Introduce Access Agreement UI. (#63563)

Co-authored-by: Ryan Keairns <contactryank@gmail.com>
elastic · Apr 28, 2020 · 36b4864 · 36b4864
1 parent 4a04adf
commit 36b4864
Show file tree

Hide file tree

Showing 43 changed files with 1,297 additions and 100 deletions.
diff --git a/x-pack/plugins/security/common/licensing/license_features.ts b/x-pack/plugins/security/common/licensing/license_features.ts
@@ -33,6 +33,11 @@ export interface SecurityLicenseFeatures {
    */
   readonly showRoleMappingsManagement: boolean;
 
+  /**
+   * Indicates whether we allow users to access agreement UI and acknowledge it.
+   */
+  readonly allowAccessAgreement: boolean;
+
   /**
    * Indicates whether we allow users to define document level security in roles.
    */

diff --git a/x-pack/plugins/security/common/licensing/license_service.test.ts b/x-pack/plugins/security/common/licensing/license_service.test.ts
@@ -18,6 +18,7 @@ describe('license features', function() {
       allowLogin: false,
       showLinks: false,
       showRoleMappingsManagement: false,
+      allowAccessAgreement: false,
       allowRoleDocumentLevelSecurity: false,
       allowRoleFieldLevelSecurity: false,
       layout: 'error-es-unavailable',
@@ -37,6 +38,7 @@ describe('license features', function() {
       allowLogin: false,
       showLinks: false,
       showRoleMappingsManagement: false,
+      allowAccessAgreement: false,
       allowRoleDocumentLevelSecurity: false,
       allowRoleFieldLevelSecurity: false,
       layout: 'error-xpack-unavailable',
@@ -60,6 +62,7 @@ describe('license features', function() {
       expect(subscriptionHandler.mock.calls[0]).toMatchInlineSnapshot(`
         Array [
           Object {
+            "allowAccessAgreement": false,
             "allowLogin": false,
             "allowRbac": false,
             "allowRoleDocumentLevelSecurity": false,
@@ -78,6 +81,7 @@ describe('license features', function() {
       expect(subscriptionHandler.mock.calls[1]).toMatchInlineSnapshot(`
         Array [
           Object {
+            "allowAccessAgreement": true,
             "allowLogin": true,
             "allowRbac": true,
             "allowRoleDocumentLevelSecurity": true,
@@ -94,7 +98,7 @@ describe('license features', function() {
     }
   });
 
-  it('should show login page and other security elements, allow RBAC but forbid role mappings, DLS, and sub-feature privileges if license is basic.', () => {
+  it('should show login page and other security elements, allow RBAC but forbid paid features if license is basic.', () => {
     const mockRawLicense = licensingMock.createLicense({
       features: { security: { isEnabled: true, isAvailable: true } },
     });
@@ -109,6 +113,7 @@ describe('license features', function() {
       allowLogin: true,
       showLinks: true,
       showRoleMappingsManagement: false,
+      allowAccessAgreement: false,
       allowRoleDocumentLevelSecurity: false,
       allowRoleFieldLevelSecurity: false,
       allowRbac: true,
@@ -131,14 +136,15 @@ describe('license features', function() {
       allowLogin: false,
       showLinks: false,
       showRoleMappingsManagement: false,
+      allowAccessAgreement: false,
       allowRoleDocumentLevelSecurity: false,
       allowRoleFieldLevelSecurity: false,
       allowRbac: false,
       allowSubFeaturePrivileges: false,
     });
   });
 
-  it('should allow role mappings and sub-feature privileges, but not DLS/FLS if license = gold', () => {
+  it('should allow role mappings, access agreement and sub-feature privileges, but not DLS/FLS if license = gold', () => {
     const mockRawLicense = licensingMock.createLicense({
       license: { mode: 'gold', type: 'gold' },
       features: { security: { isEnabled: true, isAvailable: true } },
@@ -152,14 +158,15 @@ describe('license features', function() {
       allowLogin: true,
       showLinks: true,
       showRoleMappingsManagement: true,
+      allowAccessAgreement: true,
       allowRoleDocumentLevelSecurity: false,
       allowRoleFieldLevelSecurity: false,
       allowRbac: true,
       allowSubFeaturePrivileges: true,
     });
   });
 
