wazuh-dashboard-plugins icon indicating copy to clipboard operation
wazuh-dashboard-plugins copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Disable settings with wazuh.yml configuration

Open asteriscos opened this issue 11 months ago • 7 comments

Description

We need to implement a new setting in the wazuh.yml configuration file that disables the access to modify Wazuh Dashboard settings.

Tasks

  • [x] Add new setting to wazuh.yml
  • [x] Protect API endpoints related to updating the configuration
  • [x] Hide the App settings -> Configuration tab (Only the Miscellaneous tab should be visible)
  • [x] Hide the Remember server address in the Deploy new agent guide
  • [x] Update documentation https://github.com/wazuh/wazuh-documentation/pull/7220
    • [x] Add the new setting

Screenshots

Configuration tab image image

asteriscos avatar Mar 27 '24 10:03 asteriscos

Changes

  • Create API endpoint controller decorator to protect the routes related to edit the configuration
  • Protect the API endpoints with the new route decorator
    • POST /utils/configuration
    • POST /utils/configuration/files/{key}
    • DELETE /utils/configuration/files/{key}
  • Add new setting to enable or disable the ability to edit the configuration (WIP)

Side changes

  • Create a compose method to add multiple decorators to an API endpoint controller

Desvelao avatar Apr 18 '24 15:04 Desvelao

Changes

  • Add new setting to manage the ability to edit the configuration from API endpoints and UI
  • Add test related to API controllers decorators
  • Add test about PUT /utils/configuration related to API endpoint protection

Desvelao avatar Apr 19 '24 12:04 Desvelao

New setting

key type default value description
configuration.ui_api_editable boolean true Enable or disable the ability to edit the configuration from UI or API endpoints. When disabled, this can only be edited from the configuration file, the related API endpoints are disabled, and the UI is inaccessible.

Desvelao avatar Apr 19 '24 12:04 Desvelao

Due to we are working into replacing the render based on AngularJS template to ReactJS, to hide the Configuration tab, this issue depends on https://github.com/wazuh/wazuh-dashboard-plugins/issues/6577.

Desvelao avatar Apr 19 '24 12:04 Desvelao

Update documentation

I added the new setting to the specification of the configuration file on this pull request: https://github.com/wazuh/wazuh-documentation/pull/7220

Desvelao avatar Apr 19 '24 14:04 Desvelao

Changes

  • Update the development branch with the latest changes of 4.9.0 branch
  • Refactor some code on Settings component
    • Remove unused code
    • Minor enhancements
  • Put inaccessible the Configuration tab on App Settings when the new setting is disabled

Desvelao avatar Apr 24 '24 09:04 Desvelao

Changes

  • Update the development branch with the latest changes of 4.9.0 branch
  • Hide the button to save the enrollment.dns plugin setting from the Deploy new agent guide depending on if the configuration is editable from UI
  • Hide Settings button on Statistics app depending on if the configuration is editable from UI

Desvelao avatar Apr 26 '24 06:04 Desvelao