github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Improve security server types (#101661)

Browse source 
* Remove RecursiveReadonly wrapper on public API items

* Remove Pick and export some types that are part of the public API

* Udpate api docs

* Export API items that are part of the public API

* Add extra comments

* update api docs
This commit is contained in:
Stacey Gammon 2021-06-09 08:01:48 -04:00 committed by GitHub
parent 8b555c7f12
commit 7604fd7c80
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 924 additions and 476 deletions
Download patch file Download diff file Expand all files Collapse all files

162
api_docs/cases.json
View file

@ -1035,7 +1035,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 53
"lineNumber": 49
},
"deprecated": false,
"children": [
@ -1051,7 +1051,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 53
"lineNumber": 49
},
"deprecated": false,
"isRequired": true
@ -1074,7 +1074,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 59
"lineNumber": 55
},
"deprecated": false,
"children": [
@ -1091,7 +1091,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 60
"lineNumber": 56
},
"deprecated": false,
"isRequired": true
@ -1108,7 +1108,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 61
"lineNumber": 57
},
"deprecated": false,
"isRequired": true
@ -1129,7 +1129,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 75
"lineNumber": 71
},
"deprecated": false,
"children": [
@ -1145,7 +1145,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 76
"lineNumber": 72
},
"deprecated": false,
"isRequired": true
@ -1170,7 +1170,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 24
"lineNumber": 20
},
"deprecated": true,
"references": [],
@ -1187,7 +1187,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 24
"lineNumber": 20
},
"deprecated": false,
"isRequired": true
@ -1634,62 +1634,6 @@
"returnComment": [],
"initialIsOpen": false
},
{
"parentPluginId": "cases",
"id": "def-common.OmitProp",
"type": "Function",
"tags": [],
"label": "OmitProp",
"description": [],
"signature": [
"<O extends ",
"Props",
", K extends keyof O>(o: O, k: K) => Pick<O, Exclude<keyof O, K>>"
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 17
},
"deprecated": false,
"children": [
{
"parentPluginId": "cases",
"id": "def-common.OmitProp.$1",
"type": "Uncategorized",
"tags": [],
"label": "o",
"description": [],
"signature": [
"O"
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 17
},
"deprecated": false,
"isRequired": true
},
{
"parentPluginId": "cases",
"id": "def-common.OmitProp.$2",
"type": "Uncategorized",
"tags": [],
"label": "k",
"description": [],
"signature": [
"K"
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 17
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": [],
"initialIsOpen": false
},
{
"parentPluginId": "cases",
"id": "def-common.throwErrors",
@ -1704,7 +1648,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 55
"lineNumber": 51
},
"deprecated": false,
"children": [
@ -1720,7 +1664,7 @@
],
"source": {
"path": "x-pack/plugins/cases/common/api/runtime_types.ts",
"lineNumber": 55
"lineNumber": 51
},
"deprecated": false,
"isRequired": true
@ -5278,7 +5222,7 @@
"section": "def-common.ConnectorTypes",
"text": "ConnectorTypes"
},
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; } & { mappings: { action_type: \"append\" | \"overwrite\" | \"nothing\"; source: \"description\" | \"title\" | \"comments\"; target: string; }[]; owner: string; } & { id: string; version: string; error: string | null; owner: string; })[]"
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; } & { mappings: { action_type: \"append\" | \"overwrite\" | \"nothing\"; source: \"description\" | \"title\" | \"comments\"; target: string; }[]; owner: string; } & { id: string; version: string; error: string | null; owner: string; })[]"
],
"source": {
"path": "x-pack/plugins/cases/common/api/cases/configure.ts",
@ -5335,7 +5279,7 @@
"section": "def-common.ConnectorTypes",
"text": "ConnectorTypes"
},
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; }"
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; }"
],
"source": {
"path": "x-pack/plugins/cases/common/api/cases/configure.ts",
@ -5392,7 +5336,7 @@
"section": "def-common.ConnectorTypes",
"text": "ConnectorTypes"
},
