From f7fa8469bde927ef6db2835162134a269de00fdd Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Mon, 27 Nov 2023 21:26:31 +0100 Subject: [PATCH] Move Kibana Security public types to separate packages (#171886) ## Summary In this PR, I'm relocating all Kibana Security types (along with a few schemas necessary for some of these types, unfortunately) that are part of public contracts to separate packages. This change will enable any plugin to utilize Security APIs via "static" or ["runtime"](https://github.com/elastic/kibana/pull/167113) dependencies, regardless of whether Kibana Security already relies on these plugins or not. __NOTE TO REVIEWERS:__ I tried to minimize changes as much as I could via moving only necessary types. I also didn't move deprecated parts of the Setup/Start contracts to these new packages. __Triggered by:__ https://github.com/elastic/kibana/pull/168910 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- .github/CODEOWNERS | 3 + package.json | 3 + .../search/session/session_service.test.ts | 2 +- .../public/image_editor/configure_image.tsx | 2 +- .../image_editor/image_editor_flyout.tsx | 2 +- .../image_embeddable_factory.tsx | 2 +- tsconfig.base.json | 6 + .../security/plugin_types_common/README.md | 4 + .../security/plugin_types_common/index.ts | 29 +++ .../security/plugin_types_common/kibana.jsonc | 5 + .../security/plugin_types_common/package.json | 6 + .../src/authentication/authenticated_user.ts | 61 ++++++ .../authentication/authentication_provider.ts | 20 ++ .../src/authentication/index.ts | 10 + .../src/authentication/user.ts | 22 ++ .../src/authorization}/features_privileges.ts | 0 .../src/authorization/index.ts | 14 ++ .../src/authorization/role.ts | 48 +++++ .../src/licensing/index.ts | 9 + .../src/licensing/license.ts | 20 ++ .../src}/licensing/license_features.ts | 0 .../src/user_profile/index.ts | 15 ++ .../src/user_profile/user_profile.ts | 106 +++++++++ .../plugin_types_common/tsconfig.json | 15 ++ .../security/plugin_types_public/README.md | 4 + .../security/plugin_types_public/index.ts | 17 ++ .../security/plugin_types_public/kibana.jsonc | 5 + .../security/plugin_types_public/package.json | 6 + .../authentication/authentication_service.ts | 25 +++ .../src/authentication/index.ts | 11 + .../src/nav_control/index.ts | 8 + .../src/nav_control/nav_control_service.ts | 32 +++ .../plugin_types_public/src/plugin.ts | 37 ++++ .../src/user_profile/index.ts | 14 ++ .../user_profile/user_profile_api_client.ts | 123 +++++++++++ .../plugin_types_public/tsconfig.json | 15 ++ .../security/plugin_types_server/README.md | 4 + .../security/plugin_types_server/index.ts | 74 +++++++ .../security/plugin_types_server/kibana.jsonc | 5 + .../security/plugin_types_server/package.json | 6 + .../src/audit/audit_events.ts | 112 ++++++++++ .../src/audit/audit_logger.ts | 42 ++++ .../src/audit/audit_service.ts | 39 ++++ .../plugin_types_server/src/audit/index.ts | 10 + .../src/authentication/api_keys/api_keys.ts | 201 ++++++++++++++++++ .../src/authentication/api_keys/index.ts | 24 +++ .../authentication/authentication_service.ts | 19 ++ .../src/authentication/index.ts | 25 +++ .../src/authorization/actions/actions.ts | 29 +++ .../src/authorization/actions/alerting.ts | 10 + .../src/authorization/actions/api.ts | 10 + .../src/authorization/actions/app.ts | 10 + .../src/authorization/actions/cases.ts | 10 + .../src/authorization/actions/index.ts | 15 ++ .../src/authorization/actions/saved_object.ts | 10 + .../src/authorization/actions/space.ts | 10 + .../src/authorization/actions/ui.ts | 12 ++ .../authorization/authorization_service.ts | 28 +++ .../src/authorization/check_privileges.ts} | 0 .../check_privileges_dynamically.ts | 22 ++ .../check_saved_objects_privileges.ts | 18 ++ .../src/authorization/constants.ts | 8 + .../src/authorization}/deprecations.ts | 2 +- .../src/authorization/index.ts | 48 +++++ .../src/authorization/mode.ts | 12 ++ .../src/authorization}/role_schema.ts | 2 +- .../plugin_types_server/src/plugin.ts | 48 +++++ .../src/user_profile/index.ts | 14 ++ .../src/user_profile/user_profile_service.ts | 142 +++++++++++++ .../plugin_types_server/tsconfig.json | 17 ++ .../maintenance_window_client_factory.test.ts | 2 +- .../server/rules_client_factory.test.ts | 2 +- .../rules_settings_client_factory.test.ts | 2 +- .../apm/public/hooks/use_current_user.ts | 2 +- .../cases/public/common/lib/kibana/hooks.ts | 2 +- .../crypto/encrypted_saved_objects_service.ts | 2 +- .../server/services/agent_policy_create.ts | 2 +- .../services/security/fleet_router.test.ts | 10 +- .../public/hooks/use_current_user.ts | 2 +- x-pack/plugins/security/common/constants.ts | 1 - x-pack/plugins/security/common/index.ts | 35 ++- .../security/common/licensing/index.mock.ts | 4 +- .../security/common/licensing/index.ts | 3 - .../common/licensing/license_service.ts | 12 +- x-pack/plugins/security/common/login_state.ts | 2 +- .../common/model/authenticated_user.mock.ts | 2 +- .../common/model/authenticated_user.test.ts | 2 +- .../common/model/authenticated_user.ts | 56 +---- .../common/model/authentication_provider.ts | 14 -- x-pack/plugins/security/common/model/index.ts | 26 +-- .../security/common/model/role.test.ts | 3 +- x-pack/plugins/security/common/model/role.ts | 43 +--- .../security/common/model/user.test.ts | 3 +- x-pack/plugins/security/common/model/user.ts | 16 +- .../common/model/user_profile.mock.ts | 2 +- .../security/common/model/user_profile.ts | 107 +--------- x-pack/plugins/security/common/types.ts | 2 +- .../account_management_app.tsx | 2 +- .../public/account_management/index.ts | 5 - .../account_management/user_profile/index.ts | 5 - .../user_profile/user_profile_api_client.ts | 57 +---- .../public/analytics/analytics_service.ts | 2 +- .../analytics/register_user_context.test.ts | 2 +- .../public/analytics/register_user_context.ts | 3 +- .../authentication/authentication_service.ts | 21 +- .../public/authentication/index.mock.ts | 2 +- .../security/public/authentication/index.ts | 4 - .../overwritten_session_app.ts | 3 +- .../overwritten_session_page.tsx | 2 +- .../public/components/use_current_user.ts | 3 +- x-pack/plugins/security/public/index.ts | 22 +- .../api_keys/api_keys_api_client.ts | 3 +- .../api_keys_grid/api_keys_grid_page.tsx | 2 +- .../api_keys/api_keys_management_app.tsx | 2 +- .../management/management_service.test.ts | 2 +- .../public/management/management_service.ts | 4 +- .../role_combo_box/role_combo_box.tsx | 2 +- .../delete_provider/delete_provider.test.tsx | 2 +- .../delete_provider/delete_provider.tsx | 2 +- .../edit_role_mapping_page.test.tsx | 2 +- .../edit_role_mapping_page.tsx | 2 +- .../mapping_info_panel.test.tsx | 2 +- .../mapping_info_panel/mapping_info_panel.tsx | 2 +- .../role_selector/role_selector.test.tsx | 2 +- .../role_selector/role_selector.tsx | 2 +- .../role_selector/role_template_editor.tsx | 2 +- .../role_template_type_select.tsx | 2 +- .../rule_editor_panel/rule_editor_panel.tsx | 2 +- .../services/role_mapping_validation.test.ts | 2 +- .../services/role_mapping_validation.ts | 2 +- .../services/role_template_type.test.ts | 2 +- .../services/role_template_type.ts | 2 +- .../role_mappings/model/rule_builder.test.ts | 2 +- .../role_mappings/model/rule_builder.ts | 2 +- .../role_mappings/role_mappings_api_client.ts | 2 +- .../role_mappings_grid_page.tsx | 2 +- .../role_table_display/role_table_display.tsx | 2 +- .../roles/__fixtures__/kibana_privileges.ts | 2 +- .../roles/edit_role/edit_role_page.test.tsx | 2 +- .../roles/edit_role/edit_role_page.tsx | 4 +- .../roles/edit_role/privilege_utils.ts | 2 +- .../privileges/es/cluster_privileges.test.tsx | 2 +- .../privileges/es/cluster_privileges.tsx | 2 +- .../es/elasticsearch_privileges.tsx | 3 +- .../privileges/es/index_privilege_form.tsx | 2 +- .../privileges/es/index_privileges.tsx | 3 +- .../feature_table/feature_table.test.tsx | 2 +- .../kibana/feature_table/feature_table.tsx | 2 +- .../feature_table_expanded_row.test.tsx | 2 +- .../feature_table/sub_feature_form.test.tsx | 2 +- .../kibana/kibana_privileges_region.test.tsx | 2 +- .../kibana/kibana_privileges_region.tsx | 2 +- .../privilege_form_calculator.test.ts | 2 +- .../privilege_form_calculator.ts | 2 +- .../privilege_summary/__fixtures__/index.ts | 2 +- .../privilege_summary.test.tsx | 2 +- .../privilege_summary/privilege_summary.tsx | 2 +- .../privilege_summary_calculator.test.ts | 2 +- .../privilege_summary_calculator.ts | 2 +- .../privilege_summary_table.test.tsx | 2 +- .../privilege_summary_table.tsx | 2 +- .../space_column_header.test.tsx | 2 +- .../privilege_summary/space_column_header.tsx | 2 +- .../simple_privilege_section.test.tsx | 2 +- .../simple_privilege_section.tsx | 2 +- .../privilege_space_form.test.tsx | 2 +- .../privilege_space_form.tsx | 2 +- .../privilege_space_table.test.tsx | 2 +- .../privilege_space_table.tsx | 2 +- .../space_aware_privilege_section.tsx | 4 +- .../edit_role/reserved_role_badge.test.tsx | 2 +- .../roles/edit_role/reserved_role_badge.tsx | 4 +- .../roles/edit_role/validate_role.test.ts | 2 +- .../roles/edit_role/validate_role.ts | 2 +- .../roles/model/kibana_privileges.test.ts | 2 +- .../roles/model/kibana_privileges.ts | 2 +- .../management/roles/roles_api_client.test.ts | 2 +- .../management/roles/roles_api_client.ts | 2 +- .../roles/roles_grid/roles_grid_page.tsx | 2 +- .../management/roles/roles_management_app.tsx | 2 +- .../change_password_form.test.tsx | 2 +- .../change_password_form.tsx | 2 +- .../management/users/edit_user/user_form.tsx | 2 +- .../management/users/user_api_client.ts | 2 +- .../management/users/user_utils.test.ts | 2 +- .../public/management/users/user_utils.ts | 2 +- .../users/users_grid/users_grid_page.test.tsx | 2 +- .../users/users_grid/users_grid_page.tsx | 2 +- .../management/users/users_management_app.tsx | 2 +- .../security/public/nav_control/index.mock.ts | 2 +- .../security/public/nav_control/index.ts | 2 - .../nav_control/nav_control_component.tsx | 13 +- .../nav_control/nav_control_service.tsx | 21 +- x-pack/plugins/security/public/plugin.tsx | 38 +--- .../change_password/change_password.tsx | 2 +- .../ui_api/personal_info/personal_info.tsx | 2 +- .../security/server/audit/audit_events.ts | 109 +--------- .../server/audit/audit_service.test.ts | 2 +- .../security/server/audit/audit_service.ts | 67 +----- x-pack/plugins/security/server/audit/index.ts | 2 - x-pack/plugins/security/server/audit/mocks.ts | 4 +- .../authentication/api_keys/api_keys.test.ts | 2 +- .../authentication/api_keys/api_keys.ts | 97 ++------- .../server/authentication/api_keys/index.ts | 11 - .../authentication_service.test.ts | 2 +- .../authentication/authentication_service.ts | 22 +- .../authentication/authenticator.test.ts | 2 +- .../server/authentication/authenticator.ts | 2 +- .../security/server/authentication/index.ts | 16 +- .../server/authentication/providers/base.ts | 2 +- .../server/authorization/actions/actions.ts | 4 +- .../server/authorization/actions/alerting.ts | 4 +- .../server/authorization/actions/api.ts | 4 +- .../server/authorization/actions/app.ts | 4 +- .../server/authorization/actions/cases.ts | 4 +- .../authorization/actions/saved_object.ts | 4 +- .../server/authorization/actions/space.ts | 3 +- .../server/authorization/actions/ui.ts | 3 +- .../server/authorization/api_authorization.ts | 3 +- .../server/authorization/app_authorization.ts | 3 +- .../authorization/authorization_service.tsx | 31 +-- .../authorization/check_privileges.test.ts | 4 +- .../server/authorization/check_privileges.ts | 8 +- .../check_privileges_dynamically.test.ts | 2 +- .../check_privileges_dynamically.ts | 15 +- .../check_saved_objects_privileges.test.ts | 5 +- .../check_saved_objects_privileges.ts | 15 +- .../disable_ui_capabilities.test.ts | 4 +- .../authorization/disable_ui_capabilities.ts | 8 +- .../server/authorization/index.mock.ts | 3 +- .../security/server/authorization/index.ts | 7 +- .../server/authorization/mode.test.ts | 3 +- .../security/server/authorization/mode.ts | 6 +- .../authorization/privileges/privileges.ts | 2 +- .../authorization/roles/elasticsearch_role.ts | 8 +- .../authorization/validate_es_response.ts | 3 +- x-pack/plugins/security/server/config.ts | 2 +- .../deprecations/privilege_deprecations.ts | 6 +- .../elasticsearch_service.test.ts | 2 +- .../elasticsearch/elasticsearch_service.ts | 2 +- .../security/server/elasticsearch/index.ts | 2 +- x-pack/plugins/security/server/index.ts | 70 ++++-- x-pack/plugins/security/server/lib/index.ts | 2 - .../plugins/security/server/lib/role_utils.ts | 5 +- x-pack/plugins/security/server/plugin.ts | 50 +---- .../security/server/routes/api_keys/create.ts | 76 +------ .../security/server/routes/api_keys/index.ts | 7 - .../security/server/routes/api_keys/update.ts | 2 +- .../routes/authentication/common.test.ts | 2 +- .../authorization/roles/model/put_payload.ts | 7 +- .../routes/authorization/roles/put.test.ts | 2 +- .../share_saved_object_permissions.test.ts | 2 +- .../routes/security_checkup/get_state.test.ts | 2 +- .../routes/views/access_agreement.test.ts | 7 +- .../server/routes/views/login.test.ts | 2 +- .../saved_objects/ensure_authorized.test.ts | 6 +- .../server/saved_objects/ensure_authorized.ts | 8 +- .../security/server/saved_objects/index.ts | 2 +- .../saved_objects_security_extension.test.ts | 6 +- .../saved_objects_security_extension.ts | 9 +- .../server/session_management/session.test.ts | 2 +- .../server/session_management/session.ts | 2 +- .../session_management/session_index.test.ts | 2 +- .../session_management/session_index.ts | 4 +- .../session_management_service.test.ts | 2 +- .../session_management_service.ts | 2 +- .../secure_spaces_client_wrapper.test.ts | 13 +- .../spaces/secure_spaces_client_wrapper.ts | 3 +- .../server/spaces/setup_spaces_client.ts | 6 +- .../security_usage_collector.test.ts | 2 +- .../security_usage_collector.ts | 2 +- .../security/server/user_profile/index.ts | 5 - .../user_profile/user_profile_service.ts | 140 +----------- .../user_profile/user_setting_service.ts | 6 +- .../user_settings_service.test.ts | 2 +- x-pack/plugins/security/tsconfig.json | 3 + .../public/common/lib/kibana/hooks.ts | 2 +- .../server/lib/framework/types.ts | 2 +- .../saved_object/notes/saved_object.test.ts | 2 +- .../saved_object/notes/saved_object.ts | 2 +- .../saved_object/pinned_events/index.ts | 2 +- .../timelines/pick_saved_timeline.test.ts | 2 +- .../timelines/pick_saved_timeline.ts | 2 +- .../functional/page_objects/security_page.ts | 2 +- .../services/observability/users.ts | 2 +- .../login_selector/basic_functionality.ts | 2 +- .../session_concurrent_limit/global_limit.ts | 2 +- .../tests/session_invalidate/invalidate.ts | 2 +- .../tests/session_lifespan/cleanup.ts | 2 +- yarn.lock | 12 ++ 290 files changed, 2195 insertions(+), 1298 deletions(-) create mode 100644 x-pack/packages/security/plugin_types_common/README.md create mode 100644 x-pack/packages/security/plugin_types_common/index.ts create mode 100644 x-pack/packages/security/plugin_types_common/kibana.jsonc create mode 100644 x-pack/packages/security/plugin_types_common/package.json create mode 100644 x-pack/packages/security/plugin_types_common/src/authentication/authenticated_user.ts create mode 100644 x-pack/packages/security/plugin_types_common/src/authentication/authentication_provider.ts create mode 100644 x-pack/packages/security/plugin_types_common/src/authentication/index.ts create mode 100644 x-pack/packages/security/plugin_types_common/src/authentication/user.ts rename x-pack/{plugins/security/common/model => packages/security/plugin_types_common/src/authorization}/features_privileges.ts (100%) create mode 100644 x-pack/packages/security/plugin_types_common/src/authorization/index.ts create mode 100644 x-pack/packages/security/plugin_types_common/src/authorization/role.ts create mode 100644 x-pack/packages/security/plugin_types_common/src/licensing/index.ts create mode 100644 x-pack/packages/security/plugin_types_common/src/licensing/license.ts rename x-pack/{plugins/security/common => packages/security/plugin_types_common/src}/licensing/license_features.ts (100%) create mode 100644 x-pack/packages/security/plugin_types_common/src/user_profile/index.ts create mode 100644 x-pack/packages/security/plugin_types_common/src/user_profile/user_profile.ts create mode 100644 x-pack/packages/security/plugin_types_common/tsconfig.json create mode 100644 x-pack/packages/security/plugin_types_public/README.md create mode 100644 x-pack/packages/security/plugin_types_public/index.ts create mode 100644 x-pack/packages/security/plugin_types_public/kibana.jsonc create mode 100644 x-pack/packages/security/plugin_types_public/package.json create mode 100644 x-pack/packages/security/plugin_types_public/src/authentication/authentication_service.ts create mode 100644 x-pack/packages/security/plugin_types_public/src/authentication/index.ts create mode 100644 x-pack/packages/security/plugin_types_public/src/nav_control/index.ts create mode 100644 x-pack/packages/security/plugin_types_public/src/nav_control/nav_control_service.ts create mode 100644 x-pack/packages/security/plugin_types_public/src/plugin.ts create mode 100644 x-pack/packages/security/plugin_types_public/src/user_profile/index.ts create mode 100644 x-pack/packages/security/plugin_types_public/src/user_profile/user_profile_api_client.ts create mode 100644 x-pack/packages/security/plugin_types_public/tsconfig.json create mode 100644 x-pack/packages/security/plugin_types_server/README.md create mode 100644 x-pack/packages/security/plugin_types_server/index.ts create mode 100644 x-pack/packages/security/plugin_types_server/kibana.jsonc create mode 100644 x-pack/packages/security/plugin_types_server/package.json create mode 100644 x-pack/packages/security/plugin_types_server/src/audit/audit_events.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/audit/audit_logger.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/audit/audit_service.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/audit/index.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authentication/authentication_service.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authentication/index.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/actions.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/alerting.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/api.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/app.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/cases.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/index.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/saved_object.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/space.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/actions/ui.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/authorization_service.ts rename x-pack/{plugins/security/server/authorization/types.ts => packages/security/plugin_types_server/src/authorization/check_privileges.ts} (100%) create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/check_privileges_dynamically.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/check_saved_objects_privileges.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/constants.ts rename x-pack/{plugins/security/common/model => packages/security/plugin_types_server/src/authorization}/deprecations.ts (92%) create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/index.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/authorization/mode.ts rename x-pack/{plugins/security/server/lib => packages/security/plugin_types_server/src/authorization}/role_schema.ts (99%) create mode 100644 x-pack/packages/security/plugin_types_server/src/plugin.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/user_profile/index.ts create mode 100644 x-pack/packages/security/plugin_types_server/src/user_profile/user_profile_service.ts create mode 100644 x-pack/packages/security/plugin_types_server/tsconfig.json diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2da7f440baf1e..3b4f77f87ff95 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -643,6 +643,9 @@ packages/kbn-search-response-warnings @elastic/kibana-data-discovery x-pack/plugins/searchprofiler @elastic/platform-deployment-management x-pack/test/security_api_integration/packages/helpers @elastic/kibana-security x-pack/plugins/security @elastic/kibana-security +x-pack/packages/security/plugin_types_common @elastic/kibana-security +x-pack/packages/security/plugin_types_public @elastic/kibana-security +x-pack/packages/security/plugin_types_server @elastic/kibana-security x-pack/plugins/security_solution_ess @elastic/security-solution x-pack/packages/security-solution/features @elastic/security-threat-hunting-explore x-pack/test/cases_api_integration/common/plugins/security_solution @elastic/response-ops diff --git a/package.json b/package.json index 5e43d8bb910cf..a56c970948ce4 100644 --- a/package.json +++ b/package.json @@ -646,6 +646,9 @@ "@kbn/search-response-warnings": "link:packages/kbn-search-response-warnings", "@kbn/searchprofiler-plugin": "link:x-pack/plugins/searchprofiler", "@kbn/security-plugin": "link:x-pack/plugins/security", + "@kbn/security-plugin-types-common": "link:x-pack/packages/security/plugin_types_common", + "@kbn/security-plugin-types-public": "link:x-pack/packages/security/plugin_types_public", + "@kbn/security-plugin-types-server": "link:x-pack/packages/security/plugin_types_server", "@kbn/security-solution-ess": "link:x-pack/plugins/security_solution_ess", "@kbn/security-solution-features": "link:x-pack/packages/security-solution/features", "@kbn/security-solution-fixtures-plugin": "link:x-pack/test/cases_api_integration/common/plugins/security_solution", diff --git a/src/plugins/data/server/search/session/session_service.test.ts b/src/plugins/data/server/search/session/session_service.test.ts index 3f79049fa9666..481fabcfa423e 100644 --- a/src/plugins/data/server/search/session/session_service.test.ts +++ b/src/plugins/data/server/search/session/session_service.test.ts @@ -18,7 +18,7 @@ import { createRequestHash } from './utils'; import moment from 'moment'; import { coreMock } from '@kbn/core/server/mocks'; import { ConfigSchema } from '../../../config'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { SEARCH_SESSION_TYPE, SearchSessionStatus } from '../../../common'; import { elasticsearchServiceMock } from '@kbn/core/server/mocks'; diff --git a/src/plugins/image_embeddable/public/image_editor/configure_image.tsx b/src/plugins/image_embeddable/public/image_editor/configure_image.tsx index 416a35f61870f..357f3ff46785a 100644 --- a/src/plugins/image_embeddable/public/image_editor/configure_image.tsx +++ b/src/plugins/image_embeddable/public/image_editor/configure_image.tsx @@ -11,7 +11,7 @@ import { toMountPoint } from '@kbn/kibana-react-plugin/public'; import { FilesContext } from '@kbn/shared-ux-file-context'; import { skip, take, takeUntil } from 'rxjs/operators'; import { Subject } from 'rxjs'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { ImageConfig } from '../types'; import { ImageEditorFlyout } from './image_editor_flyout'; import { ImageViewerContext } from '../image_viewer'; diff --git a/src/plugins/image_embeddable/public/image_editor/image_editor_flyout.tsx b/src/plugins/image_embeddable/public/image_editor/image_editor_flyout.tsx index 7954184384920..c8d5f9b9636fc 100644 --- a/src/plugins/image_embeddable/public/image_editor/image_editor_flyout.tsx +++ b/src/plugins/image_embeddable/public/image_editor/image_editor_flyout.tsx @@ -34,7 +34,7 @@ import { FileUpload } from '@kbn/shared-ux-file-upload'; import { FilePicker } from '@kbn/shared-ux-file-picker'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { FileImageMetadata, imageEmbeddableFileKind } from '../imports'; import { ImageConfig } from '../types'; import { ImageViewer } from '../image_viewer/image_viewer'; // use eager version to avoid flickering diff --git a/src/plugins/image_embeddable/public/image_embeddable/image_embeddable_factory.tsx b/src/plugins/image_embeddable/public/image_embeddable/image_embeddable_factory.tsx index ae2b2a4406fa6..c824b7b50765d 100644 --- a/src/plugins/image_embeddable/public/image_embeddable/image_embeddable_factory.tsx +++ b/src/plugins/image_embeddable/public/image_embeddable/image_embeddable_factory.tsx @@ -8,7 +8,7 @@ import { i18n } from '@kbn/i18n'; import { IExternalUrl } from '@kbn/core-http-browser'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { IContainer, EmbeddableInput, diff --git a/tsconfig.base.json b/tsconfig.base.json index d21fd5f4359a1..0f4d5c25aba60 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1280,6 +1280,12 @@ "@kbn/security-api-integration-helpers/*": ["x-pack/test/security_api_integration/packages/helpers/*"], "@kbn/security-plugin": ["x-pack/plugins/security"], "@kbn/security-plugin/*": ["x-pack/plugins/security/*"], + "@kbn/security-plugin-types-common": ["x-pack/packages/security/plugin_types_common"], + "@kbn/security-plugin-types-common/*": ["x-pack/packages/security/plugin_types_common/*"], + "@kbn/security-plugin-types-public": ["x-pack/packages/security/plugin_types_public"], + "@kbn/security-plugin-types-public/*": ["x-pack/packages/security/plugin_types_public/*"], + "@kbn/security-plugin-types-server": ["x-pack/packages/security/plugin_types_server"], + "@kbn/security-plugin-types-server/*": ["x-pack/packages/security/plugin_types_server/*"], "@kbn/security-solution-ess": ["x-pack/plugins/security_solution_ess"], "@kbn/security-solution-ess/*": ["x-pack/plugins/security_solution_ess/*"], "@kbn/security-solution-features": ["x-pack/packages/security-solution/features"], diff --git a/x-pack/packages/security/plugin_types_common/README.md b/x-pack/packages/security/plugin_types_common/README.md new file mode 100644 index 0000000000000..eb7fbaa4a316f --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/README.md @@ -0,0 +1,4 @@ +# @kbn/security-plugin-types-common + +Contains type definitions for the Kibana Security plugin (common). + diff --git a/x-pack/packages/security/plugin_types_common/index.ts b/x-pack/packages/security/plugin_types_common/index.ts new file mode 100644 index 0000000000000..c5771f6982807 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/index.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + AuthenticatedUser, + UserRealm, + User, + AuthenticationProvider, +} from './src/authentication'; +export type { + Role, + RoleIndexPrivilege, + RoleKibanaPrivilege, + RoleRemoteIndexPrivilege, + FeaturesPrivileges, +} from './src/authorization'; +export type { SecurityLicense, SecurityLicenseFeatures, LoginLayout } from './src/licensing'; +export type { + UserProfileUserInfo, + UserProfileData, + UserProfileLabels, + UserProfile, + UserProfileWithSecurity, + UserProfileUserInfoWithSecurity, +} from './src/user_profile'; diff --git a/x-pack/packages/security/plugin_types_common/kibana.jsonc b/x-pack/packages/security/plugin_types_common/kibana.jsonc new file mode 100644 index 0000000000000..714eb0f564cda --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/security-plugin-types-common", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/plugin_types_common/package.json b/x-pack/packages/security/plugin_types_common/package.json new file mode 100644 index 0000000000000..d28f1c03614d9 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-plugin-types-common", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/packages/security/plugin_types_common/src/authentication/authenticated_user.ts b/x-pack/packages/security/plugin_types_common/src/authentication/authenticated_user.ts new file mode 100644 index 0000000000000..ef58d67982977 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/authentication/authenticated_user.ts @@ -0,0 +1,61 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { AuthenticationProvider } from './authentication_provider'; +import type { User } from './user'; + +/** + * An Elasticsearch realm that was used to resolve and authenticate the user. + */ +export interface UserRealm { + /** + * Arbitrary name of the security realm. + */ + name: string; + + /** + * Type of the security realm (file, native, saml etc.). + */ + type: string; +} + +/** + * Represents the currently authenticated user. + */ +export interface AuthenticatedUser extends User { + /** + * The name and type of the Realm that has authenticated the user. + */ + authentication_realm: UserRealm; + + /** + * The name and type of the Realm where the user information were retrieved from. + */ + lookup_realm: UserRealm; + + /** + * The authentication provider that used to authenticate user. + */ + authentication_provider: AuthenticationProvider; + + /** + * The AuthenticationType used by ES to authenticate the user. + * + * @example "realm" | "api_key" | "token" | "anonymous" | "internal" + */ + authentication_type: string; + + /** + * Indicates whether user is authenticated via Elastic Cloud built-in SAML realm. + */ + elastic_cloud_user: boolean; + + /** + * User profile ID of this user. + */ + profile_uid?: string; +} diff --git a/x-pack/packages/security/plugin_types_common/src/authentication/authentication_provider.ts b/x-pack/packages/security/plugin_types_common/src/authentication/authentication_provider.ts new file mode 100644 index 0000000000000..92ec64d83db28 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/authentication/authentication_provider.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/** + * Type and name tuple to identify provider used to authenticate user. + */ +export interface AuthenticationProvider { + /** + * Type of the Kibana authentication provider. + */ + type: string; + /** + * Name of the Kibana authentication provider (arbitrary string). + */ + name: string; +} diff --git a/x-pack/packages/security/plugin_types_common/src/authentication/index.ts b/x-pack/packages/security/plugin_types_common/src/authentication/index.ts new file mode 100644 index 0000000000000..26b9873068c03 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/authentication/index.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { AuthenticatedUser, UserRealm } from './authenticated_user'; +export type { User } from './user'; +export type { AuthenticationProvider } from './authentication_provider'; diff --git a/x-pack/packages/security/plugin_types_common/src/authentication/user.ts b/x-pack/packages/security/plugin_types_common/src/authentication/user.ts new file mode 100644 index 0000000000000..17cd7cd100cab --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/authentication/user.