-  it('should allow to login, allow RBAC, role mappings, sub-feature privileges, and DLS if license >= platinum', () => {
+  it('should allow to login, allow RBAC, role mappings, access agreement, sub-feature privileges, and DLS if license >= platinum', () => {
     const mockRawLicense = licensingMock.createLicense({
       license: { mode: 'platinum', type: 'platinum' },
       features: { security: { isEnabled: true, isAvailable: true } },
@@ -173,6 +180,7 @@ describe('license features', function() {
       allowLogin: true,
       showLinks: true,
       showRoleMappingsManagement: true,
+      allowAccessAgreement: true,
       allowRoleDocumentLevelSecurity: true,
       allowRoleFieldLevelSecurity: true,
       allowRbac: true,

diff --git a/x-pack/plugins/security/common/licensing/license_service.ts b/x-pack/plugins/security/common/licensing/license_service.ts
@@ -71,6 +71,7 @@ export class SecurityLicenseService {
         allowLogin: false,
         showLinks: false,
         showRoleMappingsManagement: false,
+        allowAccessAgreement: false,
         allowRoleDocumentLevelSecurity: false,
         allowRoleFieldLevelSecurity: false,
         allowRbac: false,
@@ -88,6 +89,7 @@ export class SecurityLicenseService {
         allowLogin: false,
         showLinks: false,
         showRoleMappingsManagement: false,
+        allowAccessAgreement: false,
         allowRoleDocumentLevelSecurity: false,
         allowRoleFieldLevelSecurity: false,
         allowRbac: false,
@@ -102,6 +104,7 @@ export class SecurityLicenseService {
       allowLogin: true,
       showLinks: true,
       showRoleMappingsManagement: isLicenseGoldOrBetter,
+      allowAccessAgreement: isLicenseGoldOrBetter,
       allowSubFeaturePrivileges: isLicenseGoldOrBetter,
       // Only platinum and trial licenses are compliant with field- and document-level security.
       allowRoleDocumentLevelSecurity: isLicensePlatinumOrBetter,