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; }"
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; }"
],
"source": {
"path": "x-pack/plugins/cases/common/api/cases/configure.ts",
@ -5506,7 +5450,7 @@
"section": "def-common.ConnectorTypes",
"text": "ConnectorTypes"
},
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; }"
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; }"
],
"source": {
"path": "x-pack/plugins/cases/common/api/cases/configure.ts",
@ -5563,7 +5507,7 @@
"section": "def-common.ConnectorTypes",
"text": "ConnectorTypes"
},
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; } & { mappings: { action_type: \"append\" | \"overwrite\" | \"nothing\"; source: \"description\" | \"title\" | \"comments\"; target: string; }[]; owner: string; } & { id: string; version: string; error: string | null; owner: string; }"
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; } & { mappings: { action_type: \"append\" | \"overwrite\" | \"nothing\"; source: \"description\" | \"title\" | \"comments\"; target: string; }[]; owner: string; } & { id: string; version: string; error: string | null; owner: string; }"
],
"source": {
"path": "x-pack/plugins/cases/common/api/cases/configure.ts",
@ -7187,7 +7131,7 @@
"section": "def-common.ConnectorTypes",
"text": "ConnectorTypes"
},
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; }, \"updated_at\" | \"owner\" | \"created_at\" | \"created_by\" | \"updated_by\" | \"closure_type\"> & { connector: ",
".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; }, \"updated_at\" | \"owner\" | \"created_at\" | \"created_by\" | \"updated_by\" | \"closure_type\"> & { connector: ",
{
"pluginId": "cases",
"scope": "common",
@ -7359,6 +7303,40 @@
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "cases",
"id": "def-common.MAX_CONCURRENT_SEARCHES",
"type": "number",
"tags": [],
"label": "MAX_CONCURRENT_SEARCHES",
"description": [],
"signature": [
"10"
],
"source": {
"path": "x-pack/plugins/cases/common/constants.ts",
"lineNumber": 97
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "cases",
"id": "def-common.MAX_DOCS_PER_PAGE",
"type": "number",
"tags": [],
"label": "MAX_DOCS_PER_PAGE",
"description": [],
"signature": [
"10000"
],
"source": {
"path": "x-pack/plugins/cases/common/constants.ts",
"lineNumber": 96
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "cases",
"id": "def-common.MAX_GENERATED_ALERTS_PER_SUB_CASE",
@ -9365,6 +9343,8 @@
"<[",
"IntersectionC",
"<[",
"IntersectionC",
"<[",
"TypeC",
"<{ connector: ",
"IntersectionC",
@ -9572,9 +9552,11 @@
"LiteralC",
"<\"close-by-user\">, ",
"LiteralC",
"<\"close-by-pushing\">]>; owner: ",
"<\"close-by-pushing\">]>; }>, ",
"TypeC",
"<{ owner: ",
"StringC",
"; }>, ",
"; }>]>, ",
"TypeC",
"<{ created_at: ",
"StringC",
@ -9701,6 +9683,8 @@
"label": "CaseConfigureAttributesRt",
"description": [],
"signature": [
"IntersectionC",
"<[",
"IntersectionC",
"<[",
"TypeC",
@ -9910,9 +9894,11 @@
"LiteralC",
"<\"close-by-user\">, ",
"LiteralC",
"<\"close-by-pushing\">]>; owner: ",
"<\"close-by-pushing\">]>; }>, ",
"TypeC",
"<{ owner: ",
"StringC",
"; }>, ",
"; }>]>, ",
"TypeC",
"<{ created_at: ",
"StringC",
@ -10019,6 +10005,8 @@
"<[",
"IntersectionC",
"<[",
"IntersectionC",
"<[",
"TypeC",
"<{ connector: ",
"IntersectionC",
@ -10226,9 +10214,11 @@
"LiteralC",
"<\"close-by-user\">, ",
"LiteralC",
"<\"close-by-pushing\">]>; owner: ",
"<\"close-by-pushing\">]>; }>, ",
"TypeC",
"<{ owner: ",
"StringC",
"; }>, ",
"; }>]>, ",
"TypeC",
"<{ created_at: ",
"StringC",
@ -12728,7 +12718,7 @@
"IntersectionC",
"<[",
"PartialC",
"<Pick<{ connector: ",
"<{ connector: ",
"IntersectionC",
"<[",
"TypeC",
@ -12934,9 +12924,7 @@
"LiteralC",
"<\"close-by-user\">, ",
"LiteralC",
"<\"close-by-pushing\">]>; owner: ",
"StringC",
"; }, \"connector\" | \"closure_type\">>, ",
"<\"close-by-pushing\">]>; }>, ",
"TypeC",
"<{ version: ",
"StringC",
@ -12957,6 +12945,8 @@
"label": "CasesConfigureRequestRt",
"description": [],
"signature": [
"IntersectionC",
"<[",
"TypeC",
"<{ connector: ",
"IntersectionC",
@ -13164,9 +13154,11 @@
"LiteralC",
"<\"close-by-user\">, ",
"LiteralC",
"<\"close-by-pushing\">]>; owner: ",
"<\"close-by-pushing\">]>; }>, ",
"TypeC",
"<{ owner: ",
"StringC",
"; }>"
"; }>]>"
],
"source": {
"path": "x-pack/plugins/cases/common/api/cases/configure.ts",