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/** + * A set of fields describing Kibana user. + */ +export interface User { + username: string; + email?: string; + full_name?: string; + roles: readonly string[]; + enabled: boolean; + metadata?: { + _reserved: boolean; + _deprecated?: boolean; + _deprecated_reason?: string; + }; +} diff --git a/x-pack/plugins/security/common/model/features_privileges.ts b/x-pack/packages/security/plugin_types_common/src/authorization/features_privileges.ts similarity index 100% rename from x-pack/plugins/security/common/model/features_privileges.ts rename to x-pack/packages/security/plugin_types_common/src/authorization/features_privileges.ts diff --git a/x-pack/packages/security/plugin_types_common/src/authorization/index.ts b/x-pack/packages/security/plugin_types_common/src/authorization/index.ts new file mode 100644 index 0000000000000..29cb395ccfe4f --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/authorization/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { FeaturesPrivileges } from './features_privileges'; +export type { + Role, + RoleKibanaPrivilege, + RoleIndexPrivilege, + RoleRemoteIndexPrivilege, +} from './role'; diff --git a/x-pack/packages/security/plugin_types_common/src/authorization/role.ts b/x-pack/packages/security/plugin_types_common/src/authorization/role.ts new file mode 100644 index 0000000000000..12fc0a85ff7aa --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/authorization/role.ts @@ -0,0 +1,48 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FeaturesPrivileges } from './features_privileges'; + +export interface RoleIndexPrivilege { + names: string[]; + privileges: string[]; + field_security?: { + grant?: string[]; + except?: string[]; + }; + query?: string; +} + +export interface RoleRemoteIndexPrivilege extends RoleIndexPrivilege { + clusters: string[]; +} + +export interface RoleKibanaPrivilege { + spaces: string[]; + base: string[]; + feature: FeaturesPrivileges; + _reserved?: string[]; +} + +export interface Role { + name: string; + elasticsearch: { + cluster: string[]; + indices: RoleIndexPrivilege[]; + remote_indices?: RoleRemoteIndexPrivilege[]; + run_as: string[]; + }; + kibana: RoleKibanaPrivilege[]; + metadata?: { + [anyKey: string]: any; + }; + transient_metadata?: { + [anyKey: string]: any; + }; + _transform_error?: string[]; + _unrecognized_applications?: string[]; +} diff --git a/x-pack/packages/security/plugin_types_common/src/licensing/index.ts b/x-pack/packages/security/plugin_types_common/src/licensing/index.ts new file mode 100644 index 0000000000000..6fab9a2338fc8 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/licensing/index.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { SecurityLicense } from './license'; +export type { LoginLayout, SecurityLicenseFeatures } from './license_features'; diff --git a/x-pack/packages/security/plugin_types_common/src/licensing/license.ts b/x-pack/packages/security/plugin_types_common/src/licensing/license.ts new file mode 100644 index 0000000000000..041d76c0e8740 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/licensing/license.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { Observable } from 'rxjs'; + +import type { LicenseType } from '@kbn/licensing-plugin/common/types'; + +import type { SecurityLicenseFeatures } from './license_features'; + +export interface SecurityLicense { + isLicenseAvailable(): boolean; + isEnabled(): boolean; + getFeatures(): SecurityLicenseFeatures; + hasAtLeast(licenseType: LicenseType): boolean | undefined; + features$: Observable; +} diff --git a/x-pack/plugins/security/common/licensing/license_features.ts b/x-pack/packages/security/plugin_types_common/src/licensing/license_features.ts similarity index 100% rename from x-pack/plugins/security/common/licensing/license_features.ts rename to x-pack/packages/security/plugin_types_common/src/licensing/license_features.ts diff --git a/x-pack/packages/security/plugin_types_common/src/user_profile/index.ts b/x-pack/packages/security/plugin_types_common/src/user_profile/index.ts new file mode 100644 index 0000000000000..bffb7939c2fc8 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/user_profile/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + UserProfileUserInfo, + UserProfileData, + UserProfileLabels, + UserProfileUserInfoWithSecurity, + UserProfile, + UserProfileWithSecurity, +} from './user_profile'; diff --git a/x-pack/packages/security/plugin_types_common/src/user_profile/user_profile.ts b/x-pack/packages/security/plugin_types_common/src/user_profile/user_profile.ts new file mode 100644 index 0000000000000..13743974afea1 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/src/user_profile/user_profile.ts @@ -0,0 +1,106 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/** + * IMPORTANT: + * + * The types in this file are duplicated at + * `packages/kbn-user-profile-components/src/user_profile.ts` + * + * When making changes please ensure to keep both files in sync. + */ + +/** + * Describes basic properties stored in user profile. + */ +export interface UserProfile { + /** + * Unique ID for of the user profile. + */ + uid: string; + + /** + * Indicates whether user profile is enabled or not. + */ + enabled: boolean; + + /** + * Information about the user that owns profile. + */ + user: UserProfileUserInfo; + + /** + * User specific data associated with the profile. + */ + data: Partial; +} + +/** + * Basic user information returned in user profile. + */ +export interface UserProfileUserInfo { + /** + * Username of the user. + */ + username: string; + /** + * Optional email of the user. + */ + email?: string; + /** + * Optional full name of the user. + */ + full_name?: string; +} + +/** + * Placeholder for data stored in user profile. + */ +export type UserProfileData = Record; + +/** + * Type of the user profile labels structure (currently + */ +export type UserProfileLabels = Record; + +/** + * Extended user information returned in user profile (both basic and security related properties). + */ +export interface UserProfileUserInfoWithSecurity extends UserProfileUserInfo { + /** + * List of the user roles. + */ + roles: readonly string[]; + /** + * Name of the Elasticsearch security realm that was used to authenticate user. + */ + realm_name: string; + /** + * Optional name of the security domain that Elasticsearch security realm that was + * used to authenticate user resides in (if any). + */ + realm_domain?: string; +} + +/** + * Describes all properties stored in user profile (both basic and security related properties). + */ +export interface UserProfileWithSecurity< + D extends UserProfileData = UserProfileData, + L extends UserProfileLabels = UserProfileLabels +> extends UserProfile { + /** + * Information about the user that owns profile. + */ + user: UserProfileUserInfoWithSecurity; + + /** + * User specific _searchable_ labels associated with the profile. Note that labels are considered + * security related field since it's going to be used to store user's space ID. + */ + labels: L; +} diff --git a/x-pack/packages/security/plugin_types_common/tsconfig.json b/x-pack/packages/security/plugin_types_common/tsconfig.json new file mode 100644 index 0000000000000..74be218f1ec29 --- /dev/null +++ b/x-pack/packages/security/plugin_types_common/tsconfig.json @@ -0,0 +1,15 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types" + }, + "include": [ + "**/*.ts", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/licensing-plugin" + ] +} diff --git a/x-pack/packages/security/plugin_types_public/README.md b/x-pack/packages/security/plugin_types_public/README.md new file mode 100644 index 0000000000000..fdc0481d60b68 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/README.md @@ -0,0 +1,4 @@ +# @kbn/security-plugin-types-public + +Contains type definitions for the Kibana Security plugin (public). + diff --git a/x-pack/packages/security/plugin_types_public/index.ts b/x-pack/packages/security/plugin_types_public/index.ts new file mode 100644 index 0000000000000..fc129909743e6 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/index.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { AuthenticationServiceStart, AuthenticationServiceSetup } from './src/authentication'; +export type { UserMenuLink, SecurityNavControlServiceStart } from './src/nav_control'; +export type { SecurityPluginSetup, SecurityPluginStart } from './src/plugin'; +export type { + GetUserProfileResponse, + UserProfileGetCurrentParams, + UserProfileBulkGetParams, + UserProfileSuggestParams, + UserProfileAPIClient, +} from './src/user_profile'; diff --git a/x-pack/packages/security/plugin_types_public/kibana.jsonc b/x-pack/packages/security/plugin_types_public/kibana.jsonc new file mode 100644 index 0000000000000..f4fbe8fe8ea7d --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-browser", + "id": "@kbn/security-plugin-types-public", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/plugin_types_public/package.json b/x-pack/packages/security/plugin_types_public/package.json new file mode 100644 index 0000000000000..58e244244058c --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-plugin-types-public", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/packages/security/plugin_types_public/src/authentication/authentication_service.ts b/x-pack/packages/security/plugin_types_public/src/authentication/authentication_service.ts new file mode 100644 index 0000000000000..a8fa8a6a64d26 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/src/authentication/authentication_service.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { AuthenticatedUser } from '@kbn/security-plugin-types-common'; + +export interface AuthenticationServiceSetup { + /** + * Returns currently authenticated user and throws if current user isn't authenticated. + */ + getCurrentUser: () => Promise; + + /** + * Determines if API Keys are currently enabled. + */ + areAPIKeysEnabled: () => Promise; +} + +/** + * Start has the same contract as Setup for now. + */ +export type AuthenticationServiceStart = AuthenticationServiceSetup; diff --git a/x-pack/packages/security/plugin_types_public/src/authentication/index.ts b/x-pack/packages/security/plugin_types_public/src/authentication/index.ts new file mode 100644 index 0000000000000..55a977e551e22 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/src/authentication/index.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + AuthenticationServiceSetup, + AuthenticationServiceStart, +} from './authentication_service'; diff --git a/x-pack/packages/security/plugin_types_public/src/nav_control/index.ts b/x-pack/packages/security/plugin_types_public/src/nav_control/index.ts new file mode 100644 index 0000000000000..3250ac3c3ca79 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/src/nav_control/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { UserMenuLink, SecurityNavControlServiceStart } from './nav_control_service'; diff --git a/x-pack/packages/security/plugin_types_public/src/nav_control/nav_control_service.ts b/x-pack/packages/security/plugin_types_public/src/nav_control/nav_control_service.ts new file mode 100644 index 0000000000000..39982a753127c --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/src/nav_control/nav_control_service.ts @@ -0,0 +1,32 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { IconType } from '@elastic/eui'; +import type { ReactNode } from 'react'; +import type { Observable } from 'rxjs'; + +export interface UserMenuLink { + label: string; + iconType: IconType; + href: string; + order?: number; + setAsProfile?: boolean; + /** Render a custom ReactNode instead of the default */ + content?: ReactNode; +} + +export interface SecurityNavControlServiceStart { + /** + * Returns an Observable of the array of user menu links (the links that show up under the user's Avatar in the UI) registered by other plugins + */ + getUserMenuLinks$: () => Observable; + + /** + * Registers the provided user menu links to be displayed in the user menu (the links that show up under the user's Avatar in the UI). + */ + addUserMenuLinks: (newUserMenuLink: UserMenuLink[]) => void; +} diff --git a/x-pack/packages/security/plugin_types_public/src/plugin.ts b/x-pack/packages/security/plugin_types_public/src/plugin.ts new file mode 100644 index 0000000000000..28c5822a2e131 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/src/plugin.ts @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SecurityLicense } from '@kbn/security-plugin-types-common'; +import type { AuthenticationServiceSetup, AuthenticationServiceStart } from './authentication'; +import type { SecurityNavControlServiceStart } from './nav_control'; +import type { UserProfileAPIClient } from './user_profile'; + +export interface SecurityPluginSetup { + /** + * Exposes authentication information about the currently logged in user. + */ + authc: AuthenticationServiceSetup; + /** + * Exposes information about the available security features under the current license. + */ + license: SecurityLicense; +} + +export interface SecurityPluginStart { + /** + * Exposes the ability to add custom links to the dropdown menu in the top right, where the user's Avatar is. + */ + navControlService: SecurityNavControlServiceStart; + /** + * Exposes authentication information about the currently logged in user. + */ + authc: AuthenticationServiceStart; + /** + * A set of methods to work with Kibana user profiles. + */ + userProfiles: UserProfileAPIClient; +} diff --git a/x-pack/packages/security/plugin_types_public/src/user_profile/index.ts b/x-pack/packages/security/plugin_types_public/src/user_profile/index.ts new file mode 100644 index 0000000000000..8840a7cee2723 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/src/user_profile/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + GetUserProfileResponse, + UserProfileAPIClient, + UserProfileGetCurrentParams, + UserProfileBulkGetParams, + UserProfileSuggestParams, +} from './user_profile_api_client'; diff --git a/x-pack/packages/security/plugin_types_public/src/user_profile/user_profile_api_client.ts b/x-pack/packages/security/plugin_types_public/src/user_profile/user_profile_api_client.ts new file mode 100644 index 0000000000000..090d5d5b0fcf4 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/src/user_profile/user_profile_api_client.ts @@ -0,0 +1,123 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { + UserProfileData, + AuthenticatedUser, + UserProfileWithSecurity, + UserProfile, +} from '@kbn/security-plugin-types-common'; +import type { Observable } from 'rxjs'; + +export interface UserProfileAPIClient { + readonly userProfile$: Observable; + /** + * Retrieves the user profile of the current user. If the profile isn't available, e.g. for the anonymous users or + * users authenticated via authenticating proxies, the `null` value is returned. + * @param [params] Get current user profile operation parameters. + * @param params.dataPath By default `getCurrent()` returns user information, but does not return any user data. The + * optional "dataPath" parameter can be used to return personal data for this user. + */ + getCurrent( + params?: UserProfileGetCurrentParams + ): Promise>; + + /** + * Retrieves multiple user profiles by their identifiers. + * @param params Bulk get operation parameters. + * @param params.uids List of user profile identifiers. + * @param params.dataPath By default Elasticsearch returns user information, but does not return any user data. The + * optional "dataPath" parameter can be used to return personal data for the requested user profiles. + */ + bulkGet( + params: UserProfileBulkGetParams + ): Promise>>; + + /** + * Suggests multiple user profiles by search criteria. + * + * Note: This endpoint is not provided out-of-the-box by the platform. You need to expose your own + * version within your app. An example of how to do this can be found in: + * `examples/user_profile_examples/server/plugin.ts` + * + * @param path Path to your app's suggest endpoint. + * @param params Suggest operation parameters. + * @param params.name Query string used to match name-related fields in user profiles. The + * following fields are treated as name-related: username, full_name and email. + * @param params.size Desired number of suggestions to return. The default value is 10. + * @param params.dataPath By default, suggest API returns user information, but does not return + * any user data. The optional "dataPath" parameter can be used to return personal data for this + * user (within `kibana` namespace only). + */ + suggest( + path: string, + params: UserProfileSuggestParams + ): Promise>>; + + /** + * Updates user profile data of the current user. + * @param data Application data to be written (merged with existing data). + */ + update(data: D): Promise; +} + +/** + * Parameters for the get user profile for the current user API. + */ +export interface UserProfileGetCurrentParams { + /** + * By default, get API returns user information, but does not return any user data. The optional "dataPath" + * parameter can be used to return personal data for this user (within `kibana` namespace only). + */ + dataPath: string; +} + +export interface GetUserProfileResponse + extends UserProfileWithSecurity { + /** + * Information about the currently authenticated user that owns the profile. + */ + user: UserProfileWithSecurity['user'] & Pick; +} + +/** + * Parameters for the bulk get API. + */ +export interface UserProfileBulkGetParams { + /** + * List of user profile identifiers. + */ + uids: Set; + + /** + * By default, suggest API returns user information, but does not return any user data. The optional "dataPath" + * parameter can be used to return personal data for this user (within `kibana` namespace only). + */ + dataPath?: string; +} + +/** + * Parameters for the suggest API. + */ +export interface UserProfileSuggestParams { + /** + * Query string used to match name-related fields in user profiles. The following fields are treated as + * name-related: username, full_name and email. + */ + name: string; + + /** + * Desired number of suggestions to return. The default value is 10. + */ + size?: number; + + /** + * By default, suggest API returns user information, but does not return any user data. The optional "dataPath" + * parameter can be used to return personal data for this user (within `kibana` namespace only). + */ + dataPath?: string; +} diff --git a/x-pack/packages/security/plugin_types_public/tsconfig.json b/x-pack/packages/security/plugin_types_public/tsconfig.json new file mode 100644 index 0000000000000..23e34902d2c12 --- /dev/null +++ b/x-pack/packages/security/plugin_types_public/tsconfig.json @@ -0,0 +1,15 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types" + }, + "include": [ + "**/*.ts", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/security-plugin-types-common" + ] +} diff --git a/x-pack/packages/security/plugin_types_server/README.md b/x-pack/packages/security/plugin_types_server/README.md new file mode 100644 index 0000000000000..91ac1d3b2d187 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/README.md @@ -0,0 +1,4 @@ +# @kbn/security-plugin-types-server + +Contains type definitions for the Kibana Security plugin (server). + diff --git a/x-pack/packages/security/plugin_types_server/index.ts b/x-pack/packages/security/plugin_types_server/index.ts new file mode 100644 index 0000000000000..2d697dd0187ab --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/index.ts @@ -0,0 +1,74 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + AuditEvent, + AuditHttp, + AuditKibana, + AuditRequest, + AuditServiceSetup, + AuditLogger, +} from './src/audit'; +export type { + CreateAPIKeyParams, + CreateAPIKeyResult, + CreateRestAPIKeyParams, + GrantAPIKeyResult, + InvalidateAPIKeysParams, + ValidateAPIKeyParams, + CreateRestAPIKeyWithKibanaPrivilegesParams, + CreateCrossClusterAPIKeyParams, + InvalidateAPIKeyResult, + APIKeys, + AuthenticationServiceStart, +} from './src/authentication'; +export type { + PrivilegeDeprecationsService, + PrivilegeDeprecationsRolesByFeatureIdResponse, + PrivilegeDeprecationsRolesByFeatureIdRequest, + CheckPrivilegesResponse, + CheckPrivilegesWithRequest, + CheckSavedObjectsPrivilegesWithRequest, + CheckPrivilegesDynamicallyWithRequest, + KibanaPrivilegesType, + SavedObjectActions, + UIActions, + CheckPrivilegesPayload, + CheckSavedObjectsPrivileges, + HasPrivilegesResponse, + HasPrivilegesResponseApplication, + SpaceActions, + Actions, + CheckPrivilegesOptions, + CheckUserProfilesPrivilegesPayload, + CheckUserProfilesPrivilegesResponse, + ElasticsearchPrivilegesType, + CasesActions, + CheckPrivileges, + AlertingActions, + AppActions, + ApiActions, + CheckPrivilegesDynamically, + CheckUserProfilesPrivileges, + AuthorizationMode, + AuthorizationServiceSetup, +} from './src/authorization'; +export type { SecurityPluginSetup, SecurityPluginStart } from './src/plugin'; +export type { + UserProfileServiceStart, + UserProfileSuggestParams, + UserProfileGetCurrentParams, + UserProfileBulkGetParams, + UserProfileRequiredPrivileges, +} from './src/user_profile'; + +export { + restApiKeySchema, + getRestApiKeyWithKibanaPrivilegesSchema, + crossClusterApiKeySchema, +} from './src/authentication'; +export { GLOBAL_RESOURCE, elasticsearchRoleSchema, getKibanaRoleSchema } from './src/authorization'; diff --git a/x-pack/packages/security/plugin_types_server/kibana.jsonc b/x-pack/packages/security/plugin_types_server/kibana.jsonc new file mode 100644 index 0000000000000..e4f4a074f6e76 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-server", + "id": "@kbn/security-plugin-types-server", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/plugin_types_server/package.json b/x-pack/packages/security/plugin_types_server/package.json new file mode 100644 index 0000000000000..da6a8b5eb0b00 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-plugin-types-server", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/packages/security/plugin_types_server/src/audit/audit_events.ts b/x-pack/packages/security/plugin_types_server/src/audit/audit_events.ts new file mode 100644 index 0000000000000..f071a3edcd824 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/audit/audit_events.ts @@ -0,0 +1,112 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { LogMeta } from '@kbn/core/server'; + +/** + * Audit kibana schema using ECS format + */ +export interface AuditKibana { + /** + * The ID of the space associated with this event. + */ + space_id?: string; + /** + * The ID of the user session associated with this event. Each login attempt + * results in a unique session id. + */ + session_id?: string; + /** + * Saved object that was created, changed, deleted or accessed as part of this event. + */ + saved_object?: { + type: string; + id: string; + }; + /** + * Name of authentication provider associated with a login event. + */ + authentication_provider?: string; + /** + * Type of authentication provider associated with a login event. + */ + authentication_type?: string; + /** + * Name of Elasticsearch realm that has authenticated the user. + */ + authentication_realm?: string; + /** + * Name of Elasticsearch realm where the user details were retrieved from. + */ + lookup_realm?: string; + /** + * Set of space IDs that a saved object was shared to. + */ + add_to_spaces?: readonly string[]; + /** + * Set of space IDs that a saved object was removed from. + */ + delete_from_spaces?: readonly string[]; + /** + * Set of space IDs that are not authorized for an action. + */ + unauthorized_spaces?: readonly string[]; + /** + * Set of types that are not authorized for an action. + */ + unauthorized_types?: readonly string[]; +} + +type EcsHttp = Required['http']; +type EcsRequest = Required['request']; + +/** + * Audit request schema using ECS format + */ +export interface AuditRequest extends EcsRequest { + /** + * HTTP request headers + */ + headers?: { + 'x-forwarded-for'?: string; + }; +} + +/** + * Audit http schema using ECS format + */ +export interface AuditHttp extends EcsHttp { + /** + * HTTP request details + */ + request?: AuditRequest; +} + +/** + * Audit event schema using ECS format: https://www.elastic.co/guide/en/ecs/1.12/index.html + * + * If you add additional fields to the schema ensure you update the Kibana Filebeat module: + * https://github.com/elastic/beats/tree/master/filebeat/module/kibana + * + * @public + */ +export interface AuditEvent extends LogMeta { + /** + * Log message + */ + message: string; + + /** + * Kibana specific fields + */ + kibana?: AuditKibana; + + /** + * Fields describing an HTTP request + */ + http?: AuditHttp; +} diff --git a/x-pack/packages/security/plugin_types_server/src/audit/audit_logger.ts b/x-pack/packages/security/plugin_types_server/src/audit/audit_logger.ts new file mode 100644 index 0000000000000..4670de3aa8d3b --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/audit/audit_logger.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { AuditEvent } from './audit_events'; + +export interface AuditLogger { + /** + * Logs an {@link AuditEvent} and automatically adds meta data about the + * current user, space and correlation id. + * + * Guidelines around what events should be logged and how they should be + * structured can be found in: `/x-pack/plugins/security/README.md` + * + * @example + * ```typescript + * const auditLogger = securitySetup.audit.asScoped(request); + * auditLogger.log({ + * message: 'User is updating dashboard [id=123]', + * event: { + * action: 'saved_object_update', + * outcome: 'unknown' + * }, + * kibana: { + * saved_object: { type: 'dashboard', id: '123' } + * }, + * }); + * ``` + */ + log: (event: AuditEvent | undefined) => void; + + /** + * Indicates whether audit logging is enabled or not. + * + * Useful for skipping resource-intense operations that don't need to be performed when audit + * logging is disabled. + */ + readonly enabled: boolean; +} diff --git a/x-pack/packages/security/plugin_types_server/src/audit/audit_service.ts b/x-pack/packages/security/plugin_types_server/src/audit/audit_service.ts new file mode 100644 index 0000000000000..88b25b5181a42 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/audit/audit_service.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { KibanaRequest } from '@kbn/core/server'; + +import type { AuditLogger } from './audit_logger'; + +export interface AuditServiceSetup { + /** + * Creates an {@link AuditLogger} scoped to the current request. + * + * This audit logger logs events with all required user and session info and should be used for + * all user-initiated actions. + * + * @example + * ```typescript + * const auditLogger = securitySetup.audit.asScoped(request); + * auditLogger.log(event); + * ``` + */ + asScoped: (request: KibanaRequest) => AuditLogger; + + /** + * {@link AuditLogger} for background tasks only. + * + * This audit logger logs events without any user or session info and should never be used to log + * user-initiated actions. + * + * @example + * ```typescript + * securitySetup.audit.withoutRequest.log(event); + * ``` + */ + withoutRequest: AuditLogger; +} diff --git a/x-pack/packages/security/plugin_types_server/src/audit/index.ts b/x-pack/packages/security/plugin_types_server/src/audit/index.ts new file mode 100644 index 0000000000000..0111172cd409f --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/audit/index.