Migrate authorization subsystem to the new platform. (elastic#46145)

jloleysens · Nov 12, 2019 · ad356f5 · ad356f5
1 parent a97c9d3
commit ad356f5
Show file tree

Hide file tree

Showing 205 changed files with 7,845 additions and 7,869 deletions.
diff --git a/src/core/server/http/http_server.mocks.ts b/src/core/server/http/http_server.mocks.ts
@@ -39,6 +39,7 @@ interface RequestFixtureOptions {
   path?: string;
   method?: RouteMethod;
   socket?: Socket;
+  routeTags?: string[];
 }
 
 function createKibanaRequestMock({
@@ -49,6 +50,7 @@ function createKibanaRequestMock({
   query = {},
   method = 'get',
   socket = new Socket(),
+  routeTags,
 }: RequestFixtureOptions = {}) {
   const queryString = querystring.stringify(query);
   return KibanaRequest.from(
@@ -61,10 +63,11 @@ function createKibanaRequestMock({
       method,
       url: {
         path,
+        pathname: path,
         query: queryString,
         search: queryString ? `?${queryString}` : queryString,
       },
-      route: { settings: {} },
+      route: { settings: { tags: routeTags } },
       raw: {
         req: { socket },
       },

diff --git a/src/core/server/saved_objects/service/index.ts b/src/core/server/saved_objects/service/index.ts
@@ -34,6 +34,7 @@ export interface SavedObjectsLegacyService<Request = any> {
   addScopedSavedObjectsClientWrapperFactory: SavedObjectsClientProvider<
     Request
   >['addClientWrapperFactory'];
+  setScopedSavedObjectsClientFactory: SavedObjectsClientProvider<Request>['setClientFactory'];
   getScopedSavedObjectsClient: SavedObjectsClientProvider<Request>['getClient'];
   SavedObjectsClient: typeof SavedObjectsClient;
   types: string[];

diff --git a/src/core/server/saved_objects/service/lib/scoped_client_provider.ts b/src/core/server/saved_objects/service/lib/scoped_client_provider.ts
@@ -100,7 +100,7 @@ export class SavedObjectsClientProvider<Request = unknown> {
     this._wrapperFactories.add(priority, { id, factory });
   }
 
-  setClientFactory(customClientFactory: SavedObjectsClientFactory) {
+  setClientFactory(customClientFactory: SavedObjectsClientFactory<Request>) {
     if (this._clientFactory !== this._originalClientFactory) {
       throw new Error(`custom client factory is already set, unable to replace the current one`);
     }

diff --git a/src/core/server/server.api.md b/src/core/server/server.api.md
@@ -1492,6 +1492,8 @@ export interface SavedObjectsLegacyService<Request = any> {
     // (undocumented)
     schema: SavedObjectsSchema;
     // (undocumented)
+    setScopedSavedObjectsClientFactory: SavedObjectsClientProvider<Request>['setClientFactory'];
+    // (undocumented)
     types: string[];
 }
 

diff --git a/x-pack/legacy/plugins/actions/server/shim.ts b/x-pack/legacy/plugins/actions/server/shim.ts
@@ -42,7 +42,7 @@ export interface KibanaConfig {
  */
 export type TaskManagerStartContract = Pick<TaskManager, 'schedule' | 'fetch' | 'remove'>;
 export type XPackMainPluginSetupContract = Pick<XPackMainPlugin, 'registerFeature'>;
-export type SecurityPluginSetupContract = Pick<SecurityPlugin, 'config' | 'registerLegacyAPI'>;
+export type SecurityPluginSetupContract = Pick<SecurityPlugin, '__legacyCompat'>;
 export type SecurityPluginStartContract = Pick<SecurityPlugin, 'authc'>;
 export type TaskManagerSetupContract = Pick<
   TaskManager,

diff --git a/x-pack/legacy/plugins/alerting/server/shim.ts b/x-pack/legacy/plugins/alerting/server/shim.ts
@@ -41,7 +41,7 @@ export interface Server extends Legacy.Server {
  * Shim what we're thinking setup and start contracts will look like
  */
 export type TaskManagerStartContract = Pick<TaskManager, 'schedule' | 'fetch' | 'remove'>;
-export type SecurityPluginSetupContract = Pick<SecurityPlugin, 'config' | 'registerLegacyAPI'>;
+export type SecurityPluginSetupContract = Pick<SecurityPlugin, '__legacyCompat'>;
 export type SecurityPluginStartContract = Pick<SecurityPlugin, 'authc'>;
 export type XPackMainPluginSetupContract = Pick<XPackMainPlugin, 'registerFeature'>;
 export type TaskManagerSetupContract = Pick<

diff --git a/x-pack/legacy/plugins/reporting/export_types/common/execute_job/get_custom_logo.ts b/x-pack/legacy/plugins/reporting/export_types/common/execute_job/get_custom_logo.ts
@@ -25,6 +25,16 @@ export const getCustomLogo = async ({
     // We use the basePath from the saved job, which we'll have post spaces being implemented;
     // or we use the server base path, which uses the default space
     getBasePath: () => job.basePath || serverBasePath,
+    path: '/',
+    route: { settings: {} },
+    url: {
+      href: '/',
+    },
+    raw: {
+      req: {
+        url: '/',
+      },
+    },
   };
 
   const savedObjects = server.savedObjects;

