diff --git a/api_docs/cases.json b/api_docs/cases.json index 55ec344cb0bcb..bc92995dff6e9 100644 --- a/api_docs/cases.json +++ b/api_docs/cases.json @@ -1035,7 +1035,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 53 + "lineNumber": 49 }, "deprecated": false, "children": [ @@ -1051,7 +1051,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 53 + "lineNumber": 49 }, "deprecated": false, "isRequired": true @@ -1074,7 +1074,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 59 + "lineNumber": 55 }, "deprecated": false, "children": [ @@ -1091,7 +1091,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 60 + "lineNumber": 56 }, "deprecated": false, "isRequired": true @@ -1108,7 +1108,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 61 + "lineNumber": 57 }, "deprecated": false, "isRequired": true @@ -1129,7 +1129,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 75 + "lineNumber": 71 }, "deprecated": false, "children": [ @@ -1145,7 +1145,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 76 + "lineNumber": 72 }, "deprecated": false, "isRequired": true @@ -1170,7 +1170,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 24 + "lineNumber": 20 }, "deprecated": true, "references": [], @@ -1187,7 +1187,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 24 + "lineNumber": 20 }, "deprecated": false, "isRequired": true @@ -1634,62 +1634,6 @@ "returnComment": [], "initialIsOpen": false }, - { - "parentPluginId": "cases", - "id": "def-common.OmitProp", - "type": "Function", - "tags": [], - "label": "OmitProp", - "description": [], - "signature": [ - "(o: O, k: K) => Pick>" - ], - "source": { - "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 17 - }, - "deprecated": false, - "children": [ - { - "parentPluginId": "cases", - "id": "def-common.OmitProp.$1", - "type": "Uncategorized", - "tags": [], - "label": "o", - "description": [], - "signature": [ - "O" - ], - "source": { - "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 17 - }, - "deprecated": false, - "isRequired": true - }, - { - "parentPluginId": "cases", - "id": "def-common.OmitProp.$2", - "type": "Uncategorized", - "tags": [], - "label": "k", - "description": [], - "signature": [ - "K" - ], - "source": { - "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 17 - }, - "deprecated": false, - "isRequired": true - } - ], - "returnComment": [], - "initialIsOpen": false - }, { "parentPluginId": "cases", "id": "def-common.throwErrors", @@ -1704,7 +1648,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 55 + "lineNumber": 51 }, "deprecated": false, "children": [ @@ -1720,7 +1664,7 @@ ], "source": { "path": "x-pack/plugins/cases/common/api/runtime_types.ts", - "lineNumber": 55 + "lineNumber": 51 }, "deprecated": false, "isRequired": true @@ -5278,7 +5222,7 @@ "section": "def-common.ConnectorTypes", "text": "ConnectorTypes" }, - ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; } & { mappings: { action_type: \"append\" | \"overwrite\" | \"nothing\"; source: \"description\" | \"title\" | \"comments\"; target: string; }[]; owner: string; } & { id: string; version: string; error: string | null; owner: string; })[]" + ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; } & { mappings: { action_type: \"append\" | \"overwrite\" | \"nothing\"; source: \"description\" | \"title\" | \"comments\"; target: string; }[]; owner: string; } & { id: string; version: string; error: string | null; owner: string; })[]" ], "source": { "path": "x-pack/plugins/cases/common/api/cases/configure.ts", @@ -5335,7 +5279,7 @@ "section": "def-common.ConnectorTypes", "text": "ConnectorTypes" }, - ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; }" + ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; }" ], "source": { "path": "x-pack/plugins/cases/common/api/cases/configure.ts", @@ -5392,7 +5336,7 @@ "section": "def-common.ConnectorTypes", "text": "ConnectorTypes" }, - ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; }" + ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; }" ], "source": { "path": "x-pack/plugins/cases/common/api/cases/configure.ts", @@ -5506,7 +5450,7 @@ "section": "def-common.ConnectorTypes", "text": "ConnectorTypes" }, - ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; }" + ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; }" ], "source": { "path": "x-pack/plugins/cases/common/api/cases/configure.ts", @@ -5563,7 +5507,7 @@ "section": "def-common.ConnectorTypes", "text": "ConnectorTypes" }, - ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; } & { mappings: { action_type: \"append\" | \"overwrite\" | \"nothing\"; source: \"description\" | \"title\" | \"comments\"; target: string; }[]; owner: string; } & { id: string; version: string; error: string | null; owner: string; }" + ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; } & { mappings: { action_type: \"append\" | \"overwrite\" | \"nothing\"; source: \"description\" | \"title\" | \"comments\"; target: string; }[]; owner: string; } & { id: string; version: string; error: string | null; owner: string; }" ], "source": { "path": "x-pack/plugins/cases/common/api/cases/configure.ts", @@ -7187,7 +7131,7 @@ "section": "def-common.ConnectorTypes", "text": "ConnectorTypes" }, - ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; }, \"updated_at\" | \"owner\" | \"created_at\" | \"created_by\" | \"updated_by\" | \"closure_type\"> & { connector: ", + ".none; fields: null; }); closure_type: \"close-by-user\" | \"close-by-pushing\"; } & { owner: string; } & { created_at: string; created_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; }; updated_at: string | null; updated_by: { email: string | null | undefined; full_name: string | null | undefined; username: string | null | undefined; } | null; }, \"updated_at\" | \"owner\" | \"created_at\" | \"created_by\" | \"updated_by\" | \"closure_type\"> & { connector: ", { "pluginId": "cases", "scope": "common", @@ -7359,6 +7303,40 @@ "deprecated": false, "initialIsOpen": false }, + { + "parentPluginId": "cases", + "id": "def-common.MAX_CONCURRENT_SEARCHES", + "type": "number", + "tags": [], + "label": "MAX_CONCURRENT_SEARCHES", + "description": [], + "signature": [ + "10" + ], + "source": { + "path": "x-pack/plugins/cases/common/constants.ts", + "lineNumber": 97 + }, + "deprecated": false, + "initialIsOpen": false + }, + { + "parentPluginId": "cases", + "id": "def-common.MAX_DOCS_PER_PAGE", + "type": "number", + "tags": [], + "label": "MAX_DOCS_PER_PAGE", + "description": [], + "signature": [ + "10000" + ], + "source": { + "path": "x-pack/plugins/cases/common/constants.ts", + "lineNumber": 96 + }, + "deprecated": false, + "initialIsOpen": false + }, { "parentPluginId": "cases", "id": "def-common.MAX_GENERATED_ALERTS_PER_SUB_CASE", @@ -9365,6 +9343,8 @@ "<[", "IntersectionC", "<[", + "IntersectionC", + "<[", "TypeC", "<{ connector: ", "IntersectionC", @@ -9572,9 +9552,11 @@ "LiteralC", "<\"close-by-user\">, ", "LiteralC", - "<\"close-by-pushing\">]>; owner: ", + "<\"close-by-pushing\">]>; }>, ", + "TypeC", + "<{ owner: ", "StringC", - "; }>, ", + "; }>]>, ", "TypeC", "<{ created_at: ", "StringC", @@ -9701,6 +9683,8 @@ "label": "CaseConfigureAttributesRt", "description": [], "signature": [ + "IntersectionC", + "<[", "IntersectionC", "<[", "TypeC", @@ -9910,9 +9894,11 @@ "LiteralC", "<\"close-by-user\">, ", "LiteralC", - "<\"close-by-pushing\">]>; owner: ", + "<\"close-by-pushing\">]>; }>, ", + "TypeC", + "<{ owner: ", "StringC", - "; }>, ", + "; }>]>, ", "TypeC", "<{ created_at: ", "StringC", @@ -10019,6 +10005,8 @@ "<[", "IntersectionC", "<[", + "IntersectionC", + "<[", "TypeC", "<{ connector: ", "IntersectionC", @@ -10226,9 +10214,11 @@ "LiteralC", "<\"close-by-user\">, ", "LiteralC", - "<\"close-by-pushing\">]>; owner: ", + "<\"close-by-pushing\">]>; }>, ", + "TypeC", + "<{ owner: ", "StringC", - "; }>, ", + "; }>]>, ", "TypeC", "<{ created_at: ", "StringC", @@ -12728,7 +12718,7 @@ "IntersectionC", "<[", "PartialC", - ", ", "LiteralC", - "<\"close-by-pushing\">]>; owner: ", - "StringC", - "; }, \"connector\" | \"closure_type\">>, ", + "<\"close-by-pushing\">]>; }>, ", "TypeC", "<{ version: ", "StringC", @@ -12957,6 +12945,8 @@ "label": "CasesConfigureRequestRt", "description": [], "signature": [ + "IntersectionC", + "<[", "TypeC", "<{ connector: ", "IntersectionC", @@ -13164,9 +13154,11 @@ "LiteralC", "<\"close-by-user\">, ", "LiteralC", - "<\"close-by-pushing\">]>; owner: ", + "<\"close-by-pushing\">]>; }>, ", + "TypeC", + "<{ owner: ", "StringC", - "; }>" + "; }>]>" ], "source": { "path": "x-pack/plugins/cases/common/api/cases/configure.ts", diff --git a/api_docs/licensing.json b/api_docs/licensing.json index 11fb1dcb5c639..06906312cc0f8 100644 --- a/api_docs/licensing.json +++ b/api_docs/licensing.json @@ -3074,7 +3074,7 @@ "plugin": "security", "link": { "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 225 + "lineNumber": 229 } }, { diff --git a/api_docs/security.json b/api_docs/security.json index e0fd2a6bb33f2..f7547221cec66 100644 --- a/api_docs/security.json +++ b/api_docs/security.json @@ -14,7 +14,13 @@ "\nRepresents the currently authenticated user." ], "signature": [ - "AuthenticatedUser", + { + "pluginId": "security", + "scope": "common", + "docId": "kibSecurityPluginApi", + "section": "def-common.AuthenticatedUser", + "text": "AuthenticatedUser" + }, " extends ", "User" ], @@ -120,7 +126,13 @@ ], "signature": [ "() => Promise<", - "AuthenticatedUser", + { + "pluginId": "security", + "scope": "common", + "docId": "kibSecurityPluginApi", + "section": "def-common.AuthenticatedUser", + "text": "AuthenticatedUser" + }, ">" ], "source": { @@ -943,6 +955,121 @@ ], "initialIsOpen": false }, + { + "parentPluginId": "security", + "id": "def-server.AuditServiceSetup", + "type": "Interface", + "tags": [], + "label": "AuditServiceSetup", + "description": [], + "source": { + "path": "x-pack/plugins/security/server/audit/audit_service.ts", + "lineNumber": 40 + }, + "deprecated": false, + "children": [ + { + "parentPluginId": "security", + "id": "def-server.AuditServiceSetup.asScoped", + "type": "Function", + "tags": [], + "label": "asScoped", + "description": [], + "signature": [ + "(request: ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" + }, + ") => ", + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.AuditLogger", + "text": "AuditLogger" + } + ], + "source": { + "path": "x-pack/plugins/security/server/audit/audit_service.ts", + "lineNumber": 41 + }, + "deprecated": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "security", + "id": "def-server.request", + "type": "Object", + "tags": [], + "label": "request", + "description": [], + "signature": [ + { + "pluginId": "core", + "scope": "server", + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" + }, + "" + ], + "source": { + "path": "x-pack/plugins/security/server/audit/audit_service.ts", + "lineNumber": 41 + }, + "deprecated": false + } + ] + }, + { + "parentPluginId": "security", + "id": "def-server.AuditServiceSetup.getLogger", + "type": "Function", + "tags": [], + "label": "getLogger", + "description": [], + "signature": [ + "(id?: string | undefined) => ", + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.LegacyAuditLogger", + "text": "LegacyAuditLogger" + } + ], + "source": { + "path": "x-pack/plugins/security/server/audit/audit_service.ts", + "lineNumber": 42 + }, + "deprecated": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "security", + "id": "def-server.id", + "type": "string", + "tags": [], + "label": "id", + "description": [], + "signature": [ + "string | undefined" + ], + "source": { + "path": "x-pack/plugins/security/server/audit/audit_service.ts", + "lineNumber": 42 + }, + "deprecated": false + } + ] + } + ], + "initialIsOpen": false + }, { "parentPluginId": "security", "id": "def-server.AuthenticatedUser", @@ -953,7 +1080,13 @@ "\nRepresents the currently authenticated user." ], "signature": [ - "AuthenticatedUser", + { + "pluginId": "security", + "scope": "common", + "docId": "kibSecurityPluginApi", + "section": "def-common.AuthenticatedUser", + "text": "AuthenticatedUser" + }, " extends ", "User" ], @@ -1035,6 +1168,174 @@ ], "initialIsOpen": false }, + { + "parentPluginId": "security", + "id": "def-server.AuthenticationServiceStart", + "type": "Interface", + "tags": [], + "label": "AuthenticationServiceStart", + "description": [ + "\nAuthentication services available on the security plugin's start contract." + ], + "source": { + "path": "x-pack/plugins/security/server/authentication/authentication_service.ts", + "lineNumber": 72 + }, + "deprecated": false, + "children": [ + { + "parentPluginId": "security", + "id": "def-server.AuthenticationServiceStart.apiKeys", + "type": "Object", + "tags": [], + "label": "apiKeys", + "description": [], + "signature": [ + "{ create: (request: ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" + }, + ", params: ", + "CreateAPIKeyParams", + ") => Promise<", + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.CreateAPIKeyResult", + "text": "CreateAPIKeyResult" + }, + " | null>; areAPIKeysEnabled: () => Promise; invalidate: (request: ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" + }, + ", params: ", + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.InvalidateAPIKeysParams", + "text": "InvalidateAPIKeysParams" + }, + ") => Promise<", + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.InvalidateAPIKeyResult", + "text": "InvalidateAPIKeyResult" + }, + " | null>; grantAsInternalUser: (request: ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" + }, + ", createParams: ", + "CreateAPIKeyParams", + ") => Promise<", + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.GrantAPIKeyResult", + "text": "GrantAPIKeyResult" + }, + " | null>; invalidateAsInternalUser: (params: ", + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.InvalidateAPIKeysParams", + "text": "InvalidateAPIKeysParams" + }, + ") => Promise<", + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.InvalidateAPIKeyResult", + "text": "InvalidateAPIKeyResult" + }, + " | null>; }" + ], + "source": { + "path": "x-pack/plugins/security/server/authentication/authentication_service.ts", + "lineNumber": 73 + }, + "deprecated": false + }, + { + "parentPluginId": "security", + "id": "def-server.AuthenticationServiceStart.getCurrentUser", + "type": "Function", + "tags": [], + "label": "getCurrentUser", + "description": [], + "signature": [ + "(request: ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" + }, + ") => ", + { + "pluginId": "security", + "scope": "common", + "docId": "kibSecurityPluginApi", + "section": "def-common.AuthenticatedUser", + "text": "AuthenticatedUser" + }, + " | null" + ], + "source": { + "path": "x-pack/plugins/security/server/authentication/authentication_service.ts", + "lineNumber": 81 + }, + "deprecated": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "security", + "id": "def-server.request", + "type": "Object", + "tags": [], + "label": "request", + "description": [], + "signature": [ + { + "pluginId": "core", + "scope": "server", + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" + }, + "" + ], + "source": { + "path": "x-pack/plugins/security/server/authentication/authentication_service.ts", + "lineNumber": 81 + }, + "deprecated": false + } + ] + } + ], + "initialIsOpen": false + }, { "parentPluginId": "security", "id": "def-server.CheckPrivilegesPayload", @@ -1496,385 +1797,484 @@ } ], "initialIsOpen": false + } + ], + "enums": [], + "misc": [ + { + "parentPluginId": "security", + "id": "def-server.AuthorizationServiceSetup", + "type": "Type", + "tags": [], + "label": "AuthorizationServiceSetup", + "description": [], + "source": { + "path": "x-pack/plugins/security/server/index.ts", + "lineNumber": 31 + }, + "deprecated": false, + "initialIsOpen": false }, { "parentPluginId": "security", - "id": "def-server.SecurityPluginSetup", - "type": "Interface", + "id": "def-server.ROUTE_TAG_CAN_REDIRECT", + "type": "string", "tags": [], - "label": "SecurityPluginSetup", + "label": "ROUTE_TAG_CAN_REDIRECT", "description": [ - "\nDescribes public Security plugin contract returned at the `setup` stage." + "\nIf the route is marked with this tag Security can safely assume that the calling party that sends\nrequest to this route can handle redirect responses. It's particularly important if we want the\nspecific route to be able to initiate or participate in the authentication handshake that may\ninvolve redirects and will eventually redirect authenticated user to this route." + ], + "signature": [ + "\"security:canRedirect\"" ], "source": { - "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 69 + "path": "x-pack/plugins/security/server/routes/tags.ts", + "lineNumber": 21 }, "deprecated": false, - "children": [ - { - "parentPluginId": "security", - "id": "def-server.SecurityPluginSetup.authc", - "type": "Object", - "tags": [ - "deprecated" - ], - "label": "authc", - "description": [], - "signature": [ - "{ getCurrentUser: (request: ", - { - "pluginId": "core", - "scope": "server", - "docId": "kibCoreHttpPluginApi", - "section": "def-server.KibanaRequest", - "text": "KibanaRequest" - }, - ") => ", - "AuthenticatedUser", - " | null; }" - ], - "source": { - "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 73 + "initialIsOpen": false + } + ], + "objects": [], + "setup": { + "parentPluginId": "security", + "id": "def-server.SecurityPluginSetup", + "type": "Interface", + "tags": [], + "label": "SecurityPluginSetup", + "description": [ + "\nDescribes public Security plugin contract returned at the `setup` stage." + ], + "source": { + "path": "x-pack/plugins/security/server/plugin.ts", + "lineNumber": 72 + }, + "deprecated": false, + "children": [ + { + "parentPluginId": "security", + "id": "def-server.SecurityPluginSetup.authc", + "type": "Object", + "tags": [ + "deprecated" + ], + "label": "authc", + "description": [], + "signature": [ + "{ getCurrentUser: (request: ", + { + "pluginId": "core", + "scope": "server", + "docId": "kibCoreHttpPluginApi", + "section": "def-server.KibanaRequest", + "text": "KibanaRequest" }, - "deprecated": true, - "references": [ - { - "plugin": "reporting", - "link": { - "path": "x-pack/plugins/reporting/server/routes/lib/get_user.ts", - "lineNumber": 13 - } - }, - { - "plugin": "encryptedSavedObjects", - "link": { - "path": "x-pack/plugins/encrypted_saved_objects/server/crypto/encryption_key_rotation_service.ts", - "lineNumber": 107 - } - }, - { - "plugin": "encryptedSavedObjects", - "link": { - "path": "x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts", - "lineNumber": 67 - } - }, - { - "plugin": "actions", - "link": { - "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 444 - } - }, - { - "plugin": "ml", - "link": { - "path": "x-pack/plugins/ml/server/routes/annotations.ts", - "lineNumber": 105 - } - }, - { - "plugin": "dashboardMode", - "link": { - "path": "x-pack/plugins/dashboard_mode/server/interceptors/dashboard_mode_request_interceptor.ts", - "lineNumber": 33 - } - }, - { - "plugin": "dataEnhanced", - "link": { - "path": "x-pack/plugins/data_enhanced/server/search/session/session_service.ts", - "lineNumber": 448 - } - }, - { - "plugin": "logstash", - "link": { - "path": "x-pack/plugins/logstash/server/routes/pipeline/save.ts", - "lineNumber": 41 - } - }, - { - "plugin": "securitySolution", - "link": { - "path": "x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/create_signals_migration_route.ts", - "lineNumber": 48 - } - }, - { - "plugin": "securitySolution", - "link": { - "path": "x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/delete_signals_migration_route.ts", - "lineNumber": 45 - } - }, - { - "plugin": "securitySolution", - "link": { - "path": "x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/finalize_signals_migration_route.ts", - "lineNumber": 45 - } - }, - { - "plugin": "securitySolution", - "link": { - "path": "x-pack/plugins/security_solution/server/lib/timeline/utils/common.ts", - "lineNumber": 28 - } + ") => ", + { + "pluginId": "security", + "scope": "common", + "docId": "kibSecurityPluginApi", + "section": "def-common.AuthenticatedUser", + "text": "AuthenticatedUser" + }, + " | null; }" + ], + "source": { + "path": "x-pack/plugins/security/server/plugin.ts", + "lineNumber": 76 + }, + "deprecated": true, + "references": [ + { + "plugin": "reporting", + "link": { + "path": "x-pack/plugins/reporting/server/routes/lib/get_user.ts", + "lineNumber": 13 } - ] + }, + { + "plugin": "encryptedSavedObjects", + "link": { + "path": "x-pack/plugins/encrypted_saved_objects/server/crypto/encryption_key_rotation_service.ts", + "lineNumber": 107 + } + }, + { + "plugin": "encryptedSavedObjects", + "link": { + "path": "x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts", + "lineNumber": 67 + } + }, + { + "plugin": "actions", + "link": { + "path": "x-pack/plugins/actions/server/plugin.ts", + "lineNumber": 444 + } + }, + { + "plugin": "ml", + "link": { + "path": "x-pack/plugins/ml/server/routes/annotations.ts", + "lineNumber": 105 + } + }, + { + "plugin": "dashboardMode", + "link": { + "path": "x-pack/plugins/dashboard_mode/server/interceptors/dashboard_mode_request_interceptor.ts", + "lineNumber": 33 + } + }, + { + "plugin": "dataEnhanced", + "link": { + "path": "x-pack/plugins/data_enhanced/server/search/session/session_service.ts", + "lineNumber": 448 + } + }, + { + "plugin": "logstash", + "link": { + "path": "x-pack/plugins/logstash/server/routes/pipeline/save.ts", + "lineNumber": 41 + } + }, + { + "plugin": "securitySolution", + "link": { + "path": "x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/create_signals_migration_route.ts", + "lineNumber": 48 + } + }, + { + "plugin": "securitySolution", + "link": { + "path": "x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/delete_signals_migration_route.ts", + "lineNumber": 45 + } + }, + { + "plugin": "securitySolution", + "link": { + "path": "x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/finalize_signals_migration_route.ts", + "lineNumber": 45 + } + }, + { + "plugin": "securitySolution", + "link": { + "path": "x-pack/plugins/security_solution/server/lib/timeline/utils/common.ts", + "lineNumber": 28 + } + } + ] + }, + { + "parentPluginId": "security", + "id": "def-server.SecurityPluginSetup.authz", + "type": "Object", + "tags": [ + "deprecated" + ], + "label": "authz", + "description": [], + "signature": [ + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.AuthorizationServiceSetup", + "text": "AuthorizationServiceSetup" + } + ], + "source": { + "path": "x-pack/plugins/security/server/plugin.ts", + "lineNumber": 80 }, - { - "parentPluginId": "security", - "id": "def-server.SecurityPluginSetup.authz", - "type": "Object", - "tags": [ - "deprecated" - ], - "label": "authz", - "description": [], - "signature": [ - "{ mode: ", - "AuthorizationMode", - "; actions: ", - "Actions", - "; checkPrivilegesDynamicallyWithRequest: ", - "CheckPrivilegesDynamicallyWithRequest", - "; checkPrivilegesWithRequest: ", - "CheckPrivilegesWithRequest", - "; }" - ], - "source": { - "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 77 + "deprecated": true, + "references": [ + { + "plugin": "actions", + "link": { + "path": "x-pack/plugins/actions/server/plugin.ts", + "lineNumber": 443 + } }, - "deprecated": true, - "references": [ - { - "plugin": "actions", - "link": { - "path": "x-pack/plugins/actions/server/plugin.ts", - "lineNumber": 443 - } - }, - { - "plugin": "ml", - "link": { - "path": "x-pack/plugins/ml/server/saved_objects/initialization/initialization.ts", - "lineNumber": 54 - } - }, - { - "plugin": "ml", - "link": { - "path": "x-pack/plugins/ml/server/plugin.ts", - "lineNumber": 153 - } - }, - { - "plugin": "ml", - "link": { - "path": "x-pack/plugins/ml/server/plugin.ts", - "lineNumber": 203 - } - }, - { - "plugin": "enterpriseSearch", - "link": { - "path": "x-pack/plugins/enterprise_search/server/lib/check_access.ts", - "lineNumber": 46 - } - }, - { - "plugin": "enterpriseSearch", - "link": { - "path": "x-pack/plugins/enterprise_search/server/lib/check_access.ts", - "lineNumber": 86 - } - }, - { - "plugin": "enterpriseSearch", - "link": { - "path": "x-pack/plugins/enterprise_search/server/lib/check_access.ts", - "lineNumber": 88 - } - }, - { - "plugin": "savedObjectsTagging", - "link": { - "path": "x-pack/plugins/saved_objects_tagging/server/request_handler_context.ts", - "lineNumber": 37 - } + { + "plugin": "ml", + "link": { + "path": "x-pack/plugins/ml/server/saved_objects/initialization/initialization.ts", + "lineNumber": 54 } - ] + }, + { + "plugin": "ml", + "link": { + "path": "x-pack/plugins/ml/server/plugin.ts", + "lineNumber": 153 + } + }, + { + "plugin": "ml", + "link": { + "path": "x-pack/plugins/ml/server/plugin.ts", + "lineNumber": 203 + } + }, + { + "plugin": "enterpriseSearch", + "link": { + "path": "x-pack/plugins/enterprise_search/server/lib/check_access.ts", + "lineNumber": 46 + } + }, + { + "plugin": "enterpriseSearch", + "link": { + "path": "x-pack/plugins/enterprise_search/server/lib/check_access.ts", + "lineNumber": 86 + } + }, + { + "plugin": "enterpriseSearch", + "link": { + "path": "x-pack/plugins/enterprise_search/server/lib/check_access.ts", + "lineNumber": 88 + } + }, + { + "plugin": "savedObjectsTagging", + "link": { + "path": "x-pack/plugins/saved_objects_tagging/server/request_handler_context.ts", + "lineNumber": 37 + } + } + ] + }, + { + "parentPluginId": "security", + "id": "def-server.SecurityPluginSetup.license", + "type": "Object", + "tags": [], + "label": "license", + "description": [ + "\nExposes information about the available security features under the current license." + ], + "signature": [ + { + "pluginId": "security", + "scope": "common", + "docId": "kibSecurityPluginApi", + "section": "def-common.SecurityLicense", + "text": "SecurityLicense" + } + ], + "source": { + "path": "x-pack/plugins/security/server/plugin.ts", + "lineNumber": 84 }, + "deprecated": false + }, + { + "parentPluginId": "security", + "id": "def-server.SecurityPluginSetup.audit", + "type": "Object", + "tags": [], + "label": "audit", + "description": [ + "\nExposes services for audit logging." + ], + "signature": [ + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.AuditServiceSetup", + "text": "AuditServiceSetup" + } + ], + "source": { + "path": "x-pack/plugins/security/server/plugin.ts", + "lineNumber": 88 + }, + "deprecated": false + } + ], + "lifecycle": "setup", + "initialIsOpen": true + }, + "start": { + "parentPluginId": "security", + "id": "def-server.SecurityPluginStart", + "type": "Interface", + "tags": [], + "label": "SecurityPluginStart", + "description": [ + "\nDescribes public Security plugin contract returned at the `start` stage." + ], + "source": { + "path": "x-pack/plugins/security/server/plugin.ts", + "lineNumber": 94 + }, + "deprecated": false, + "children": [ + { + "parentPluginId": "security", + "id": "def-server.SecurityPluginStart.authc", + "type": "Object", + "tags": [], + "label": "authc", + "description": [ + "\nAuthentication services to confirm the user is who they say they are." + ], + "signature": [ + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.AuthenticationServiceStart", + "text": "AuthenticationServiceStart" + } + ], + "source": { + "path": "x-pack/plugins/security/server/plugin.ts", + "lineNumber": 98 + }, + "deprecated": false + }, + { + "parentPluginId": "security", + "id": "def-server.SecurityPluginStart.authz", + "type": "Object", + "tags": [], + "label": "authz", + "description": [ + "\nAuthorization services to manage and access the permissions a