2
api_docs/licensing.json
View file

@ -3074,7 +3074,7 @@
"plugin": "security",
"link": {
"path": "x-pack/plugins/security/server/plugin.ts",
"lineNumber": 225
"lineNumber": 229
}
},
{

1080
api_docs/security.json
View file

File diff suppressed because it is too large Load diff

6
api_docs/security.mdx
View file

@ -27,6 +27,12 @@ import securityObj from './security.json';
## Server
### Setup
<DocDefinitionList data={[securityObj.server.setup]}/>
### Start
<DocDefinitionList data={[securityObj.server.start]}/>
### Interfaces
<DocDefinitionList data={securityObj.server.interfaces}/>

10
api_docs/spaces.json
View file

@ -1203,7 +1203,7 @@
"plugin": "security",
"link": {
"path": "x-pack/plugins/security/server/plugin.ts",
"lineNumber": 263
"lineNumber": 267
}
},
{
@ -2002,28 +2002,28 @@
"plugin": "security",
"link": {
"path": "x-pack/plugins/security/server/plugin.ts",
"lineNumber": 57
"lineNumber": 60
}
},
{
"plugin": "security",
"link": {
"path": "x-pack/plugins/security/server/plugin.ts",
"lineNumber": 263
"lineNumber": 267
}
},
{
"plugin": "security",
"link": {
"path": "x-pack/plugins/security/server/plugin.ts",
"lineNumber": 281
"lineNumber": 285
}
},
{
"plugin": "security",
"link": {
"path": "x-pack/plugins/security/server/plugin.ts",
"lineNumber": 297
"lineNumber": 301
}
},
{

1
x-pack/plugins/security/common/index.ts
View file

@ -6,3 +6,4 @@
*/
export { SecurityLicense } from './licensing';
export { AuthenticatedUser } from './model';

4
x-pack/plugins/security/server/authentication/authentication_service.mock.ts
View file

@ -8,10 +8,10 @@
import type { DeeplyMockedKeys } from '@kbn/utility-types/jest';
import { apiKeysMock } from './api_keys/api_keys.mock';
import type { AuthenticationServiceStart } from './authentication_service';
import type { AuthenticationServiceStartInternal } from './authentication_service';
export const authenticationServiceMock = {
createStart: (): DeeplyMockedKeys<AuthenticationServiceStart> => ({
createStart: (): DeeplyMockedKeys<AuthenticationServiceStartInternal> => ({
apiKeys: apiKeysMock.create(),
login: jest.fn(),
logout: jest.fn(),

19
x-pack/plugins/security/server/authentication/authentication_service.ts
View file

@ -51,7 +51,7 @@ interface AuthenticationServiceStartParams {
loggers: LoggerFactory;
}
export interface AuthenticationServiceStart {
export interface AuthenticationServiceStartInternal extends AuthenticationServiceStart {
apiKeys: Pick<
APIKeys,
| 'areAPIKeysEnabled'
@ -66,6 +66,21 @@ export interface AuthenticationServiceStart {
getCurrentUser: (request: KibanaRequest) => AuthenticatedUser | null;
}
/**
* Authentication services available on the security plugin's start contract.
*/
export interface AuthenticationServiceStart {
apiKeys: Pick<
APIKeys,
| 'areAPIKeysEnabled'
| 'create'
| 'invalidate'
| 'grantAsInternalUser'
| 'invalidateAsInternalUser'
>;
getCurrentUser: (request: KibanaRequest) => AuthenticatedUser | null;
}
export class AuthenticationService {
private license!: SecurityLicense;
private authenticator?: Authenticator;
@ -212,7 +227,7 @@ export class AuthenticationService {
legacyAuditLogger,
loggers,
session,
}: AuthenticationServiceStartParams): AuthenticationServiceStart {
}: AuthenticationServiceStartParams): AuthenticationServiceStartInternal {
const apiKeys = new APIKeys({
clusterClient,
logger: this.logger.get('api-key'),

