github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/x-pack/plugins/features/server/feature_schema.ts
Pierre Gayvallet 8453fe820a
Cleanup spread operators in reduce calls (#157471) 
## Summary

The spread operator is costly and put pressure on GC. It should be
avoided when possible, especially in loops.

This PR adapts a lot of `reduce` calls in the codebase to remove the
usages of the diabolic spread operator, when possible.

Note: the PR is not fully exhaustive. I focused on the server-side, as
we're more directly impacted than on browser-side code regarding
performances.

## Removing `...` usages in `kittens.reduce()`

For `reduce` loops, the spread operator can usually easily be replaced:

#### - setting a value on the accum object and returning it

#### BAD
```ts
  return this.toArray().reduce(
      (acc, renderer) => ({
        ...acc,
        [renderer.name]: renderer,
      }),
      {} as Record<string, ExpressionRenderer>
    );
```

#### GOOD
```ts
  return this.toArray().reduce((acc, renderer) => {
      acc[renderer.name] = renderer;
      return acc;
    }, {} as Record<string, ExpressionRenderer>);
```


#### - assigning values to the accum object and returning it 

#### BAD
```ts
  const allAggs: Record<string, any> = fieldAggRequests.reduce(
      (aggs: Record<string, any>, fieldAggRequest: unknown | null) => {
        return fieldAggRequest ? { ...aggs, ...(fieldAggRequest as Record<string, any>) } : aggs;
      },
      {}
    );
```

#### GOOD
```ts
  const allAggs = fieldAggRequests.reduce<Record<string, any>>(
      (aggs: Record<string, any>, fieldAggRequest: unknown | null) => {
        if (fieldAggRequest) {
          Object.assign(aggs, fieldAggRequest);
        }
        return aggs;
      },
      {}
    );
```

#### - pushing items to the accum list and returning it 

#### BAD
```ts
  const charsFound = charToArray.reduce(
    (acc, char) => (value.includes(char) ? [...acc, char] : acc),
    [] as string[]
  );
```

#### GOOD
```ts
  const charsFound = charToArray.reduce((acc, char) => {
    if (value.includes(char)) {
      acc.push(char);
    }
    return acc;
  }, [] as string[]);
```

## Questions

#### Are you sure all the changes in this are strictly better for
runtime performances?

Yes, yes I am.

#### How much better?

Likely not much.

#### Are you planning on analyzing the perf gain?

Nope.

#### So why did you do it?

I got tired of seeing badly used spread operators in my team's owned
code, and I had some extra time during on-week, so I spent a few hours
adapting the usages in all our runtime/production codebase.

#### Was it fun?

Take your best guess.