diff --git a/x-pack/legacy/plugins/reporting/export_types/csv/server/execute_job.js b/x-pack/legacy/plugins/reporting/export_types/csv/server/execute_job.js
@@ -53,6 +53,16 @@ function executeJobFn(server) {
       // We use the basePath from the saved job, which we'll have post spaces being implemented;
       // or we use the server base path, which uses the default space
       getBasePath: () => basePath || serverBasePath,
+      path: '/',
+      route: { settings: {} },
+      url: {
+        href: '/',
+      },
+      raw: {
+        req: {
+          url: '/',
+        },
+      },
     };
 
     const callEndpoint = (endpoint, clientParams = {}, options = {}) => {

diff --git a/x-pack/legacy/plugins/reporting/server/lib/get_user.js b/x-pack/legacy/plugins/reporting/server/lib/get_user.js
@@ -5,23 +5,19 @@
  */
 
 import { oncePerServer } from './once_per_server';
-import { getClient as getShieldClient } from '../../../../server/lib/get_client_shield';
 
 function getUserFn(server) {
-  const callShieldWithRequest = getShieldClient(server).callWithRequest;
-
-  return async function getUser(request) {
-    const xpackInfo = server.plugins.xpack_main.info;
-    if (xpackInfo && xpackInfo.isAvailable() && xpackInfo.feature('security').isEnabled()) {
-      try {
-        return await callShieldWithRequest(request, 'shield.authenticate');
-      } catch (err) {
-        server.log(['reporting', 'getUser', 'debug'], err);
-        return null;
-      }
+  return async request => {
+    if (!server.plugins.security) {
+      return null;
     }
 
-    return null;
+    try {
+      return await server.plugins.security.getUser(request);
+    } catch (err) {
+      server.log(['reporting', 'getUser', 'debug'], err);
+      return null;
+    }
   };
 }
 

diff --git a/.../legacy/plugins/reporting/server/routes/lib/__tests__/authorized_user_pre_routing.test.js b/.../legacy/plugins/reporting/server/routes/lib/__tests__/authorized_user_pre_routing.test.js
@@ -15,7 +15,7 @@ describe('authorized_user_pre_routing', function () {
   // so createMockServer reuses the same 'instance' of the server and overwrites
   // the properties to contain different values
   const createMockServer = (function () {
-    const callWithRequestStub = sinon.stub();
+    const getUserStub = sinon.stub();
     let mockConfig;
 
     const mockServer = {
@@ -30,13 +30,7 @@ describe('authorized_user_pre_routing', function () {
       log: function () {},
       plugins: {
         xpack_main: {},
-        elasticsearch: {
-          createCluster: function () {
-            return {
-              callWithRequest: callWithRequestStub
-            };
-          }
-        }
+        security: { getUser: getUserStub },
       }
     };
 
@@ -57,8 +51,8 @@ describe('authorized_user_pre_routing', function () {
         }
       };
 
-      callWithRequestStub.resetHistory();
-      callWithRequestStub.returns(Promise.resolve(user));
+      getUserStub.resetHistory();
+      getUserStub.resolves(user);
       return mockServer;
     };
   }());

diff --git a/x-pack/legacy/plugins/security/common/constants.ts b/x-pack/legacy/plugins/security/common/constants.ts
@@ -4,8 +4,4 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export const GLOBAL_RESOURCE = '*';
-export const IGNORED_TYPES = ['space'];
-export const APPLICATION_PREFIX = 'kibana-';
-export const RESERVED_PRIVILEGES_APPLICATION_WILDCARD = 'kibana-*';
 export const INTERNAL_API_BASE_PATH = '/internal/security';
diff --git a/x-pack/legacy/plugins/security/common/login_state.ts b/x-pack/legacy/plugins/security/common/login_state.ts
@@ -9,5 +9,4 @@ export type LoginLayout = 'form' | 'error-es-unavailable' | 'error-xpack-unavail
 export interface LoginState {
   layout: LoginLayout;
   allowLogin: boolean;
-  loginMessage: string;
 }
diff --git a/x-pack/legacy/plugins/security/common/model/index.ts b/x-pack/legacy/plugins/security/common/model/index.ts
@@ -4,14 +4,19 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export { Role, RoleIndexPrivilege, RoleKibanaPrivilege } from './role';
-export { FeaturesPrivileges } from './features_privileges';
-export { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_privileges';
-export { KibanaPrivileges } from './kibana_privileges';
 export { ApiKey } from './api_key';
-export { User, EditUser, getUserDisplayName } from '../../../../../plugins/security/common/model';
 export {
   AuthenticatedUser,
+  BuiltinESPrivileges,
+  EditUser,
+  FeaturesPrivileges,
+  KibanaPrivileges,
+  RawKibanaFeaturePrivileges,
+  RawKibanaPrivileges,
+  Role,
+  RoleIndexPrivilege,
+  RoleKibanaPrivilege,
+  User,
   canUserChangePassword,
+  getUserDisplayName,
 } from '../../../../../plugins/security/common/model';
-export { BuiltinESPrivileges } from './builtin_es_privileges';
diff --git a/x-pack/legacy/plugins/security/index.d.ts b/x-pack/legacy/plugins/security/index.d.ts
@@ -6,12 +6,10 @@
 
 import { Legacy } from 'kibana';
 import { AuthenticatedUser } from './common/model';
-import { AuthorizationService } from './server/lib/authorization/service';
 
 /**
  * Public interface of the security plugin.
  */
 export interface SecurityPlugin {
-  authorization: Readonly<AuthorizationService>;
   getUser: (request: Legacy.Request) => Promise<AuthenticatedUser>;
 }