6
x-pack/plugins/security/server/authentication/index.ts
View file

@ -6,7 +6,11 @@
*/
export { canRedirectRequest } from './can_redirect_request';
export { AuthenticationService, AuthenticationServiceStart } from './authentication_service';
export {
AuthenticationService,
AuthenticationServiceStart,
AuthenticationServiceStartInternal,
} from './authentication_service';
export { AuthenticationResult } from './authentication_result';
export { DeauthenticationResult } from './deauthentication_result';
export {

19
x-pack/plugins/security/server/authorization/authorization_service.tsx
View file

@ -72,7 +72,7 @@ interface AuthorizationServiceStartParams {
online$: Observable<OnlineStatusRetryScheduler>;
}
export interface AuthorizationServiceSetup {
export interface AuthorizationServiceSetupInternal extends AuthorizationServiceSetup {
actions: Actions;
checkPrivilegesWithRequest: CheckPrivilegesWithRequest;
checkPrivilegesDynamicallyWithRequest: CheckPrivilegesDynamicallyWithRequest;
@ -82,6 +82,21 @@ export interface AuthorizationServiceSetup {
privileges: PrivilegesService;
}
/**
* Authorization services available on the setup contract of the security plugin.
*/
export interface AuthorizationServiceSetup {
/**
* Actions are used to create the "actions" that are associated with Elasticsearch's
* application privileges, and are used to perform the authorization checks implemented
* by the various `checkPrivilegesWithRequest` derivatives
*/
actions: Actions;
checkPrivilegesWithRequest: CheckPrivilegesWithRequest;
checkPrivilegesDynamicallyWithRequest: CheckPrivilegesDynamicallyWithRequest;
mode: AuthorizationMode;
}
export class AuthorizationService {
private logger!: Logger;
private applicationName!: string;
@ -101,7 +116,7 @@ export class AuthorizationService {
kibanaIndexName,
getSpacesService,
getCurrentUser,
}: AuthorizationServiceSetupParams): AuthorizationServiceSetup {
}: AuthorizationServiceSetupParams): AuthorizationServiceSetupInternal {
this.logger = loggers.get('authorization');
this.applicationName = `${APPLICATION_PREFIX}${kibanaIndexName}`;

6
x-pack/plugins/security/server/authorization/index.ts
View file

@ -6,6 +6,10 @@
*/
export { Actions } from './actions';
export { AuthorizationService, AuthorizationServiceSetup } from './authorization_service';
export {
AuthorizationService,
AuthorizationServiceSetup,
AuthorizationServiceSetupInternal,
} from './authorization_service';
export { CheckSavedObjectsPrivileges } from './check_saved_objects_privileges';
export { CheckPrivilegesPayload } from './types';

2
x-pack/plugins/security/server/index.ts
View file

@ -25,6 +25,7 @@ export type {
InvalidateAPIKeysParams,
InvalidateAPIKeyResult,
GrantAPIKeyResult,
AuthenticationServiceStart,
} from './authentication';
export type { CheckPrivilegesPayload } from './authorization';
export type AuthorizationServiceSetup = SecurityPluginStart['authz'];
@ -32,6 +33,7 @@ export { LegacyAuditLogger, AuditLogger, AuditEvent } from './audit';
export type { SecurityPluginSetup, SecurityPluginStart };
export type { AuthenticatedUser } from '../common/model';
export { ROUTE_TAG_CAN_REDIRECT } from './routes/tags';
export { AuditServiceSetup } from './audit';
export const config: PluginConfigDescriptor<TypeOf<typeof ConfigSchema>> = {
schema: ConfigSchema,