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2023-05-22 04:50:24 -07:00

510 lines
16 KiB
TypeScript
Raw Blame History

/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { schema } from '@kbn/config-schema';
import { difference } from 'lodash';
import { Capabilities as UICapabilities } from '@kbn/core/server';
import { KibanaFeatureConfig } from '../common';
import { FeatureKibanaPrivileges, ElasticsearchFeatureConfig } from '.';
// Each feature gets its own property on the UICapabilities object,
// but that object has a few built-in properties which should not be overwritten.
const prohibitedFeatureIds: Set<keyof UICapabilities> = new Set([
'catalogue',
'management',
'navLinks',
]);
const featurePrivilegePartRegex = /^[a-zA-Z0-9_-]+$/;
const subFeaturePrivilegePartRegex = /^[a-zA-Z0-9_-]+$/;
const managementSectionIdRegex = /^[a-zA-Z0-9_-]+$/;
const reservedFeaturePrrivilegePartRegex = /^(?!reserved_)[a-zA-Z0-9_-]+$/;
export const uiCapabilitiesRegex = /^[a-zA-Z0-9:_-]+$/;
const validLicenseSchema = schema.oneOf([
schema.literal('basic'),
schema.literal('standard'),
schema.literal('gold'),
schema.literal('platinum'),
schema.literal('enterprise'),
schema.literal('trial'),
]);
// sub-feature privileges are only available with a `gold` license or better, so restricting sub-feature privileges
// for `gold` or below doesn't make a whole lot of sense.
const validSubFeaturePrivilegeLicensesSchema = schema.oneOf([
schema.literal('platinum'),
schema.literal('enterprise'),
schema.literal('gold'),
schema.literal('trial'),
]);
const listOfCapabilitiesSchema = schema.arrayOf(
schema.string({
validate(key: string) {
if (!uiCapabilitiesRegex.test(key)) {
return `Does not satisfy regexp ${uiCapabilitiesRegex.toString()}`;
}
},
})
);
const managementSchema = schema.recordOf(
schema.string({
validate(key: string) {
if (!managementSectionIdRegex.test(key)) {
return `Does not satisfy regexp ${managementSectionIdRegex.toString()}`;
}
},
}),
listOfCapabilitiesSchema
);
const catalogueSchema = listOfCapabilitiesSchema;
const alertingSchema = schema.arrayOf(schema.string());
const casesSchema = schema.arrayOf(schema.string());
const appCategorySchema = schema.object({
id: schema.string(),
label: schema.string(),
ariaLabel: schema.maybe(schema.string()),
euiIconType: schema.maybe(schema.string()),
order: schema.maybe(schema.number()),
});
const casesSchemaObject = schema.maybe(
schema.object({
all: schema.maybe(casesSchema),
create: schema.maybe(casesSchema),
read: schema.maybe(casesSchema),
update: schema.maybe(casesSchema),
delete: schema.maybe(casesSchema),
push: schema.maybe(casesSchema),
})
);
const kibanaPrivilegeSchema = schema.object({
excludeFromBasePrivileges: schema.maybe(schema.boolean()),
requireAllSpaces: schema.maybe(schema.boolean()),
disabled: schema.maybe(schema.boolean()),
management: schema.maybe(managementSchema),
catalogue: schema.maybe(catalogueSchema),
api: schema.maybe(schema.arrayOf(schema.string())),
app: schema.maybe(schema.arrayOf(schema.string())),
alerting: schema.maybe(
schema.object({
rule: schema.maybe(
schema.object({
all: schema.maybe(alertingSchema),
read: schema.maybe(alertingSchema),
})
),
alert: schema.maybe(
schema.object({
all: schema.maybe(alertingSchema),
read: schema.maybe(alertingSchema),
})
),
})
),
cases: casesSchemaObject,
savedObject: schema.object({
all: schema.arrayOf(schema.string()),
read: schema.arrayOf(schema.string()),
}),
ui: listOfCapabilitiesSchema,
});
const kibanaIndependentSubFeaturePrivilegeSchema = schema.object({
id: schema.string({
validate(key: string) {
if (!subFeaturePrivilegePartRegex.test(key)) {
return `Does not satisfy regexp ${subFeaturePrivilegePartRegex.toString()}`;
