From 74a551e81427160d3292e506b858e8f95102e93c Mon Sep 17 00:00:00 2001
From: Sid <siddharthmantri1@gmail.com>
Date: Fri, 30 Aug 2024 13:08:29 +0200
Subject: [PATCH] Migrate Enterprise search plugin authc dependencies from
 security plugin to core security service (#189713)

## Summary

Part of https://github.com/elastic/kibana/issues/186574
Closes https://github.com/elastic/kibana/issues/189714

Background: This PR is an example of a plugin migrating away from
depending on the Security plugin, which is a high-priority effort for
the last release before 9.0. The Enterprise search plugin uses
authc.apiKeys.create from the security plugin's start contract on the
server side.

For more context, the PR which exposes the API keys service from core is
here: https://github.com/elastic/kibana/pull/186910

This PR migrates the usage from the security plugin start contract to
the core security service.

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
---
 .../server/lib/indices/create_api_key.test.ts       | 12 ++++--------
 .../server/lib/indices/create_api_key.ts            |  9 +++------
 x-pack/plugins/enterprise_search/server/plugin.ts   |  7 ++-----
 .../server/routes/enterprise_search/api_keys.ts     | 13 +++++--------
 x-pack/plugins/enterprise_search/tsconfig.json      |  4 +++-
 5 files changed, 17 insertions(+), 28 deletions(-)

diff --git a/x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.test.ts b/x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.test.ts
index d89126f549a1b..43bea033a2e3d 100644
--- a/x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.test.ts
+++ b/x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.test.ts
@@ -5,14 +5,12 @@
  * 2.0.
  */
 
-import { KibanaRequest } from '@kbn/core/server';
-import { securityMock } from '@kbn/security-plugin/server/mocks';
+import { securityServiceMock } from '@kbn/core-security-server-mocks';
 
 import { createApiKey } from './create_api_key';
 
 describe('createApiKey lib function', () => {
-  const security = securityMock.createStart();
-  const request = {} as KibanaRequest;
+  const security = securityServiceMock.createRequestHandlerContext();
 
   const indexName = 'my-index';
   const keyName = '{indexName}-key';
@@ -31,11 +29,9 @@ describe('createApiKey lib function', () => {
   });
 
   it('should create an api key via the security plugin', async () => {
-    await expect(createApiKey(request, security, indexName, keyName)).resolves.toEqual(
-      createResponse
-    );
+    await expect(createApiKey(security, indexName, keyName)).resolves.toEqual(createResponse);
 
-    expect(security.authc.apiKeys.create).toHaveBeenCalledWith(request, {
+    expect(security.authc.apiKeys.create).toHaveBeenCalledWith({
       name: keyName,
       role_descriptors: {
         [`${indexName}-key-role`]: {
diff --git a/x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.ts b/x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.ts
index 0c1a62c4d30db..b5d7fb7cf22e9 100644
--- a/x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.ts
+++ b/x-pack/plugins/enterprise_search/server/lib/indices/create_api_key.ts
@@ -5,19 +5,16 @@
  * 2.0.
  */
 
-import { KibanaRequest } from '@kbn/core/server';
-
-import { SecurityPluginStart } from '@kbn/security-plugin/server';
+import type { SecurityRequestHandlerContext } from '@kbn/core-security-server';
 
 import { toAlphanumeric } from '../../../common/utils/to_alphanumeric';
 