diff --git a/x-pack/plugins/security/public/types.ts → x-pack/plugins/security/common/types.ts b/x-pack/plugins/security/public/types.ts → x-pack/plugins/security/common/types.ts
@@ -4,9 +4,17 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+/**
+ * Type and name tuple to identify provider used to authenticate user.
+ */
+export interface AuthenticationProvider {
+  type: string;
+  name: string;
+}
+
 export interface SessionInfo {
   now: number;
   idleTimeoutExpiration: number | null;
   lifespanExpiration: number | null;
-  provider: string;
+  provider: AuthenticationProvider;
 }
diff --git a/.../public/authentication/access_agreement/__snapshots__/access_agreement_page.test.tsx.snap b/.../public/authentication/access_agreement/__snapshots__/access_agreement_page.test.tsx.snap
diff --git a/x-pack/plugins/security/public/authentication/access_agreement/_access_agreement_page.scss b/x-pack/plugins/security/public/authentication/access_agreement/_access_agreement_page.scss
@@ -0,0 +1,21 @@
+.secAccessAgreementPage .secAuthenticationStatePage__content {
+  max-width: 600px;
+}
+
+.secAccessAgreementPage__textWrapper {
+  overflow-y: hidden;
+}
+
+.secAccessAgreementPage__text {
+  @include euiYScrollWithShadows;
+  max-height: 400px;
+  padding: $euiSize $euiSizeL 0;
+}
+
+.secAccessAgreementPage__footer {
+  padding: $euiSize $euiSizeL $euiSizeL;
+}
+
+.secAccessAgreementPage__footerInner {
+  text-align: left;
+}
diff --git a/x-pack/plugins/security/public/authentication/access_agreement/_index.scss b/x-pack/plugins/security/public/authentication/access_agreement/_index.scss
@@ -0,0 +1 @@
+@import './access_agreement_page';
diff --git a/x-pack/plugins/security/public/authentication/access_agreement/access_agreement_app.test.ts b/x-pack/plugins/security/public/authentication/access_agreement/access_agreement_app.test.ts
@@ -0,0 +1,62 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+jest.mock('./access_agreement_page');
+
+import { AppMount, ScopedHistory } from 'src/core/public';
+import { accessAgreementApp } from './access_agreement_app';
+
+import { coreMock, scopedHistoryMock } from '../../../../../../src/core/public/mocks';
+
+describe('accessAgreementApp', () => {
+  it('properly registers application', () => {
+    const coreSetupMock = coreMock.createSetup();
+
+    accessAgreementApp.create({
+      application: coreSetupMock.application,
+      getStartServices: coreSetupMock.getStartServices,
+    });
+
+    expect(coreSetupMock.application.register).toHaveBeenCalledTimes(1);
+
+    const [[appRegistration]] = coreSetupMock.application.register.mock.calls;
+    expect(appRegistration).toEqual({
+      id: 'security_access_agreement',
+      chromeless: true,
+      appRoute: '/security/access_agreement',
+      title: 'Access Agreement',
+      mount: expect.any(Function),
+    });
+  });
+
+  it('properly renders application', async () => {
+    const coreSetupMock = coreMock.createSetup();
+    const coreStartMock = coreMock.createStart();
+    coreSetupMock.getStartServices.mockResolvedValue([coreStartMock, {}, {}]);
+    const containerMock = document.createElement('div');
+
+    accessAgreementApp.create({
+      application: coreSetupMock.application,
+      getStartServices: coreSetupMock.getStartServices,
+    });
+
+    const [[{ mount }]] = coreSetupMock.application.register.mock.calls;
+    await (mount as AppMount)({
+      element: containerMock,
+      appBasePath: '',
+      onAppLeave: jest.fn(),
+      history: (scopedHistoryMock.create() as unknown) as ScopedHistory,
+    });
+
+    const mockRenderApp = jest.requireMock('./access_agreement_page').renderAccessAgreementPage;
+    expect(mockRenderApp).toHaveBeenCalledTimes(1);
+    expect(mockRenderApp).toHaveBeenCalledWith(coreStartMock.i18n, containerMock, {
+      http: coreStartMock.http,
+      notifications: coreStartMock.notifications,
+      fatalErrors: coreStartMock.fatalErrors,
+    });
+  });
+});
diff --git a/x-pack/plugins/security/public/authentication/access_agreement/access_agreement_app.ts b/x-pack/plugins/security/public/authentication/access_agreement/access_agreement_app.ts
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { StartServicesAccessor, ApplicationSetup, AppMountParameters } from 'src/core/public';
+
+interface CreateDeps {
+  application: ApplicationSetup;
+  getStartServices: StartServicesAccessor;
+}
+
+export const accessAgreementApp = Object.freeze({
+  id: 'security_access_agreement',
+  create({ application, getStartServices }: CreateDeps) {
+    application.register({
+      id: this.id,
+      title: i18n.translate('xpack.security.accessAgreementAppTitle', {
+        defaultMessage: 'Access Agreement',
+      }),
+      chromeless: true,
+      appRoute: '/security/access_agreement',
+      async mount({ element }: AppMountParameters) {
+        const [[coreStart], { renderAccessAgreementPage }] = await Promise.all([
+          getStartServices(),
+          import('./access_agreement_page'),
+        ]);
+        return renderAccessAgreementPage(coreStart.i18n, element, {
+          http: coreStart.http,
+          notifications: coreStart.notifications,
+          fatalErrors: coreStart.fatalErrors,
+        });
+      },
+    });
+  },
+});