particular user has." + ], + "signature": [ + { + "pluginId": "security", + "scope": "server", + "docId": "kibSecurityPluginApi", + "section": "def-server.AuthorizationServiceSetup", + "text": "AuthorizationServiceSetup" + } + ], + "source": { + "path": "x-pack/plugins/security/server/plugin.ts", + "lineNumber": 102 + }, + "deprecated": false + } + ], + "lifecycle": "start", + "initialIsOpen": true + } + }, + "common": { + "classes": [], + "functions": [], + "interfaces": [ + { + "parentPluginId": "security", + "id": "def-common.AuthenticatedUser", + "type": "Interface", + "tags": [], + "label": "AuthenticatedUser", + "description": [ + "\nRepresents the currently authenticated user." + ], + "signature": [ + { + "pluginId": "security", + "scope": "common", + "docId": "kibSecurityPluginApi", + "section": "def-common.AuthenticatedUser", + "text": "AuthenticatedUser" + }, + " extends ", + "User" + ], + "source": { + "path": "x-pack/plugins/security/common/model/authenticated_user.ts", + "lineNumber": 21 + }, + "deprecated": false, + "children": [ { "parentPluginId": "security", - "id": "def-server.SecurityPluginSetup.license", + "id": "def-common.AuthenticatedUser.authentication_realm", "type": "Object", "tags": [], - "label": "license", - "description": [], + "label": "authentication_realm", + "description": [ + "\nThe name and type of the Realm that has authenticated the user." + ], "signature": [ - { - "pluginId": "security", - "scope": "common", - "docId": "kibSecurityPluginApi", - "section": "def-common.SecurityLicense", - "text": "SecurityLicense" - } + "UserRealm" ], "source": { - "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 81 + "path": "x-pack/plugins/security/common/model/authenticated_user.ts", + "lineNumber": 25 }, "deprecated": false }, { "parentPluginId": "security", - "id": "def-server.SecurityPluginSetup.audit", + "id": "def-common.AuthenticatedUser.lookup_realm", "type": "Object", "tags": [], - "label": "audit", - "description": [], + "label": "lookup_realm", + "description": [ + "\nThe name and type of the Realm where the user information were retrieved from." + ], "signature": [ - "AuditServiceSetup" + "UserRealm" ], "source": { - "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 82 + "path": "x-pack/plugins/security/common/model/authenticated_user.ts", + "lineNumber": 30 }, "deprecated": false - } - ], - "initialIsOpen": false - }, - { - "parentPluginId": "security", - "id": "def-server.SecurityPluginStart", - "type": "Interface", - "tags": [], - "label": "SecurityPluginStart", - "description": [ - "\nDescribes public Security plugin contract returned at the `start` stage." - ], - "source": { - "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 88 - }, - "deprecated": false, - "children": [ + }, { "parentPluginId": "security", - "id": "def-server.SecurityPluginStart.authc", + "id": "def-common.AuthenticatedUser.authentication_provider", "type": "Object", "tags": [], - "label": "authc", - "description": [], + "label": "authentication_provider", + "description": [ + "\nThe authentication provider that used to authenticate user." + ], "signature": [ - "{ getCurrentUser: (request: ", - { - "pluginId": "core", - "scope": "server", - "docId": "kibCoreHttpPluginApi", - "section": "def-server.KibanaRequest", - "text": "KibanaRequest" - }, - ") => ", - "AuthenticatedUser", - " | null; apiKeys: Pick<", - "APIKeys", - ", \"create\" | \"areAPIKeysEnabled\" | \"invalidate\" | \"grantAsInternalUser\" | \"invalidateAsInternalUser\">; }" + "AuthenticationProvider" ], "source": { - "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 89 + "path": "x-pack/plugins/security/common/model/authenticated_user.ts", + "lineNumber": 35 }, "deprecated": false }, { "parentPluginId": "security", - "id": "def-server.SecurityPluginStart.authz", - "type": "Object", + "id": "def-common.AuthenticatedUser.authentication_type", + "type": "string", "tags": [], - "label": "authz", - "description": [], - "signature": [ - "{ mode: ", - "AuthorizationMode", - "; actions: ", - "Actions", - "; checkPrivilegesDynamicallyWithRequest: ", - "CheckPrivilegesDynamicallyWithRequest", - "; checkPrivilegesWithRequest: ", - "CheckPrivilegesWithRequest", - "; }" + "label": "authentication_type", + "description": [ + "\nThe AuthenticationType used by ES to authenticate the user.\n" ], "source": { - "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 90 + "path": "x-pack/plugins/security/common/model/authenticated_user.ts", + "lineNumber": 42 }, "deprecated": false } ], "initialIsOpen": false - } - ], - "enums": [], - "misc": [ - { - "parentPluginId": "security", - "id": "def-server.AuthorizationServiceSetup", - "type": "Type", - "tags": [], - "label": "AuthorizationServiceSetup", - "description": [], - "signature": [ - "{ mode: ", - "AuthorizationMode", - "; actions: ", - "Actions", - "; checkPrivilegesDynamicallyWithRequest: ", - "CheckPrivilegesDynamicallyWithRequest", - "; checkPrivilegesWithRequest: ", - "CheckPrivilegesWithRequest", - "; }" - ], - "source": { - "path": "x-pack/plugins/security/server/index.ts", - "lineNumber": 30 - }, - "deprecated": false, - "initialIsOpen": false }, - { - "parentPluginId": "security", - "id": "def-server.ROUTE_TAG_CAN_REDIRECT", - "type": "string", - "tags": [], - "label": "ROUTE_TAG_CAN_REDIRECT", - "description": [ - "\nIf the route is marked with this tag Security can safely assume that the calling party that sends\nrequest to this route can handle redirect responses. It's particularly important if we want the\nspecific route to be able to initiate or participate in the authentication handshake that may\ninvolve redirects and will eventually redirect authenticated user to this route." - ], - "signature": [ - "\"security:canRedirect\"" - ], - "source": { - "path": "x-pack/plugins/security/server/routes/tags.ts", - "lineNumber": 21 - }, - "deprecated": false, - "initialIsOpen": false - } - ], - "objects": [] - }, - "common": { - "classes": [], - "functions": [], - "interfaces": [ { "parentPluginId": "security", "id": "def-common.SecurityLicense", diff --git a/api_docs/security.mdx b/api_docs/security.mdx index 07f219ce6e771..250ceff429207 100644 --- a/api_docs/security.mdx +++ b/api_docs/security.mdx @@ -27,6 +27,12 @@ import securityObj from './security.json'; ## Server +### Setup + + +### Start + + ### Interfaces diff --git a/api_docs/spaces.json b/api_docs/spaces.json index b3a1c3a7adc55..504df6286d1a5 100644 --- a/api_docs/spaces.json +++ b/api_docs/spaces.json @@ -1203,7 +1203,7 @@ "plugin": "security", "link": { "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 263 + "lineNumber": 267 } }, { @@ -2002,28 +2002,28 @@ "plugin": "security", "link": { "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 57 + "lineNumber": 60 } }, { "plugin": "security", "link": { "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 263 + "lineNumber": 267 } }, { "plugin": "security", "link": { "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 281 + "lineNumber": 285 } }, { "plugin": "security", "link": { "path": "x-pack/plugins/security/server/plugin.ts", - "lineNumber": 297 + "lineNumber": 301 } }, { diff --git a/x-pack/plugins/security/common/index.ts b/x-pack/plugins/security/common/index.ts index 8b99ac3c5761b..034c25758a1f0 100644 --- a/x-pack/plugins/security/common/index.ts +++ b/x-pack/plugins/security/common/index.ts @@ -6,3 +6,4 @@ */ export { SecurityLicense } from './licensing'; +export { AuthenticatedUser } from './model'; diff --git a/x-pack/plugins/security/server/authentication/authentication_service.mock.ts b/x-pack/plugins/security/server/authentication/authentication_service.mock.ts index ba3297aeb5493..ba73d3b196d2f 100644 --- a/x-pack/plugins/security/server/authentication/authentication_service.mock.ts +++ b/x-pack/plugins/security/server/authentication/authentication_service.mock.ts @@ -8,10 +8,10 @@ import type { DeeplyMockedKeys } from '@kbn/utility-types/jest'; import { apiKeysMock } from './api_keys/api_keys.mock'; -import type { AuthenticationServiceStart } from './authentication_service'; +import type { AuthenticationServiceStartInternal } from './authentication_service'; export const authenticationServiceMock = { - createStart: (): DeeplyMockedKeys => ({ + createStart: (): DeeplyMockedKeys => ({ apiKeys: apiKeysMock.create(), login: jest.fn(), logout: jest.fn(), diff --git a/x-pack/plugins/security/server/authentication/authentication_service.ts b/x-pack/plugins/security/server/authentication/authentication_service.ts index 2ac922c529bf5..9f2b21fa007f3 100644 --- a/x-pack/plugins/security/server/authentication/authentication_service.ts +++ b/x-pack/plugins/security/server/authentication/authentication_service.ts @@ -51,7 +51,7 @@ interface AuthenticationServiceStartParams { loggers: LoggerFactory; } -export interface AuthenticationServiceStart { +export interface AuthenticationServiceStartInternal extends AuthenticationServiceStart { apiKeys: Pick< APIKeys, | 'areAPIKeysEnabled' @@ -66,6 +66,21 @@ export interface AuthenticationServiceStart { getCurrentUser: (request: KibanaRequest) => AuthenticatedUser | null; } +/** + * Authentication services available on the security plugin's start contract. + */ +export interface AuthenticationServiceStart { + apiKeys: Pick< + APIKeys, + | 'areAPIKeysEnabled' + | 'create' + | 'invalidate' + | 'grantAsInternalUser' + | 'invalidateAsInternalUser' + >; + getCurrentUser: (request: KibanaRequest) => AuthenticatedUser | null; +} + export class AuthenticationService { private license!: SecurityLicense; private authenticator?: Authenticator; @@ -212,7 +227,7 @@ export class AuthenticationService { legacyAuditLogger, loggers, session, - }: AuthenticationServiceStartParams): AuthenticationServiceStart { + }: AuthenticationServiceStartParams): AuthenticationServiceStartInternal { const apiKeys = new APIKeys({ clusterClient, logger: this.logger.get('api-key'), diff --git a/x-pack/plugins/security/server/authentication/index.ts b/x-pack/plugins/security/server/authentication/index.ts index f7f5f82d2858b..4f82c5653baa9 100644 --- a/x-pack/plugins/security/server/authentication/index.ts +++ b/x-pack/plugins/security/server/authentication/index.ts @@ -6,7 +6,11 @@ */ export { canRedirectRequest } from './can_redirect_request'; -export { AuthenticationService, AuthenticationServiceStart } from './authentication_service'; +export { + AuthenticationService, + AuthenticationServiceStart, + AuthenticationServiceStartInternal, +} from './authentication_service'; export { AuthenticationResult } from './authentication_result'; export { DeauthenticationResult } from './deauthentication_result'; export { diff --git a/x-pack/plugins/security/server/authorization/authorization_service.tsx b/x-pack/plugins/security/server/authorization/authorization_service.tsx index 1e2588dafe233..c5adb3aff670e 100644 --- a/x-pack/plugins/security/server/authorization/authorization_service.tsx +++ b/x-pack/plugins/security/server/authorization/authorization_service.tsx @@ -72,7 +72,7 @@ interface AuthorizationServiceStartParams { online$: Observable; } -export interface AuthorizationServiceSetup { +export interface AuthorizationServiceSetupInternal extends AuthorizationServiceSetup { actions: Actions; checkPrivilegesWithRequest: CheckPrivilegesWithRequest; checkPrivilegesDynamicallyWithRequest: CheckPrivilegesDynamicallyWithRequest; @@ -82,6 +82,21 @@ export interface AuthorizationServiceSetup { privileges: PrivilegesService; } +/** + * Authorization services available on the setup contract of the security plugin. + */ +export interface AuthorizationServiceSetup { + /** + * Actions are used to create the "actions" that are associated with Elasticsearch's + * application privileges, and are used to perform the authorization checks implemented + * by the various `checkPrivilegesWithRequest` derivatives + */ + actions: Actions; + checkPrivilegesWithRequest: CheckPrivilegesWithRequest; + checkPrivilegesDynamicallyWithRequest: CheckPrivilegesDynamicallyWithRequest; + mode: AuthorizationMode; +} + export class AuthorizationService { private logger!: Logger; private applicationName!: string; @@ -101,7 +116,7 @@ export class AuthorizationService { kibanaIndexName, getSpacesService, getCurrentUser, - }: AuthorizationServiceSetupParams): AuthorizationServiceSetup { + }: AuthorizationServiceSetupParams): AuthorizationServiceSetupInternal { this.logger = loggers.get('authorization'); this.applicationName = `${APPLICATION_PREFIX}${kibanaIndexName}`; diff --git a/x-pack/plugins/security/server/authorization/index.ts b/x-pack/plugins/security/server/authorization/index.ts index 16a3c2ae50058..4d67f3435e7da 100644 --- a/x-pack/plugins/security/server/authorization/index.ts +++ b/x-pack/plugins/security/server/authorization/index.ts @@ -6,6 +6,10 @@ */ export { Actions } from './actions'; -export { AuthorizationService, AuthorizationServiceSetup } from './authorization_service'; +export { + AuthorizationService, + AuthorizationServiceSetup, + AuthorizationServiceSetupInternal, +} from './authorization_service'; export { CheckSavedObjectsPrivileges } from './check_saved_objects_privileges'; export { CheckPrivilegesPayload } from './types'; diff --git a/x-pack/plugins/security/server/index.ts b/x-pack/plugins/security/server/index.ts index e50ab66a92547..a48c6833096cc 100644 --- a/x-pack/plugins/security/server/index.ts +++ b/x-pack/plugins/security/server/index.ts @@ -25,6 +25,7 @@ export type { InvalidateAPIKeysParams, InvalidateAPIKeyResult, GrantAPIKeyResult, + AuthenticationServiceStart, } from './authentication'; export type { CheckPrivilegesPayload } from './authorization'; export type AuthorizationServiceSetup = SecurityPluginStart['authz']; @@ -32,6 +33,7 @@ export { LegacyAuditLogger, AuditLogger, AuditEvent } from './audit'; export type { SecurityPluginSetup, SecurityPluginStart }; export type { AuthenticatedUser } from '../common/model'; export { ROUTE_TAG_CAN_REDIRECT } from './routes/tags'; +export { AuditServiceSetup } from './audit'; export const config: PluginConfigDescriptor> = { schema: ConfigSchema, diff --git a/x-pack/plugins/security/server/plugin.ts b/x-pack/plugins/security/server/plugin.ts index 57be308525fdd..98f1335b53450 100644 --- a/x-pack/plugins/security/server/plugin.ts +++ b/x-pack/plugins/security/server/plugin.ts @@ -10,7 +10,6 @@ import { combineLatest } from 'rxjs'; import { map } from 'rxjs/operators'; import type { TypeOf } from '@kbn/config-schema'; -import type { RecursiveReadonly } from '@kbn/utility-types'; import type { CoreSetup, CoreStart, @@ -36,10 +35,14 @@ import type { AnonymousAccessServiceStart } from './anonymous_access'; import { AnonymousAccessService } from './anonymous_access'; import type { AuditServiceSetup } from './audit'; import { AuditService, SecurityAuditLogger } from './audit'; -import type { AuthenticationServiceStart } from './authentication'; +import type { + AuthenticationServiceStart, + AuthenticationServiceStartInternal, +} from './authentication'; import { AuthenticationService } from './authentication'; import type { AuthorizationServiceSetup } from './authorization'; import { AuthorizationService } from './authorization'; +import type { AuthorizationServiceSetupInternal } from './authorization/authorization_service'; import type { ConfigSchema, ConfigType } from './config'; import { createConfig } from './config'; import { ElasticsearchService } from './elasticsearch'; @@ -74,11 +77,14 @@ export interface SecurityPluginSetup { /** * @deprecated Use `authz` methods from the `SecurityServiceStart` contract instead. */ - authz: Pick< - AuthorizationServiceSetup, - 'actions' | 'checkPrivilegesDynamicallyWithRequest' | 'checkPrivilegesWithRequest' | 'mode' - >; + authz: AuthorizationServiceSetup; + /** + * Exposes information about the available security features under the current license. + */ license: SecurityLicense; + /** + * Exposes services for audit logging. + */ audit: AuditServiceSetup; } @@ -86,11 +92,14 @@ export interface SecurityPluginSetup { * Describes public Security plugin contract returned at the `start` stage. */ export interface SecurityPluginStart { - authc: Pick; - authz: Pick< - AuthorizationServiceSetup, - 'actions' | 'checkPrivilegesDynamicallyWithRequest' | 'checkPrivilegesWithRequest' | 'mode' - >; + /** + * Authentication services to confirm the user is who they say they are. + */ + authc: AuthenticationServiceStart; + /** + * Authorization services to manage and access the permissions a particular user has. + */ + authz: AuthorizationServiceSetup; } export interface PluginSetupDependencies { @@ -113,14 +122,9 @@ export interface PluginStartDependencies { * Represents Security Plugin instance that will be managed by the Kibana plugin system. */ export class SecurityPlugin - implements - Plugin< - RecursiveReadonly, - RecursiveReadonly, - PluginSetupDependencies - > { + implements Plugin { private readonly logger: Logger; - private authorizationSetup?: AuthorizationServiceSetup; + private authorizationSetup?: AuthorizationServiceSetupInternal; private auditSetup?: AuditServiceSetup; private anonymousAccessStart?: AnonymousAccessServiceStart; private configSubscription?: Subscription; @@ -152,7 +156,7 @@ export class SecurityPlugin private readonly authenticationService = new AuthenticationService( this.initializerContext.logger.get('authentication') ); - private authenticationStart?: AuthenticationServiceStart; + private authenticationStart?: AuthenticationServiceStartInternal; private readonly getAuthentication = () => { if (!this.authenticationStart) { throw new Error(`authenticationStart is not registered!`); diff --git a/x-pack/plugins/security/server/routes/api_keys/create.test.ts b/x-pack/plugins/security/server/routes/api_keys/create.test.ts index 502a7cb1246c4..ee28681adbd5f 100644 --- a/x-pack/plugins/security/server/routes/api_keys/create.test.ts +++ b/x-pack/plugins/security/server/routes/api_keys/create.test.ts @@ -12,7 +12,7 @@ import type { RequestHandler } from 'src/core/server'; import { kibanaResponseFactory } from 'src/core/server'; import { httpServerMock } from 'src/core/server/mocks'; -import type { AuthenticationServiceStart } from '../../authentication'; +import type { AuthenticationServiceStartInternal } from '../../authentication'; import { authenticationServiceMock } from '../../authentication/authentication_service.mock'; import type { SecurityRequestHandlerContext } from '../../types'; import { routeDefinitionParamsMock } from '../index.mock'; @@ -28,7 +28,7 @@ describe('Create API Key route', () => { } let routeHandler: RequestHandler; - let authc: DeeplyMockedKeys; + let authc: DeeplyMockedKeys; beforeEach(() => { authc = authenticationServiceMock.createStart(); const mockRouteDefinitionParams = routeDefinitionParamsMock.create(); diff --git a/x-pack/plugins/security/server/routes/api_keys/enabled.test.ts b/x-pack/plugins/security/server/routes/api_keys/enabled.test.ts index da097faf8c6b2..1000e79563b57 100644 --- a/x-pack/plugins/security/server/routes/api_keys/enabled.test.ts +++ b/x-pack/plugins/security/server/routes/api_keys/enabled.test.ts @@ -12,7 +12,7 @@ import type { RequestHandler } from 'src/core/server'; import { kibanaResponseFactory } from 'src/core/server'; import { httpServerMock } from 'src/core/server/mocks'; -import type { AuthenticationServiceStart } from '../../authentication'; +import type { AuthenticationServiceStartInternal } from '../../authentication'; import { authenticationServiceMock } from '../../authentication/authentication_service.mock'; import type { SecurityRequestHandlerContext } from '../../types'; import { routeDefinitionParamsMock } from '../index.mock'; @@ -28,7 +28,7 @@ describe('API keys enabled', () => { } let routeHandler: RequestHandler; - let authc: DeeplyMockedKeys; + let authc: DeeplyMockedKeys; beforeEach(() => { authc = authenticationServiceMock.createStart(); const mockRouteDefinitionParams = routeDefinitionParamsMock.create(); diff --git a/x-pack/plugins/security/server/routes/authentication/common.test.ts b/x-pack/plugins/security/server/routes/authentication/common.test.ts index 1e0b6784a45c8..5acc5817bfb3e 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.test.