42
x-pack/plugins/security/server/plugin.ts
View file

@ -10,7 +10,6 @@ import { combineLatest } from 'rxjs';
import { map } from 'rxjs/operators';
import type { TypeOf } from '@kbn/config-schema';
import type { RecursiveReadonly } from '@kbn/utility-types';
import type {
CoreSetup,
CoreStart,
@ -36,10 +35,14 @@ import type { AnonymousAccessServiceStart } from './anonymous_access';
import { AnonymousAccessService } from './anonymous_access';
import type { AuditServiceSetup } from './audit';
import { AuditService, SecurityAuditLogger } from './audit';
import type { AuthenticationServiceStart } from './authentication';
import type {
AuthenticationServiceStart,
AuthenticationServiceStartInternal,
} from './authentication';
import { AuthenticationService } from './authentication';
import type { AuthorizationServiceSetup } from './authorization';
import { AuthorizationService } from './authorization';
import type { AuthorizationServiceSetupInternal } from './authorization/authorization_service';
import type { ConfigSchema, ConfigType } from './config';
import { createConfig } from './config';
import { ElasticsearchService } from './elasticsearch';
@ -74,11 +77,14 @@ export interface SecurityPluginSetup {
/**
* @deprecated Use `authz` methods from the `SecurityServiceStart` contract instead.
*/
authz: Pick<
AuthorizationServiceSetup,
'actions' | 'checkPrivilegesDynamicallyWithRequest' | 'checkPrivilegesWithRequest' | 'mode'
>;
authz: AuthorizationServiceSetup;
/**
* Exposes information about the available security features under the current license.
*/
license: SecurityLicense;
/**
* Exposes services for audit logging.
*/
audit: AuditServiceSetup;
}
@ -86,11 +92,14 @@ export interface SecurityPluginSetup {
* Describes public Security plugin contract returned at the `start` stage.
*/
export interface SecurityPluginStart {
authc: Pick<AuthenticationServiceStart, 'apiKeys' | 'getCurrentUser'>;
authz: Pick<
AuthorizationServiceSetup,
'actions' | 'checkPrivilegesDynamicallyWithRequest' | 'checkPrivilegesWithRequest' | 'mode'
>;
/**
* Authentication services to confirm the user is who they say they are.
*/
authc: AuthenticationServiceStart;
/**
* Authorization services to manage and access the permissions a particular user has.
*/
authz: AuthorizationServiceSetup;
}
export interface PluginSetupDependencies {
@ -113,14 +122,9 @@ export interface PluginStartDependencies {
* Represents Security Plugin instance that will be managed by the Kibana plugin system.
*/
export class SecurityPlugin
implements
Plugin<
RecursiveReadonly<SecurityPluginSetup>,
RecursiveReadonly<SecurityPluginStart>,
PluginSetupDependencies
> {
implements Plugin<SecurityPluginSetup, SecurityPluginStart, PluginSetupDependencies> {
private readonly logger: Logger;
private authorizationSetup?: AuthorizationServiceSetup;
private authorizationSetup?: AuthorizationServiceSetupInternal;
private auditSetup?: AuditServiceSetup;
private anonymousAccessStart?: AnonymousAccessServiceStart;
private configSubscription?: Subscription;
@ -152,7 +156,7 @@ export class SecurityPlugin
private readonly authenticationService = new AuthenticationService(
this.initializerContext.logger.get('authentication')
);
private authenticationStart?: AuthenticationServiceStart;
private authenticationStart?: AuthenticationServiceStartInternal;
private readonly getAuthentication = () => {
if (!this.authenticationStart) {
throw new Error(`authenticationStart is not registered!`);

4
x-pack/plugins/security/server/routes/api_keys/create.test.ts
View file

@ -12,7 +12,7 @@ import type { RequestHandler } from 'src/core/server';
import { kibanaResponseFactory } from 'src/core/server';
import { httpServerMock } from 'src/core/server/mocks';
import type { AuthenticationServiceStart } from '../../authentication';
import type { AuthenticationServiceStartInternal } from '../../authentication';
import { authenticationServiceMock } from '../../authentication/authentication_service.mock';
import type { SecurityRequestHandlerContext } from '../../types';
import { routeDefinitionParamsMock } from '../index.mock';
@ -28,7 +28,7 @@ describe('Create API Key route', () => {
}
let routeHandler: RequestHandler<any, any, any, any>;
let authc: DeeplyMockedKeys<AuthenticationServiceStart>;
let authc: DeeplyMockedKeys<AuthenticationServiceStartInternal>;
beforeEach(() => {
authc = authenticationServiceMock.createStart();
const mockRouteDefinitionParams = routeDefinitionParamsMock.create();