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { AuditServiceSetup } from './audit_service'; +export type { AuditEvent, AuditHttp, AuditKibana, AuditRequest } from './audit_events'; +export type { AuditLogger } from './audit_logger'; diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts new file mode 100644 index 0000000000000..1cbf13a4ad45f --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts @@ -0,0 +1,201 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { estypes } from '@elastic/elasticsearch'; + +import type { KibanaRequest } from '@kbn/core/server'; +import { schema, TypeOf } from '@kbn/config-schema'; +import { getKibanaRoleSchema, elasticsearchRoleSchema } from '../../authorization'; + +export interface APIKeys { + /** + * Determines if API Keys are enabled in Elasticsearch. + */ + areAPIKeysEnabled(): Promise; + + /** + * Determines if Cross-Cluster API Keys are enabled in Elasticsearch. + */ + areCrossClusterAPIKeysEnabled(): Promise; + + /** + * Tries to create an API key for the current user. + * + * Returns newly created API key or `null` if API keys are disabled. + * + * User needs `manage_api_key` privilege to create REST API keys and `manage_security` for Cross-Cluster API keys. + * + * @param request Request instance. + * @param createParams The params to create an API key + */ + create( + request: KibanaRequest, + createParams: CreateAPIKeyParams + ): Promise; + + /** + * Tries to grant an API key for the current user. + * @param request Request instance. + * @param createParams Create operation parameters. + */ + grantAsInternalUser( + request: KibanaRequest, + createParams: CreateRestAPIKeyParams | CreateRestAPIKeyWithKibanaPrivilegesParams + ): Promise; + + /** + * Tries to validate an API key. + * @param apiKeyPrams ValidateAPIKeyParams. + */ + validate(apiKeyPrams: ValidateAPIKeyParams): Promise; + + /** + * Tries to invalidate an API keys. + * @param request Request instance. + * @param params The params to invalidate an API keys. + */ + invalidate( + request: KibanaRequest, + params: InvalidateAPIKeysParams + ): Promise; + + /** + * Tries to invalidate the API keys by using the internal user. + * @param params The params to invalidate the API keys. + */ + invalidateAsInternalUser(params: InvalidateAPIKeysParams): Promise; +} + +export type CreateAPIKeyParams = + | CreateRestAPIKeyParams + | CreateRestAPIKeyWithKibanaPrivilegesParams + | CreateCrossClusterAPIKeyParams; + +/** + * Response of Kibana Create API key endpoint. + */ +export type CreateAPIKeyResult = estypes.SecurityCreateApiKeyResponse; + +export type CreateRestAPIKeyParams = TypeOf; +export type CreateRestAPIKeyWithKibanaPrivilegesParams = TypeOf< + ReturnType +>; +export type CreateCrossClusterAPIKeyParams = TypeOf; + +export interface GrantAPIKeyResult { + /** + * Unique id for this API key + */ + id: string; + /** + * Name for this API key + */ + name: string; + /** + * Generated API key + */ + api_key: string; +} + +/** + * Represents the parameters for validating API Key credentials. + */ +export interface ValidateAPIKeyParams { + /** + * Unique id for this API key + */ + id: string; + + /** + * Generated API Key (secret) + */ + api_key: string; +} + +/** + * Represents the params for invalidating multiple API keys + */ +export interface InvalidateAPIKeysParams { + ids: string[]; +} + +/** + * The return value when invalidating an API key in Elasticsearch. + */ +export interface InvalidateAPIKeyResult { + /** + * The IDs of the API keys that were invalidated as part of the request. + */ + invalidated_api_keys: string[]; + /** + * The IDs of the API keys that were already invalidated. + */ + previously_invalidated_api_keys: string[]; + /** + * The number of errors that were encountered when invalidating the API keys. + */ + error_count: number; + /** + * Details about these errors. This field is not present in the response when error_count is 0. + */ + error_details?: Array<{ + type?: string; + reason?: string; + caused_by?: { + type?: string; + reason?: string; + }; + }>; +} + +export const restApiKeySchema = schema.object({ + type: schema.maybe(schema.literal('rest')), + name: schema.string(), + expiration: schema.maybe(schema.string()), + role_descriptors: schema.recordOf(schema.string(), schema.object({}, { unknowns: 'allow' }), { + defaultValue: {}, + }), + metadata: schema.maybe(schema.object({}, { unknowns: 'allow' })), +}); + +export const getRestApiKeyWithKibanaPrivilegesSchema = ( + getBasePrivilegeNames: Parameters[0] +) => + restApiKeySchema.extends({ + role_descriptors: null, + kibana_role_descriptors: schema.recordOf( + schema.string(), + schema.object({ + elasticsearch: elasticsearchRoleSchema.extends({}, { unknowns: 'allow' }), + kibana: getKibanaRoleSchema(getBasePrivilegeNames), + }) + ), + }); + +export const crossClusterApiKeySchema = restApiKeySchema.extends({ + type: schema.literal('cross_cluster'), + role_descriptors: null, + access: schema.object( + { + search: schema.maybe( + schema.arrayOf( + schema.object({ + names: schema.arrayOf(schema.string()), + }) + ) + ), + replication: schema.maybe( + schema.arrayOf( + schema.object({ + names: schema.arrayOf(schema.string()), + }) + ) + ), + }, + { unknowns: 'allow' } + ), +}); diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts new file mode 100644 index 0000000000000..dbad1344d1d24 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + CreateAPIKeyParams, + CreateAPIKeyResult, + InvalidateAPIKeyResult, + InvalidateAPIKeysParams, + ValidateAPIKeyParams, + CreateRestAPIKeyParams, + CreateRestAPIKeyWithKibanaPrivilegesParams, + CreateCrossClusterAPIKeyParams, + GrantAPIKeyResult, + APIKeys, +} from './api_keys'; +export { + crossClusterApiKeySchema, + getRestApiKeyWithKibanaPrivilegesSchema, + restApiKeySchema, +} from './api_keys'; diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/authentication_service.ts b/x-pack/packages/security/plugin_types_server/src/authentication/authentication_service.ts new file mode 100644 index 0000000000000..5dc8827786a4b --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authentication/authentication_service.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { KibanaRequest } from '@kbn/core/server'; +import type { AuthenticatedUser } from '@kbn/security-plugin-types-common'; + +import type { APIKeys } from './api_keys'; + +/** + * Authentication services available on the security plugin's start contract. + */ +export interface AuthenticationServiceStart { + apiKeys: APIKeys; + getCurrentUser: (request: KibanaRequest) => AuthenticatedUser | null; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/index.ts b/x-pack/packages/security/plugin_types_server/src/authentication/index.ts new file mode 100644 index 0000000000000..04e4a820fb4d9 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authentication/index.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + CreateAPIKeyParams, + CreateAPIKeyResult, + CreateRestAPIKeyParams, + CreateRestAPIKeyWithKibanaPrivilegesParams, + CreateCrossClusterAPIKeyParams, + InvalidateAPIKeyResult, + InvalidateAPIKeysParams, + ValidateAPIKeyParams, + APIKeys, + GrantAPIKeyResult, +} from './api_keys'; +export type { AuthenticationServiceStart } from './authentication_service'; +export { + restApiKeySchema, + getRestApiKeyWithKibanaPrivilegesSchema, + crossClusterApiKeySchema, +} from './api_keys'; diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/actions.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/actions.ts new file mode 100644 index 0000000000000..e1ad16afa5d30 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/actions.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { AlertingActions } from './alerting'; +import type { ApiActions } from './api'; +import type { AppActions } from './app'; +import type { CasesActions } from './cases'; +import type { SavedObjectActions } from './saved_object'; +import type { SpaceActions } from './space'; +import type { UIActions } from './ui'; + +/** Actions are used to create the "actions" that are associated with Elasticsearch's + * application privileges, and are used to perform the authorization checks implemented + * by the various `checkPrivilegesWithRequest` derivatives. + */ +export interface Actions { + readonly api: ApiActions; + readonly app: AppActions; + readonly cases: CasesActions; + readonly login: string; + readonly savedObject: SavedObjectActions; + readonly alerting: AlertingActions; + readonly space: SpaceActions; + readonly ui: UIActions; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/alerting.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/alerting.ts new file mode 100644 index 0000000000000..fe27a15d1ec07 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/alerting.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export interface AlertingActions { + get(ruleTypeId: string, consumer: string, alertingEntity: string, operation: string): string; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/api.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/api.ts new file mode 100644 index 0000000000000..30a1328ce5639 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/api.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export interface ApiActions { + get(operation: string): string; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/app.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/app.ts new file mode 100644 index 0000000000000..38125e45bdfe6 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/app.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export interface AppActions { + get(operation: string): string; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/cases.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/cases.ts new file mode 100644 index 0000000000000..974c106f14d1b --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/cases.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export interface CasesActions { + get(owner: string, operation: string): string; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/index.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/index.ts new file mode 100644 index 0000000000000..6b3993423015f --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { Actions } from './actions'; +export type { AlertingActions } from './alerting'; +export type { ApiActions } from './api'; +export type { AppActions } from './app'; +export type { CasesActions } from './cases'; +export type { SavedObjectActions } from './saved_object'; +export type { SpaceActions } from './space'; +export type { UIActions } from './ui'; diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/saved_object.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/saved_object.ts new file mode 100644 index 0000000000000..329feb5967043 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/saved_object.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export interface SavedObjectActions { + get(type: string, operation: string): string; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/space.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/space.ts new file mode 100644 index 0000000000000..fb23efaa084b9 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/space.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export interface SpaceActions { + manage: string; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/actions/ui.ts b/x-pack/packages/security/plugin_types_server/src/authorization/actions/ui.ts new file mode 100644 index 0000000000000..176248553898f --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/actions/ui.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { Capabilities as UICapabilities } from '@kbn/core/server'; + +export interface UIActions { + get(featureId: keyof UICapabilities, ...uiCapabilityParts: string[]): string; +} diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/authorization_service.ts b/x-pack/packages/security/plugin_types_server/src/authorization/authorization_service.ts new file mode 100644 index 0000000000000..82fa3d3fcce5e --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/authorization_service.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { Actions } from './actions'; +import type { CheckPrivilegesWithRequest } from './check_privileges'; +import type { CheckPrivilegesDynamicallyWithRequest } from './check_privileges_dynamically'; +import type { CheckSavedObjectsPrivilegesWithRequest } from './check_saved_objects_privileges'; +import type { AuthorizationMode } from './mode'; + +/** + * Authorization services available on the setup contract of the security plugin. + */ +export interface AuthorizationServiceSetup { + /** + * Actions are used to create the "actions" that are associated with Elasticsearch's + * application privileges, and are used to perform the authorization checks implemented + * by the various `checkPrivilegesWithRequest` derivatives. + */ + actions: Actions; + checkPrivilegesWithRequest: CheckPrivilegesWithRequest; + checkPrivilegesDynamicallyWithRequest: CheckPrivilegesDynamicallyWithRequest; + checkSavedObjectsPrivilegesWithRequest: CheckSavedObjectsPrivilegesWithRequest; + mode: AuthorizationMode; +} diff --git a/x-pack/plugins/security/server/authorization/types.ts b/x-pack/packages/security/plugin_types_server/src/authorization/check_privileges.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/types.ts rename to x-pack/packages/security/plugin_types_server/src/authorization/check_privileges.ts diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/check_privileges_dynamically.ts b/x-pack/packages/security/plugin_types_server/src/authorization/check_privileges_dynamically.ts new file mode 100644 index 0000000000000..f9663dddc64d0 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/check_privileges_dynamically.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { KibanaRequest } from '@kbn/core/server'; +import type { + CheckPrivilegesPayload, + CheckPrivilegesOptions, + CheckPrivilegesResponse, +} from './check_privileges'; + +export type CheckPrivilegesDynamically = ( + privileges: CheckPrivilegesPayload, + options?: CheckPrivilegesOptions +) => Promise; + +export type CheckPrivilegesDynamicallyWithRequest = ( + request: KibanaRequest +) => CheckPrivilegesDynamically; diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/check_saved_objects_privileges.ts b/x-pack/packages/security/plugin_types_server/src/authorization/check_saved_objects_privileges.ts new file mode 100644 index 0000000000000..4b42723c83286 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/check_saved_objects_privileges.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { KibanaRequest } from '@kbn/core/server'; +import type { CheckPrivilegesResponse } from './check_privileges'; + +export type CheckSavedObjectsPrivilegesWithRequest = ( + request: KibanaRequest +) => CheckSavedObjectsPrivileges; + +export type CheckSavedObjectsPrivileges = ( + actions: string | string[], + namespaceOrNamespaces?: string | Array +) => Promise; diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/constants.ts b/x-pack/packages/security/plugin_types_server/src/authorization/constants.ts new file mode 100644 index 0000000000000..cd2d7d3002558 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/constants.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const GLOBAL_RESOURCE = '*'; diff --git a/x-pack/plugins/security/common/model/deprecations.ts b/x-pack/packages/security/plugin_types_server/src/authorization/deprecations.ts similarity index 92% rename from x-pack/plugins/security/common/model/deprecations.ts rename to x-pack/packages/security/plugin_types_server/src/authorization/deprecations.ts index 3fa9bd4019818..68cc61067e3c0 100644 --- a/x-pack/plugins/security/common/model/deprecations.ts +++ b/x-pack/packages/security/plugin_types_server/src/authorization/deprecations.ts @@ -7,7 +7,7 @@ import type { DeprecationsDetails, GetDeprecationsContext } from '@kbn/core/server'; -import type { Role } from './role'; +import type { Role } from '@kbn/security-plugin-types-common'; export interface PrivilegeDeprecationsRolesByFeatureIdResponse { roles?: Role[]; diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/index.ts b/x-pack/packages/security/plugin_types_server/src/authorization/index.ts new file mode 100644 index 0000000000000..54364d7817f31 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/index.ts @@ -0,0 +1,48 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + Actions, + ApiActions, + AppActions, + AlertingActions, + CasesActions, + SavedObjectActions, + SpaceActions, + UIActions, +} from './actions'; +export type { AuthorizationServiceSetup } from './authorization_service'; +export type { + CheckPrivilegesOptions, + CheckPrivilegesResponse, + CheckPrivilegesWithRequest, + CheckPrivilegesPayload, + CheckPrivileges, + HasPrivilegesResponse, + HasPrivilegesResponseApplication, + CheckUserProfilesPrivilegesPayload, + CheckUserProfilesPrivilegesResponse, + CheckUserProfilesPrivileges, +} from './check_privileges'; +export type { + CheckPrivilegesDynamically, + CheckPrivilegesDynamicallyWithRequest, +} from './check_privileges_dynamically'; +export type { + CheckSavedObjectsPrivileges, + CheckSavedObjectsPrivilegesWithRequest, +} from './check_saved_objects_privileges'; +export type { + PrivilegeDeprecationsService, + PrivilegeDeprecationsRolesByFeatureIdRequest, + PrivilegeDeprecationsRolesByFeatureIdResponse, +} from './deprecations'; +export type { AuthorizationMode } from './mode'; +export type { ElasticsearchPrivilegesType, KibanaPrivilegesType } from './role_schema'; + +export { GLOBAL_RESOURCE } from './constants'; +export { elasticsearchRoleSchema, getKibanaRoleSchema } from './role_schema'; diff --git a/x-pack/packages/security/plugin_types_server/src/authorization/mode.ts b/x-pack/packages/security/plugin_types_server/src/authorization/mode.ts new file mode 100644 index 0000000000000..242b5524a937a --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/authorization/mode.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { KibanaRequest } from '@kbn/core/server'; + +export interface AuthorizationMode { + useRbacForRequest(request: KibanaRequest): boolean; +} diff --git a/x-pack/plugins/security/server/lib/role_schema.ts b/x-pack/packages/security/plugin_types_server/src/authorization/role_schema.ts similarity index 99% rename from x-pack/plugins/security/server/lib/role_schema.ts rename to x-pack/packages/security/plugin_types_server/src/authorization/role_schema.ts index fe59a1f740b41..ea7f896927905 100644 --- a/x-pack/plugins/security/server/lib/role_schema.ts +++ b/x-pack/packages/security/plugin_types_server/src/authorization/role_schema.ts @@ -9,7 +9,7 @@ import _ from 'lodash'; import type { TypeOf } from '@kbn/config-schema'; import { schema } from '@kbn/config-schema'; -import { GLOBAL_RESOURCE } from '../../common/constants'; +import { GLOBAL_RESOURCE } from './constants'; /** * Elasticsearch specific portion of the role definition. diff --git a/x-pack/packages/security/plugin_types_server/src/plugin.ts b/x-pack/packages/security/plugin_types_server/src/plugin.ts new file mode 100644 index 0000000000000..d3ee046c2d0cd --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/plugin.ts @@ -0,0 +1,48 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SecurityLicense } from '@kbn/security-plugin-types-common'; +import type { AuditServiceSetup } from './audit'; +import type { PrivilegeDeprecationsService, AuthorizationServiceSetup } from './authorization'; +import type { AuthenticationServiceStart } from './authentication'; +import type { UserProfileServiceStart } from './user_profile'; + +/** + * Describes public Security plugin contract returned at the `setup` stage. + */ +export interface SecurityPluginSetup { + /** + * Exposes information about the available security features under the current license. + */ + license: SecurityLicense; + /** + * Exposes services for audit logging. + */ + audit: AuditServiceSetup; + /** + * Exposes services to access kibana roles per feature id with the GetDeprecationsContext + */ + privilegeDeprecationsService: PrivilegeDeprecationsService; +} + +/** + * Describes public Security plugin contract returned at the `start` stage. + */ +export interface SecurityPluginStart { + /** + * Authentication services to confirm the user is who they say they are. + */ + authc: AuthenticationServiceStart; + /** + * Authorization services to manage and access the permissions a particular user has. + */ + authz: AuthorizationServiceSetup; + /** + * User profiles services to retrieve user profiles. + */ + userProfiles: UserProfileServiceStart; +} diff --git a/x-pack/packages/security/plugin_types_server/src/user_profile/index.ts b/x-pack/packages/security/plugin_types_server/src/user_profile/index.ts new file mode 100644 index 0000000000000..15be67e7601f0 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/user_profile/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export type { + UserProfileServiceStart, + UserProfileSuggestParams, + UserProfileBulkGetParams, + UserProfileRequiredPrivileges, + UserProfileGetCurrentParams, +} from './user_profile_service'; diff --git a/x-pack/packages/security/plugin_types_server/src/user_profile/user_profile_service.ts b/x-pack/packages/security/plugin_types_server/src/user_profile/user_profile_service.ts new file mode 100644 index 0000000000000..ab68b973139ed --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/src/user_profile/user_profile_service.ts @@ -0,0 +1,142 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { KibanaRequest } from '@kbn/core/server'; +import type { + UserProfileData, + UserProfileLabels, + UserProfileWithSecurity, + UserProfile, +} from '@kbn/security-plugin-types-common'; + +/** + * A set of methods to work with Kibana user profiles. + */ +export interface UserProfileServiceStart { + /** + * Retrieves a user profile for the current user extracted from the specified request. If the profile isn't available, + * e.g. for the anonymous users or users authenticated via authenticating proxies, the `null` value is returned. + * @param params Get current user profile operation parameters. + * @param params.request User request instance to get user profile for. + * @param params.dataPath By default Elasticsearch returns user information, but does not return any user data. The + * optional "dataPath" parameter can be used to return personal data for the requested user profiles. + */ + getCurrent( + params: UserProfileGetCurrentParams + ): Promise | null>; + + /** + * Retrieves multiple user profiles by their identifiers. + * @param params Bulk get operation parameters. + * @param params.uids List of user profile identifiers. + * @param params.dataPath By default Elasticsearch returns user information, but does not return any user data. The + * optional "dataPath" parameter can be used to return personal data for the requested user profiles. + */ + bulkGet( + params: UserProfileBulkGetParams + ): Promise>>; + + /** + * Suggests multiple user profiles by search criteria. + * @param params Suggest operation parameters. + * @param params.name Query string used to match name-related fields in user profiles. The following fields are treated as name-related: username, full_name and email. + * @param params.size Desired number of suggestion to return. The default value is 10. + * @param params.dataPath By default, suggest API returns user information, but does not return any user data. The optional "dataPath" parameter can be used to return personal data for this user (within `kibana` namespace only). + * @param params.requiredPrivileges The set of the privileges that users associated with the suggested user profile should have in the specified space. If not specified, privileges check isn't performed and all matched profiles are returned irrespective to the privileges of the associated users. + */ + suggest( + params: UserProfileSuggestParams + ): Promise>>; +} + +/** + * The set of privileges that users associated with the suggested user profile should have for a specified space id. + */ +export interface UserProfileRequiredPrivileges { + /** + * The id of the Kibana Space. + */ + spaceId: string; + + /** + * The set of the Kibana specific application privileges. + */ + privileges: { kibana: string[] }; +} + +/** + * Parameters for the get user profile for the current user API. + */ +export interface UserProfileGetCurrentParams { + /** + * User request instance to get user profile for. + */ + request: KibanaRequest; + + /** + * By default, get API returns user information, but does not return any user data. The optional "dataPath" + * parameter can be used to return personal data for this user (within `kibana` namespace only). + */ + dataPath?: string; +} + +/** + * Parameters for the bulk get API. + */ +export interface UserProfileBulkGetParams { + /** + * List of user profile identifiers. + */ + uids: Set; + + /** + * By default, suggest API returns user information, but does not return any user data. The optional "dataPath" + * parameter can be used to return personal data for this user (within `kibana` namespace only). + */ + dataPath?: string; +} + +/** + * Parameters for the suggest API. + */ +export interface UserProfileSuggestParams { + /** + * Query string used to match name-related fields in user profiles. The following fields are treated as + * name-related: username, full_name and email. + */ + name?: string; + + /** + * Extra search criteria to improve relevance of the suggestion result. A profile matching the + * specified hint is ranked higher in the response. But not-matching the hint does not exclude a + * profile from the response as long as it matches the `name` field query. + */ + hint?: { + /** + * A list of Profile UIDs to match against. + */ + uids: string[]; + }; + + /** + * Desired number of suggestion to return. The default value is 10. + */ + size?: number; + + /** + * By default, suggest API returns user information, but does not return any user data. The optional "dataPath" + * parameter can be used to return personal data for this user (within `kibana` namespace only). + */ + dataPath?: string; + + /** + * The set of the privileges that users associated with the suggested user profile should have in the specified space. + * If not specified, privileges check isn't performed and all matched profiles are returned irrespective to the + * privileges of the associated users. + */ + requiredPrivileges?: UserProfileRequiredPrivileges; +} diff --git a/x-pack/packages/security/plugin_types_server/tsconfig.json b/x-pack/packages/security/plugin_types_server/tsconfig.json new file mode 100644 index 0000000000000..1883d50f328e5 --- /dev/null +++ b/x-pack/packages/security/plugin_types_server/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types" + }, + "include": [ + "**/*.ts", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/config-schema", + "@kbn/core", + "@kbn/security-plugin-types-common", + ] +} diff --git a/x-pack/plugins/alerting/server/maintenance_window_client_factory.test.ts b/x-pack/plugins/alerting/server/maintenance_window_client_factory.test.ts index 9f3f2d26447d1..a1ec0a351729c 100644 --- a/x-pack/plugins/alerting/server/maintenance_window_client_factory.test.ts +++ b/x-pack/plugins/alerting/server/maintenance_window_client_factory.test.ts @@ -14,7 +14,7 @@ import { savedObjectsServiceMock, loggingSystemMock, } from '@kbn/core/server/mocks'; -import { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; import { securityMock } from '@kbn/security-plugin/server/mocks'; import { SECURITY_EXTENSION_ID } from '@kbn/core-saved-objects-server'; import { MAINTENANCE_WINDOW_SAVED_OBJECT_TYPE } from '../common'; diff --git a/x-pack/plugins/alerting/server/rules_client_factory.test.ts b/x-pack/plugins/alerting/server/rules_client_factory.test.ts index 9f1a4acb12420..0532a48be01e1 100644 --- a/x-pack/plugins/alerting/server/rules_client_factory.test.ts +++ b/x-pack/plugins/alerting/server/rules_client_factory.test.ts @@ -15,7 +15,7 @@ import { savedObjectsRepositoryMock, } from '@kbn/core/server/mocks'; import { encryptedSavedObjectsMock } from '@kbn/encrypted-saved-objects-plugin/server/mocks'; -import { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; import { securityMock } from '@kbn/security-plugin/server/mocks'; import { PluginStartContract as ActionsStartContract } from '@kbn/actions-plugin/server'; import { actionsMock, actionsAuthorizationMock } from '@kbn/actions-plugin/server/mocks'; diff --git a/x-pack/plugins/alerting/server/rules_settings_client_factory.test.ts b/x-pack/plugins/alerting/server/rules_settings_client_factory.test.ts index bb278dbf50cdd..6f713f20530e5 100644 --- a/x-pack/plugins/alerting/server/rules_settings_client_factory.test.ts +++ b/x-pack/plugins/alerting/server/rules_settings_client_factory.test.ts @@ -15,7 +15,7 @@ import { savedObjectsServiceMock, loggingSystemMock, } from '@kbn/core/server/mocks'; -import { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; import { securityMock } from '@kbn/security-plugin/server/mocks'; import { SECURITY_EXTENSION_ID } from '@kbn/core-saved-objects-server'; import { RULES_SETTINGS_SAVED_OBJECT_TYPE } from '../common'; diff --git a/x-pack/plugins/apm/public/hooks/use_current_user.ts b/x-pack/plugins/apm/public/hooks/use_current_user.ts index 0e95bb27bbb87..c700ae7bd288d 100644 --- a/x-pack/plugins/apm/public/hooks/use_current_user.ts +++ b/x-pack/plugins/apm/public/hooks/use_current_user.ts @@ -7,7 +7,7 @@ import { useState, useEffect } from 'react'; import { useKibana } from '@kbn/kibana-react-plugin/public'; -import { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; import { ApmPluginStartDeps } from '../plugin'; export function useCurrentUser() { diff --git a/x-pack/plugins/cases/public/common/lib/kibana/hooks.ts b/x-pack/plugins/cases/public/common/lib/kibana/hooks.ts index c540824b1ebb5..fdb5a22e66985 100644 --- a/x-pack/plugins/cases/public/common/lib/kibana/hooks.ts +++ b/x-pack/plugins/cases/public/common/lib/kibana/hooks.ts @@ -10,7 +10,7 @@ import moment from 'moment-timezone'; import { useCallback, useEffect, useMemo, useState } from 'react'; import { i18n } from '@kbn/i18n'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import type { NavigateToAppOptions } from '@kbn/core/public'; import { getUICapabilities } from '../../../client/helpers/capabilities'; import { convertToCamelCase } from '../../../api/utils'; diff --git a/x-pack/plugins/encrypted_saved_objects/server/crypto/encrypted_saved_objects_service.ts b/x-pack/plugins/encrypted_saved_objects/server/crypto/encrypted_saved_objects_service.ts index 321b93c8452ee..7bde0d6190547 100644 --- a/x-pack/plugins/encrypted_saved_objects/server/crypto/encrypted_saved_objects_service.ts +++ b/x-pack/plugins/encrypted_saved_objects/server/crypto/encrypted_saved_objects_service.ts @@ -10,7 +10,7 @@ import stringify from 'json-stable-stringify'; import typeDetect from 'type-detect'; import type { Logger } from '@kbn/core/server'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { EncryptedSavedObjectAttributesDefinition } from './encrypted_saved_object_type_definition'; import { EncryptionError, EncryptionErrorOperation } from './encryption_error'; diff --git a/x-pack/plugins/fleet/server/services/agent_policy_create.ts b/x-pack/plugins/fleet/server/services/agent_policy_create.ts index 11cb82123a347..9d1b3a9f01a5f 100644 --- a/x-pack/plugins/fleet/server/services/agent_policy_create.ts +++ b/x-pack/plugins/fleet/server/services/agent_policy_create.ts @@ -7,7 +7,7 @@ import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import type { HTTPAuthorizationHeader } from '../../common/http_authorization_header'; diff --git a/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts b/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts index 1e7d09f261603..5de46b845bfcc 100644 --- a/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts +++ b/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts @@ -5,7 +5,11 @@ * 2.0. */ -import type { CheckPrivilegesDynamically } from '@kbn/security-plugin/server/authorization/check_privileges_dynamically'; +import type { + CheckPrivilegesDynamically, + CheckPrivilegesResponse, + CheckPrivilegesPayload, +} from '@kbn/security-plugin/server'; import type { RequestHandler } from '@kbn/core/server'; import type { VersionedRouter } from '@kbn/core-http-server'; import { loggingSystemMock } from '@kbn/core/server/mocks'; @@ -14,10 +18,6 @@ import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { coreMock } from '@kbn/core/server/mocks'; -import type { CheckPrivilegesPayload } from '@kbn/security-plugin/server'; - -import type { CheckPrivilegesResponse } from '@kbn/security-plugin/server/authorization/types'; - import { API_VERSIONS } from '../../../common/constants'; import type { FleetRequestHandlerContext } from '../..'; diff --git a/x-pack/plugins/observability_ai_assistant/public/hooks/use_current_user.ts b/x-pack/plugins/observability_ai_assistant/public/hooks/use_current_user.ts index 8e8f437a87fb2..6414e7f604f63 100644 --- a/x-pack/plugins/observability_ai_assistant/public/hooks/use_current_user.ts +++ b/x-pack/plugins/observability_ai_assistant/public/hooks/use_current_user.