Move Kibana Security public types to separate packages (#171886)

## Summary

In this PR, I'm relocating all Kibana Security types (along with a few
schemas necessary for some of these types, unfortunately) that are part
of public contracts to separate packages. This change will enable any
plugin to utilize Security APIs via "static" or
["runtime"](#167113) dependencies,
regardless of whether Kibana Security already relies on these plugins or
not.

__NOTE TO REVIEWERS:__ I tried to minimize changes as much as I could
via moving only necessary types. I also didn't move deprecated parts of
the Setup/Start contracts to these new packages.

__Triggered by:__ #168910

---------

Co-authored-by: kibanamachine <[email protected]>

.github/CODEOWNERS

@@ -643,6 +643,9 @@ packages/kbn-search-response-warnings @elastic/kibana-data-discovery
 x-pack/plugins/searchprofiler @elastic/platform-deployment-management
 x-pack/test/security_api_integration/packages/helpers @elastic/kibana-security
 x-pack/plugins/security @elastic/kibana-security
+x-pack/packages/security/plugin_types_common @elastic/kibana-security
+x-pack/packages/security/plugin_types_public @elastic/kibana-security
+x-pack/packages/security/plugin_types_server @elastic/kibana-security
 x-pack/plugins/security_solution_ess @elastic/security-solution
 x-pack/packages/security-solution/features @elastic/security-threat-hunting-explore
 x-pack/test/cases_api_integration/common/plugins/security_solution @elastic/response-ops

package.json

@@ -646,6 +646,9 @@
     "@kbn/search-response-warnings": "link:packages/kbn-search-response-warnings",
     "@kbn/searchprofiler-plugin": "link:x-pack/plugins/searchprofiler",
     "@kbn/security-plugin": "link:x-pack/plugins/security",
+    "@kbn/security-plugin-types-common": "link:x-pack/packages/security/plugin_types_common",
+    "@kbn/security-plugin-types-public": "link:x-pack/packages/security/plugin_types_public",
+    "@kbn/security-plugin-types-server": "link:x-pack/packages/security/plugin_types_server",
     "@kbn/security-solution-ess": "link:x-pack/plugins/security_solution_ess",
     "@kbn/security-solution-features": "link:x-pack/packages/security-solution/features",
     "@kbn/security-solution-fixtures-plugin": "link:x-pack/test/cases_api_integration/common/plugins/security_solution",

src/plugins/data/server/search/session/session_service.test.ts

@@ -18,7 +18,7 @@ import { createRequestHash } from './utils';
 import moment from 'moment';
 import { coreMock } from '@kbn/core/server/mocks';
 import { ConfigSchema } from '../../../config';
-import type { AuthenticatedUser } from '@kbn/security-plugin/common/model';
+import type { AuthenticatedUser } from '@kbn/security-plugin/common';
 import { SEARCH_SESSION_TYPE, SearchSessionStatus } from '../../../common';
 import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
 

src/plugins/image_embeddable/public/image_editor/configure_image.tsx

@@ -11,7 +11,7 @@ import { toMountPoint } from '@kbn/kibana-react-plugin/public';
 import { FilesContext } from '@kbn/shared-ux-file-context';
 import { skip, take, takeUntil } from 'rxjs/operators';
 import { Subject } from 'rxjs';
-import type { AuthenticatedUser } from '@kbn/security-plugin/common/model';
+import type { AuthenticatedUser } from '@kbn/security-plugin/common';
 import { ImageConfig } from '../types';
 import { ImageEditorFlyout } from './image_editor_flyout';
 import { ImageViewerContext } from '../image_viewer';

src/plugins/image_embeddable/public/image_editor/image_editor_flyout.tsx

@@ -34,7 +34,7 @@ import { FileUpload } from '@kbn/shared-ux-file-upload';
 import { FilePicker } from '@kbn/shared-ux-file-picker';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import type { AuthenticatedUser } from '@kbn/security-plugin/common/model';
+import type { AuthenticatedUser } from '@kbn/security-plugin/common';
 import { FileImageMetadata, imageEmbeddableFileKind } from '../imports';
 import { ImageConfig } from '../types';
 import { ImageViewer } from '../image_viewer/image_viewer'; // use eager version to avoid flickering

src/plugins/image_embeddable/public/image_embeddable/image_embeddable_factory.tsx

