Skip to content

Commit

Permalink
Migrate authorization subsystem to the new platform. (#46145)
Browse files Browse the repository at this point in the history
  • Loading branch information
azasypkin authored Nov 12, 2019
1 parent a97c9d3 commit ad356f5
Show file tree
Hide file tree
Showing 205 changed files with 7,845 additions and 7,869 deletions.
5 changes: 4 additions & 1 deletion src/core/server/http/http_server.mocks.ts
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ interface RequestFixtureOptions {
path?: string;
method?: RouteMethod;
socket?: Socket;
routeTags?: string[];
}

function createKibanaRequestMock({
Expand All @@ -49,6 +50,7 @@ function createKibanaRequestMock({
query = {},
method = 'get',
socket = new Socket(),
routeTags,
}: RequestFixtureOptions = {}) {
const queryString = querystring.stringify(query);
return KibanaRequest.from(
Expand All @@ -61,10 +63,11 @@ function createKibanaRequestMock({
method,
url: {
path,
pathname: path,
query: queryString,
search: queryString ? `?${queryString}` : queryString,
},
route: { settings: {} },
route: { settings: { tags: routeTags } },
raw: {
req: { socket },
},
Expand Down
1 change: 1 addition & 0 deletions src/core/server/saved_objects/service/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ export interface SavedObjectsLegacyService<Request = any> {
addScopedSavedObjectsClientWrapperFactory: SavedObjectsClientProvider<
Request
>['addClientWrapperFactory'];
setScopedSavedObjectsClientFactory: SavedObjectsClientProvider<Request>['setClientFactory'];
getScopedSavedObjectsClient: SavedObjectsClientProvider<Request>['getClient'];
SavedObjectsClient: typeof SavedObjectsClient;
types: string[];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ export class SavedObjectsClientProvider<Request = unknown> {
this._wrapperFactories.add(priority, { id, factory });
}

setClientFactory(customClientFactory: SavedObjectsClientFactory) {
setClientFactory(customClientFactory: SavedObjectsClientFactory<Request>) {
if (this._clientFactory !== this._originalClientFactory) {
throw new Error(`custom client factory is already set, unable to replace the current one`);
}
Expand Down
2 changes: 2 additions & 0 deletions src/core/server/server.api.md
Original file line number Diff line number Diff line change
Expand Up @@ -1492,6 +1492,8 @@ export interface SavedObjectsLegacyService<Request = any> {
// (undocumented)
schema: SavedObjectsSchema;
// (undocumented)
setScopedSavedObjectsClientFactory: SavedObjectsClientProvider<Request>['setClientFactory'];
// (undocumented)
types: string[];
}

Expand Down
2 changes: 1 addition & 1 deletion x-pack/legacy/plugins/actions/server/shim.ts
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ export interface KibanaConfig {
*/
export type TaskManagerStartContract = Pick<TaskManager, 'schedule' | 'fetch' | 'remove'>;
export type XPackMainPluginSetupContract = Pick<XPackMainPlugin, 'registerFeature'>;
export type SecurityPluginSetupContract = Pick<SecurityPlugin, 'config' | 'registerLegacyAPI'>;
export type SecurityPluginSetupContract = Pick<SecurityPlugin, '__legacyCompat'>;
export type SecurityPluginStartContract = Pick<SecurityPlugin, 'authc'>;
export type TaskManagerSetupContract = Pick<
TaskManager,
Expand Down
2 changes: 1 addition & 1 deletion x-pack/legacy/plugins/alerting/server/shim.ts
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ export interface Server extends Legacy.Server {
* Shim what we're thinking setup and start contracts will look like
*/
export type TaskManagerStartContract = Pick<TaskManager, 'schedule' | 'fetch' | 'remove'>;
export type SecurityPluginSetupContract = Pick<SecurityPlugin, 'config' | 'registerLegacyAPI'>;
export type SecurityPluginSetupContract = Pick<SecurityPlugin, '__legacyCompat'>;
export type SecurityPluginStartContract = Pick<SecurityPlugin, 'authc'>;
export type XPackMainPluginSetupContract = Pick<XPackMainPlugin, 'registerFeature'>;
export type TaskManagerSetupContract = Pick<
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,16 @@ export const getCustomLogo = async ({
// We use the basePath from the saved job, which we'll have post spaces being implemented;
// or we use the server base path, which uses the default space
getBasePath: () => job.basePath || serverBasePath,
path: '/',
route: { settings: {} },
url: {
href: '/',
},
raw: {
req: {
url: '/',
},
},
};