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; import { useEffect, useState } from 'react'; import { useObservabilityAIAssistant } from './use_observability_ai_assistant'; diff --git a/x-pack/plugins/security/common/constants.ts b/x-pack/plugins/security/common/constants.ts index 9aff47c459a72..48a0202105965 100644 --- a/x-pack/plugins/security/common/constants.ts +++ b/x-pack/plugins/security/common/constants.ts @@ -15,7 +15,6 @@ export const ALL_SPACES_ID = '*'; */ export const UNKNOWN_SPACE = '?'; -export const GLOBAL_RESOURCE = '*'; export const APPLICATION_PREFIX = 'kibana-'; /** diff --git a/x-pack/plugins/security/common/index.ts b/x-pack/plugins/security/common/index.ts index c547833949ded..e30fff0a8e76f 100644 --- a/x-pack/plugins/security/common/index.ts +++ b/x-pack/plugins/security/common/index.ts @@ -5,27 +5,40 @@ * 2.0. */ -export type { SecurityLicense, SecurityLicenseFeatures, LoginLayout } from './licensing'; export type { - AuthenticatedUser, GetUserProfileResponse, + ApiKey, + RestApiKey, + GetUserDisplayNameParams, + EditUser, + BuiltinESPrivileges, + RawKibanaPrivileges, + RoleMapping, + RoleTemplate, + StoredRoleTemplate, + InvalidRoleTemplate, + InlineRoleTemplate, +} from './model'; +export { getUserDisplayName, isRoleReserved } from './model'; + +// Re-export types from the plugin directly to enhance the developer experience for consumers of the Security plugin. +export type { + AuthenticatedUser, + UserRealm, + User, AuthenticationProvider, - PrivilegeDeprecationsService, - PrivilegeDeprecationsRolesByFeatureIdRequest, - PrivilegeDeprecationsRolesByFeatureIdResponse, Role, RoleIndexPrivilege, RoleKibanaPrivilege, + RoleRemoteIndexPrivilege, FeaturesPrivileges, - User, + LoginLayout, + SecurityLicenseFeatures, + SecurityLicense, UserProfile, UserProfileUserInfo, UserProfileWithSecurity, UserProfileData, UserProfileLabels, UserProfileUserInfoWithSecurity, - ApiKey, - UserRealm, - GetUserDisplayNameParams, -} from './model'; -export { getUserDisplayName } from './model'; +} from '@kbn/security-plugin-types-common'; diff --git a/x-pack/plugins/security/common/licensing/index.mock.ts b/x-pack/plugins/security/common/licensing/index.mock.ts index b947fa5b1ed26..7065deb939c1f 100644 --- a/x-pack/plugins/security/common/licensing/index.mock.ts +++ b/x-pack/plugins/security/common/licensing/index.mock.ts @@ -9,9 +9,7 @@ import { Observable, of } from 'rxjs'; import type { LicenseType } from '@kbn/licensing-plugin/common/types'; import { LICENSE_TYPE } from '@kbn/licensing-plugin/common/types'; - -import type { SecurityLicenseFeatures } from './license_features'; -import type { SecurityLicense } from './license_service'; +import type { SecurityLicense, SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; export const licenseMock = { create: ( diff --git a/x-pack/plugins/security/common/licensing/index.ts b/x-pack/plugins/security/common/licensing/index.ts index 48329aeb99925..e36a22b5f8b68 100644 --- a/x-pack/plugins/security/common/licensing/index.ts +++ b/x-pack/plugins/security/common/licensing/index.ts @@ -5,7 +5,4 @@ * 2.0. */ -export type { SecurityLicense } from './license_service'; export { SecurityLicenseService } from './license_service'; - -export type { LoginLayout, SecurityLicenseFeatures } from './license_features'; diff --git a/x-pack/plugins/security/common/licensing/license_service.ts b/x-pack/plugins/security/common/licensing/license_service.ts index cbb658dde9888..4372fa918e492 100644 --- a/x-pack/plugins/security/common/licensing/license_service.ts +++ b/x-pack/plugins/security/common/licensing/license_service.ts @@ -9,17 +9,7 @@ import type { Observable, Subscription } from 'rxjs'; import { map } from 'rxjs/operators'; import type { ILicense, LicenseType } from '@kbn/licensing-plugin/common/types'; - -import type { SecurityLicenseFeatures } from './license_features'; - -export interface SecurityLicense { - isLicenseAvailable(): boolean; - isEnabled(): boolean; - getFeatures(): SecurityLicenseFeatures; - hasAtLeast(licenseType: LicenseType): boolean | undefined; - features$: Observable; -} - +import type { SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; interface SetupDeps { license$: Observable; } diff --git a/x-pack/plugins/security/common/login_state.ts b/x-pack/plugins/security/common/login_state.ts index fe2c6380db3ee..b274883d0146e 100644 --- a/x-pack/plugins/security/common/login_state.ts +++ b/x-pack/plugins/security/common/login_state.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { LoginLayout } from './licensing'; +import type { LoginLayout } from '@kbn/security-plugin-types-common'; export interface LoginSelectorProvider { type: string; diff --git a/x-pack/plugins/security/common/model/authenticated_user.mock.ts b/x-pack/plugins/security/common/model/authenticated_user.mock.ts index 84b300d5c982b..6f691579b073b 100644 --- a/x-pack/plugins/security/common/model/authenticated_user.mock.ts +++ b/x-pack/plugins/security/common/model/authenticated_user.mock.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { AuthenticatedUser } from './authenticated_user'; +import type { AuthenticatedUser } from '@kbn/security-plugin-types-common'; // We omit `roles` here since the original interface defines this field as `readonly string[]` that makes it hard to use // in various mocks that expect mutable string array. diff --git a/x-pack/plugins/security/common/model/authenticated_user.test.ts b/x-pack/plugins/security/common/model/authenticated_user.test.ts index 4c84a951bf729..9ed02c57841bf 100644 --- a/x-pack/plugins/security/common/model/authenticated_user.test.ts +++ b/x-pack/plugins/security/common/model/authenticated_user.test.ts @@ -6,8 +6,8 @@ */ import { applicationServiceMock } from '@kbn/core/public/mocks'; +import type { AuthenticatedUser } from '@kbn/security-plugin-types-common'; -import type { AuthenticatedUser } from './authenticated_user'; import { canUserChangeDetails, canUserChangePassword, diff --git a/x-pack/plugins/security/common/model/authenticated_user.ts b/x-pack/plugins/security/common/model/authenticated_user.ts index fd78b250a5ccc..02c1e0f3936dc 100644 --- a/x-pack/plugins/security/common/model/authenticated_user.ts +++ b/x-pack/plugins/security/common/model/authenticated_user.ts @@ -6,64 +6,10 @@ */ import type { Capabilities } from '@kbn/core/types'; - -import type { AuthenticationProvider } from './authentication_provider'; -import type { User } from './user'; +import type { AuthenticatedUser } from '@kbn/security-plugin-types-common'; const REALMS_ELIGIBLE_FOR_PASSWORD_CHANGE = ['reserved', 'native']; -/** - * An Elasticsearch realm that was used to resolve and authenticate the user. - */ -export interface UserRealm { - /** - * Arbitrary name of the security realm. - */ - name: string; - - /** - * Type of the security realm (file, native, saml etc.). - */ - type: string; -} - -/** - * Represents the currently authenticated user. - */ -export interface AuthenticatedUser extends User { - /** - * The name and type of the Realm that has authenticated the user. - */ - authentication_realm: UserRealm; - - /** - * The name and type of the Realm where the user information were retrieved from. - */ - lookup_realm: UserRealm; - - /** - * The authentication provider that used to authenticate user. - */ - authentication_provider: AuthenticationProvider; - - /** - * The AuthenticationType used by ES to authenticate the user. - * - * @example "realm" | "api_key" | "token" | "anonymous" | "internal" - */ - authentication_type: string; - - /** - * Indicates whether user is authenticated via Elastic Cloud built-in SAML realm. - */ - elastic_cloud_user: boolean; - - /** - * User profile ID of this user. - */ - profile_uid?: string; -} - export function isUserAnonymous(user: Pick) { return user.authentication_provider.type === 'anonymous'; } diff --git a/x-pack/plugins/security/common/model/authentication_provider.ts b/x-pack/plugins/security/common/model/authentication_provider.ts index 9435c8ec55c95..4cdc49cf62ee6 100644 --- a/x-pack/plugins/security/common/model/authentication_provider.ts +++ b/x-pack/plugins/security/common/model/authentication_provider.ts @@ -5,20 +5,6 @@ * 2.0. */ -/** - * Type and name tuple to identify provider used to authenticate user. - */ -export interface AuthenticationProvider { - /** - * Type of the Kibana authentication provider. - */ - type: string; - /** - * Name of the Kibana authentication provider (arbitrary string). - */ - name: string; -} - /** * Checks whether authentication provider with the specified type uses Kibana's native login form. * @param providerType Type of the authentication provider. diff --git a/x-pack/plugins/security/common/model/index.ts b/x-pack/plugins/security/common/model/index.ts index c8505a644503f..006a0104e30d1 100644 --- a/x-pack/plugins/security/common/model/index.ts +++ b/x-pack/plugins/security/common/model/index.ts @@ -13,40 +13,23 @@ export type { ApiKeyRoleDescriptors, CrossClusterApiKeyAccess, } from './api_key'; -export type { User, EditUser, GetUserDisplayNameParams } from './user'; -export type { - GetUserProfileResponse, - UserProfile, - UserProfileUserInfo, - UserProfileWithSecurity, - UserProfileData, - UserProfileLabels, - UserProfileUserInfoWithSecurity, -} from './user_profile'; +export type { EditUser, GetUserDisplayNameParams } from './user'; +export type { GetUserProfileResponse } from './user_profile'; export { getUserAvatarColor, getUserAvatarInitials, USER_AVATAR_MAX_INITIALS, } from './user_profile'; export { getUserDisplayName } from './user'; -export type { AuthenticatedUser, UserRealm } from './authenticated_user'; export { canUserChangePassword, canUserChangeDetails, isUserAnonymous, canUserHaveProfile, } from './authenticated_user'; -export type { AuthenticationProvider } from './authentication_provider'; export { shouldProviderUseLoginForm } from './authentication_provider'; export type { BuiltinESPrivileges } from './builtin_es_privileges'; export type { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_privileges'; -export type { FeaturesPrivileges } from './features_privileges'; -export type { - Role, - RoleIndexPrivilege, - RoleRemoteIndexPrivilege, - RoleKibanaPrivilege, -} from './role'; export { copyRole, isRoleDeprecated, @@ -65,8 +48,3 @@ export type { RoleTemplate, RoleMapping, } from './role_mapping'; -export type { - PrivilegeDeprecationsRolesByFeatureIdRequest, - PrivilegeDeprecationsRolesByFeatureIdResponse, - PrivilegeDeprecationsService, -} from './deprecations'; diff --git a/x-pack/plugins/security/common/model/role.test.ts b/x-pack/plugins/security/common/model/role.test.ts index 0aa34fefc73e5..b973115ed69b4 100644 --- a/x-pack/plugins/security/common/model/role.test.ts +++ b/x-pack/plugins/security/common/model/role.test.ts @@ -5,7 +5,8 @@ * 2.0. */ -import type { Role } from '.'; +import type { Role } from '@kbn/security-plugin-types-common'; + import { copyRole, getExtendedRoleDeprecationNotice, diff --git a/x-pack/plugins/security/common/model/role.ts b/x-pack/plugins/security/common/model/role.ts index 17971905fc1ed..1872f3bff2f5a 100644 --- a/x-pack/plugins/security/common/model/role.ts +++ b/x-pack/plugins/security/common/model/role.ts @@ -8,48 +8,7 @@ import { cloneDeep } from 'lodash'; import { i18n } from '@kbn/i18n'; - -import type { FeaturesPrivileges } from './features_privileges'; - -export interface RoleIndexPrivilege { - names: string[]; - privileges: string[]; - field_security?: { - grant?: string[]; - except?: string[]; - }; - query?: string; -} - -export interface RoleRemoteIndexPrivilege extends RoleIndexPrivilege { - clusters: string[]; -} - -export interface RoleKibanaPrivilege { - spaces: string[]; - base: string[]; - feature: FeaturesPrivileges; - _reserved?: string[]; -} - -export interface Role { - name: string; - elasticsearch: { - cluster: string[]; - indices: RoleIndexPrivilege[]; - remote_indices?: RoleRemoteIndexPrivilege[]; - run_as: string[]; - }; - kibana: RoleKibanaPrivilege[]; - metadata?: { - [anyKey: string]: any; - }; - transient_metadata?: { - [anyKey: string]: any; - }; - _transform_error?: string[]; - _unrecognized_applications?: string[]; -} +import type { Role } from '@kbn/security-plugin-types-common'; /** * Returns whether given role is enabled or not diff --git a/x-pack/plugins/security/common/model/user.test.ts b/x-pack/plugins/security/common/model/user.test.ts index 80a2abcf40a04..b22344ea8e233 100644 --- a/x-pack/plugins/security/common/model/user.test.ts +++ b/x-pack/plugins/security/common/model/user.test.ts @@ -5,7 +5,8 @@ * 2.0. */ -import type { User } from './user'; +import type { User } from '@kbn/security-plugin-types-common'; + import { getUserDisplayName } from './user'; describe('#getUserDisplayName', () => { diff --git a/x-pack/plugins/security/common/model/user.ts b/x-pack/plugins/security/common/model/user.ts index 88bbf378c508c..a04e9be77dfcb 100644 --- a/x-pack/plugins/security/common/model/user.ts +++ b/x-pack/plugins/security/common/model/user.ts @@ -5,21 +5,7 @@ * 2.0. */ -/** - * A set of fields describing Kibana user. - */ -export interface User { - username: string; - email?: string; - full_name?: string; - roles: readonly string[]; - enabled: boolean; - metadata?: { - _reserved: boolean; - _deprecated?: boolean; - _deprecated_reason?: string; - }; -} +import type { User } from '@kbn/security-plugin-types-common'; export interface EditUser extends User { password?: string; diff --git a/x-pack/plugins/security/common/model/user_profile.mock.ts b/x-pack/plugins/security/common/model/user_profile.mock.ts index 7e72ce26e13c9..519948b94f578 100644 --- a/x-pack/plugins/security/common/model/user_profile.mock.ts +++ b/x-pack/plugins/security/common/model/user_profile.mock.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { UserProfile, UserProfileWithSecurity } from './user_profile'; +import type { UserProfile, UserProfileWithSecurity } from '@kbn/security-plugin-types-common'; function createUserProfileMock(userProfile: Partial = {}) { return { diff --git a/x-pack/plugins/security/common/model/user_profile.ts b/x-pack/plugins/security/common/model/user_profile.ts index 152b0d0266bbe..0c9daba622e70 100644 --- a/x-pack/plugins/security/common/model/user_profile.ts +++ b/x-pack/plugins/security/common/model/user_profile.ts @@ -7,111 +7,16 @@ import { VISUALIZATION_COLORS } from '@elastic/eui'; +import type { + AuthenticatedUser, + UserProfileData, + UserProfileUserInfo, + UserProfileWithSecurity, +} from '@kbn/security-plugin-types-common'; import type { UserProfileAvatarData } from '@kbn/user-profile-components'; -import type { AuthenticatedUser } from './authenticated_user'; import { getUserDisplayName } from './user'; -/** - * IMPORTANT: - * - * The types in this file are duplicated at - * `packages/kbn-user-profile-components/src/user_profile.ts` - * - * When making changes please ensure to keep both files in sync. - */ - -/** - * Describes basic properties stored in user profile. - */ -export interface UserProfile { - /** - * Unique ID for of the user profile. - */ - uid: string; - - /** - * Indicates whether user profile is enabled or not. - */ - enabled: boolean; - - /** - * Information about the user that owns profile. - */ - user: UserProfileUserInfo; - - /** - * User specific data associated with the profile. - */ - data: Partial; -} - -/** - * Basic user information returned in user profile. - */ -export interface UserProfileUserInfo { - /** - * Username of the user. - */ - username: string; - /** - * Optional email of the user. - */ - email?: string; - /** - * Optional full name of the user. - */ - full_name?: string; -} - -/** - * Placeholder for data stored in user profile. - */ -export type UserProfileData = Record; - -/** - * Type of the user profile labels structure (currently - */ -export type UserProfileLabels = Record; - -/** - * Extended user information returned in user profile (both basic and security related properties). - */ -export interface UserProfileUserInfoWithSecurity extends UserProfileUserInfo { - /** - * List of the user roles. - */ - roles: readonly string[]; - /** - * Name of the Elasticsearch security realm that was used to authenticate user. - */ - realm_name: string; - /** - * Optional name of the security domain that Elasticsearch security realm that was - * used to authenticate user resides in (if any). - */ - realm_domain?: string; -} - -/** - * Describes all properties stored in user profile (both basic and security related properties). - */ -export interface UserProfileWithSecurity< - D extends UserProfileData = UserProfileData, - L extends UserProfileLabels = UserProfileLabels -> extends UserProfile { - /** - * Information about the user that owns profile. - */ - user: UserProfileUserInfoWithSecurity; - - /** - * User specific _searchable_ labels associated with the profile. Note that labels are considered - * security related field since it's going to be used to store user's space ID. - */ - labels: L; -} - /** * User profile enriched with session information. */ diff --git a/x-pack/plugins/security/common/types.ts b/x-pack/plugins/security/common/types.ts index 65616e58e65b2..1fc47aad365de 100644 --- a/x-pack/plugins/security/common/types.ts +++ b/x-pack/plugins/security/common/types.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { AuthenticationProvider } from './model'; +import type { AuthenticationProvider } from '@kbn/security-plugin-types-common'; export interface SessionInfo { expiresInMs: number | null; diff --git a/x-pack/plugins/security/public/account_management/account_management_app.tsx b/x-pack/plugins/security/public/account_management/account_management_app.tsx index a5b98d66d46ff..59678a246abe6 100644 --- a/x-pack/plugins/security/public/account_management/account_management_app.tsx +++ b/x-pack/plugins/security/public/account_management/account_management_app.tsx @@ -26,10 +26,10 @@ import { KibanaThemeProvider, toMountPoint, } from '@kbn/kibana-react-plugin/public'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; import { Router } from '@kbn/shared-ux-router'; import { UserProfilesKibanaProvider } from '@kbn/user-profile-components'; -import type { AuthenticationServiceSetup } from '../authentication'; import type { SecurityApiClients } from '../components'; import { AuthenticationProvider, SecurityApiClientsProvider } from '../components'; import type { BreadcrumbsChangeHandler } from '../components/breadcrumb'; diff --git a/x-pack/plugins/security/public/account_management/index.ts b/x-pack/plugins/security/public/account_management/index.ts index e1a4957aa71e7..966de2cb05b89 100644 --- a/x-pack/plugins/security/public/account_management/index.ts +++ b/x-pack/plugins/security/public/account_management/index.ts @@ -7,8 +7,3 @@ export { accountManagementApp } from './account_management_app'; export { UserProfileAPIClient } from './user_profile/user_profile_api_client'; -export type { - UserProfileBulkGetParams, - UserProfileGetCurrentParams, - UserProfileSuggestParams, -} from './user_profile'; diff --git a/x-pack/plugins/security/public/account_management/user_profile/index.ts b/x-pack/plugins/security/public/account_management/user_profile/index.ts index ed34d7d4a4339..3ce9e1919040d 100644 --- a/x-pack/plugins/security/public/account_management/user_profile/index.ts +++ b/x-pack/plugins/security/public/account_management/user_profile/index.ts @@ -8,8 +8,3 @@ export { UserProfile } from './user_profile'; export type { UserProfileProps, UserProfileFormValues } from './user_profile'; -export type { - UserProfileGetCurrentParams, - UserProfileBulkGetParams, - UserProfileSuggestParams, -} from './user_profile_api_client'; diff --git a/x-pack/plugins/security/public/account_management/user_profile/user_profile_api_client.ts b/x-pack/plugins/security/public/account_management/user_profile/user_profile_api_client.ts index 4760aa15ab0b3..597b93236a2a5 100644 --- a/x-pack/plugins/security/public/account_management/user_profile/user_profile_api_client.ts +++ b/x-pack/plugins/security/public/account_management/user_profile/user_profile_api_client.ts @@ -10,60 +10,17 @@ import type { Observable } from 'rxjs'; import { BehaviorSubject, Subject } from 'rxjs'; import type { HttpStart } from '@kbn/core/public'; +import type { + UserProfileAPIClient as UserProfileAPIClientType, + UserProfileBulkGetParams, + UserProfileGetCurrentParams, + UserProfileSuggestParams, +} from '@kbn/security-plugin-types-public'; import type { UserProfileData } from '@kbn/user-profile-components'; import type { GetUserProfileResponse, UserProfile } from '../../../common'; -/** - * Parameters for the get user profile for the current user API. - */ -export interface UserProfileGetCurrentParams { - /** - * By default, get API returns user information, but does not return any user data. The optional "dataPath" - * parameter can be used to return personal data for this user (within `kibana` namespace only). - */ - dataPath: string; -} - -/** - * Parameters for the bulk get API. - */ -export interface UserProfileBulkGetParams { - /** - * List of user profile identifiers. - */ - uids: Set; - - /** - * By default, suggest API returns user information, but does not return any user data. The optional "dataPath" - * parameter can be used to return personal data for this user (within `kibana` namespace only). - */ - dataPath?: string; -} - -/** - * Parameters for the suggest API. - */ -export interface UserProfileSuggestParams { - /** - * Query string used to match name-related fields in user profiles. The following fields are treated as - * name-related: username, full_name and email. - */ - name: string; - - /** - * Desired number of suggestions to return. The default value is 10. - */ - size?: number; - - /** - * By default, suggest API returns user information, but does not return any user data. The optional "dataPath" - * parameter can be used to return personal data for this user (within `kibana` namespace only). - */ - dataPath?: string; -} - -export class UserProfileAPIClient { +export class UserProfileAPIClient implements UserProfileAPIClientType { private readonly internalDataUpdates$: Subject = new Subject(); /** diff --git a/x-pack/plugins/security/public/analytics/analytics_service.ts b/x-pack/plugins/security/public/analytics/analytics_service.ts index 33a72f24c487b..8d4e173246ffd 100644 --- a/x-pack/plugins/security/public/analytics/analytics_service.ts +++ b/x-pack/plugins/security/public/analytics/analytics_service.ts @@ -14,9 +14,9 @@ import type { HttpSetup, HttpStart, } from '@kbn/core/public'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; import { registerUserContext } from './register_user_context'; -import type { AuthenticationServiceSetup } from '..'; import type { SecurityLicense } from '../../common'; interface AnalyticsServiceSetupParams { diff --git a/x-pack/plugins/security/public/analytics/register_user_context.test.ts b/x-pack/plugins/security/public/analytics/register_user_context.test.ts index bc4e0dd093835..8ffbde29bb940 100644 --- a/x-pack/plugins/security/public/analytics/register_user_context.test.ts +++ b/x-pack/plugins/security/public/analytics/register_user_context.test.ts @@ -10,9 +10,9 @@ import { firstValueFrom } from 'rxjs'; import type { AnalyticsServiceSetup } from '@kbn/core/public'; import { coreMock } from '@kbn/core/public/mocks'; import { Sha256 } from '@kbn/crypto-browser'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; import { registerUserContext } from './register_user_context'; -import type { AuthenticationServiceSetup } from '..'; import { authenticationMock } from '../authentication/index.mock'; import { securityMock } from '../mocks'; diff --git a/x-pack/plugins/security/public/analytics/register_user_context.ts b/x-pack/plugins/security/public/analytics/register_user_context.ts index 19ecf0a6896fa..e4464df8196a8 100644 --- a/x-pack/plugins/security/public/analytics/register_user_context.ts +++ b/x-pack/plugins/security/public/analytics/register_user_context.ts @@ -9,8 +9,7 @@ import { catchError, from, map, of } from 'rxjs'; import type { AnalyticsServiceSetup } from '@kbn/core/public'; import { Sha256 } from '@kbn/crypto-browser'; - -import type { AuthenticationServiceSetup } from '..'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; interface UserIdContext { userId?: string; diff --git a/x-pack/plugins/security/public/authentication/authentication_service.ts b/x-pack/plugins/security/public/authentication/authentication_service.ts index 62c60587282ef..dcc0588e4bf33 100644 --- a/x-pack/plugins/security/public/authentication/authentication_service.ts +++ b/x-pack/plugins/security/public/authentication/authentication_service.ts @@ -11,6 +11,7 @@ import type { HttpSetup, StartServicesAccessor, } from '@kbn/core/public'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; import { accessAgreementApp } from './access_agreement'; import { captureURLApp } from './capture_url'; @@ -18,7 +19,7 @@ import { loggedOutApp } from './logged_out'; import { loginApp } from './login'; import { logoutApp } from './logout'; import { overwrittenSessionApp } from './overwritten_session'; -import type { AuthenticatedUser } from '../../common/model'; +import type { AuthenticatedUser } from '../../common'; import type { ConfigType } from '../config'; import type { PluginStartDependencies } from '../plugin'; @@ -29,24 +30,6 @@ interface SetupParams { http: HttpSetup; getStartServices: StartServicesAccessor; } - -export interface AuthenticationServiceSetup { - /** - * Returns currently authenticated user and throws if current user isn't authenticated. - */ - getCurrentUser: () => Promise; - - /** - * Determines if API Keys are currently enabled. - */ - areAPIKeysEnabled: () => Promise; -} - -/** - * Start has the same contract as Setup for now. - */ -export type AuthenticationServiceStart = AuthenticationServiceSetup; - export class AuthenticationService { public setup({ application, diff --git a/x-pack/plugins/security/public/authentication/index.mock.ts b/x-pack/plugins/security/public/authentication/index.mock.ts index 092126e6cfeed..cc1c098eb6794 100644 --- a/x-pack/plugins/security/public/authentication/index.mock.ts +++ b/x-pack/plugins/security/public/authentication/index.mock.ts @@ -8,7 +8,7 @@ import type { AuthenticationServiceSetup, AuthenticationServiceStart, -} from './authentication_service'; +} from '@kbn/security-plugin-types-public'; export const authenticationMock = { createSetup: (): jest.Mocked => ({ diff --git a/x-pack/plugins/security/public/authentication/index.ts b/x-pack/plugins/security/public/authentication/index.ts index dd7cb006d879e..701da42cf120b 100644 --- a/x-pack/plugins/security/public/authentication/index.ts +++ b/x-pack/plugins/security/public/authentication/index.ts @@ -5,8 +5,4 @@ * 2.0. */ -export type { - AuthenticationServiceSetup, - AuthenticationServiceStart, -} from './authentication_service'; export { AuthenticationService } from './authentication_service'; diff --git a/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.ts b/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.ts index ccd8377cbdd43..b0f3f1059dfb4 100644 --- a/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.ts +++ b/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_app.ts @@ -7,8 +7,7 @@ import type { ApplicationSetup, AppMountParameters, StartServicesAccessor } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; - -import type { AuthenticationServiceSetup } from '../authentication_service'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; interface CreateDeps { application: ApplicationSetup; diff --git a/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_page.tsx b/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_page.tsx index 4720a829674ee..6f39a2608e1cd 100644 --- a/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_page.tsx +++ b/x-pack/plugins/security/public/authentication/overwritten_session/overwritten_session_page.tsx @@ -12,9 +12,9 @@ import ReactDOM from 'react-dom'; import type { AppMountParameters, CoreStart, IBasePath } from '@kbn/core/public'; import { FormattedMessage } from '@kbn/i18n-react'; import { KibanaThemeProvider } from '@kbn/kibana-react-plugin/public'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; import { parseNext } from '../../../common/parse_next'; -import type { AuthenticationServiceSetup } from '../authentication_service'; import { AuthenticationStatePage } from '../components'; interface Props { diff --git a/x-pack/plugins/security/public/components/use_current_user.ts b/x-pack/plugins/security/public/components/use_current_user.ts index 924853fa8d86b..fc86aa459f2f4 100644 --- a/x-pack/plugins/security/public/components/use_current_user.ts +++ b/x-pack/plugins/security/public/components/use_current_user.ts @@ -9,9 +9,10 @@ import constate from 'constate'; import useAsync from 'react-use/lib/useAsync'; import useObservable from 'react-use/lib/useObservable'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; + import { useSecurityApiClients } from '.'; import type { UserProfileData } from '../../common'; -import type { AuthenticationServiceSetup } from '../authentication'; export interface AuthenticationProviderProps { authc: AuthenticationServiceSetup; diff --git a/x-pack/plugins/security/public/index.ts b/x-pack/plugins/security/public/index.ts index 209bc5ff576b6..419042c4a288c 100644 --- a/x-pack/plugins/security/public/index.ts +++ b/x-pack/plugins/security/public/index.ts @@ -6,29 +6,31 @@ */ import type { PluginInitializer, PluginInitializerContext } from '@kbn/core/public'; +import type { SecurityPluginSetup } from '@kbn/security-plugin-types-public'; import type { PluginSetupDependencies, PluginStartDependencies, - SecurityPluginSetup, SecurityPluginStart, } from './plugin'; import { SecurityPlugin } from './plugin'; -export type { SecurityPluginSetup, SecurityPluginStart }; -export type { AuthenticatedUser } from '../common/model'; -export type { SecurityLicense, SecurityLicenseFeatures } from '../common/licensing'; +export type { SecurityPluginStart, SecurityPluginSetup }; +export type { AuthenticatedUser, SecurityLicenseFeatures, SecurityLicense } from '../common'; export type { UiApi, ChangePasswordProps, PersonalInfoProps } from './ui_api'; -export type { UserMenuLink, SecurityNavControlServiceStart } from './nav_control'; + +export { ALL_SPACES_ID } from '../common/constants'; + +// Re-export types from the plugin directly to enhance the developer experience for consumers of the Security plugin. export type { + AuthenticationServiceStart, + AuthenticationServiceSetup, + SecurityNavControlServiceStart, + UserMenuLink, UserProfileBulkGetParams, UserProfileGetCurrentParams, UserProfileSuggestParams, -} from './account_management'; - -export type { AuthenticationServiceStart, AuthenticationServiceSetup } from './authentication'; - -export { ALL_SPACES_ID } from '../common/constants'; +} from '@kbn/security-plugin-types-public'; export const plugin: PluginInitializer< SecurityPluginSetup, diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts b/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts index be236b02e4c65..b3d1a3a3e9cbe 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts +++ b/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts @@ -6,11 +6,10 @@ */ import type { HttpStart } from '@kbn/core/public'; +import type { CreateAPIKeyParams, CreateAPIKeyResult } from '@kbn/security-plugin-types-server'; import type { ApiKeyToInvalidate } from '../../../common/model'; import type { - CreateAPIKeyParams, - CreateAPIKeyResult, GetAPIKeysResult, UpdateAPIKeyParams, UpdateAPIKeyResult, diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx index b1872a459d8b0..dd47e7e198bc4 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx +++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx @@ -38,7 +38,7 @@ import { UserAvatar, UserProfilesPopover } from '@kbn/user-profile-components'; import { ApiKeyFlyout } from './api_key_flyout'; import { ApiKeysEmptyPrompt } from './api_keys_empty_prompt'; import { InvalidateProvider } from './invalidate_provider'; -import type { ApiKey, AuthenticatedUser, RestApiKey } from '../../../../common/model'; +import type { ApiKey, AuthenticatedUser, RestApiKey } from '../../../../common'; import { Breadcrumb } from '../../../components/breadcrumb'; import { SelectableTokenField } from '../../../components/token_field'; import { useCapabilities } from '../../../components/use_capabilities'; diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_management_app.