@@ -8,7 +8,7 @@
 
 import { i18n } from '@kbn/i18n';
 import { IExternalUrl } from '@kbn/core-http-browser';
-import type { AuthenticatedUser } from '@kbn/security-plugin/common/model';
+import type { AuthenticatedUser } from '@kbn/security-plugin/common';
 import {
   IContainer,
   EmbeddableInput,

tsconfig.base.json

@@ -1280,6 +1280,12 @@
       "@kbn/security-api-integration-helpers/*": ["x-pack/test/security_api_integration/packages/helpers/*"],
       "@kbn/security-plugin": ["x-pack/plugins/security"],
       "@kbn/security-plugin/*": ["x-pack/plugins/security/*"],
+      "@kbn/security-plugin-types-common": ["x-pack/packages/security/plugin_types_common"],
+      "@kbn/security-plugin-types-common/*": ["x-pack/packages/security/plugin_types_common/*"],
+      "@kbn/security-plugin-types-public": ["x-pack/packages/security/plugin_types_public"],
+      "@kbn/security-plugin-types-public/*": ["x-pack/packages/security/plugin_types_public/*"],
+      "@kbn/security-plugin-types-server": ["x-pack/packages/security/plugin_types_server"],
+      "@kbn/security-plugin-types-server/*": ["x-pack/packages/security/plugin_types_server/*"],
       "@kbn/security-solution-ess": ["x-pack/plugins/security_solution_ess"],
       "@kbn/security-solution-ess/*": ["x-pack/plugins/security_solution_ess/*"],
       "@kbn/security-solution-features": ["x-pack/packages/security-solution/features"],

x-pack/packages/security/plugin_types_common/README.md

@@ -0,0 +1,4 @@
+# @kbn/security-plugin-types-common
+
+Contains type definitions for the Kibana Security plugin (common).
+

x-pack/packages/security/plugin_types_common/index.ts

@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export type {
+  AuthenticatedUser,
+  UserRealm,
+  User,
+  AuthenticationProvider,
+} from './src/authentication';
+export type {
+  Role,
+  RoleIndexPrivilege,
+  RoleKibanaPrivilege,
+  RoleRemoteIndexPrivilege,
+  FeaturesPrivileges,
+} from './src/authorization';
+export type { SecurityLicense, SecurityLicenseFeatures, LoginLayout } from './src/licensing';
+export type {
+  UserProfileUserInfo,
+  UserProfileData,
+  UserProfileLabels,
+  UserProfile,
+  UserProfileWithSecurity,
+  UserProfileUserInfoWithSecurity,
+} from './src/user_profile';

x-pack/packages/security/plugin_types_common/kibana.jsonc

@@ -0,0 +1,5 @@
+{
+  "type": "shared-common",
+  "id": "@kbn/security-plugin-types-common",
+  "owner": "@elastic/kibana-security"
+}

x-pack/packages/security/plugin_types_common/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "@kbn/security-plugin-types-common",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0"
+}

x-pack/packages/security/plugin_types_common/src/authentication/authenticated_user.ts

@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AuthenticationProvider } from './authentication_provider';
+import type { User } from './user';
+
+/**
+ * An Elasticsearch realm that was used to resolve and authenticate the user.
+ */
+export interface UserRealm {
+  /**
+   * Arbitrary name of the security realm.
+   */
+  name: string;
+
+  /**
+   * Type of the security realm (file, native, saml etc.).
+   */
+  type: string;
+}
+
+/**
+ * Represents the currently authenticated user.
+ */
+export interface AuthenticatedUser extends User {
+  /**
+   * The name and type of the Realm that has authenticated the user.
+   */
+  authentication_realm: UserRealm;
+
+  /**
+   * The name and type of the Realm where the user information were retrieved from.
+   */
+  lookup_realm: UserRealm;
+
+  /**
+   * The authentication provider that used to authenticate user.
+   */
+  authentication_provider: AuthenticationProvider;
+
+  /**
+   * The AuthenticationType used by ES to authenticate the user.
+   *
+   * @example "realm" | "api_key" | "token" | "anonymous" | "internal"
+   */
+  authentication_type: string;
+
+  /**
+   * Indicates whether user is authenticated via Elastic Cloud built-in SAML realm.
+   */
+  elastic_cloud_user: boolean;
+
+  /**
+   * User profile ID of this user.
+   */
+  profile_uid?: string;
+}