const savedObjects = server.savedObjects;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,16 @@ function executeJobFn(server) {
// We use the basePath from the saved job, which we'll have post spaces being implemented;
// or we use the server base path, which uses the default space
getBasePath: () => basePath || serverBasePath,
path: '/',
route: { settings: {} },
url: {
href: '/',
},
raw: {
req: {
url: '/',
},
},
};

const callEndpoint = (endpoint, clientParams = {}, options = {}) => {
Expand Down
22 changes: 9 additions & 13 deletions x-pack/legacy/plugins/reporting/server/lib/get_user.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,19 @@
*/

import { oncePerServer } from './once_per_server';
import { getClient as getShieldClient } from '../../../../server/lib/get_client_shield';

function getUserFn(server) {
const callShieldWithRequest = getShieldClient(server).callWithRequest;

return async function getUser(request) {
const xpackInfo = server.plugins.xpack_main.info;
if (xpackInfo && xpackInfo.isAvailable() && xpackInfo.feature('security').isEnabled()) {
try {
return await callShieldWithRequest(request, 'shield.authenticate');
} catch (err) {
server.log(['reporting', 'getUser', 'debug'], err);
return null;
}
return async request => {
if (!server.plugins.security) {
return null;
}

return null;
try {
return await server.plugins.security.getUser(request);
} catch (err) {
server.log(['reporting', 'getUser', 'debug'], err);
return null;
}
};
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ describe('authorized_user_pre_routing', function () {
// so createMockServer reuses the same 'instance' of the server and overwrites
// the properties to contain different values
const createMockServer = (function () {
const callWithRequestStub = sinon.stub();
const getUserStub = sinon.stub();
let mockConfig;

const mockServer = {
Expand All @@ -30,13 +30,7 @@ describe('authorized_user_pre_routing', function () {
log: function () {},
plugins: {
xpack_main: {},
elasticsearch: {
createCluster: function () {
return {
callWithRequest: callWithRequestStub
};
}
}
security: { getUser: getUserStub },
}
};

Expand All @@ -57,8 +51,8 @@ describe('authorized_user_pre_routing', function () {
}
};

callWithRequestStub.resetHistory();
callWithRequestStub.returns(Promise.resolve(user));
getUserStub.resetHistory();
getUserStub.resolves(user);
return mockServer;
};
}());
Expand Down
4 changes: 0 additions & 4 deletions x-pack/legacy/plugins/security/common/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,4 @@
* you may not use this file except in compliance with the Elastic License.
*/

export const GLOBAL_RESOURCE = '*';
export const IGNORED_TYPES = ['space'];
export const APPLICATION_PREFIX = 'kibana-';
export const RESERVED_PRIVILEGES_APPLICATION_WILDCARD = 'kibana-*';
export const INTERNAL_API_BASE_PATH = '/internal/security';
1 change: 0 additions & 1 deletion x-pack/legacy/plugins/security/common/login_state.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,4 @@ export type LoginLayout = 'form' | 'error-es-unavailable' | 'error-xpack-unavail
export interface LoginState {
layout: LoginLayout;
allowLogin: boolean;
loginMessage: string;
}
17 changes: 11 additions & 6 deletions x-pack/legacy/plugins/security/common/model/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,19 @@
* you may not use this file except in compliance with the Elastic License.
*/

export { Role, RoleIndexPrivilege, RoleKibanaPrivilege } from './role';
export { FeaturesPrivileges } from './features_privileges';
export { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_privileges';
export { KibanaPrivileges } from './kibana_privileges';
export { ApiKey } from './api_key';
export { User, EditUser, getUserDisplayName } from '../../../../../plugins/security/common/model';
export {
AuthenticatedUser,
BuiltinESPrivileges,
EditUser,
FeaturesPrivileges,
KibanaPrivileges,
RawKibanaFeaturePrivileges,
RawKibanaPrivileges,
Role,
RoleIndexPrivilege,
RoleKibanaPrivilege,
User,
canUserChangePassword,
getUserDisplayName,
} from '../../../../../plugins/security/common/model';
export { BuiltinESPrivileges } from './builtin_es_privileges';
2 changes: 0 additions & 2 deletions x-pack/legacy/plugins/security/index.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,10 @@

import { Legacy } from 'kibana';
import { AuthenticatedUser } from './common/model';
import { AuthorizationService } from './server/lib/authorization/service';

/**
* Public interface of the security plugin.
*/
export interface SecurityPlugin {
authorization: Readonly<AuthorizationService>;
getUser: (request: Legacy.Request) => Promise<AuthenticatedUser>;
}
Loading

0 comments on commit ad356f5

Please sign in to comment.