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_management_app.tsx index ac7b067e3371c..c15ea9d9e731e 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_management_app.tsx +++ b/x-pack/plugins/security/public/management/api_keys/api_keys_management_app.tsx @@ -16,9 +16,9 @@ import { i18n } from '@kbn/i18n'; import { I18nProvider } from '@kbn/i18n-react'; import { KibanaContextProvider, KibanaThemeProvider } from '@kbn/kibana-react-plugin/public'; import type { RegisterManagementAppArgs } from '@kbn/management-plugin/public'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; import { Router } from '@kbn/shared-ux-router'; -import type { AuthenticationServiceSetup } from '../../authentication'; import type { BreadcrumbsChangeHandler } from '../../components/breadcrumb'; import { Breadcrumb, diff --git a/x-pack/plugins/security/public/management/management_service.test.ts b/x-pack/plugins/security/public/management/management_service.test.ts index 8591d4d6fd665..d1a21795ffbbd 100644 --- a/x-pack/plugins/security/public/management/management_service.test.ts +++ b/x-pack/plugins/security/public/management/management_service.test.ts @@ -21,8 +21,8 @@ import { ManagementService } from './management_service'; import { roleMappingsManagementApp } from './role_mappings'; import { rolesManagementApp } from './roles'; import { usersManagementApp } from './users'; +import type { SecurityLicenseFeatures } from '../../common'; import { licenseMock } from '../../common/licensing/index.mock'; -import type { SecurityLicenseFeatures } from '../../common/licensing/license_features'; import { securityMock } from '../mocks'; const mockSection = createManagementSectionMock(); diff --git a/x-pack/plugins/security/public/management/management_service.ts b/x-pack/plugins/security/public/management/management_service.ts index 616cccd7f5c99..e8fda628c22fc 100644 --- a/x-pack/plugins/security/public/management/management_service.ts +++ b/x-pack/plugins/security/public/management/management_service.ts @@ -13,13 +13,13 @@ import type { ManagementSection, ManagementSetup, } from '@kbn/management-plugin/public'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; import { apiKeysManagementApp } from './api_keys'; import { roleMappingsManagementApp } from './role_mappings'; import { rolesManagementApp } from './roles'; import { usersManagementApp } from './users'; -import type { SecurityLicense } from '../../common/licensing'; -import type { AuthenticationServiceSetup } from '../authentication'; +import type { SecurityLicense } from '../../common'; import type { PluginStartDependencies } from '../plugin'; export interface ManagementAppConfigType { diff --git a/x-pack/plugins/security/public/management/role_combo_box/role_combo_box.tsx b/x-pack/plugins/security/public/management/role_combo_box/role_combo_box.tsx index 3eabf885d877d..5e329b32c353d 100644 --- a/x-pack/plugins/security/public/management/role_combo_box/role_combo_box.tsx +++ b/x-pack/plugins/security/public/management/role_combo_box/role_combo_box.tsx @@ -12,7 +12,7 @@ import React from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import type { Role } from '../../../common/model'; +import type { Role } from '../../../common'; import { isRoleAdmin, isRoleDeprecated, isRoleReserved, isRoleSystem } from '../../../common/model'; interface Props diff --git a/x-pack/plugins/security/public/management/role_mappings/components/delete_provider/delete_provider.test.tsx b/x-pack/plugins/security/public/management/role_mappings/components/delete_provider/delete_provider.test.tsx index ce1b6b0d0efc1..535ca02139c3f 100644 --- a/x-pack/plugins/security/public/management/role_mappings/components/delete_provider/delete_provider.test.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/components/delete_provider/delete_provider.test.tsx @@ -13,7 +13,7 @@ import { coreMock } from '@kbn/core/public/mocks'; import { findTestSubject, mountWithIntl, nextTick } from '@kbn/test-jest-helpers'; import { DeleteProvider } from './delete_provider'; -import type { RoleMapping } from '../../../../../common/model'; +import type { RoleMapping } from '../../../../../common'; import { roleMappingsAPIClientMock } from '../../index.mock'; describe('DeleteProvider', () => { diff --git a/x-pack/plugins/security/public/management/role_mappings/components/delete_provider/delete_provider.tsx b/x-pack/plugins/security/public/management/role_mappings/components/delete_provider/delete_provider.tsx index c957ad82e63dc..1eacafaa54f04 100644 --- a/x-pack/plugins/security/public/management/role_mappings/components/delete_provider/delete_provider.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/components/delete_provider/delete_provider.tsx @@ -13,7 +13,7 @@ import type { NotificationsStart } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { RoleMapping } from '../../../../../common/model'; +import type { RoleMapping } from '../../../../../common'; import type { RoleMappingsAPIClient } from '../../role_mappings_api_client'; interface Props { diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/edit_role_mapping_page.test.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/edit_role_mapping_page.test.tsx index 017e5ec37a332..8ed7cee87e8c8 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/edit_role_mapping_page.test.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/edit_role_mapping_page.test.tsx @@ -20,7 +20,7 @@ import type { PublicMethodsOf } from '@kbn/utility-types'; import { EditRoleMappingPage } from './edit_role_mapping_page'; import { JSONRuleEditor } from './rule_editor_panel/json_rule_editor'; import { VisualRuleEditor } from './rule_editor_panel/visual_rule_editor'; -import type { Role } from '../../../../common/model'; +import type { Role } from '../../../../common'; import { RoleComboBox } from '../../role_combo_box'; import type { RolesAPIClient } from '../../roles'; import { rolesAPIClientMock } from '../../roles/roles_api_client.mock'; diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/edit_role_mapping_page.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/edit_role_mapping_page.tsx index 0d4c797a9452e..c3dc778643dea 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/edit_role_mapping_page.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/edit_role_mapping_page.tsx @@ -26,7 +26,7 @@ import type { PublicMethodsOf } from '@kbn/utility-types'; import { MappingInfoPanel } from './mapping_info_panel'; import { RuleEditorPanel } from './rule_editor_panel'; import { validateRoleMappingForSave } from './services/role_mapping_validation'; -import type { RoleMapping } from '../../../../common/model'; +import type { RoleMapping } from '../../../../common'; import type { RolesAPIClient } from '../../roles'; import { DeleteProvider, diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/mapping_info_panel/mapping_info_panel.test.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/mapping_info_panel/mapping_info_panel.test.tsx index 8faf0fa99998a..b494b228d8a7c 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/mapping_info_panel/mapping_info_panel.test.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/mapping_info_panel/mapping_info_panel.test.tsx @@ -12,7 +12,7 @@ import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { MappingInfoPanel } from './mapping_info_panel'; -import type { Role, RoleMapping } from '../../../../../common/model'; +import type { Role, RoleMapping } from '../../../../../common'; import type { RolesAPIClient } from '../../../roles'; import { rolesAPIClientMock } from '../../../roles/roles_api_client.mock'; import { RoleSelector } from '../role_selector'; diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/mapping_info_panel/mapping_info_panel.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/mapping_info_panel/mapping_info_panel.tsx index 07c6b36d1949b..9634b8415ae36 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/mapping_info_panel/mapping_info_panel.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/mapping_info_panel/mapping_info_panel.tsx @@ -25,7 +25,7 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { RoleMapping } from '../../../../../common/model'; +import type { RoleMapping } from '../../../../../common'; import type { RolesAPIClient } from '../../../roles'; import { RoleSelector } from '../role_selector'; import { diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_selector.test.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_selector.test.tsx index 219e01512ed2f..df0374b04f5a2 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_selector.test.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_selector.test.tsx @@ -14,7 +14,7 @@ import type { PublicMethodsOf } from '@kbn/utility-types'; import { AddRoleTemplateButton } from './add_role_template_button'; import { RoleSelector } from './role_selector'; import { RoleTemplateEditor } from './role_template_editor'; -import type { Role, RoleMapping } from '../../../../../common/model'; +import type { Role, RoleMapping } from '../../../../../common'; import type { RolesAPIClient } from '../../../roles'; import { rolesAPIClientMock } from '../../../roles/roles_api_client.mock'; diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_selector.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_selector.tsx index bf8b68ab7a927..8bc7aa852e2e5 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_selector.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_selector.tsx @@ -14,7 +14,7 @@ import type { PublicMethodsOf } from '@kbn/utility-types'; import { AddRoleTemplateButton } from './add_role_template_button'; import { RoleTemplateEditor } from './role_template_editor'; -import type { Role, RoleMapping } from '../../../../../common/model'; +import type { Role, RoleMapping } from '../../../../../common'; import { isRoleDeprecated } from '../../../../../common/model'; import { RoleComboBox } from '../../../role_combo_box'; import type { RolesAPIClient } from '../../../roles'; diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_template_editor.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_template_editor.tsx index 4641e0fe13bd2..68d2e81a74a60 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_template_editor.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_template_editor.tsx @@ -22,7 +22,7 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { RoleTemplateTypeSelect } from './role_template_type_select'; -import type { RoleTemplate } from '../../../../../common/model'; +import type { RoleTemplate } from '../../../../../common'; import { isInlineRoleTemplate, isInvalidRoleTemplate, diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_template_type_select.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_template_type_select.tsx index ae11d2bb889bb..964482fa8ee77 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_template_type_select.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/role_selector/role_template_type_select.tsx @@ -10,7 +10,7 @@ import React from 'react'; import { i18n } from '@kbn/i18n'; -import type { RoleTemplate } from '../../../../../common/model'; +import type { RoleTemplate } from '../../../../../common'; import { isInlineRoleTemplate, isStoredRoleTemplate } from '../services/role_template_type'; const templateTypeOptions = [ diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/rule_editor_panel/rule_editor_panel.tsx b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/rule_editor_panel/rule_editor_panel.tsx index 1a5549ecd1e9b..16111e8d535a9 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/rule_editor_panel/rule_editor_panel.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/rule_editor_panel/rule_editor_panel.tsx @@ -27,7 +27,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { JSONRuleEditor } from './json_rule_editor'; import { VisualRuleEditor } from './visual_rule_editor'; -import type { RoleMapping } from '../../../../../common/model'; +import type { RoleMapping } from '../../../../../common'; import type { Rule } from '../../model'; import { generateRulesFromRaw } from '../../model'; import { VISUAL_MAX_RULE_DEPTH } from '../services/role_mapping_constants'; diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_mapping_validation.test.ts b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_mapping_validation.test.ts index 7dfa891e8d1b0..e1a5ae41a11d5 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_mapping_validation.test.ts +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_mapping_validation.test.ts @@ -12,7 +12,7 @@ import { validateRoleMappingRoleTemplates, validateRoleMappingRules, } from './role_mapping_validation'; -import type { RoleMapping } from '../../../../../common/model'; +import type { RoleMapping } from '../../../../../common'; describe('validateRoleMappingName', () => { it('requires a value', () => { diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_mapping_validation.ts b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_mapping_validation.ts index 7340277158c84..4c07de0f07821 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_mapping_validation.ts +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_mapping_validation.ts @@ -7,7 +7,7 @@ import { i18n } from '@kbn/i18n'; -import type { RoleMapping } from '../../../../../common/model'; +import type { RoleMapping } from '../../../../../common'; import { generateRulesFromRaw } from '../../model'; interface ValidationResult { diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_template_type.test.ts b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_template_type.test.ts index 50c821541d07a..59db5c4fb9d92 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_template_type.test.ts +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_template_type.test.ts @@ -10,7 +10,7 @@ import { isInvalidRoleTemplate, isStoredRoleTemplate, } from './role_template_type'; -import type { RoleTemplate } from '../../../../../common/model'; +import type { RoleTemplate } from '../../../../../common'; describe('#isStoredRoleTemplate', () => { it('returns true for stored templates, false otherwise', () => { diff --git a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_template_type.ts b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_template_type.ts index ce16c2516f176..97f464ce0494f 100644 --- a/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_template_type.ts +++ b/x-pack/plugins/security/public/management/role_mappings/edit_role_mapping/services/role_template_type.ts @@ -10,7 +10,7 @@ import type { InvalidRoleTemplate, RoleTemplate, StoredRoleTemplate, -} from '../../../../../common/model'; +} from '../../../../../common'; export function isStoredRoleTemplate( roleMappingTemplate: RoleTemplate diff --git a/x-pack/plugins/security/public/management/role_mappings/model/rule_builder.test.ts b/x-pack/plugins/security/public/management/role_mappings/model/rule_builder.test.ts index 2db57590042df..f583310156c46 100644 --- a/x-pack/plugins/security/public/management/role_mappings/model/rule_builder.test.ts +++ b/x-pack/plugins/security/public/management/role_mappings/model/rule_builder.test.ts @@ -8,7 +8,7 @@ import { FieldRule } from './field_rule'; import { generateRulesFromRaw } from './rule_builder'; import { RuleBuilderError } from './rule_builder_error'; -import type { RoleMapping } from '../../../../common/model'; +import type { RoleMapping } from '../../../../common'; describe('generateRulesFromRaw', () => { it('returns null for an empty rule set', () => { diff --git a/x-pack/plugins/security/public/management/role_mappings/model/rule_builder.ts b/x-pack/plugins/security/public/management/role_mappings/model/rule_builder.ts index b248f63410a2b..88082245decca 100644 --- a/x-pack/plugins/security/public/management/role_mappings/model/rule_builder.ts +++ b/x-pack/plugins/security/public/management/role_mappings/model/rule_builder.ts @@ -15,7 +15,7 @@ import type { FieldRuleValue } from './field_rule'; import { FieldRule } from './field_rule'; import type { Rule } from './rule'; import { RuleBuilderError } from './rule_builder_error'; -import type { RoleMapping } from '../../../../common/model'; +import type { RoleMapping } from '../../../../common'; interface RuleBuilderResult { /** The maximum rule depth within the parsed rule set. */ diff --git a/x-pack/plugins/security/public/management/role_mappings/role_mappings_api_client.ts b/x-pack/plugins/security/public/management/role_mappings/role_mappings_api_client.ts index 5465bc24b7e31..bab0222222dec 100644 --- a/x-pack/plugins/security/public/management/role_mappings/role_mappings_api_client.ts +++ b/x-pack/plugins/security/public/management/role_mappings/role_mappings_api_client.ts @@ -7,7 +7,7 @@ import type { HttpStart } from '@kbn/core/public'; -import type { RoleMapping } from '../../../common/model'; +import type { RoleMapping } from '../../../common'; export interface CheckRoleMappingFeaturesResponse { canManageRoleMappings: boolean; diff --git a/x-pack/plugins/security/public/management/role_mappings/role_mappings_grid/role_mappings_grid_page.tsx b/x-pack/plugins/security/public/management/role_mappings/role_mappings_grid/role_mappings_grid_page.tsx index 0224512cdc211..b5905ec147960 100644 --- a/x-pack/plugins/security/public/management/role_mappings/role_mappings_grid/role_mappings_grid_page.tsx +++ b/x-pack/plugins/security/public/management/role_mappings/role_mappings_grid/role_mappings_grid_page.tsx @@ -32,7 +32,7 @@ import { reactRouterNavigate } from '@kbn/kibana-react-plugin/public'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { EmptyPrompt } from './empty_prompt'; -import type { Role, RoleMapping } from '../../../../common/model'; +import type { Role, RoleMapping } from '../../../../common'; import { DisabledBadge, EnabledBadge } from '../../badges'; import { EDIT_ROLE_MAPPING_PATH, diff --git a/x-pack/plugins/security/public/management/role_table_display/role_table_display.tsx b/x-pack/plugins/security/public/management/role_table_display/role_table_display.tsx index 558461a9b70d4..d52f46d467c7f 100644 --- a/x-pack/plugins/security/public/management/role_table_display/role_table_display.tsx +++ b/x-pack/plugins/security/public/management/role_table_display/role_table_display.tsx @@ -10,7 +10,7 @@ import React from 'react'; import type { ApplicationStart } from '@kbn/core/public'; -import type { Role } from '../../../common/model'; +import type { Role } from '../../../common'; import { getExtendedRoleDeprecationNotice, isRoleDeprecated } from '../../../common/model'; interface Props { diff --git a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts b/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts index 1b68f556d5990..559d479182c89 100644 --- a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts +++ b/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts @@ -9,7 +9,7 @@ import type { KibanaFeature } from '@kbn/features-plugin/public'; import { featuresPluginMock } from '@kbn/features-plugin/server/mocks'; import type { LicenseType } from '@kbn/licensing-plugin/server'; -import type { SecurityLicenseFeatures } from '../../../../common/licensing'; +import type { SecurityLicenseFeatures } from '../../../../common'; import { Actions } from '../../../../server/authorization'; import { privilegesFactory } from '../../../../server/authorization/privileges'; import { KibanaPrivileges } from '../model'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx index 2250846ac4a13..e3a1151c2bba8 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx @@ -24,8 +24,8 @@ import { EditRolePage } from './edit_role_page'; import { SimplePrivilegeSection } from './privileges/kibana/simple_privilege_section'; import { SpaceAwarePrivilegeSection } from './privileges/kibana/space_aware_privilege_section'; import { TransformErrorSection } from './privileges/kibana/transform_error_section'; +import type { Role } from '../../../../common'; import { licenseMock } from '../../../../common/licensing/index.mock'; -import type { Role } from '../../../../common/model'; import { userAPIClientMock } from '../../users/index.mock'; import { createRawKibanaPrivileges } from '../__fixtures__/kibana_privileges'; import { indicesAPIClientMock, privilegesAPIClientMock, rolesAPIClientMock } from '../index.mock'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx index 8746be6ec9087..37b6183520432 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx @@ -48,13 +48,13 @@ import { ElasticsearchPrivileges, KibanaPrivilegesRegion } from './privileges'; import { ReservedRoleBadge } from './reserved_role_badge'; import type { RoleValidationResult } from './validate_role'; import { RoleValidator } from './validate_role'; -import type { SecurityLicense } from '../../../../common/licensing'; import type { BuiltinESPrivileges, RawKibanaPrivileges, Role, RoleIndexPrivilege, -} from '../../../../common/model'; + SecurityLicense, +} from '../../../../common'; import { isRoleDeprecated as checkIfRoleDeprecated, isRoleReadOnly as checkIfRoleReadOnly, diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts b/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts index 170aa3f6e89fe..da912650fee48 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { RoleKibanaPrivilege } from '../../../../common/model'; +import type { RoleKibanaPrivilege } from '../../../../common'; /** * Determines if the passed privilege spec defines global privileges. diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.test.tsx index 23dcb3673192f..81edde34b4d28 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.test.tsx @@ -11,7 +11,7 @@ import React from 'react'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { ClusterPrivileges } from './cluster_privileges'; -import type { Role } from '../../../../../../common/model'; +import type { Role } from '../../../../../../common'; test('it renders without crashing', () => { const role: Role = { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.tsx index c5463c4458b11..8e8f4aa0a2cbc 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/cluster_privileges.tsx @@ -11,7 +11,7 @@ import React, { Component } from 'react'; import { i18n } from '@kbn/i18n'; -import type { Role } from '../../../../../../common/model'; +import type { Role } from '../../../../../../common'; import { isRoleReadOnly } from '../../../../../../common/model'; interface Props { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/elasticsearch_privileges.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/elasticsearch_privileges.tsx index c389788d7994b..99ce696212888 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/elasticsearch_privileges.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/elasticsearch_privileges.tsx @@ -24,8 +24,7 @@ import type { PublicMethodsOf } from '@kbn/utility-types'; import { ClusterPrivileges } from './cluster_privileges'; import { IndexPrivileges } from './index_privileges'; -import type { SecurityLicense } from '../../../../../../common/licensing'; -import type { BuiltinESPrivileges, Role } from '../../../../../../common/model'; +import type { BuiltinESPrivileges, Role, SecurityLicense } from '../../../../../../common'; import type { IndicesAPIClient } from '../../../indices_api_client'; import { CollapsiblePanel } from '../../collapsible_panel'; import type { RoleValidator } from '../../validate_role'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privilege_form.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privilege_form.tsx index b43064a7d1150..dcfd57f56464c 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privilege_form.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privilege_form.tsx @@ -27,7 +27,7 @@ import type { monaco } from '@kbn/monaco'; import type { Cluster } from '@kbn/remote-clusters-plugin/public'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { RoleIndexPrivilege, RoleRemoteIndexPrivilege } from '../../../../../../common/model'; +import type { RoleIndexPrivilege, RoleRemoteIndexPrivilege } from '../../../../../../common'; import type { IndicesAPIClient } from '../../../indices_api_client'; import type { RoleValidator } from '../../validate_role'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privileges.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privileges.tsx index dafb7bae8ee9e..435e094999c24 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privileges.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/es/index_privileges.tsx @@ -13,8 +13,7 @@ import type { Cluster } from '@kbn/remote-clusters-plugin/public'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { IndexPrivilegeForm } from './index_privilege_form'; -import type { SecurityLicense } from '../../../../../../common/licensing'; -import type { Role, RoleIndexPrivilege } from '../../../../../../common/model'; +import type { Role, RoleIndexPrivilege, SecurityLicense } from '../../../../../../common'; import { isRoleEnabled, isRoleReadOnly } from '../../../../../../common/model'; import type { IndicesAPIClient } from '../../../indices_api_client'; import type { RoleValidator } from '../../validate_role'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx index 59418010b114d..c487cdab96e2d 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx @@ -13,7 +13,7 @@ import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { getDisplayedFeaturePrivileges } from './__fixtures__'; import { FeatureTable } from './feature_table'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import { createFeature, kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx index 8d9573383b255..7734d415bf385 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx @@ -32,7 +32,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { ChangeAllPrivilegesControl } from './change_all_privileges'; import { FeatureTableExpandedRow } from './feature_table_expanded_row'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import type { KibanaPrivileges, SecuredFeature } from '../../../../model'; import { NO_PRIVILEGE_VALUE } from '../constants'; import { FeatureTableCell } from '../feature_table_cell'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx index 42a08b3244363..80da1f4092144 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx @@ -11,7 +11,7 @@ import React from 'react'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { FeatureTableExpandedRow } from './feature_table_expanded_row'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx index 3047cb0f91f12..53e44aefbf1c8 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx @@ -13,7 +13,7 @@ import { KibanaFeature } from '@kbn/features-plugin/public'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { SubFeatureForm } from './sub_feature_form'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { SecuredSubFeature } from '../../../../model'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx index ef6e4ca485d0b..b12c4f91a3a7a 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx @@ -16,7 +16,7 @@ import { KibanaPrivilegesRegion } from './kibana_privileges_region'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { SpaceAwarePrivilegeSection } from './space_aware_privilege_section'; import { TransformErrorSection } from './transform_error_section'; -import type { Role } from '../../../../../../common/model'; +import type { Role } from '../../../../../../common'; import { KibanaPrivileges } from '../../../model'; import { RoleValidator } from '../../validate_role'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx index e45829d722cbc..d7439b19b0d00 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx @@ -13,7 +13,7 @@ import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { SpaceAwarePrivilegeSection } from './space_aware_privilege_section'; import { TransformErrorSection } from './transform_error_section'; -import type { Role } from '../../../../../../common/model'; +import type { Role } from '../../../../../../common'; import type { KibanaPrivileges } from '../../../model'; import { CollapsiblePanel } from '../../collapsible_panel'; import type { RoleValidator } from '../../validate_role'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts index 901cd14e24038..dc2f03731c650 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts @@ -6,7 +6,7 @@ */ import { PrivilegeFormCalculator } from './privilege_form_calculator'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts index 796cfea92b43e..d6afdaf6efafd 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import type { KibanaPrivileges, SubFeaturePrivilegeGroup } from '../../../../model'; import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/__fixtures__/index.