x-pack/packages/security/plugin_types_common/src/authentication/authentication_provider.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/**
+ * Type and name tuple to identify provider used to authenticate user.
+ */
+export interface AuthenticationProvider {
+  /**
+   * Type of the Kibana authentication provider.
+   */
+  type: string;
+  /**
+   * Name of the Kibana authentication provider (arbitrary string).
+   */
+  name: string;
+}

x-pack/packages/security/plugin_types_common/src/authentication/index.ts

@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export type { AuthenticatedUser, UserRealm } from './authenticated_user';
+export type { User } from './user';
+export type { AuthenticationProvider } from './authentication_provider';

x-pack/packages/security/plugin_types_common/src/authentication/user.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/**
+ * A set of fields describing Kibana user.
+ */
+export interface User {
+  username: string;
+  email?: string;
+  full_name?: string;
+  roles: readonly string[];
+  enabled: boolean;
+  metadata?: {
+    _reserved: boolean;
+    _deprecated?: boolean;
+    _deprecated_reason?: string;
+  };
+}

x-pack/packages/security/plugin_types_common/src/authorization/index.ts

@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export type { FeaturesPrivileges } from './features_privileges';
+export type {
+  Role,
+  RoleKibanaPrivilege,
+  RoleIndexPrivilege,
+  RoleRemoteIndexPrivilege,
+} from './role';

x-pack/packages/security/plugin_types_common/src/authorization/role.ts

@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { FeaturesPrivileges } from './features_privileges';
+
+export interface RoleIndexPrivilege {
+  names: string[];
+  privileges: string[];
+  field_security?: {
+    grant?: string[];
+    except?: string[];
+  };
+  query?: string;
+}
+
+export interface RoleRemoteIndexPrivilege extends RoleIndexPrivilege {
+  clusters: string[];
+}
+
+export interface RoleKibanaPrivilege {
+  spaces: string[];
+  base: string[];
+  feature: FeaturesPrivileges;
+  _reserved?: string[];
+}
+
+export interface Role {
+  name: string;
+  elasticsearch: {
+    cluster: string[];
+    indices: RoleIndexPrivilege[];
+    remote_indices?: RoleRemoteIndexPrivilege[];
+    run_as: string[];
+  };
+  kibana: RoleKibanaPrivilege[];
+  metadata?: {
+    [anyKey: string]: any;
+  };
+  transient_metadata?: {
+    [anyKey: string]: any;
+  };
+  _transform_error?: string[];
+  _unrecognized_applications?: string[];
+}

x-pack/packages/security/plugin_types_common/src/licensing/index.ts

@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export type { SecurityLicense } from './license';
+export type { LoginLayout, SecurityLicenseFeatures } from './license_features';

x-pack/packages/security/plugin_types_common/src/licensing/license.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Observable } from 'rxjs';
+
+import type { LicenseType } from '@kbn/licensing-plugin/common/types';
+
+import type { SecurityLicenseFeatures } from './license_features';
+
+export interface SecurityLicense {
+  isLicenseAvailable(): boolean;
+  isEnabled(): boolean;
+  getFeatures(): SecurityLicenseFeatures;
+  hasAtLeast(licenseType: LicenseType): boolean | undefined;
+  features$: Observable<SecurityLicenseFeatures>;
+}

x-pack/packages/security/plugin_types_common/src/user_profile/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export type {
+  UserProfileUserInfo,
+  UserProfileData,
+  UserProfileLabels,
+  UserProfileUserInfoWithSecurity,
+  UserProfile,
+  UserProfileWithSecurity,
+} from './user_profile';