}
},
}),
name: schema.string(),
includeIn: schema.oneOf([schema.literal('all'), schema.literal('read'), schema.literal('none')]),
minimumLicense: schema.maybe(validSubFeaturePrivilegeLicensesSchema),
management: schema.maybe(managementSchema),
catalogue: schema.maybe(catalogueSchema),
alerting: schema.maybe(
schema.object({
rule: schema.maybe(
schema.object({
all: schema.maybe(alertingSchema),
read: schema.maybe(alertingSchema),
})
),
alert: schema.maybe(
schema.object({
all: schema.maybe(alertingSchema),
read: schema.maybe(alertingSchema),
})
),
})
),
cases: casesSchemaObject,
api: schema.maybe(schema.arrayOf(schema.string())),
app: schema.maybe(schema.arrayOf(schema.string())),
savedObject: schema.object({
all: schema.arrayOf(schema.string()),
read: schema.arrayOf(schema.string()),
}),
ui: listOfCapabilitiesSchema,
});
const kibanaMutuallyExclusiveSubFeaturePrivilegeSchema =
kibanaIndependentSubFeaturePrivilegeSchema.extends({
minimumLicense: schema.never(),
});
const kibanaSubFeatureSchema = schema.object({
name: schema.string(),
requireAllSpaces: schema.maybe(schema.boolean()),
privilegesTooltip: schema.maybe(schema.string()),
description: schema.maybe(schema.string()),
privilegeGroups: schema.maybe(
schema.arrayOf(
schema.oneOf([
schema.object({
groupType: schema.literal('mutually_exclusive'),
privileges: schema.maybe(
schema.arrayOf(kibanaMutuallyExclusiveSubFeaturePrivilegeSchema, { minSize: 1 })
),
}),
schema.object({
groupType: schema.literal('independent'),
privileges: schema.maybe(
schema.arrayOf(kibanaIndependentSubFeaturePrivilegeSchema, { minSize: 1 })
),
}),
])
)
),
});
const kibanaFeatureSchema = schema.object({
id: schema.string({
validate(value: string) {
if (!featurePrivilegePartRegex.test(value)) {
return `Does not satisfy regexp ${featurePrivilegePartRegex.toString()}`;
}
if (prohibitedFeatureIds.has(value)) {
return `[${value}] is not allowed`;
}
},
}),
name: schema.string(),
category: appCategorySchema,
description: schema.maybe(schema.string()),
order: schema.maybe(schema.number()),
excludeFromBasePrivileges: schema.maybe(schema.boolean()),
minimumLicense: schema.maybe(validLicenseSchema),
app: schema.arrayOf(schema.string()),
management: schema.maybe(managementSchema),
catalogue: schema.maybe(catalogueSchema),
alerting: schema.maybe(alertingSchema),
cases: schema.maybe(casesSchema),
privileges: schema.oneOf([
schema.literal(null),
schema.object({
all: schema.maybe(kibanaPrivilegeSchema),
read: schema.maybe(kibanaPrivilegeSchema),
}),
]),
subFeatures: schema.maybe(
schema.conditional(
schema.siblingRef('privileges'),
null,
// allows an empty array only
schema.arrayOf(schema.never(), { maxSize: 0 }),
schema.arrayOf(kibanaSubFeatureSchema)
)
),
privilegesTooltip: schema.maybe(schema.string()),
reserved: schema.maybe(
schema.object({
description: schema.string(),
privileges: schema.arrayOf(
schema.object({
id: schema.string({
validate(value: string) {
if (!reservedFeaturePrrivilegePartRegex.test(value)) {
return `Does not satisfy regexp ${reservedFeaturePrrivilegePartRegex.toString()}`;
}
},
}),
privilege: kibanaPrivilegeSchema,
})
),
})
),
});
const elasticsearchPrivilegeSchema = schema.object({
ui: schema.arrayOf(schema.string()),
requiredClusterPrivileges: schema.maybe(schema.arrayOf(schema.string())),
requiredIndexPrivileges: schema.maybe(
schema.recordOf(schema.string(), schema.arrayOf(schema.string()))
),
requiredRoles: schema.maybe(schema.arrayOf(schema.string())),
});
const elasticsearchFeatureSchema = schema.object({
id: schema.string({
validate(value: string) {
if (!featurePrivilegePartRegex.test(value)) {
return `Does not satisfy regexp ${featurePrivilegePartRegex.toString()}`;
}