 export const createApiKey = async (
-  request: KibanaRequest,
-  security: SecurityPluginStart,
+  security: SecurityRequestHandlerContext,
   indexName: string,
   keyName: string
 ) => {
-  return await security.authc.apiKeys.create(request, {
+  return await security.authc.apiKeys.create({
     name: keyName,
     role_descriptors: {
       [`${toAlphanumeric(indexName)}-key-role`]: {
diff --git a/x-pack/plugins/enterprise_search/server/plugin.ts b/x-pack/plugins/enterprise_search/server/plugin.ts
index a03429729bf2f..d021b1b3cd634 100644
--- a/x-pack/plugins/enterprise_search/server/plugin.ts
+++ b/x-pack/plugins/enterprise_search/server/plugin.ts
@@ -25,7 +25,7 @@ import type { LicensingPluginStart } from '@kbn/licensing-plugin/public';
 import { LogsSharedPluginSetup } from '@kbn/logs-shared-plugin/server';
 import type { MlPluginSetup } from '@kbn/ml-plugin/server';
 import { SearchConnectorsPluginSetup } from '@kbn/search-connectors-plugin/server';
-import { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/server';
+import { SecurityPluginSetup } from '@kbn/security-plugin/server';
 import { SpacesPluginStart } from '@kbn/spaces-plugin/server';
 import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 
@@ -104,7 +104,6 @@ interface PluginsSetup {
 
 export interface PluginsStart {
   data: DataPluginStart;
-  security: SecurityPluginStart;
   spaces?: SpacesPluginStart;
 }
 
@@ -284,9 +283,7 @@ export class EnterpriseSearchPlugin implements Plugin {
       registerAnalyticsRoutes({ ...dependencies, data, savedObjects: coreStart.savedObjects });
     });
 
-    void getStartServices().then(([, { security: securityStart }]) => {
-      registerApiKeysRoutes(dependencies, securityStart);
-    });
+    registerApiKeysRoutes(dependencies);
 
     /**
      * Bootstrap the routes, saved objects, and collector for telemetry
diff --git a/x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys.ts b/x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys.ts
index 8b94de5e6955c..71e00bed27910 100644
--- a/x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys.ts
+++ b/x-pack/plugins/enterprise_search/server/routes/enterprise_search/api_keys.ts
@@ -7,16 +7,11 @@
 
 import { schema } from '@kbn/config-schema';
 
-import { SecurityPluginStart } from '@kbn/security-plugin/server';
-
 import { createApiKey } from '../../lib/indices/create_api_key';
 import { RouteDependencies } from '../../plugin';
 import { elasticsearchErrorHandler } from '../../utils/elasticsearch_error_handler';
 
-export function registerApiKeysRoutes(
-  { log, router }: RouteDependencies,
-  security: SecurityPluginStart
-) {
+export function registerApiKeysRoutes({ log, router }: RouteDependencies) {
   router.post(
     {
       path: '/internal/enterprise_search/{indexName}/api_keys',
@@ -32,8 +27,9 @@ export function registerApiKeysRoutes(
     elasticsearchErrorHandler(log, async (context, request, response) => {
       const indexName = decodeURIComponent(request.params.indexName);
       const { keyName } = request.body;
+      const { security: coreSecurity } = await context.core;
 
-      const createResponse = await createApiKey(request, security, indexName, keyName);
+      const createResponse = await createApiKey(coreSecurity, indexName, keyName);
 
       if (!createResponse) {
         throw new Error('Unable to create API Key');
@@ -118,7 +114,8 @@ export function registerApiKeysRoutes(
       },
     },
     async (context, request, response) => {
-      const result = await security.authc.apiKeys.create(request, request.body);
+      const { security: coreSecurity } = await context.core;
+      const result = await coreSecurity.authc.apiKeys.create(request.body);
       if (result) {
         const apiKey = { ...result, beats_logstash_format: `${result.id}:${result.api_key}` };
         return response.ok({ body: apiKey });
diff --git a/x-pack/plugins/enterprise_search/tsconfig.json b/x-pack/plugins/enterprise_search/tsconfig.json
index 86cf6c3968005..58b1526e14baf 100644
--- a/x-pack/plugins/enterprise_search/tsconfig.json
+++ b/x-pack/plugins/enterprise_search/tsconfig.json
@@ -81,6 +81,8 @@
     "@kbn/core-chrome-browser",
     "@kbn/navigation-plugin",
     "@kbn/search-homepage",
-    "@kbn/security-plugin-types-common"
+    "@kbn/security-plugin-types-common",
+    "@kbn/core-security-server",
+    "@kbn/core-security-server-mocks"
   ]
 }