4
x-pack/plugins/security/server/routes/api_keys/enabled.test.ts
View file

@ -12,7 +12,7 @@ import type { RequestHandler } from 'src/core/server';
import { kibanaResponseFactory } from 'src/core/server';
import { httpServerMock } from 'src/core/server/mocks';
import type { AuthenticationServiceStart } from '../../authentication';
import type { AuthenticationServiceStartInternal } from '../../authentication';
import { authenticationServiceMock } from '../../authentication/authentication_service.mock';
import type { SecurityRequestHandlerContext } from '../../types';
import { routeDefinitionParamsMock } from '../index.mock';
@ -28,7 +28,7 @@ describe('API keys enabled', () => {
}
let routeHandler: RequestHandler<any, any, any, any>;
let authc: DeeplyMockedKeys<AuthenticationServiceStart>;
let authc: DeeplyMockedKeys<AuthenticationServiceStartInternal>;
beforeEach(() => {
authc = authenticationServiceMock.createStart();
const mockRouteDefinitionParams = routeDefinitionParamsMock.create();

4
x-pack/plugins/security/server/routes/authentication/common.test.ts
View file

@ -13,7 +13,7 @@ import { httpServerMock } from 'src/core/server/mocks';
import type { SecurityLicense, SecurityLicenseFeatures } from '../../../common/licensing';
import { mockAuthenticatedUser } from '../../../common/model/authenticated_user.mock';
import type { AuthenticationServiceStart } from '../../authentication';
import type { AuthenticationServiceStartInternal } from '../../authentication';
import {
AuthenticationResult,
DeauthenticationResult,
@ -28,7 +28,7 @@ import { defineCommonRoutes } from './common';
describe('Common authentication routes', () => {
let router: jest.Mocked<SecurityRouter>;
let authc: DeeplyMockedKeys<AuthenticationServiceStart>;
let authc: DeeplyMockedKeys<AuthenticationServiceStartInternal>;
let license: jest.Mocked<SecurityLicense>;
let mockContext: SecurityRequestHandlerContext;
beforeEach(() => {

4
x-pack/plugins/security/server/routes/authentication/saml.test.ts
View file

@ -11,7 +11,7 @@ import type { RequestHandler, RouteConfig } from 'src/core/server';
import { httpServerMock } from 'src/core/server/mocks';
import { mockAuthenticatedUser } from '../../../common/model/authenticated_user.mock';
import type { AuthenticationServiceStart } from '../../authentication';
import type { AuthenticationServiceStartInternal } from '../../authentication';
import { AuthenticationResult, SAMLLogin } from '../../authentication';
import { authenticationServiceMock } from '../../authentication/authentication_service.mock';
import type { SecurityRouter } from '../../types';
@ -21,7 +21,7 @@ import { defineSAMLRoutes } from './saml';
describe('SAML authentication routes', () => {
let router: jest.Mocked<SecurityRouter>;
let authc: DeeplyMockedKeys<AuthenticationServiceStart>;
let authc: DeeplyMockedKeys<AuthenticationServiceStartInternal>;
beforeEach(() => {
const routeParamsMock = routeDefinitionParamsMock.create();
router = routeParamsMock.router;

8
x-pack/plugins/security/server/routes/index.ts
View file

@ -10,8 +10,8 @@ import type { HttpResources, IBasePath, Logger } from 'src/core/server';
import type { KibanaFeature } from '../../../features/server';
import type { SecurityLicense } from '../../common/licensing';
import type { AuthenticationServiceStart } from '../authentication';
import type { AuthorizationServiceSetup } from '../authorization';
import type { AuthenticationServiceStartInternal } from '../authentication';
import type { AuthorizationServiceSetupInternal } from '../authorization';
import type { ConfigType } from '../config';
import type { SecurityFeatureUsageServiceStart } from '../feature_usage';
import type { Session } from '../session_management';
@ -34,12 +34,12 @@ export interface RouteDefinitionParams {
httpResources: HttpResources;
logger: Logger;
config: ConfigType;
authz: AuthorizationServiceSetup;
authz: AuthorizationServiceSetupInternal;
getSession: () => PublicMethodsOf<Session>;
license: SecurityLicense;
getFeatures: () => Promise<KibanaFeature[]>;
getFeatureUsageService: () => SecurityFeatureUsageServiceStart;
getAuthenticationService: () => AuthenticationServiceStart;
getAuthenticationService: () => AuthenticationServiceStartInternal;
}
export function defineRoutes(params: RouteDefinitionParams) {