if (prohibitedFeatureIds.has(value)) {
return `[${value}] is not allowed`;
}
},
}),
management: schema.maybe(managementSchema),
catalogue: schema.maybe(catalogueSchema),
privileges: schema.arrayOf(elasticsearchPrivilegeSchema),
});
export function validateKibanaFeature(feature: KibanaFeatureConfig) {
kibanaFeatureSchema.validate(feature);
// the following validation can't be enforced by the Joi schema, since it'd require us looking "up" the object graph for the list of valid value, which they explicitly forbid.
const { app = [], management = {}, catalogue = [], alerting = [], cases = [] } = feature;
const unseenApps = new Set(app);
const managementSets = Object.entries(management).map((entry) => [
entry[0],
new Set(entry[1]),
]) as Array<[string, Set<string>]>;
const unseenManagement = new Map<string, Set<string>>(managementSets);
const unseenCatalogue = new Set(catalogue);
const unseenAlertTypes = new Set(alerting);
const unseenCasesTypes = new Set(cases);
function validateAppEntry(privilegeId: string, entry: readonly string[] = []) {
entry.forEach((privilegeApp) => unseenApps.delete(privilegeApp));
const unknownAppEntries = difference(entry, app);
if (unknownAppEntries.length > 0) {
throw new Error(
`Feature privilege ${
feature.id
}.${privilegeId} has unknown app entries: ${unknownAppEntries.join(', ')}`
);
}
}
function validateCatalogueEntry(privilegeId: string, entry: readonly string[] = []) {
entry.forEach((privilegeCatalogue) => unseenCatalogue.delete(privilegeCatalogue));
const unknownCatalogueEntries = difference(entry || [], catalogue);
if (unknownCatalogueEntries.length > 0) {
throw new Error(
`Feature privilege ${
feature.id
}.${privilegeId} has unknown catalogue entries: ${unknownCatalogueEntries.join(', ')}`
);
}
}
function validateAlertingEntry(privilegeId: string, entry: FeatureKibanaPrivileges['alerting']) {
const all: string[] = [...(entry?.rule?.all ?? []), ...(entry?.alert?.all ?? [])];
const read: string[] = [...(entry?.rule?.read ?? []), ...(entry?.alert?.read ?? [])];
all.forEach((privilegeAlertTypes) => unseenAlertTypes.delete(privilegeAlertTypes));
read.forEach((privilegeAlertTypes) => unseenAlertTypes.delete(privilegeAlertTypes));
const unknownAlertingEntries = difference([...all, ...read], alerting);
if (unknownAlertingEntries.length > 0) {
throw new Error(
`Feature privilege ${
feature.id
}.${privilegeId} has unknown alerting entries: ${unknownAlertingEntries.join(', ')}`
);
}
}
function validateCasesEntry(privilegeId: string, entry: FeatureKibanaPrivileges['cases']) {
const all = entry?.all ?? [];
const read = entry?.read ?? [];
all.forEach((privilegeCasesTypes) => unseenCasesTypes.delete(privilegeCasesTypes));
read.forEach((privilegeCasesTypes) => unseenCasesTypes.delete(privilegeCasesTypes));
const unknownCasesEntries = difference([...all, ...read], cases);
if (unknownCasesEntries.length > 0) {
throw new Error(
`Feature privilege ${
feature.id
}.${privilegeId} has unknown cases entries: ${unknownCasesEntries.join(', ')}`
);
}
}
function validateManagementEntry(
privilegeId: string,
managementEntry: Record<string, readonly string[]> = {}
) {
Object.entries(managementEntry).forEach(([managementSectionId, managementSectionEntry]) => {
if (unseenManagement.has(managementSectionId)) {
managementSectionEntry.forEach((entry) => {
unseenManagement.get(managementSectionId)!.delete(entry);
if (unseenManagement.get(managementSectionId)?.size === 0) {
unseenManagement.delete(managementSectionId);
}
});
}
if (!management[managementSectionId]) {
throw new Error(
`Feature privilege ${feature.id}.${privilegeId} has unknown management section: ${managementSectionId}`
);
}
const unknownSectionEntries = difference(
managementSectionEntry,
