authored Aug 13, 2020
1 parent d6df5b6 commit 2f5f815
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 29 deletions.
9 changes: 9 additions & 0 deletions public/apps/configuration/constants.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,3 +137,12 @@ export const TENANT_READ_PERMISSION = 'kibana_all_read';
export const TENANT_WRITE_PERMISSION = 'kibana_all_write';

export const RoleViewTenantInvalidText = 'N/A';

// External Links
export enum DocLinks {
BackendConfigurationDoc = 'https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/configuration/',
AuthenticationFlowDoc = 'https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/concepts/',
CreateRolesDoc = 'https://opendistro.github.io/for-elasticsearch-docs/docs/security/access-control/users-roles/#create-roles',
MapUsersToRolesDoc = 'https://opendistro.github.io/for-elasticsearch-docs/docs/security/access-control/users-roles/#map-users-to-roles',
AuditLogsDoc = 'https://opendistro.github.io/for-elasticsearch-docs/docs/security/audit-logs/',
}
68 changes: 42 additions & 26 deletions public/apps/configuration/panels/get-started.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,25 +31,36 @@ import { AppDependencies } from '../../types';
import securityStepsDiagram from '../../../assets/get_started.png';
import { buildHashUrl } from '../utils/url-builder';
import { Action, ResourceType } from '../types';
import { DocLinks } from '../constants';

const setOfSteps = [
{
title: 'Secure your backends (authc & authz)',
title: 'Add backends',
children: (
<>
<EuiText size="s" color="subdued" grow={false}>
In order to use Security plugin, you must decide on authentication
<EuiCode>authc</EuiCode> and authorization backends <EuiCode>authz</EuiCode>.<br />
Use <EuiCode>plugins/opendistro_security/securityconfig/config.yml</EuiCode>
to define how to retrieve and verify the user credentials, and how to fetch additional
roles from backend system if needed.
Add authentication<EuiCode>(authc)</EuiCode>and authorization<EuiCode>(authz)</EuiCode>
information to<EuiCode>plugins/opendistro_security/securityconfig/config.yml</EuiCode>.
The <EuiCode>authc</EuiCode> section contains the backends to check user credentials
against. The <EuiCode>authz</EuiCode>
section contains any backends to fetch external identities from. The most common example
of an external identity is an LDAP group.{' '}
<EuiLink external={true} href={DocLinks.AuthenticationFlowDoc} target="_blank">
Learn More
</EuiLink>
</EuiText>

<EuiSpacer />

<EuiFlexGroup gutterSize="s">
<EuiFlexItem grow={false}>
<EuiButton fill iconType="popout" iconSide="right">
<EuiButton
fill
iconType="popout"
iconSide="right"
href={DocLinks.BackendConfigurationDoc}
target="_blank"
>
Create config.yml
</EuiButton>
</EuiFlexItem>
Expand All @@ -67,14 +78,13 @@ const setOfSteps = [
),
},
{
title: 'Find a role that satisfies your security needs',
title: 'Create roles',
children: (
<>
<EuiText size="s" color="subdued" grow={false}>
A role defines cluster permissions, index permissions, and read/write access to a tenant.
<br />
You can make use of a build-in role, or create a custom role based on your needs.{' '}
<EuiLink external={true} href="/">
Roles are reusable collections of permissions. The default roles are a great starting
point, but you might need to create custom roles that meet your exact needs.{' '}
<EuiLink external={true} href={DocLinks.CreateRolesDoc} target="_blank">
Learn More
</EuiLink>
</EuiText>
Expand Down Expand Up @@ -106,14 +116,13 @@ const setOfSteps = [
),
},
{
title: 'Map internal users or external identities to your role',
title: 'Map roles',
children: (
<>
<EuiText size="s" color="subdued" grow={false}>
Map users to a role to uptake its role settings. You can build an internal user database
within this plugin, or use a external entities to directly map to a role through an
external authentication system.{' '}
<EuiLink external={true} href="/">
After a user successfully authenticates, the security plugin retrieves that user’s roles.
You can map roles directly to users, but you can also map them to external identities.{' '}
<EuiLink external={true} href={DocLinks.MapUsersToRolesDoc} target="_blank">
Learn More
</EuiLink>
</EuiText>
Expand All @@ -122,7 +131,14 @@ const setOfSteps = [

<EuiFlexGroup gutterSize="s">
<EuiFlexItem grow={false}>
<EuiButton fill>Map users to a role</EuiButton>
<EuiButton
fill
onClick={() => {
window.location.href = buildHashUrl(ResourceType.users);
}}
>
Map users to a role
</EuiButton>
</EuiFlexItem>
<EuiFlexItem grow={false}>
<EuiButton
Expand All @@ -146,16 +162,16 @@ export function GetStarted(props: AppDependencies) {
<EuiTitle size="l">
<h1>Get started</h1>
</EuiTitle>
<EuiButton iconType="popout" iconSide="right">
<EuiButton iconType="popout" iconSide="right" href={buildHashUrl()} target="_blank">
Open in new window
</EuiButton>
</EuiPageHeader>

<EuiText size="s" color="subdued" grow={false}>
<p>
Security allows you to design your own security roles and authenticate your users in
flexible ways, regardless whether you have an external authentication system set up or
not. Set up your security by following three steps:
The Open Distro for Elasticsearch security plugin lets you define the API calls that users
can make and the data they can access. The most basic configuration consists of three
steps.
</p>
</EuiText>

Expand All @@ -173,10 +189,10 @@ export function GetStarted(props: AppDependencies) {

<EuiText size="s" color="subdued" grow={false}>
<p>
Elasticsearch audit logs are records that provide documentary evidence of security
activities in a given system. Audit logs let you track user access to your Elasticsearch
cluster and are useful for compliance purposes or in the aftermath of a security breach.{' '}
<EuiLink external={true} href="/">
Audit logs let you track user access to your Elasticsearch cluster and are useful for
compliance purposes. If you enable this feature, Amazon Elasticsearch Service publishes
the audit logs to CloudWatch Logs, where you can monitor and search them.{' '}
<EuiLink external={true} href={DocLinks.AuditLogsDoc} target="_blank">
Learn More
</EuiLink>
</p>
Expand Down
13 changes: 10 additions & 3 deletions public/apps/configuration/panels/user-list.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,9 +198,16 @@ export function UserList(props: AppDependencies) {
<EuiText size="xs" color="subdued">
The Security plugin includes an internal user database. Use this database in place of
or in addition to an external authentication system such as LDAP or Active Directory.
You can map an internal user to a role from <EuiLink href="/">Roles</EuiLink>. First,
click into the detail page of the role. Then under “Mapped users”, click “Manage
mapping”.{' '}
You can map an internal user to a role from{' '}
<EuiLink
onClick={() => {
window.location.href = buildHashUrl(ResourceType.roles);
}}
>
Roles
</EuiLink>
. First, click into the detail page of the role. Then under “Mapped users”, click
“Manage mapping”.{' '}
<EuiLink external={true} href="/">
Learn More
</EuiLink>
Expand Down

0 comments on commit 2f5f815

Please sign in to comment.