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/__fixtures__/index.ts index f375263c960c3..6d9cb86ace188 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/__fixtures__/index.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/__fixtures__/index.ts @@ -10,7 +10,7 @@ import type { ReactWrapper } from 'enzyme'; import { findTestSubject } from '@kbn/test-jest-helpers'; -import type { Role, RoleKibanaPrivilege } from '../../../../../../../../common/model'; +import type { Role, RoleKibanaPrivilege } from '../../../../../../../../common'; import { FeatureTableCell } from '../../feature_table_cell'; import { PrivilegeSummaryExpandedRow } from '../privilege_summary_expanded_row'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx index 7de3c66f8f4f5..9f6aa8ed69ed9 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx @@ -15,7 +15,7 @@ import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSummary } from './privilege_summary'; import { PrivilegeSummaryTable } from './privilege_summary_table'; -import type { RoleKibanaPrivilege } from '../../../../../../../common/model'; +import type { RoleKibanaPrivilege } from '../../../../../../../common'; import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx index d5a98510b0265..5c6d03569b10a 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx @@ -20,7 +20,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { PrivilegeSummaryTable } from './privilege_summary_table'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import type { KibanaPrivileges } from '../../../../model'; interface Props { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts index 856404408d55c..f2869c11f13c6 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts @@ -6,7 +6,7 @@ */ import { PrivilegeSummaryCalculator } from './privilege_summary_calculator'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts index 14e2241cdf830..053cd19c98d58 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common/model'; +import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; import type { KibanaPrivileges, PrimaryFeaturePrivilege, SecuredFeature } from '../../../../model'; import type { PrivilegeCollection } from '../../../../model/privilege_collection'; import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx index 7efe5bc8333fd..22ec00d393c9c 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx @@ -16,7 +16,7 @@ import { mountWithIntl } from '@kbn/test-jest-helpers'; import { getDisplayedFeaturePrivileges } from './__fixtures__'; import type { PrivilegeSummaryTableProps } from './privilege_summary_table'; import { PrivilegeSummaryTable } from './privilege_summary_table'; -import type { RoleKibanaPrivilege } from '../../../../../../../common/model'; +import type { RoleKibanaPrivilege } from '../../../../../../../common'; import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx index 4bddc6bad6fda..7dcbbe85d553c 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx @@ -26,8 +26,8 @@ import type { EffectiveFeaturePrivileges } from './privilege_summary_calculator' import { PrivilegeSummaryCalculator } from './privilege_summary_calculator'; import { PrivilegeSummaryExpandedRow } from './privilege_summary_expanded_row'; import { SpaceColumnHeader } from './space_column_header'; +import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; import { ALL_SPACES_ID } from '../../../../../../../common/constants'; -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common/model'; import type { KibanaPrivileges, PrimaryFeaturePrivilege, SecuredFeature } from '../../../../model'; import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { FeatureTableCell } from '../feature_table_cell'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.test.tsx index 61a7c024a2828..4c1ebbbfffd3a 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.test.tsx @@ -15,7 +15,7 @@ import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { SpaceColumnHeader } from './space_column_header'; -import type { RoleKibanaPrivilege } from '../../../../../../../common/model'; +import type { RoleKibanaPrivilege } from '../../../../../../../common'; import { SpacesPopoverList } from '../../../spaces_popover_list'; const spaces = [ diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx index 99a4cb0020aed..ca4a2d6011c58 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx @@ -11,7 +11,7 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; -import type { RoleKibanaPrivilege } from '../../../../../../../common/model'; +import type { RoleKibanaPrivilege } from '../../../../../../../common'; import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { SpacesPopoverList } from '../../../spaces_popover_list'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx index 85f8af876dae7..e336d75969246 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx @@ -13,7 +13,7 @@ import { mountWithIntl, shallowWithIntl } from '@kbn/test-jest-helpers'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { UnsupportedSpacePrivilegesWarning } from './unsupported_space_privileges_warning'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import { KibanaPrivileges, SecuredFeature } from '../../../../model'; const buildProps = (customProps: any = {}) => { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx index 786039ce0a237..2e8b395ea07a7 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx @@ -18,7 +18,7 @@ import React, { Component, Fragment } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; import { UnsupportedSpacePrivilegesWarning } from './unsupported_space_privileges_warning'; -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common/model'; +import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; import { copyRole } from '../../../../../../../common/model'; import type { KibanaPrivileges } from '../../../../model'; import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx index 4fdeff85fb00d..d50ab47160923 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx @@ -13,7 +13,7 @@ import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSpaceForm } from './privilege_space_form'; import { SpaceSelector } from './space_selector'; -import type { Role } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; import { createFeature, kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { FeatureTable } from '../feature_table'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx index 05327142e2105..c3c285a57418d 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx @@ -32,8 +32,8 @@ import { FormattedMessage } from '@kbn/i18n-react'; import type { Space } from '@kbn/spaces-plugin/public'; import { SpaceSelector } from './space_selector'; +import type { FeaturesPrivileges, Role } from '../../../../../../../common'; import { ALL_SPACES_ID } from '../../../../../../../common/constants'; -import type { FeaturesPrivileges, Role } from '../../../../../../../common/model'; import { copyRole } from '../../../../../../../common/model'; import type { KibanaPrivileges } from '../../../../model'; import { CUSTOM_PRIVILEGE_VALUE } from '../constants'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx index 5c9220872d9b3..6de312d036981 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx @@ -14,7 +14,7 @@ import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeDisplay } from './privilege_display'; import { PrivilegeSpaceTable } from './privilege_space_table'; -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common/model'; +import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx index adfc8100aeb93..cbbbc96863bda 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx @@ -26,7 +26,7 @@ import type { Space } from '@kbn/spaces-plugin/public'; import { getSpaceColor } from '@kbn/spaces-plugin/public'; import { PrivilegeDisplay } from './privilege_display'; -import type { FeaturesPrivileges, Role } from '../../../../../../../common/model'; +import type { FeaturesPrivileges, Role } from '../../../../../../../common'; import { copyRole } from '../../../../../../../common/model'; import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { CUSTOM_PRIVILEGE_VALUE } from '../constants'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx index 2031569169571..1de6a8a952a50 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx @@ -24,8 +24,8 @@ import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { PrivilegeSpaceForm } from './privilege_space_form'; import { PrivilegeSpaceTable } from './privilege_space_table'; -import type { Role } from '../../../../../../../common/model'; -import { isRoleReserved } from '../../../../../../../common/model'; +import type { Role } from '../../../../../../../common'; +import { isRoleReserved } from '../../../../../../../common'; import type { KibanaPrivileges } from '../../../../model'; import type { RoleValidator } from '../../../validate_role'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/reserved_role_badge.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/reserved_role_badge.test.tsx index ac3c36c510bcd..2b6efe0f0ab5a 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/reserved_role_badge.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/reserved_role_badge.test.tsx @@ -10,7 +10,7 @@ import { shallow } from 'enzyme'; import React from 'react'; import { ReservedRoleBadge } from './reserved_role_badge'; -import type { Role } from '../../../../common/model'; +import type { Role } from '../../../../common'; const reservedRole: Role = { name: '', diff --git a/x-pack/plugins/security/public/management/roles/edit_role/reserved_role_badge.tsx b/x-pack/plugins/security/public/management/roles/edit_role/reserved_role_badge.tsx index 2eec303c8dc53..8f79bd2a5788e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/reserved_role_badge.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/reserved_role_badge.tsx @@ -10,8 +10,8 @@ import React from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; -import type { Role } from '../../../../common/model'; -import { isRoleReserved } from '../../../../common/model'; +import type { Role } from '../../../../common'; +import { isRoleReserved } from '../../../../common'; interface Props { role: Role; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/validate_role.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/validate_role.test.ts index f2f2f9a10e52c..f1acb67fef92f 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/validate_role.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/validate_role.test.ts @@ -6,7 +6,7 @@ */ import { RoleValidator } from './validate_role'; -import type { Role } from '../../../../common/model'; +import type { Role } from '../../../../common'; let validator: RoleValidator; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/validate_role.ts b/x-pack/plugins/security/public/management/roles/edit_role/validate_role.ts index ee3e85959e312..18728994a5e4e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/validate_role.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/validate_role.ts @@ -7,8 +7,8 @@ import { i18n } from '@kbn/i18n'; +import type { Role, RoleIndexPrivilege, RoleRemoteIndexPrivilege } from '../../../../common'; import { MAX_NAME_LENGTH, NAME_REGEX } from '../../../../common/constants'; -import type { Role, RoleIndexPrivilege, RoleRemoteIndexPrivilege } from '../../../../common/model'; interface RoleValidatorOptions { shouldValidate?: boolean; diff --git a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts b/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts index 5baaf7d08055b..494f5a14b1e48 100644 --- a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts +++ b/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts @@ -7,7 +7,7 @@ import { KibanaPrivilege } from './kibana_privilege'; import { KibanaPrivileges } from './kibana_privileges'; -import type { RoleKibanaPrivilege } from '../../../../common/model'; +import type { RoleKibanaPrivilege } from '../../../../common'; import { kibanaFeatures } from '../__fixtures__/kibana_features'; import { createRawKibanaPrivileges } from '../__fixtures__/kibana_privileges'; diff --git a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts b/x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts index 7e5151d6d67af..78b312c123a3f 100644 --- a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts +++ b/x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts @@ -10,7 +10,7 @@ import type { KibanaFeature } from '@kbn/features-plugin/common'; import { KibanaPrivilege } from './kibana_privilege'; import { PrivilegeCollection } from './privilege_collection'; import { SecuredFeature } from './secured_feature'; -import type { RawKibanaPrivileges, RoleKibanaPrivilege } from '../../../../common/model'; +import type { RawKibanaPrivileges, RoleKibanaPrivilege } from '../../../../common'; import { isGlobalPrivilegeDefinition } from '../edit_role/privilege_utils'; function toBasePrivilege(entry: [string, string[]]): [string, KibanaPrivilege] { diff --git a/x-pack/plugins/security/public/management/roles/roles_api_client.test.ts b/x-pack/plugins/security/public/management/roles/roles_api_client.test.ts index ac30132df8a80..e7f4839e56c5d 100644 --- a/x-pack/plugins/security/public/management/roles/roles_api_client.test.ts +++ b/x-pack/plugins/security/public/management/roles/roles_api_client.test.ts @@ -8,7 +8,7 @@ import { httpServiceMock } from '@kbn/core/public/mocks'; import { RolesAPIClient } from './roles_api_client'; -import type { Role } from '../../../common/model'; +import type { Role } from '../../../common'; describe('RolesAPIClient', () => { async function saveRole(role: Role) { diff --git a/x-pack/plugins/security/public/management/roles/roles_api_client.ts b/x-pack/plugins/security/public/management/roles/roles_api_client.ts index 6d59976a82ada..3742569e9cc72 100644 --- a/x-pack/plugins/security/public/management/roles/roles_api_client.ts +++ b/x-pack/plugins/security/public/management/roles/roles_api_client.ts @@ -7,7 +7,7 @@ import type { HttpStart } from '@kbn/core/public'; -import type { Role, RoleIndexPrivilege, RoleRemoteIndexPrivilege } from '../../../common/model'; +import type { Role, RoleIndexPrivilege, RoleRemoteIndexPrivilege } from '../../../common'; import { copyRole } from '../../../common/model'; export class RolesAPIClient { diff --git a/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.tsx b/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.tsx index 4c6962585976c..6a6433038d635 100644 --- a/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.tsx +++ b/x-pack/plugins/security/public/management/roles/roles_grid/roles_grid_page.tsx @@ -30,7 +30,7 @@ import type { PublicMethodsOf } from '@kbn/utility-types'; import { ConfirmDelete } from './confirm_delete'; import { PermissionDenied } from './permission_denied'; -import type { Role } from '../../../../common/model'; +import type { Role } from '../../../../common'; import { getExtendedRoleDeprecationNotice, isRoleDeprecated, diff --git a/x-pack/plugins/security/public/management/roles/roles_management_app.tsx b/x-pack/plugins/security/public/management/roles/roles_management_app.tsx index 52e86272fd504..a77586cdad599 100644 --- a/x-pack/plugins/security/public/management/roles/roles_management_app.tsx +++ b/x-pack/plugins/security/public/management/roles/roles_management_app.tsx @@ -15,7 +15,7 @@ import { KibanaContextProvider, KibanaThemeProvider } from '@kbn/kibana-react-pl import type { RegisterManagementAppArgs } from '@kbn/management-plugin/public'; import { Route, Router } from '@kbn/shared-ux-router'; -import type { SecurityLicense } from '../../../common/licensing'; +import type { SecurityLicense } from '../../../common'; import { Breadcrumb, BreadcrumbsProvider, diff --git a/x-pack/plugins/security/public/management/users/components/change_password_form/change_password_form.test.tsx b/x-pack/plugins/security/public/management/users/components/change_password_form/change_password_form.test.tsx index 4ab78b64bf9ae..07a80d5c4633a 100644 --- a/x-pack/plugins/security/public/management/users/components/change_password_form/change_password_form.test.tsx +++ b/x-pack/plugins/security/public/management/users/components/change_password_form/change_password_form.test.tsx @@ -13,7 +13,7 @@ import { coreMock } from '@kbn/core/public/mocks'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { ChangePasswordForm } from './change_password_form'; -import type { User } from '../../../../../common/model'; +import type { User } from '../../../../../common'; import { userAPIClientMock } from '../../index.mock'; function getCurrentPasswordField(wrapper: ReactWrapper) { diff --git a/x-pack/plugins/security/public/management/users/components/change_password_form/change_password_form.tsx b/x-pack/plugins/security/public/management/users/components/change_password_form/change_password_form.tsx index d30eabc7f35e4..c1bd329d349cf 100644 --- a/x-pack/plugins/security/public/management/users/components/change_password_form/change_password_form.tsx +++ b/x-pack/plugins/security/public/management/users/components/change_password_form/change_password_form.tsx @@ -23,7 +23,7 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { User } from '../../../../../common/model'; +import type { User } from '../../../../../common'; import type { UserAPIClient } from '../../user_api_client'; interface Props { diff --git a/x-pack/plugins/security/public/management/users/edit_user/user_form.tsx b/x-pack/plugins/security/public/management/users/edit_user/user_form.tsx index 41c29ab773868..226ed7bc3345d 100644 --- a/x-pack/plugins/security/public/management/users/edit_user/user_form.tsx +++ b/x-pack/plugins/security/public/management/users/edit_user/user_form.tsx @@ -27,8 +27,8 @@ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { useKibana } from '@kbn/kibana-react-plugin/public'; +import type { Role, User } from '../../../../common'; import { MAX_NAME_LENGTH, NAME_REGEX } from '../../../../common/constants'; -import type { Role, User } from '../../../../common/model'; import { isRoleDeprecated } from '../../../../common/model'; import { DocLink } from '../../../components/doc_link'; import type { ValidationErrors } from '../../../components/use_form'; diff --git a/x-pack/plugins/security/public/management/users/user_api_client.ts b/x-pack/plugins/security/public/management/users/user_api_client.ts index 071aa9e95171b..1b3e8a9866717 100644 --- a/x-pack/plugins/security/public/management/users/user_api_client.ts +++ b/x-pack/plugins/security/public/management/users/user_api_client.ts @@ -7,7 +7,7 @@ import type { HttpStart } from '@kbn/core/public'; -import type { EditUser, User } from '../../../common/model'; +import type { EditUser, User } from '../../../common'; const usersUrl = '/internal/security/users'; diff --git a/x-pack/plugins/security/public/management/users/user_utils.test.ts b/x-pack/plugins/security/public/management/users/user_utils.test.ts index a2d3fddf7725d..00164b323ba78 100644 --- a/x-pack/plugins/security/public/management/users/user_utils.test.ts +++ b/x-pack/plugins/security/public/management/users/user_utils.test.ts @@ -6,7 +6,7 @@ */ import { getExtendedUserDeprecationNotice, isUserDeprecated, isUserReserved } from './user_utils'; -import type { User } from '../../../common/model'; +import type { User } from '../../../common'; describe('#isUserReserved', () => { it('returns false for a user with no metadata', () => { diff --git a/x-pack/plugins/security/public/management/users/user_utils.ts b/x-pack/plugins/security/public/management/users/user_utils.ts index bc7da560efcce..91a8f58439f67 100644 --- a/x-pack/plugins/security/public/management/users/user_utils.ts +++ b/x-pack/plugins/security/public/management/users/user_utils.ts @@ -7,7 +7,7 @@ import { i18n } from '@kbn/i18n'; -import type { User } from '../../../common/model'; +import type { User } from '../../../common'; export const isUserReserved = (user: User) => user.metadata?._reserved ?? false; diff --git a/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.test.tsx b/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.test.tsx index dd7b68566a197..c384b133db61f 100644 --- a/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.test.tsx +++ b/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.test.tsx @@ -15,7 +15,7 @@ import { coreMock, scopedHistoryMock } from '@kbn/core/public/mocks'; import { findTestSubject, mountWithIntl, nextTick } from '@kbn/test-jest-helpers'; import { UsersGridPage } from './users_grid_page'; -import type { User } from '../../../../common/model'; +import type { User } from '../../../../common'; import { rolesAPIClientMock } from '../../roles/index.mock'; import { userAPIClientMock } from '../index.mock'; diff --git a/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.tsx b/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.tsx index 35d54d437d761..071de42046706 100644 --- a/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.tsx +++ b/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.tsx @@ -26,7 +26,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { reactRouterNavigate } from '@kbn/kibana-react-plugin/public'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { Role, User } from '../../../../common/model'; +import type { Role, User } from '../../../../common'; import { DeprecatedBadge, DisabledBadge, ReservedBadge } from '../../badges'; import { RoleTableDisplay } from '../../role_table_display'; import type { RolesAPIClient } from '../../roles'; diff --git a/x-pack/plugins/security/public/management/users/users_management_app.tsx b/x-pack/plugins/security/public/management/users/users_management_app.tsx index c44ff5e5ceb93..ffb7d1e5618d9 100644 --- a/x-pack/plugins/security/public/management/users/users_management_app.tsx +++ b/x-pack/plugins/security/public/management/users/users_management_app.tsx @@ -17,9 +17,9 @@ import { i18n } from '@kbn/i18n'; import { I18nProvider } from '@kbn/i18n-react'; import { KibanaContextProvider, KibanaThemeProvider } from '@kbn/kibana-react-plugin/public'; import type { RegisterManagementAppArgs } from '@kbn/management-plugin/public'; +import type { AuthenticationServiceSetup } from '@kbn/security-plugin-types-public'; import { Route, Router, Routes } from '@kbn/shared-ux-router'; -import type { AuthenticationServiceSetup } from '../../authentication'; import type { BreadcrumbsChangeHandler } from '../../components/breadcrumb'; import { Breadcrumb, diff --git a/x-pack/plugins/security/public/nav_control/index.mock.ts b/x-pack/plugins/security/public/nav_control/index.mock.ts index 769007d0bc0cd..2ca7212c49b86 100644 --- a/x-pack/plugins/security/public/nav_control/index.mock.ts +++ b/x-pack/plugins/security/public/nav_control/index.mock.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { SecurityNavControlServiceStart } from './nav_control_service'; +import type { SecurityNavControlServiceStart } from '@kbn/security-plugin-types-public'; export const navControlServiceMock = { createStart: (): jest.Mocked => ({ diff --git a/x-pack/plugins/security/public/nav_control/index.ts b/x-pack/plugins/security/public/nav_control/index.ts index 95331b7504070..c008a8f15d1f1 100644 --- a/x-pack/plugins/security/public/nav_control/index.ts +++ b/x-pack/plugins/security/public/nav_control/index.ts @@ -5,6 +5,4 @@ * 2.0. */ -export type { SecurityNavControlServiceStart } from './nav_control_service'; export { SecurityNavControlService } from './nav_control_service'; -export type { UserMenuLink } from './nav_control_component'; diff --git a/x-pack/plugins/security/public/nav_control/nav_control_component.tsx b/x-pack/plugins/security/public/nav_control/nav_control_component.tsx index b2f05f9c6d568..c043f837845db 100644 --- a/x-pack/plugins/security/public/nav_control/nav_control_component.tsx +++ b/x-pack/plugins/security/public/nav_control/nav_control_component.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import type { EuiContextMenuPanelItemDescriptor, IconType } from '@elastic/eui'; +import type { EuiContextMenuPanelItemDescriptor } from '@elastic/eui'; import { EuiContextMenu, EuiContextMenuItem, @@ -23,21 +23,12 @@ import type { Observable } from 'rxjs'; import type { BuildFlavor } from '@kbn/config/src/types'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { UserMenuLink } from '@kbn/security-plugin-types-public'; import { UserAvatar, type UserProfileAvatarData } from '@kbn/user-profile-components'; import { getUserDisplayName, isUserAnonymous } from '../../common/model'; import { useCurrentUser, useUserProfile } from '../components'; -export interface UserMenuLink { - label: string; - iconType: IconType; - href: string; - order?: number; - setAsProfile?: boolean; - /** Render a custom ReactNode instead of the default */ - content?: ReactNode; -} - type ContextMenuItem = EuiContextMenuPanelItemDescriptor & { content?: ReactNode }; interface ContextMenuProps { diff --git a/x-pack/plugins/security/public/nav_control/nav_control_service.tsx b/x-pack/plugins/security/public/nav_control/nav_control_service.tsx index 0bcc3a58263fb..bfea42ca97e90 100644 --- a/x-pack/plugins/security/public/nav_control/nav_control_service.tsx +++ b/x-pack/plugins/security/public/nav_control/nav_control_service.tsx @@ -17,12 +17,15 @@ import type { BuildFlavor } from '@kbn/config/src/types'; import type { CoreStart, CoreTheme } from '@kbn/core/public'; import { I18nProvider } from '@kbn/i18n-react'; import { KibanaContextProvider, KibanaThemeProvider } from '@kbn/kibana-react-plugin/public'; +import type { + AuthenticationServiceSetup, + SecurityNavControlServiceStart, + UserMenuLink, +} from '@kbn/security-plugin-types-public'; import { RedirectAppLinks } from '@kbn/shared-ux-link-redirect-app'; -import type { UserMenuLink } from './nav_control_component'; import { SecurityNavControl } from './nav_control_component'; -import type { SecurityLicense } from '../../common/licensing'; -import type { AuthenticationServiceSetup } from '../authentication'; +import type { SecurityLicense } from '../../common'; import type { SecurityApiClients } from '../components'; import { AuthenticationProvider, SecurityApiClientsProvider } from '../components'; @@ -37,18 +40,6 @@ interface StartDeps { authc: AuthenticationServiceSetup; } -export interface SecurityNavControlServiceStart { - /** - * Returns an Observable of the array of user menu links (the links that show up under the user's Avatar in the UI) registered by other plugins - */ - getUserMenuLinks$: () => Observable; - - /** - * Registers the provided user menu links to be displayed in the user menu (the links that show up under the user's Avatar in the UI). - */ - addUserMenuLinks: (newUserMenuLink: UserMenuLink[]) => void; -} - export class SecurityNavControlService { private securityLicense!: SecurityLicense; private logoutUrl!: string; diff --git a/x-pack/plugins/security/public/plugin.tsx b/x-pack/plugins/security/public/plugin.tsx index eb5b2723f9eab..1927ebb21d8e1 100644 --- a/x-pack/plugins/security/public/plugin.tsx +++ b/x-pack/plugins/security/public/plugin.tsx @@ -19,25 +19,28 @@ import type { HomePublicPluginSetup } from '@kbn/home-plugin/public'; import { i18n } from '@kbn/i18n'; import type { LicensingPluginSetup } from '@kbn/licensing-plugin/public'; import type { ManagementSetup, ManagementStart } from '@kbn/management-plugin/public'; +import type { + AuthenticationServiceSetup, + AuthenticationServiceStart, + SecurityPluginSetup, + SecurityPluginStart as SecurityPluginStartWithoutDeprecatedMembers, +} from '@kbn/security-plugin-types-public'; import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public'; import type { SpacesPluginStart } from '@kbn/spaces-plugin/public'; import { accountManagementApp, UserProfileAPIClient } from './account_management'; import { AnalyticsService } from './analytics'; import { AnonymousAccessService } from './anonymous_access'; -import type { AuthenticationServiceSetup, AuthenticationServiceStart } from './authentication'; import { AuthenticationService } from './authentication'; import type { SecurityApiClients } from './components'; import type { ConfigType } from './config'; import { ManagementService, UserAPIClient } from './management'; -import type { SecurityNavControlServiceStart } from './nav_control'; import { SecurityNavControlService } from './nav_control'; import { SecurityCheckupService } from './security_checkup'; import { SessionExpired, SessionTimeout, UnauthorizedResponseHttpInterceptor } from './session'; import type { UiApi } from './ui_api'; import { getUiApi } from './ui_api'; import { SecurityLicenseService } from '../common/licensing'; -import type { SecurityLicense } from '../common/licensing'; export interface PluginSetupDependencies { licensing: LicensingPluginSetup; @@ -230,34 +233,7 @@ function getLogoutUrl(http: HttpSetup) { return `${http.basePath.serverBasePath}/logout`; } -export interface SecurityPluginSetup { - /** - * Exposes authentication information about the currently logged in user. - */ - authc: AuthenticationServiceSetup; - /** - * Exposes information about the available security features under the current license. - */ - license: SecurityLicense; -} - -export interface SecurityPluginStart { - /** - * Exposes the ability to add custom links to the dropdown menu in the top right, where the user's Avatar is. - */ - navControlService: SecurityNavControlServiceStart; - /** - * Exposes authentication information about the currently logged in user. - */ - authc: AuthenticationServiceStart; - /** - * A set of methods to work with Kibana user profiles. - */ - userProfiles: Pick< - UserProfileAPIClient, - 'getCurrent' | 'bulkGet' | 'suggest' | 'update' | 'userProfile$' - >; - +export interface SecurityPluginStart extends SecurityPluginStartWithoutDeprecatedMembers { /** * Exposes UI components that will be loaded asynchronously. * @deprecated diff --git a/x-pack/plugins/security/public/ui_api/change_password/change_password.tsx b/x-pack/plugins/security/public/ui_api/change_password/change_password.tsx index 65e98a39407f0..1e5fc6ee88b29 100644 --- a/x-pack/plugins/security/public/ui_api/change_password/change_password.tsx +++ b/x-pack/plugins/security/public/ui_api/change_password/change_password.tsx @@ -12,7 +12,7 @@ import type { NotificationsStart } from '@kbn/core/public'; import { FormattedMessage } from '@kbn/i18n-react'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { AuthenticatedUser } from '../../../common/model'; +import type { AuthenticatedUser } from '../../../common'; import { canUserChangePassword } from '../../../common/model'; import type { UserAPIClient } from '../../management/users'; import { ChangePasswordForm } from '../../management/users/components/change_password_form'; diff --git a/x-pack/plugins/security/public/ui_api/personal_info/personal_info.tsx b/x-pack/plugins/security/public/ui_api/personal_info/personal_info.tsx index e0d9bb78cf595..339c62232b495 100644 --- a/x-pack/plugins/security/public/ui_api/personal_info/personal_info.tsx +++ b/x-pack/plugins/security/public/ui_api/personal_info/personal_info.tsx @@ -10,7 +10,7 @@ import React from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; -import type { AuthenticatedUser } from '../../../common/model'; +import type { AuthenticatedUser } from '../../../common'; export interface PersonalInfoProps { user: AuthenticatedUser; diff --git a/x-pack/plugins/security/server/audit/audit_events.ts b/x-pack/plugins/security/server/audit/audit_events.ts index b0edfa991a13c..a5e080787e175 100644 --- a/x-pack/plugins/security/server/audit/audit_events.ts +++ b/x-pack/plugins/security/server/audit/audit_events.ts @@ -5,120 +5,17 @@ * 2.0. */ -import type { EcsEvent, KibanaRequest, LogMeta } from '@kbn/core/server'; +import type { EcsEvent, KibanaRequest } from '@kbn/core/server'; +import type { AuditEvent } from '@kbn/security-plugin-types-server'; import type { ArrayElement } from '@kbn/utility-types'; -import type { AuthenticationProvider } from '../../common/model'; +import type { AuthenticationProvider } from '../../common'; import type { AuthenticationResult } from '../authentication/authentication_result'; import type { AuditAction, AddAuditEventParams as SavedObjectEventParams, } from '../saved_objects/saved_objects_security_extension'; -/** - * Audit kibana schema using ECS format - */ -export interface AuditKibana { - /** - * The ID of the space associated with this event. - */ - space_id?: string; - /** - * The ID of the user session associated with this event. Each login attempt - * results in a unique session id. - */ - session_id?: string; - /** - * Saved object that was created, changed, deleted or accessed as part of this event. - */ - saved_object?: { - type: string; - id: string; - }; - /** - * Name of authentication provider associated with a login event. - */ - authentication_provider?: string; - /** - * Type of authentication provider associated with a login event. - */ - authentication_type?: string; - /** - * Name of Elasticsearch realm that has authenticated the user. - */ - authentication_realm?: string; - /** - * Name of Elasticsearch realm where the user details were retrieved from. - */ - lookup_realm?: string; - /** - * Set of space IDs that a saved object was shared to. - */ - add_to_spaces?: readonly string[]; - /** - * Set of space IDs that a saved object was removed from. - */ - delete_from_spaces?: readonly string[]; - /** - * Set of space IDs that are not authorized for an action. - */ - unauthorized_spaces?: readonly string[]; - /** - * Set of types that are not authorized for an action. - */ - unauthorized_types?: readonly string[]; -} - -type EcsHttp = Required['http']; -type EcsRequest = Required['request']; - -/** - * Audit request schema using ECS format - */ -export interface AuditRequest extends EcsRequest { - /** - * HTTP request headers - */ - headers?: { - 'x-forwarded-for'?: string; - }; -} - -/** - * Audit http schema using ECS format - */ -export interface AuditHttp extends EcsHttp { - /** - * HTTP request details - */ - request?: AuditRequest; -} - -/** - * Audit event schema using ECS format: https://www.elastic.co/guide/en/ecs/1.12/index.html - * - * If you add additional fields to the schema ensure you update the Kibana Filebeat module: - * https://github.com/elastic/beats/tree/master/filebeat/module/kibana - * - * @public - */ -export interface AuditEvent extends LogMeta { - /** - * Log message - */ - message: string; - - /** - * Kibana specific fields - */ - kibana?: AuditKibana; - - /** - * Fields describing an HTTP request - */ - http?: AuditHttp; -} - export interface HttpRequestParams { request: KibanaRequest; } diff --git a/x-pack/plugins/security/server/audit/audit_service.test.ts b/x-pack/plugins/security/server/audit/audit_service.test.ts index cf90c7222e5a4..773d5cdf1b8fd 100644 --- a/x-pack/plugins/security/server/audit/audit_service.test.ts +++ b/x-pack/plugins/security/server/audit/audit_service.test.ts @@ -16,8 +16,8 @@ import { httpServiceMock, loggingSystemMock, } from '@kbn/core/server/mocks'; +import type { AuditEvent } from '@kbn/security-plugin-types-server'; -import type { AuditEvent } from './audit_events'; import { AuditService, createLoggingConfig, diff --git a/x-pack/plugins/security/server/audit/audit_service.ts b/x-pack/plugins/security/server/audit/audit_service.ts index 12180808ae477..89e0efa4113fb 100644 --- a/x-pack/plugins/security/server/audit/audit_service.ts +++ b/x-pack/plugins/security/server/audit/audit_service.ts @@ -14,80 +14,17 @@ import type { LoggerContextConfigInput, LoggingServiceSetup, } from '@kbn/core/server'; +import type { AuditEvent, AuditLogger, AuditServiceSetup } from '@kbn/security-plugin-types-server'; import type { SpacesPluginSetup } from '@kbn/spaces-plugin/server'; -import type { AuditEvent } from './audit_events'; import { httpRequestEvent } from './audit_events'; -import type { SecurityLicense, SecurityLicenseFeatures } from '../../common/licensing'; +import type { SecurityLicense, SecurityLicenseFeatures } from '../../common'; import type { ConfigType } from '../config'; import type { SecurityPluginSetup } from '../plugin'; export const ECS_VERSION = '1.6.0'; export const RECORD_USAGE_INTERVAL = 60 * 60 * 1000; // 1 hour -export interface AuditLogger { - /** - * Logs an {@link AuditEvent} and automatically adds meta data about the - * current user, space and correlation id. - * - * Guidelines around what events should be logged and how they should be - * structured can be found in: `/x-pack/plugins/security/README.md` - * - * @example - * ```typescript - * const auditLogger = securitySetup.audit.asScoped(request); - * auditLogger.log({ - * message: 'User is updating dashboard [id=123]', - * event: { - * action: 'saved_object_update', - * outcome: 'unknown' - * }, - * kibana: { - * saved_object: { type: 'dashboard', id: '123' } - * }, - * }); - * ``` - */ - log: (event: AuditEvent | undefined) => void; - - /** - * Indicates whether audit logging is enabled or not. - * - * Useful for skipping resource-intense operations that don't need to be performed when audit - * logging is disabled. - */ - readonly enabled: boolean; -} - -export interface AuditServiceSetup { - /** - * Creates an {@link AuditLogger} scoped to the current request. - * - * This audit logger logs events with all required user and session info and should be used for - * all user-initiated actions. - * - * @example - * ```typescript - * const auditLogger = securitySetup.audit.asScoped(request); - * auditLogger.log(event); - * ``` - */ - asScoped: (request: KibanaRequest) => AuditLogger; - - /** - * {@link AuditLogger} for background tasks only. - * - * This audit logger logs events without any user or session info and should never be used to log - * user-initiated actions. - * - * @example - * ```typescript - * securitySetup.audit.withoutRequest.log(event); - * ``` - */ - withoutRequest: AuditLogger; -} - interface AuditServiceSetupParams { license: SecurityLicense; config: ConfigType['audit']; diff --git a/x-pack/plugins/security/server/audit/index.ts b/x-pack/plugins/security/server/audit/index.ts index c21a9625ca6cf..5755f9b55e9a6 100644 --- a/x-pack/plugins/security/server/audit/index.ts +++ b/x-pack/plugins/security/server/audit/index.ts @@ -5,9 +5,7 @@ * 2.0. */ -export type { AuditServiceSetup, AuditLogger } from './audit_service'; export { AuditService } from './audit_service'; -export type { AuditEvent, AuditHttp, AuditKibana, AuditRequest } from './audit_events'; export { userLoginEvent, userLogoutEvent, diff --git a/x-pack/plugins/security/server/audit/mocks.ts b/x-pack/plugins/security/server/audit/mocks.ts index 6485818e7fc58..3544f098ece52 100644 --- a/x-pack/plugins/security/server/audit/mocks.ts +++ b/x-pack/plugins/security/server/audit/mocks.ts @@ -5,7 +5,9 @@ * 2.0. */ -import type { AuditLogger, AuditService } from './audit_service'; +import type { AuditLogger } from '@kbn/security-plugin-types-server'; + +import type { AuditService } from './audit_service'; export const auditLoggerMock = { create() { diff --git a/x-pack/plugins/security/server/authentication/api_keys/api_keys.test.ts b/x-pack/plugins/security/server/authentication/api_keys/api_keys.test.ts index da411cf5d8c97..8f0e58acf75ad 100644 --- a/x-pack/plugins/security/server/authentication/api_keys/api_keys.test.ts +++ b/x-pack/plugins/security/server/authentication/api_keys/api_keys.test.ts @@ -16,8 +16,8 @@ import { import type { Logger } from '@kbn/logging'; import { APIKeys } from './api_keys'; +import type { SecurityLicense } from '../../../common'; import { ALL_SPACES_ID } from '../../../common/constants'; -import type { SecurityLicense } from '../../../common/licensing'; import { licenseMock } from '../../../common/licensing/index.mock'; const encodeToBase64 = (str: string) => Buffer.from(str).toString('base64'); diff --git a/x-pack/plugins/security/server/authentication/api_keys/api_keys.ts b/x-pack/plugins/security/server/authentication/api_keys/api_keys.ts index 4f3f802d576f9..75f6d894e65eb 100644 --- a/x-pack/plugins/security/server/authentication/api_keys/api_keys.ts +++ b/x-pack/plugins/security/server/authentication/api_keys/api_keys.ts @@ -9,33 +9,28 @@ import type { IClusterClient, KibanaRequest, Logger } from '@kbn/core/server'; import type { KibanaFeature } from '@kbn/features-plugin/server'; - -import { getFakeKibanaRequest } from './fake_kibana_request'; -import type { SecurityLicense } from '../../../common/licensing'; -import { transformPrivilegesToElasticsearchPrivileges, validateKibanaPrivileges } from '../../lib'; import type { + APIKeys as APIKeysType, CreateAPIKeyParams, CreateAPIKeyResult, - CreateCrossClusterAPIKeyParams, CreateRestAPIKeyParams, CreateRestAPIKeyWithKibanaPrivilegesParams, - UpdateAPIKeyParams, - UpdateAPIKeyResult, -} from '../../routes/api_keys'; + GrantAPIKeyResult, + InvalidateAPIKeyResult, + InvalidateAPIKeysParams, + ValidateAPIKeyParams, +} from '@kbn/security-plugin-types-server'; + +import { getFakeKibanaRequest } from './fake_kibana_request'; +import type { SecurityLicense } from '../../../common'; +import { transformPrivilegesToElasticsearchPrivileges, validateKibanaPrivileges } from '../../lib'; +import type { UpdateAPIKeyParams, UpdateAPIKeyResult } from '../../routes/api_keys'; import { BasicHTTPAuthorizationHeaderCredentials, HTTPAuthorizationHeader, } from '../http_authentication'; -export type { - CreateAPIKeyParams, - CreateAPIKeyResult, - CreateRestAPIKeyParams, - CreateRestAPIKeyWithKibanaPrivilegesParams, - CreateCrossClusterAPIKeyParams, - UpdateAPIKeyParams, - UpdateAPIKeyResult, -}; +export type { UpdateAPIKeyParams, UpdateAPIKeyResult }; /** * Represents the options to create an APIKey class instance that will be @@ -62,76 +57,10 @@ type GrantAPIKeyParams = access_token: string; }; -/** - * Represents the params for invalidating multiple API keys - */ -export interface InvalidateAPIKeysParams { - ids: string[]; -} - -export interface GrantAPIKeyResult { - /** - * Unique id for this API key - */ - id: string; - /** - * Name for this API key - */ - name: string; - /** - * Generated API key - */ - api_key: string; -} - -/** - * The return value when invalidating an API key in Elasticsearch. - */ -export interface InvalidateAPIKeyResult { - /** - * The IDs of the API keys that were invalidated as part of the request. - */ - invalidated_api_keys: string[]; - /** - * The IDs of the API keys that were already invalidated. - */ - previously_invalidated_api_keys: string[]; - /** - * The number of errors that were encountered when invalidating the API keys. - */ - error_count: number; - /** - * Details about these errors. This field is not present in the response when error_count is 0. - */ - error_details?: Array<{ - type?: string; - reason?: string; - caused_by?: { - type?: string; - reason?: string; - }; - }>; -} - -/** - * Represents the parameters for validating API Key credentials. - */ -export interface ValidateAPIKeyParams { - /** - * Unique id for this API key - */ - id: string; - - /** - * Generated API Key (secret) - */ - api_key: string; -} - /** * Class responsible for managing Elasticsearch API keys. */ -export class APIKeys { +export class APIKeys implements APIKeysType { private readonly logger: Logger; private readonly clusterClient: IClusterClient; private readonly license: SecurityLicense; diff --git a/x-pack/plugins/security/server/authentication/api_keys/index.ts b/x-pack/plugins/security/server/authentication/api_keys/index.ts index ae9e9c98c149b..8d1aecc01216f 100644 --- a/x-pack/plugins/security/server/authentication/api_keys/index.ts +++ b/x-pack/plugins/security/server/authentication/api_keys/index.ts @@ -5,15 +5,4 @@ * 2.0. */ -export type { - CreateAPIKeyParams, - CreateAPIKeyResult, - CreateRestAPIKeyParams, - CreateRestAPIKeyWithKibanaPrivilegesParams, - CreateCrossClusterAPIKeyParams, - InvalidateAPIKeyResult, - InvalidateAPIKeysParams, - ValidateAPIKeyParams, - GrantAPIKeyResult, -} from './api_keys'; export { APIKeys, CreateApiKeyValidationError } from './api_keys'; diff --git a/x-pack/plugins/security/server/authentication/authentication_service.test.ts b/x-pack/plugins/security/server/authentication/authentication_service.test.ts index 4e81f0e4a5f13..a779d30891b86 100644 --- a/x-pack/plugins/security/server/authentication/authentication_service.test.ts +++ b/x-pack/plugins/security/server/authentication/authentication_service.test.ts @@ -36,6 +36,7 @@ import { } from '@kbn/core/server/mocks'; import { customBrandingServiceMock } from '@kbn/core-custom-branding-server-mocks'; import type { UnauthorizedError } from '@kbn/es-errors'; +import type { AuditServiceSetup } from '@kbn/security-plugin-types-server'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { AuthenticationResult } from './authentication_result'; @@ -43,7 +44,6 @@ import { AuthenticationService } from './authentication_service'; import type { AuthenticatedUser, SecurityLicense } from '../../common'; import { licenseMock } from '../../common/licensing/index.mock'; import { mockAuthenticatedUser } from '../../common/model/authenticated_user.mock'; -import type { AuditServiceSetup } from '../audit'; import { auditServiceMock } from '../audit/mocks'; import type { ConfigType } from '../config'; import { ConfigSchema, createConfig } from '../config'; diff --git a/x-pack/plugins/security/server/authentication/authentication_service.ts b/x-pack/plugins/security/server/authentication/authentication_service.ts index a26ac8943ee78..d6f955b8b4558 100644 --- a/x-pack/plugins/security/server/authentication/authentication_service.ts +++ b/x-pack/plugins/security/server/authentication/authentication_service.ts @@ -16,6 +16,10 @@ import type { LoggerFactory, } from '@kbn/core/server'; import type { KibanaFeature } from '@kbn/features-plugin/server'; +import type { + AuditServiceSetup, + AuthenticationServiceStart, +} from '@kbn/security-plugin-types-server'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { APIKeys } from './api_keys'; @@ -28,7 +32,6 @@ import { renderUnauthenticatedPage } from './unauthenticated_page'; import type { AuthenticatedUser, SecurityLicense } from '../../common'; import { NEXT_URL_QUERY_STRING_PARAMETER } from '../../common/constants'; import { shouldProviderUseLoginForm } from '../../common/model'; -import type { AuditServiceSetup } from '../audit'; import type { ConfigType } from '../config'; import { getDetailedErrorMessage, getErrorStatusCode } from '../errors'; import type { SecurityFeatureUsageServiceStart } from '../feature_usage'; @@ -78,23 +81,6 @@ export interface InternalAuthenticationServiceStart extends AuthenticationServic getCurrentUser: (request: KibanaRequest) => AuthenticatedUser | null; } -/** - * Authentication services available on the security plugin's start contract. - */ -export interface AuthenticationServiceStart { - apiKeys: Pick< - APIKeys, - | 'areAPIKeysEnabled' - | 'areCrossClusterAPIKeysEnabled' - | 'create' - | 'invalidate' - | 'validate' - | 'grantAsInternalUser' - | 'invalidateAsInternalUser' - >; - getCurrentUser: (request: KibanaRequest) => AuthenticatedUser | null; -} - export class AuthenticationService { private license!: SecurityLicense; private authenticator?: Authenticator; diff --git a/x-pack/plugins/security/server/authentication/authenticator.test.ts b/x-pack/plugins/security/server/authentication/authenticator.test.ts index fbc31e588dc51..c2f6215380985 100644 --- a/x-pack/plugins/security/server/authentication/authenticator.test.ts +++ b/x-pack/plugins/security/server/authentication/authenticator.test.ts @@ -18,6 +18,7 @@ import { httpServiceMock, loggingSystemMock, } from '@kbn/core/server/mocks'; +import type { AuditLogger } from '@kbn/security-plugin-types-server'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { AuthenticationResult } from './authentication_result'; @@ -38,7 +39,6 @@ import { import { licenseMock } from '../../common/licensing/index.mock'; import { mockAuthenticatedUser } from '../../common/model/authenticated_user.mock'; import { userProfileMock } from '../../common/model/user_profile.mock'; -import type { AuditLogger } from '../audit'; import { auditLoggerMock, auditServiceMock } from '../audit/mocks'; import { ConfigSchema, createConfig } from '../config'; import { securityFeatureUsageServiceMock } from '../feature_usage/index.mock'; diff --git a/x-pack/plugins/security/server/authentication/authenticator.ts b/x-pack/plugins/security/server/authentication/authenticator.ts index 032512cc5bf6c..b352b13b97741 100644 --- a/x-pack/plugins/security/server/authentication/authenticator.ts +++ b/x-pack/plugins/security/server/authentication/authenticator.ts @@ -8,6 +8,7 @@ import type { IBasePath, IClusterClient, KibanaRequest, LoggerFactory } from '@kbn/core/server'; import { CoreKibanaRequest } from '@kbn/core/server'; import type { Logger } from '@kbn/logging'; +import type { AuditServiceSetup } from '@kbn/security-plugin-types-server'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { AuthenticationResult } from './authentication_result'; @@ -40,7 +41,6 @@ import { SESSION_ERROR_REASON_HEADER, } from '../../common/constants'; import { shouldProviderUseLoginForm } from '../../common/model'; -import type { AuditServiceSetup } from '../audit'; import { accessAgreementAcknowledgedEvent, userLoginEvent, userLogoutEvent } from '../audit'; import type { ConfigType } from '../config'; import { getErrorStatusCode } from '../errors'; diff --git a/x-pack/plugins/security/server/authentication/index.ts b/x-pack/plugins/security/server/authentication/index.ts index e207b316922dd..e3dabdae4d468 100644 --- a/x-pack/plugins/security/server/authentication/index.ts +++ b/x-pack/plugins/security/server/authentication/index.ts @@ -6,10 +6,7 @@ */ export { canRedirectRequest } from './can_redirect_request'; -export type { - AuthenticationServiceStart, - InternalAuthenticationServiceStart, -} from './authentication_service'; +export type { InternalAuthenticationServiceStart } from './authentication_service'; export { AuthenticationService } from './authentication_service'; export { AuthenticationResult } from './authentication_result'; export { DeauthenticationResult } from './deauthentication_result'; @@ -27,14 +24,3 @@ export { BasicHTTPAuthorizationHeaderCredentials, HTTPAuthorizationHeader, } from './http_authentication'; -export type { - CreateAPIKeyParams, - CreateAPIKeyResult, - CreateRestAPIKeyParams, - CreateRestAPIKeyWithKibanaPrivilegesParams, - CreateCrossClusterAPIKeyParams, - InvalidateAPIKeyResult, - InvalidateAPIKeysParams, - ValidateAPIKeyParams, - GrantAPIKeyResult, -} from './api_keys'; diff --git a/x-pack/plugins/security/server/authentication/providers/base.ts b/x-pack/plugins/security/server/authentication/providers/base.ts index ccf9ecba71f36..8d491a3446f1a 100644 --- a/x-pack/plugins/security/server/authentication/providers/base.ts +++ b/x-pack/plugins/security/server/authentication/providers/base.ts @@ -15,7 +15,7 @@ import type { import { deepFreeze } from '@kbn/std'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { AuthenticatedUser } from '../../../common/model'; +import type { AuthenticatedUser } from '../../../common'; import type { AuthenticationInfo } from '../../elasticsearch'; import { AuthenticationResult } from '../authentication_result'; import type { DeauthenticationResult } from '../deauthentication_result'; diff --git a/x-pack/plugins/security/server/authorization/actions/actions.ts b/x-pack/plugins/security/server/authorization/actions/actions.ts index 073b616c4d775..3b5109c08e3b9 100644 --- a/x-pack/plugins/security/server/authorization/actions/actions.ts +++ b/x-pack/plugins/security/server/authorization/actions/actions.ts @@ -5,6 +5,8 @@ * 2.0. */ +import type { Actions as ActionsType } from '@kbn/security-plugin-types-server'; + import { AlertingActions } from './alerting'; import { ApiActions } from './api'; import { AppActions } from './app'; @@ -17,7 +19,7 @@ import { UIActions } from './ui'; * application privileges, and are used to perform the authorization checks implemented * by the various `checkPrivilegesWithRequest` derivatives. */ -export class Actions { +export class Actions implements ActionsType { public readonly api: ApiActions; public readonly app: AppActions; public readonly cases: CasesActions; diff --git a/x-pack/plugins/security/server/authorization/actions/alerting.ts b/x-pack/plugins/security/server/authorization/actions/alerting.ts index 9e4b62338c6fe..c1de9a1c65d21 100644 --- a/x-pack/plugins/security/server/authorization/actions/alerting.ts +++ b/x-pack/plugins/security/server/authorization/actions/alerting.ts @@ -7,7 +7,9 @@ import { isString } from 'lodash'; -export class AlertingActions { +import type { AlertingActions as AlertingActionsType } from '@kbn/security-plugin-types-server'; + +export class AlertingActions implements AlertingActionsType { private readonly prefix: string; constructor() { diff --git a/x-pack/plugins/security/server/authorization/actions/api.ts b/x-pack/plugins/security/server/authorization/actions/api.ts index ac6f88dbff965..fec6296d8f63f 100644 --- a/x-pack/plugins/security/server/authorization/actions/api.ts +++ b/x-pack/plugins/security/server/authorization/actions/api.ts @@ -7,7 +7,9 @@ import { isString } from 'lodash'; -export class ApiActions { +import type { ApiActions as ApiActionsType } from '@kbn/security-plugin-types-server'; + +export class ApiActions implements ApiActionsType { private readonly prefix: string; constructor() { diff --git a/x-pack/plugins/security/server/authorization/actions/app.ts b/x-pack/plugins/security/server/authorization/actions/app.ts index c18b4f5952498..1aa31b1c1a552 100644 --- a/x-pack/plugins/security/server/authorization/actions/app.ts +++ b/x-pack/plugins/security/server/authorization/actions/app.ts @@ -7,7 +7,9 @@ import { isString } from 'lodash'; -export class AppActions { +import type { AppActions as AppActionsType } from '@kbn/security-plugin-types-server'; + +export class AppActions implements AppActionsType { private readonly prefix: string; constructor() { diff --git a/x-pack/plugins/security/server/authorization/actions/cases.ts b/x-pack/plugins/security/server/authorization/actions/cases.ts index ced07c03ebf85..8a0b22b92fc13 100644 --- a/x-pack/plugins/security/server/authorization/actions/cases.ts +++ b/x-pack/plugins/security/server/authorization/actions/cases.ts @@ -7,7 +7,9 @@ import { isString } from 'lodash'; -export class CasesActions { +import type { CasesActions as CasesActionsType } from '@kbn/security-plugin-types-server'; + +export class CasesActions implements CasesActionsType { private readonly prefix: string; constructor() { diff --git a/x-pack/plugins/security/server/authorization/actions/saved_object.ts b/x-pack/plugins/security/server/authorization/actions/saved_object.ts index 2f7f043d2a479..05eaa95c0e3ca 100644 --- a/x-pack/plugins/security/server/authorization/actions/saved_object.ts +++ b/x-pack/plugins/security/server/authorization/actions/saved_object.ts @@ -7,7 +7,9 @@ import { isString } from 'lodash'; -export class SavedObjectActions { +import type { SavedObjectActions as SavedObjectActionsType } from '@kbn/security-plugin-types-server'; + +export class SavedObjectActions implements SavedObjectActionsType { private readonly prefix: string; constructor() { diff --git a/x-pack/plugins/security/server/authorization/actions/space.ts b/x-pack/plugins/security/server/authorization/actions/space.ts index 6f5a60e05e02e..59cc4e41454ac 100644 --- a/x-pack/plugins/security/server/authorization/actions/space.ts +++ b/x-pack/plugins/security/server/authorization/actions/space.ts @@ -4,8 +4,9 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ +import type { SpaceActions as SpaceActionsType } from '@kbn/security-plugin-types-server'; -export class SpaceActions { +export class SpaceActions implements SpaceActionsType { private readonly prefix: string; constructor() { diff --git a/x-pack/plugins/security/server/authorization/actions/ui.ts b/x-pack/plugins/security/server/authorization/actions/ui.ts index 38af89d143c13..2c9986e1c8ce5 100644 --- a/x-pack/plugins/security/server/authorization/actions/ui.ts +++ b/x-pack/plugins/security/server/authorization/actions/ui.ts @@ -9,8 +9,9 @@ import { isString } from 'lodash'; import type { Capabilities as UICapabilities } from '@kbn/core/server'; import { uiCapabilitiesRegex } from '@kbn/features-plugin/server'; +import type { UIActions as UIActionsType } from '@kbn/security-plugin-types-server'; -export class UIActions { +export class UIActions implements UIActionsType { private readonly prefix: string; constructor() { diff --git a/x-pack/plugins/security/server/authorization/api_authorization.ts b/x-pack/plugins/security/server/authorization/api_authorization.ts index 2c1bc6a5523f3..6956a91d81265 100644 --- a/x-pack/plugins/security/server/authorization/api_authorization.ts +++ b/x-pack/plugins/security/server/authorization/api_authorization.ts @@ -6,8 +6,7 @@ */ import type { HttpServiceSetup, Logger } from '@kbn/core/server'; - -import type { AuthorizationServiceSetup } from './authorization_service'; +import type { AuthorizationServiceSetup } from '@kbn/security-plugin-types-server'; export function initAPIAuthorization( http: HttpServiceSetup, diff --git a/x-pack/plugins/security/server/authorization/app_authorization.ts b/x-pack/plugins/security/server/authorization/app_authorization.ts index 08630efc62241..d37d2ec2f37ad 100644 --- a/x-pack/plugins/security/server/authorization/app_authorization.ts +++ b/x-pack/plugins/security/server/authorization/app_authorization.ts @@ -7,8 +7,7 @@ import type { HttpServiceSetup, Logger } from '@kbn/core/server'; import type { PluginSetupContract as FeaturesPluginSetup } from '@kbn/features-plugin/server'; - -import type { AuthorizationServiceSetup } from './authorization_service'; +import type { AuthorizationServiceSetup } from '@kbn/security-plugin-types-server'; class ProtectedApplications { private applications: Set | null = null; diff --git a/x-pack/plugins/security/server/authorization/authorization_service.tsx b/x-pack/plugins/security/server/authorization/authorization_service.tsx index 10bee6309438f..16f2ed3b446e1 100644 --- a/x-pack/plugins/security/server/authorization/authorization_service.tsx +++ b/x-pack/plugins/security/server/authorization/authorization_service.tsx @@ -25,34 +25,35 @@ import type { PluginSetupContract as FeaturesPluginSetup, PluginStartContract as FeaturesPluginStart, } from '@kbn/features-plugin/server'; +import type { + AuthorizationMode, + AuthorizationServiceSetup, + CheckPrivilegesDynamicallyWithRequest, + CheckSavedObjectsPrivilegesWithRequest, + CheckUserProfilesPrivileges, +} from '@kbn/security-plugin-types-server'; import { Actions } from './actions'; import { initAPIAuthorization } from './api_authorization'; import { initAppAuthorization } from './app_authorization'; import { checkPrivilegesFactory } from './check_privileges'; -import type { CheckPrivilegesDynamicallyWithRequest } from './check_privileges_dynamically'; import { checkPrivilegesDynamicallyWithRequestFactory } from './check_privileges_dynamically'; -import type { CheckSavedObjectsPrivilegesWithRequest } from './check_saved_objects_privileges'; import { checkSavedObjectsPrivilegesWithRequestFactory } from './check_saved_objects_privileges'; import { disableUICapabilitiesFactory } from './disable_ui_capabilities'; -import type { AuthorizationMode } from './mode'; import { authorizationModeFactory } from './mode'; import type { PrivilegesService } from './privileges'; import { privilegesFactory } from './privileges'; import { registerPrivilegesWithCluster } from './register_privileges_with_cluster'; import { ResetSessionPage } from './reset_session_page'; -import type { CheckPrivilegesWithRequest, CheckUserProfilesPrivileges } from './types'; import { validateFeaturePrivileges } from './validate_feature_privileges'; import { validateReservedPrivileges } from './validate_reserved_privileges'; +import type { AuthenticatedUser, SecurityLicense } from '../../common'; import { APPLICATION_PREFIX } from '../../common/constants'; -import type { SecurityLicense } from '../../common/licensing'; -import type { AuthenticatedUser } from '../../common/model'; import { canRedirectRequest } from '../authentication'; import type { OnlineStatusRetryScheduler } from '../elasticsearch'; import type { SpacesService } from '../plugin'; export { Actions } from './actions'; -export type { CheckSavedObjectsPrivileges } from './check_saved_objects_privileges'; interface AuthorizationServiceSetupParams { packageVersion: string; @@ -88,22 +89,6 @@ export