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.test.ts @@ -13,7 +13,7 @@ import { httpServerMock } from 'src/core/server/mocks'; import type { SecurityLicense, SecurityLicenseFeatures } from '../../../common/licensing'; import { mockAuthenticatedUser } from '../../../common/model/authenticated_user.mock'; -import type { AuthenticationServiceStart } from '../../authentication'; +import type { AuthenticationServiceStartInternal } from '../../authentication'; import { AuthenticationResult, DeauthenticationResult, @@ -28,7 +28,7 @@ import { defineCommonRoutes } from './common'; describe('Common authentication routes', () => { let router: jest.Mocked; - let authc: DeeplyMockedKeys; + let authc: DeeplyMockedKeys; let license: jest.Mocked; let mockContext: SecurityRequestHandlerContext; beforeEach(() => { diff --git a/x-pack/plugins/security/server/routes/authentication/saml.test.ts b/x-pack/plugins/security/server/routes/authentication/saml.test.ts index 6a06fc41690c5..04fedebb90ec7 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.test.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.test.ts @@ -11,7 +11,7 @@ import type { RequestHandler, RouteConfig } from 'src/core/server'; import { httpServerMock } from 'src/core/server/mocks'; import { mockAuthenticatedUser } from '../../../common/model/authenticated_user.mock'; -import type { AuthenticationServiceStart } from '../../authentication'; +import type { AuthenticationServiceStartInternal } from '../../authentication'; import { AuthenticationResult, SAMLLogin } from '../../authentication'; import { authenticationServiceMock } from '../../authentication/authentication_service.mock'; import type { SecurityRouter } from '../../types'; @@ -21,7 +21,7 @@ import { defineSAMLRoutes } from './saml'; describe('SAML authentication routes', () => { let router: jest.Mocked; - let authc: DeeplyMockedKeys; + let authc: DeeplyMockedKeys; beforeEach(() => { const routeParamsMock = routeDefinitionParamsMock.create(); router = routeParamsMock.router; diff --git a/x-pack/plugins/security/server/routes/index.ts b/x-pack/plugins/security/server/routes/index.ts index cdb3a2fa289fd..e36ca1b9ab72e 100644 --- a/x-pack/plugins/security/server/routes/index.ts +++ b/x-pack/plugins/security/server/routes/index.ts @@ -10,8 +10,8 @@ import type { HttpResources, IBasePath, Logger } from 'src/core/server'; import type { KibanaFeature } from '../../../features/server'; import type { SecurityLicense } from '../../common/licensing'; -import type { AuthenticationServiceStart } from '../authentication'; -import type { AuthorizationServiceSetup } from '../authorization'; +import type { AuthenticationServiceStartInternal } from '../authentication'; +import type { AuthorizationServiceSetupInternal } from '../authorization'; import type { ConfigType } from '../config'; import type { SecurityFeatureUsageServiceStart } from '../feature_usage'; import type { Session } from '../session_management'; @@ -34,12 +34,12 @@ export interface RouteDefinitionParams { httpResources: HttpResources; logger: Logger; config: ConfigType; - authz: AuthorizationServiceSetup; + authz: AuthorizationServiceSetupInternal; getSession: () => PublicMethodsOf; license: SecurityLicense; getFeatures: () => Promise; getFeatureUsageService: () => SecurityFeatureUsageServiceStart; - getAuthenticationService: () => AuthenticationServiceStart; + getAuthenticationService: () => AuthenticationServiceStartInternal; } export function defineRoutes(params: RouteDefinitionParams) { diff --git a/x-pack/plugins/security/server/routes/users/change_password.test.ts b/x-pack/plugins/security/server/routes/users/change_password.test.ts index a97fce7ea4b19..e5f4381a20421 100644 --- a/x-pack/plugins/security/server/routes/users/change_password.test.ts +++ b/x-pack/plugins/security/server/routes/users/change_password.test.ts @@ -15,8 +15,8 @@ import { kibanaResponseFactory } from 'src/core/server'; import { coreMock, httpServerMock } from 'src/core/server/mocks'; import { mockAuthenticatedUser } from '../../../common/model/authenticated_user.mock'; -import type { AuthenticationServiceStart } from '../../authentication'; import { AuthenticationResult } from '../../authentication'; +import type { AuthenticationServiceStartInternal } from '../../authentication/authentication_service'; import { authenticationServiceMock } from '../../authentication/authentication_service.mock'; import type { Session } from '../../session_management'; import { sessionMock } from '../../session_management/session.mock'; @@ -26,7 +26,7 @@ import { defineChangeUserPasswordRoutes } from './change_password'; describe('Change password', () => { let router: jest.Mocked; - let authc: DeeplyMockedKeys; + let authc: DeeplyMockedKeys; let session: jest.Mocked>; let routeHandler: RequestHandler; let routeConfig: RouteConfig; diff --git a/x-pack/plugins/security/server/saved_objects/index.ts b/x-pack/plugins/security/server/saved_objects/index.ts index e052fd1c7ab6a..837b3c594d396 100644 --- a/x-pack/plugins/security/server/saved_objects/index.ts +++ b/x-pack/plugins/security/server/saved_objects/index.ts @@ -9,7 +9,7 @@ import type { CoreSetup, LegacyRequest } from 'src/core/server'; import { KibanaRequest, SavedObjectsClient } from '../../../../../src/core/server'; import type { AuditServiceSetup, SecurityAuditLogger } from '../audit'; -import type { AuthorizationServiceSetup } from '../authorization'; +import type { AuthorizationServiceSetupInternal } from '../authorization/authorization_service'; import type { SpacesService } from '../plugin'; import { SecureSavedObjectsClientWrapper } from './secure_saved_objects_client_wrapper'; @@ -17,7 +17,7 @@ interface SetupSavedObjectsParams { legacyAuditLogger: SecurityAuditLogger; audit: AuditServiceSetup; authz: Pick< - AuthorizationServiceSetup, + AuthorizationServiceSetupInternal, 'mode' | 'actions' | 'checkSavedObjectsPrivilegesWithRequest' >; savedObjects: CoreSetup['savedObjects']; diff --git a/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts b/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts index 0b8a7abab2382..bc7cb727edd80 100644 --- a/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts +++ b/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts @@ -15,7 +15,10 @@ import { spacesClientMock } from '../../../spaces/server/mocks'; import type { AuditEvent, AuditLogger } from '../audit'; import { SpaceAuditAction } from '../audit'; import { auditServiceMock } from '../audit/index.mock'; -import type { AuthorizationServiceSetup } from '../authorization'; +import type { + AuthorizationServiceSetup, + AuthorizationServiceSetupInternal, +} from '../authorization'; import { authorizationMock } from '../authorization/index.mock'; import type { CheckPrivilegesResponse } from '../authorization/types'; import type { LegacySpacesAuditLogger } from './legacy_audit_logger'; @@ -85,7 +88,9 @@ const setup = ({ securityEnabled = false }: Opts = {}) => { }; }; -const expectNoAuthorizationCheck = (authorization: jest.Mocked) => { +const expectNoAuthorizationCheck = ( + authorization: jest.Mocked +) => { expect(authorization.checkPrivilegesDynamicallyWithRequest).not.toHaveBeenCalled(); expect(authorization.checkPrivilegesWithRequest).not.toHaveBeenCalled(); expect(authorization.checkSavedObjectsPrivilegesWithRequest).not.toHaveBeenCalled();