4
x-pack/plugins/security/server/routes/users/change_password.test.ts
View file

@ -15,8 +15,8 @@ import { kibanaResponseFactory } from 'src/core/server';
import { coreMock, httpServerMock } from 'src/core/server/mocks';
import { mockAuthenticatedUser } from '../../../common/model/authenticated_user.mock';
import type { AuthenticationServiceStart } from '../../authentication';
import { AuthenticationResult } from '../../authentication';
import type { AuthenticationServiceStartInternal } from '../../authentication/authentication_service';
import { authenticationServiceMock } from '../../authentication/authentication_service.mock';
import type { Session } from '../../session_management';
import { sessionMock } from '../../session_management/session.mock';
@ -26,7 +26,7 @@ import { defineChangeUserPasswordRoutes } from './change_password';
describe('Change password', () => {
let router: jest.Mocked<SecurityRouter>;
let authc: DeeplyMockedKeys<AuthenticationServiceStart>;
let authc: DeeplyMockedKeys<AuthenticationServiceStartInternal>;
let session: jest.Mocked<PublicMethodsOf<Session>>;
let routeHandler: RequestHandler<any, any, any, SecurityRequestHandlerContext>;
let routeConfig: RouteConfig<any, any, any, any>;

4
x-pack/plugins/security/server/saved_objects/index.ts
View file

@ -9,7 +9,7 @@ import type { CoreSetup, LegacyRequest } from 'src/core/server';
import { KibanaRequest, SavedObjectsClient } from '../../../../../src/core/server';
import type { AuditServiceSetup, SecurityAuditLogger } from '../audit';
import type { AuthorizationServiceSetup } from '../authorization';
import type { AuthorizationServiceSetupInternal } from '../authorization/authorization_service';
import type { SpacesService } from '../plugin';
import { SecureSavedObjectsClientWrapper } from './secure_saved_objects_client_wrapper';
@ -17,7 +17,7 @@ interface SetupSavedObjectsParams {
legacyAuditLogger: SecurityAuditLogger;
audit: AuditServiceSetup;
authz: Pick<
AuthorizationServiceSetup,
AuthorizationServiceSetupInternal,
'mode' | 'actions' | 'checkSavedObjectsPrivilegesWithRequest'
>;
savedObjects: CoreSetup['savedObjects'];

9
x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts
View file

@ -15,7 +15,10 @@ import { spacesClientMock } from '../../../spaces/server/mocks';
import type { AuditEvent, AuditLogger } from '../audit';
import { SpaceAuditAction } from '../audit';
import { auditServiceMock } from '../audit/index.mock';
import type { AuthorizationServiceSetup } from '../authorization';
import type {
AuthorizationServiceSetup,
AuthorizationServiceSetupInternal,
} from '../authorization';
import { authorizationMock } from '../authorization/index.mock';
import type { CheckPrivilegesResponse } from '../authorization/types';
import type { LegacySpacesAuditLogger } from './legacy_audit_logger';
@ -85,7 +88,9 @@ const setup = ({ securityEnabled = false }: Opts = {}) => {
};
};
const expectNoAuthorizationCheck = (authorization: jest.Mocked<AuthorizationServiceSetup>) => {
const expectNoAuthorizationCheck = (
authorization: jest.Mocked<AuthorizationServiceSetupInternal>
) => {
expect(authorization.checkPrivilegesDynamicallyWithRequest).not.toHaveBeenCalled();
expect(authorization.checkPrivilegesWithRequest).not.toHaveBeenCalled();
expect(authorization.checkSavedObjectsPrivilegesWithRequest).not.toHaveBeenCalled();