management[managementSectionId]
);
if (unknownSectionEntries.length > 0) {
throw new Error(
`Feature privilege ${
feature.id
}.${privilegeId} has unknown management entries for section ${managementSectionId}: ${unknownSectionEntries.join(
', '
)}`
);
}
});
}
const privilegeEntries: Array<[string, FeatureKibanaPrivileges]> = [];
if (feature.privileges) {
privilegeEntries.push(...Object.entries(feature.privileges));
}
if (feature.reserved) {
feature.reserved.privileges.forEach((reservedPrivilege) => {
privilegeEntries.push([reservedPrivilege.id, reservedPrivilege.privilege]);
});
}
if (privilegeEntries.length === 0) {
return;
}
privilegeEntries.forEach(([privilegeId, privilegeDefinition]) => {
if (!privilegeDefinition) {
throw new Error('Privilege definition may not be null or undefined');
}
validateAppEntry(privilegeId, privilegeDefinition.app);
validateCatalogueEntry(privilegeId, privilegeDefinition.catalogue);
validateManagementEntry(privilegeId, privilegeDefinition.management);
validateAlertingEntry(privilegeId, privilegeDefinition.alerting);
validateCasesEntry(privilegeId, privilegeDefinition.cases);
});
const subFeatureEntries = feature.subFeatures ?? [];
subFeatureEntries.forEach((subFeature) => {
subFeature.privilegeGroups.forEach((subFeaturePrivilegeGroup) => {
subFeaturePrivilegeGroup.privileges.forEach((subFeaturePrivilege) => {
validateAppEntry(subFeaturePrivilege.id, subFeaturePrivilege.app);
validateCatalogueEntry(subFeaturePrivilege.id, subFeaturePrivilege.catalogue);
validateManagementEntry(subFeaturePrivilege.id, subFeaturePrivilege.management);
validateAlertingEntry(subFeaturePrivilege.id, subFeaturePrivilege.alerting);
validateCasesEntry(subFeaturePrivilege.id, subFeaturePrivilege.cases);
});
});
});
if (unseenApps.size > 0) {
throw new Error(
`Feature ${
feature.id
} specifies app entries which are not granted to any privileges: ${Array.from(
unseenApps.values()
).join(',')}`
);
}
if (unseenCatalogue.size > 0) {
throw new Error(
`Feature ${
feature.id
} specifies catalogue entries which are not granted to any privileges: ${Array.from(
unseenCatalogue.values()
).join(',')}`
);
}
if (unseenManagement.size > 0) {
const ungrantedManagement = Array.from(unseenManagement.entries()).reduce((acc, entry) => {
const values = Array.from(entry[1].values()).map(
(managementPage) => `${entry[0]}.${managementPage}`
);
acc.push(...values);
return acc;
}, [] as string[]);
throw new Error(
`Feature ${
feature.id
} specifies management entries which are not granted to any privileges: ${ungrantedManagement.join(
','
)}`
);
}
if (unseenAlertTypes.size > 0) {
throw new Error(
`Feature ${
feature.id
} specifies alerting entries which are not granted to any privileges: ${Array.from(
unseenAlertTypes.values()
).join(',')}`
);
}
if (unseenCasesTypes.size > 0) {
throw new Error(
`Feature ${
feature.id
} specifies cases entries which are not granted to any privileges: ${Array.from(
unseenCasesTypes.values()
).join(',')}`
);
}
}
export function validateElasticsearchFeature(feature: ElasticsearchFeatureConfig) {
elasticsearchFeatureSchema.validate(feature);
// the following validation can't be enforced by the Joi schema without a very convoluted and verbose definition
const { privileges } = feature;
privileges.forEach((privilege, index) => {
const {
requiredClusterPrivileges = [],
requiredIndexPrivileges = [],
requiredRoles = [],
} = privilege;
if (
requiredClusterPrivileges.length === 0 &&
requiredIndexPrivileges.length === 0 &&
requiredRoles.length === 0
) {
throw new Error(
`Feature ${feature.id} has a privilege definition at index ${index} without any privileges defined.`
);
}
});
}
Reference in a new issue View git blame Copy permalink