interface AuthorizationServiceSetupInternal extends AuthorizationServiceS privileges: PrivilegesService; } -/** - * Authorization services available on the setup contract of the security plugin. - */ -export interface AuthorizationServiceSetup { - /** - * Actions are used to create the "actions" that are associated with Elasticsearch's - * application privileges, and are used to perform the authorization checks implemented - * by the various `checkPrivilegesWithRequest` derivatives. - */ - actions: Actions; - checkPrivilegesWithRequest: CheckPrivilegesWithRequest; - checkPrivilegesDynamicallyWithRequest: CheckPrivilegesDynamicallyWithRequest; - checkSavedObjectsPrivilegesWithRequest: CheckSavedObjectsPrivilegesWithRequest; - mode: AuthorizationMode; -} - export class AuthorizationService { private logger!: Logger; private applicationName!: string; diff --git a/x-pack/plugins/security/server/authorization/check_privileges.test.ts b/x-pack/plugins/security/server/authorization/check_privileges.test.ts index e339645f76dfd..c4da8a95ae46f 100644 --- a/x-pack/plugins/security/server/authorization/check_privileges.test.ts +++ b/x-pack/plugins/security/server/authorization/check_privileges.test.ts @@ -8,10 +8,10 @@ import { uniq } from 'lodash'; import { elasticsearchServiceMock, httpServerMock } from '@kbn/core/server/mocks'; +import { GLOBAL_RESOURCE } from '@kbn/security-plugin-types-server'; +import type { HasPrivilegesResponse } from '@kbn/security-plugin-types-server'; import { checkPrivilegesFactory } from './check_privileges'; -import type { HasPrivilegesResponse } from './types'; -import { GLOBAL_RESOURCE } from '../../common/constants'; const application = 'kibana-our_application'; diff --git a/x-pack/plugins/security/server/authorization/check_privileges.ts b/x-pack/plugins/security/server/authorization/check_privileges.ts index abc0b791dd49a..310b79f362824 100644 --- a/x-pack/plugins/security/server/authorization/check_privileges.ts +++ b/x-pack/plugins/security/server/authorization/check_privileges.ts @@ -9,8 +9,6 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/types'; import { pick, transform, uniq } from 'lodash'; import type { IClusterClient, KibanaRequest } from '@kbn/core/server'; - -import { ResourceSerializer } from './resource_serializer'; import type { CheckPrivileges, CheckPrivilegesOptions, @@ -21,9 +19,11 @@ import type { CheckUserProfilesPrivilegesResponse, HasPrivilegesResponse, HasPrivilegesResponseApplication, -} from './types'; +} from '@kbn/security-plugin-types-server'; +import { GLOBAL_RESOURCE } from '@kbn/security-plugin-types-server'; + +import { ResourceSerializer } from './resource_serializer'; import { validateEsPrivilegeResponse } from './validate_es_response'; -import { GLOBAL_RESOURCE } from '../../common/constants'; interface CheckPrivilegesActions { login: string; diff --git a/x-pack/plugins/security/server/authorization/check_privileges_dynamically.test.ts b/x-pack/plugins/security/server/authorization/check_privileges_dynamically.test.ts index 2d506a70610d3..6b92f6cef748f 100644 --- a/x-pack/plugins/security/server/authorization/check_privileges_dynamically.test.ts +++ b/x-pack/plugins/security/server/authorization/check_privileges_dynamically.test.ts @@ -6,9 +6,9 @@ */ import { httpServerMock } from '@kbn/core/server/mocks'; +import type { CheckPrivilegesOptions } from '@kbn/security-plugin-types-server'; import { checkPrivilegesDynamicallyWithRequestFactory } from './check_privileges_dynamically'; -import type { CheckPrivilegesOptions } from './types'; test(`checkPrivileges.atSpace when spaces is enabled`, async () => { const expectedResult = Symbol(); diff --git a/x-pack/plugins/security/server/authorization/check_privileges_dynamically.ts b/x-pack/plugins/security/server/authorization/check_privileges_dynamically.ts index 22c2e53e9ab27..7e84dad2775ac 100644 --- a/x-pack/plugins/security/server/authorization/check_privileges_dynamically.ts +++ b/x-pack/plugins/security/server/authorization/check_privileges_dynamically.ts @@ -6,23 +6,14 @@ */ import type { KibanaRequest } from '@kbn/core/server'; - import type { + CheckPrivilegesDynamicallyWithRequest, CheckPrivilegesOptions, CheckPrivilegesPayload, - CheckPrivilegesResponse, CheckPrivilegesWithRequest, -} from './types'; -import type { SpacesService } from '../plugin'; +} from '@kbn/security-plugin-types-server'; -export type CheckPrivilegesDynamically = ( - privileges: CheckPrivilegesPayload, - options?: CheckPrivilegesOptions -) => Promise; - -export type CheckPrivilegesDynamicallyWithRequest = ( - request: KibanaRequest -) => CheckPrivilegesDynamically; +import type { SpacesService } from '../plugin'; export function checkPrivilegesDynamicallyWithRequestFactory( checkPrivilegesWithRequest: CheckPrivilegesWithRequest, diff --git a/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.test.ts b/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.test.ts index 0afcd4118ab8b..3072df7d269ec 100644 --- a/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.test.ts +++ b/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.test.ts @@ -6,9 +6,12 @@ */ import { httpServerMock } from '@kbn/core/server/mocks'; +import type { + CheckPrivileges, + CheckPrivilegesWithRequest, +} from '@kbn/security-plugin-types-server'; import { checkSavedObjectsPrivilegesWithRequestFactory } from './check_saved_objects_privileges'; -import type { CheckPrivileges, CheckPrivilegesWithRequest } from './types'; import type { SpacesService } from '../plugin'; let mockCheckPrivileges: jest.Mocked; diff --git a/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.ts b/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.ts index 0afa29fab3c58..2e27197d6c952 100644 --- a/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.ts +++ b/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.ts @@ -6,20 +6,15 @@ */ import type { KibanaRequest } from '@kbn/core/server'; +import type { + CheckPrivilegesWithRequest, + CheckSavedObjectsPrivileges, + CheckSavedObjectsPrivilegesWithRequest, +} from '@kbn/security-plugin-types-server'; -import type { CheckPrivilegesResponse, CheckPrivilegesWithRequest } from './types'; import { ALL_SPACES_ID } from '../../common/constants'; import type { SpacesService } from '../plugin'; -export type CheckSavedObjectsPrivilegesWithRequest = ( - request: KibanaRequest -) => CheckSavedObjectsPrivileges; - -export type CheckSavedObjectsPrivileges = ( - actions: string | string[], - namespaceOrNamespaces?: string | Array -) => Promise; - function uniq(arr: T[]): T[] { return Array.from(new Set(arr)); } diff --git a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts index 8f56ba95883b5..3d784f6c1cf3f 100644 --- a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts +++ b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts @@ -7,12 +7,12 @@ import { httpServerMock, loggingSystemMock } from '@kbn/core/server/mocks'; import { ElasticsearchFeature, KibanaFeature } from '@kbn/features-plugin/server'; +import type { CheckPrivilegesResponse } from '@kbn/security-plugin-types-server'; import { Actions } from './actions'; import { disableUICapabilitiesFactory } from './disable_ui_capabilities'; import { authorizationMock } from './index.mock'; -import type { CheckPrivilegesResponse } from './types'; -import type { AuthenticatedUser } from '../../common/model'; +import type { AuthenticatedUser } from '../../common'; type MockAuthzOptions = | { rejectCheckPrivileges: any } diff --git a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts index 7283b955e906c..cf2429a1d657d 100644 --- a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts +++ b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.ts @@ -14,11 +14,13 @@ import type { FeatureElasticsearchPrivileges, KibanaFeature, } from '@kbn/features-plugin/server'; +import type { + AuthorizationServiceSetup, + CheckPrivilegesResponse, +} from '@kbn/security-plugin-types-server'; import type { RecursiveReadonly, RecursiveReadonlyArray } from '@kbn/utility-types'; -import type { AuthorizationServiceSetup } from './authorization_service'; -import type { CheckPrivilegesResponse } from './types'; -import type { AuthenticatedUser } from '../../common/model'; +import type { AuthenticatedUser } from '../../common'; export function disableUICapabilitiesFactory( request: KibanaRequest, diff --git a/x-pack/plugins/security/server/authorization/index.mock.ts b/x-pack/plugins/security/server/authorization/index.mock.ts index f66104818ae8f..04c389f24fcad 100644 --- a/x-pack/plugins/security/server/authorization/index.mock.ts +++ b/x-pack/plugins/security/server/authorization/index.mock.ts @@ -5,8 +5,9 @@ * 2.0. */ +import type { AuthorizationMode } from '@kbn/security-plugin-types-server'; + import { actionsMock } from './actions/actions.mock'; -import type { AuthorizationMode } from './mode'; export const authorizationMock = { create: ({ diff --git a/x-pack/plugins/security/server/authorization/index.ts b/x-pack/plugins/security/server/authorization/index.ts index 9e701e866767b..2a93aeb070011 100644 --- a/x-pack/plugins/security/server/authorization/index.ts +++ b/x-pack/plugins/security/server/authorization/index.ts @@ -6,13 +6,8 @@ */ export { Actions } from './actions'; -export type { - AuthorizationServiceSetup, - AuthorizationServiceSetupInternal, -} from './authorization_service'; +export type { AuthorizationServiceSetupInternal } from './authorization_service'; export { AuthorizationService } from './authorization_service'; -export type { CheckSavedObjectsPrivileges } from './check_saved_objects_privileges'; -export type { CheckPrivilegesPayload } from './types'; export type { ElasticsearchRole } from './roles'; export { transformElasticsearchRoleToRole } from './roles'; export type { CasesSupportedOperations } from './privileges'; diff --git a/x-pack/plugins/security/server/authorization/mode.test.ts b/x-pack/plugins/security/server/authorization/mode.test.ts index 2df3d9ab6b5b2..f44d023be8737 100644 --- a/x-pack/plugins/security/server/authorization/mode.test.ts +++ b/x-pack/plugins/security/server/authorization/mode.test.ts @@ -8,9 +8,8 @@ import { httpServerMock } from '@kbn/core/server/mocks'; import { authorizationModeFactory } from './mode'; -import type { SecurityLicense } from '../../common/licensing'; +import type { SecurityLicense, SecurityLicenseFeatures } from '../../common'; import { licenseMock } from '../../common/licensing/index.mock'; -import type { SecurityLicenseFeatures } from '../../common/licensing/license_features'; describe(`#useRbacForRequest`, () => { let mockLicense: jest.Mocked; diff --git a/x-pack/plugins/security/server/authorization/mode.ts b/x-pack/plugins/security/server/authorization/mode.ts index d40d7fba3ca88..722ecd02875e0 100644 --- a/x-pack/plugins/security/server/authorization/mode.ts +++ b/x-pack/plugins/security/server/authorization/mode.ts @@ -7,11 +7,7 @@ import type { KibanaRequest } from '@kbn/core/server'; -import type { SecurityLicense } from '../../common/licensing'; - -export interface AuthorizationMode { - useRbacForRequest(request: KibanaRequest): boolean; -} +import type { SecurityLicense } from '../../common'; export function authorizationModeFactory(license: SecurityLicense) { const useRbacForRequestCache = new WeakMap(); diff --git a/x-pack/plugins/security/server/authorization/privileges/privileges.ts b/x-pack/plugins/security/server/authorization/privileges/privileges.ts index e3e151052f056..51c61962c946f 100644 --- a/x-pack/plugins/security/server/authorization/privileges/privileges.ts +++ b/x-pack/plugins/security/server/authorization/privileges/privileges.ts @@ -13,7 +13,7 @@ import type { } from '@kbn/features-plugin/server'; import { featurePrivilegeBuilderFactory } from './feature_privilege_builder'; -import type { SecurityLicense } from '../../../common/licensing'; +import type { SecurityLicense } from '../../../common'; import type { RawKibanaPrivileges } from '../../../common/model'; import type { Actions } from '../actions'; diff --git a/x-pack/plugins/security/server/authorization/roles/elasticsearch_role.ts b/x-pack/plugins/security/server/authorization/roles/elasticsearch_role.ts index 2febad56d7016..6a46072712dfc 100644 --- a/x-pack/plugins/security/server/authorization/roles/elasticsearch_role.ts +++ b/x-pack/plugins/security/server/authorization/roles/elasticsearch_role.ts @@ -7,12 +7,10 @@ import type { Logger } from '@kbn/core/server'; import type { KibanaFeature } from '@kbn/features-plugin/common'; +import { GLOBAL_RESOURCE } from '@kbn/security-plugin-types-server'; -import { - GLOBAL_RESOURCE, - RESERVED_PRIVILEGES_APPLICATION_WILDCARD, -} from '../../../common/constants'; -import type { Role, RoleKibanaPrivilege } from '../../../common/model'; +import type { Role, RoleKibanaPrivilege } from '../../../common'; +import { RESERVED_PRIVILEGES_APPLICATION_WILDCARD } from '../../../common/constants'; import { getDetailedErrorMessage } from '../../errors'; import { PrivilegeSerializer } from '../privilege_serializer'; import { ResourceSerializer } from '../resource_serializer'; diff --git a/x-pack/plugins/security/server/authorization/validate_es_response.ts b/x-pack/plugins/security/server/authorization/validate_es_response.ts index 52b1777269f35..3eff39aedf14f 100644 --- a/x-pack/plugins/security/server/authorization/validate_es_response.ts +++ b/x-pack/plugins/security/server/authorization/validate_es_response.ts @@ -6,8 +6,7 @@ */ import { schema } from '@kbn/config-schema'; - -import type { HasPrivilegesResponse } from './types'; +import type { HasPrivilegesResponse } from '@kbn/security-plugin-types-server'; const baseResponseSchema = schema.object({ username: schema.string(), diff --git a/x-pack/plugins/security/server/config.ts b/x-pack/plugins/security/server/config.ts index a5483b4e70ba2..68e1c7c2a0964 100644 --- a/x-pack/plugins/security/server/config.ts +++ b/x-pack/plugins/security/server/config.ts @@ -16,7 +16,7 @@ import { config as coreConfig } from '@kbn/core/server'; import { i18n } from '@kbn/i18n'; import { getLogsPath } from '@kbn/utils'; -import type { AuthenticationProvider } from '../common/model'; +import type { AuthenticationProvider } from '../common'; export type ConfigType = ReturnType; type RawConfigType = TypeOf; diff --git a/x-pack/plugins/security/server/deprecations/privilege_deprecations.ts b/x-pack/plugins/security/server/deprecations/privilege_deprecations.ts index c85f6b239d328..8075c258f323f 100644 --- a/x-pack/plugins/security/server/deprecations/privilege_deprecations.ts +++ b/x-pack/plugins/security/server/deprecations/privilege_deprecations.ts @@ -8,12 +8,12 @@ import type { Logger } from '@kbn/core/server'; import type { KibanaFeature } from '@kbn/features-plugin/common'; import { i18n } from '@kbn/i18n'; - -import type { SecurityLicense } from '../../common/licensing'; import type { PrivilegeDeprecationsRolesByFeatureIdRequest, PrivilegeDeprecationsRolesByFeatureIdResponse, -} from '../../common/model'; +} from '@kbn/security-plugin-types-server'; + +import type { SecurityLicense } from '../../common'; import { transformElasticsearchRoleToRole } from '../authorization'; import type { AuthorizationServiceSetupInternal } from '../authorization'; import { getDetailedErrorMessage, getErrorStatusCode } from '../errors'; diff --git a/x-pack/plugins/security/server/elasticsearch/elasticsearch_service.test.ts b/x-pack/plugins/security/server/elasticsearch/elasticsearch_service.test.ts index 1d9985fbc8650..1dd56fdffec8b 100644 --- a/x-pack/plugins/security/server/elasticsearch/elasticsearch_service.test.ts +++ b/x-pack/plugins/security/server/elasticsearch/elasticsearch_service.test.ts @@ -13,7 +13,7 @@ import { coreMock, loggingSystemMock } from '@kbn/core/server/mocks'; import { nextTick } from '@kbn/test-jest-helpers'; import { ElasticsearchService } from './elasticsearch_service'; -import type { SecurityLicense, SecurityLicenseFeatures } from '../../common/licensing'; +import type { SecurityLicense, SecurityLicenseFeatures } from '../../common'; import { licenseMock } from '../../common/licensing/index.mock'; describe('ElasticsearchService', () => { diff --git a/x-pack/plugins/security/server/elasticsearch/elasticsearch_service.ts b/x-pack/plugins/security/server/elasticsearch/elasticsearch_service.ts index 88fe5caf2cac3..2bc8a643275c1 100644 --- a/x-pack/plugins/security/server/elasticsearch/elasticsearch_service.ts +++ b/x-pack/plugins/security/server/elasticsearch/elasticsearch_service.ts @@ -12,7 +12,7 @@ import { distinctUntilChanged, filter, map, shareReplay, tap } from 'rxjs/operat import type { Logger, StatusServiceSetup } from '@kbn/core/server'; import { ServiceStatusLevels } from '@kbn/core/server'; -import type { SecurityLicense } from '../../common/licensing'; +import type { SecurityLicense } from '../../common'; export interface ElasticsearchServiceSetupParams { readonly status: StatusServiceSetup; diff --git a/x-pack/plugins/security/server/elasticsearch/index.ts b/x-pack/plugins/security/server/elasticsearch/index.ts index 239802028b122..d955587ef0738 100644 --- a/x-pack/plugins/security/server/elasticsearch/index.ts +++ b/x-pack/plugins/security/server/elasticsearch/index.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { AuthenticatedUser } from '../../common/model'; +import type { AuthenticatedUser } from '../../common'; export type AuthenticationInfo = Omit< AuthenticatedUser, diff --git a/x-pack/plugins/security/server/index.ts b/x-pack/plugins/security/server/index.ts index 3d5cd022b4c96..d941532aa815f 100644 --- a/x-pack/plugins/security/server/index.ts +++ b/x-pack/plugins/security/server/index.ts @@ -11,41 +11,73 @@ import type { PluginInitializer, PluginInitializerContext, } from '@kbn/core/server'; +import type { SecurityPluginStart } from '@kbn/security-plugin-types-server'; import type { RecursiveReadonly } from '@kbn/utility-types'; import { ConfigSchema } from './config'; import { securityConfigDeprecationProvider } from './config_deprecations'; -import type { PluginSetupDependencies, SecurityPluginSetup, SecurityPluginStart } from './plugin'; +import type { PluginSetupDependencies, SecurityPluginSetup } from './plugin'; // These exports are part of public Security plugin contract, any change in signature of exported // functions or removal of exports should be considered as a breaking change. +export { HTTPAuthorizationHeader } from './authentication'; +export type { CasesSupportedOperations } from './authorization'; +export type { SecurityPluginSetup, SecurityPluginStart }; +export type { AuthenticatedUser } from '../common'; +export { ROUTE_TAG_CAN_REDIRECT } from './routes/tags'; + +// Re-export types from the plugin directly to enhance the developer experience for consumers of the Security plugin. export type { - CreateAPIKeyParams, + AuditEvent, + AuditHttp, + AuditKibana, + AuditRequest, + AuditLogger, + AuditServiceSetup, + APIKeys, + AuthenticationServiceStart, + InvalidateAPIKeyResult, + GrantAPIKeyResult, + ValidateAPIKeyParams, CreateAPIKeyResult, + InvalidateAPIKeysParams, + CreateAPIKeyParams, CreateRestAPIKeyParams, CreateRestAPIKeyWithKibanaPrivilegesParams, CreateCrossClusterAPIKeyParams, - InvalidateAPIKeysParams, - InvalidateAPIKeyResult, - GrantAPIKeyResult, - ValidateAPIKeyParams, - AuthenticationServiceStart, -} from './authentication'; -export { HTTPAuthorizationHeader } from './authentication'; -export type { CheckPrivilegesPayload, CasesSupportedOperations } from './authorization'; -export type AuthorizationServiceSetup = SecurityPluginStart['authz']; -export type { AuditLogger, AuditEvent, AuditHttp, AuditKibana, AuditRequest } from './audit'; -export type { SecurityPluginSetup, SecurityPluginStart }; -export type { AuthenticatedUser } from '../common/model'; -export { ROUTE_TAG_CAN_REDIRECT } from './routes/tags'; -export type { AuditServiceSetup } from './audit'; -export type { - UserProfileServiceStart, + Actions, + AlertingActions, + ApiActions, + AppActions, + CasesActions, + SavedObjectActions, + SpaceActions, + UIActions, + AuthorizationServiceSetup, + CheckPrivileges, + CheckPrivilegesPayload, + CheckUserProfilesPrivileges, + CheckPrivilegesDynamically, + CheckPrivilegesDynamicallyWithRequest, + CheckUserProfilesPrivilegesResponse, + CheckUserProfilesPrivilegesPayload, + CheckPrivilegesOptions, + CheckPrivilegesResponse, + CheckPrivilegesWithRequest, + CheckSavedObjectsPrivileges, + CheckSavedObjectsPrivilegesWithRequest, + ElasticsearchPrivilegesType, + KibanaPrivilegesType, + AuthorizationMode, + PrivilegeDeprecationsRolesByFeatureIdResponse, + PrivilegeDeprecationsService, + PrivilegeDeprecationsRolesByFeatureIdRequest, UserProfileBulkGetParams, UserProfileSuggestParams, UserProfileRequiredPrivileges, UserProfileGetCurrentParams, -} from './user_profile'; + UserProfileServiceStart, +} from '@kbn/security-plugin-types-server'; export const config: PluginConfigDescriptor> = { schema: ConfigSchema, diff --git a/x-pack/plugins/security/server/lib/index.ts b/x-pack/plugins/security/server/lib/index.ts index 715eeb0955daa..496f60fdb098c 100644 --- a/x-pack/plugins/security/server/lib/index.ts +++ b/x-pack/plugins/security/server/lib/index.ts @@ -5,8 +5,6 @@ * 2.0. */ -export type { ElasticsearchPrivilegesType, KibanaPrivilegesType } from './role_schema'; -export { elasticsearchRoleSchema, getKibanaRoleSchema } from './role_schema'; export { validateKibanaPrivileges, transformPrivilegesToElasticsearchPrivileges, diff --git a/x-pack/plugins/security/server/lib/role_utils.ts b/x-pack/plugins/security/server/lib/role_utils.ts index ff7a690293443..1df5254a38df0 100644 --- a/x-pack/plugins/security/server/lib/role_utils.ts +++ b/x-pack/plugins/security/server/lib/role_utils.ts @@ -6,9 +6,10 @@ */ import type { KibanaFeature } from '@kbn/features-plugin/server'; +import type { KibanaPrivilegesType } from '@kbn/security-plugin-types-server'; +import { GLOBAL_RESOURCE } from '@kbn/security-plugin-types-server'; -import type { KibanaPrivilegesType } from './role_schema'; -import { ALL_SPACES_ID, GLOBAL_RESOURCE } from '../../common/constants'; +import { ALL_SPACES_ID } from '../../common/constants'; import { PrivilegeSerializer } from '../authorization/privilege_serializer'; import { ResourceSerializer } from '../authorization/resource_serializer'; diff --git a/x-pack/plugins/security/server/plugin.ts b/x-pack/plugins/security/server/plugin.ts index 341ab79e97e5b..adfed1bad88e9 100644 --- a/x-pack/plugins/security/server/plugin.ts +++ b/x-pack/plugins/security/server/plugin.ts @@ -23,6 +23,12 @@ import type { PluginStartContract as FeaturesPluginStart, } from '@kbn/features-plugin/server'; import type { LicensingPluginSetup, LicensingPluginStart } from '@kbn/licensing-plugin/server'; +import type { + AuditServiceSetup, + AuthorizationServiceSetup, + SecurityPluginSetup as SecurityPluginSetupWithoutDeprecatedMembers, + SecurityPluginStart, +} from '@kbn/security-plugin-types-server'; import type { SpacesPluginSetup, SpacesPluginStart } from '@kbn/spaces-plugin/server'; import type { TaskManagerSetupContract, @@ -33,14 +39,10 @@ import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server'; import { AnalyticsService } from './analytics'; import type { AnonymousAccessServiceStart } from './anonymous_access'; import { AnonymousAccessService } from './anonymous_access'; -import type { AuditServiceSetup } from './audit'; import { AuditService } from './audit'; -import type { - AuthenticationServiceStart, - InternalAuthenticationServiceStart, -} from './authentication'; +import type { InternalAuthenticationServiceStart } from './authentication'; import { AuthenticationService } from './authentication'; -import type { AuthorizationServiceSetup, AuthorizationServiceSetupInternal } from './authorization'; +import type { AuthorizationServiceSetupInternal } from './authorization'; import { AuthorizationService } from './authorization'; import type { ConfigSchema, ConfigType } from './config'; import { createConfig } from './config'; @@ -56,11 +58,11 @@ import { SessionManagementService } from './session_management'; import { setupSpacesClient } from './spaces'; import { registerSecurityUsageCollector } from './usage_collector'; import { UserProfileService } from './user_profile'; -import type { UserProfileServiceStart, UserProfileServiceStartInternal } from './user_profile'; +import type { UserProfileServiceStartInternal } from './user_profile'; import { UserProfileSettingsClient } from './user_profile/user_profile_settings_client'; import type { UserSettingServiceStart } from './user_profile/user_setting_service'; import { UserSettingService } from './user_profile/user_setting_service'; -import type { AuthenticatedUser, PrivilegeDeprecationsService, SecurityLicense } from '../common'; +import type { AuthenticatedUser, SecurityLicense } from '../common'; import { SecurityLicenseService } from '../common/licensing'; export type SpacesService = Pick< @@ -71,7 +73,7 @@ export type SpacesService = Pick< /** * Describes public Security plugin contract returned at the `setup` stage. */ -export interface SecurityPluginSetup { +export interface SecurityPluginSetup extends SecurityPluginSetupWithoutDeprecatedMembers { /** * @deprecated Use `authc` methods from the `SecurityServiceStart` contract instead. */ @@ -80,36 +82,6 @@ export interface SecurityPluginSetup { * @deprecated Use `authz` methods from the `SecurityServiceStart` contract instead. */ authz: AuthorizationServiceSetup; - /** - * Exposes information about the available security features under the current license. - */ - license: SecurityLicense; - /** - * Exposes services for audit logging. - */ - audit: AuditServiceSetup; - /** - * Exposes services to access kibana roles per feature id with the GetDeprecationsContext - */ - privilegeDeprecationsService: PrivilegeDeprecationsService; -} - -/** - * Describes public Security plugin contract returned at the `start` stage. - */ -export interface SecurityPluginStart { - /** - * Authentication services to confirm the user is who they say they are. - */ - authc: AuthenticationServiceStart; - /** - * Authorization services to manage and access the permissions a particular user has. - */ - authz: AuthorizationServiceSetup; - /** - * User profiles services to retrieve user profiles. - */ - userProfiles: UserProfileServiceStart; } export interface PluginSetupDependencies { diff --git a/x-pack/plugins/security/server/routes/api_keys/create.ts b/x-pack/plugins/security/server/routes/api_keys/create.ts index ee69a80efa103..59d743e3726aa 100644 --- a/x-pack/plugins/security/server/routes/api_keys/create.ts +++ b/x-pack/plugins/security/server/routes/api_keys/create.ts @@ -5,84 +5,18 @@ * 2.0. */ -import type { estypes } from '@elastic/elasticsearch'; - import { schema } from '@kbn/config-schema'; -import type { TypeOf } from '@kbn/config-schema'; +import { + crossClusterApiKeySchema, + getRestApiKeyWithKibanaPrivilegesSchema, + restApiKeySchema, +} from '@kbn/security-plugin-types-server'; import type { RouteDefinitionParams } from '..'; import { CreateApiKeyValidationError } from '../../authentication/api_keys'; import { wrapIntoCustomErrorResponse } from '../../errors'; -import { elasticsearchRoleSchema, getKibanaRoleSchema } from '../../lib'; import { createLicensedRouteHandler } from '../licensed_route_handler'; -/** - * Response of Kibana Create API key endpoint. - */ -export type CreateAPIKeyResult = estypes.SecurityCreateApiKeyResponse; - -/** - * Request body of Kibana Create API key endpoint. - */ -export type CreateAPIKeyParams = - | CreateRestAPIKeyParams - | CreateRestAPIKeyWithKibanaPrivilegesParams - | CreateCrossClusterAPIKeyParams; - -export type CreateRestAPIKeyParams = TypeOf; -export type CreateRestAPIKeyWithKibanaPrivilegesParams = TypeOf< - ReturnType ->; -export type CreateCrossClusterAPIKeyParams = TypeOf; - -export const restApiKeySchema = schema.object({ - type: schema.maybe(schema.literal('rest')), - name: schema.string(), - expiration: schema.maybe(schema.string()), - role_descriptors: schema.recordOf(schema.string(), schema.object({}, { unknowns: 'allow' }), { - defaultValue: {}, - }), - metadata: schema.maybe(schema.object({}, { unknowns: 'allow' })), -}); - -export const getRestApiKeyWithKibanaPrivilegesSchema = ( - getBasePrivilegeNames: Parameters[0] -) => - restApiKeySchema.extends({ - role_descriptors: null, - kibana_role_descriptors: schema.recordOf( - schema.string(), - schema.object({ - elasticsearch: elasticsearchRoleSchema.extends({}, { unknowns: 'allow' }), - kibana: getKibanaRoleSchema(getBasePrivilegeNames), - }) - ), - }); - -export const crossClusterApiKeySchema = restApiKeySchema.extends({ - type: schema.literal('cross_cluster'), - role_descriptors: null, - access: schema.object( - { - search: schema.maybe( - schema.arrayOf( - schema.object({ - names: schema.arrayOf(schema.string()), - }) - ) - ), - replication: schema.maybe( - schema.arrayOf( - schema.object({ - names: schema.arrayOf(schema.string()), - }) - ) - ), - }, - { unknowns: 'allow' } - ), -}); - export function defineCreateApiKeyRoutes({ router, authz, diff --git a/x-pack/plugins/security/server/routes/api_keys/index.ts b/x-pack/plugins/security/server/routes/api_keys/index.ts index 9f086afcfd248..9855d94923c33 100644 --- a/x-pack/plugins/security/server/routes/api_keys/index.ts +++ b/x-pack/plugins/security/server/routes/api_keys/index.ts @@ -12,13 +12,6 @@ import { defineInvalidateApiKeysRoutes } from './invalidate'; import { defineUpdateApiKeyRoutes } from './update'; import type { RouteDefinitionParams } from '..'; -export type { - CreateAPIKeyParams, - CreateAPIKeyResult, - CreateRestAPIKeyParams, - CreateCrossClusterAPIKeyParams, - CreateRestAPIKeyWithKibanaPrivilegesParams, -} from './create'; export type { UpdateAPIKeyParams, UpdateAPIKeyResult, diff --git a/x-pack/plugins/security/server/routes/api_keys/update.ts b/x-pack/plugins/security/server/routes/api_keys/update.ts index 0a05ffe048205..ef999820c6cae 100644 --- a/x-pack/plugins/security/server/routes/api_keys/update.ts +++ b/x-pack/plugins/security/server/routes/api_keys/update.ts @@ -9,11 +9,11 @@ import type { estypes } from '@elastic/elasticsearch'; import { schema } from '@kbn/config-schema'; import type { TypeOf } from '@kbn/config-schema'; +import { elasticsearchRoleSchema, getKibanaRoleSchema } from '@kbn/security-plugin-types-server'; import type { RouteDefinitionParams } from '..'; import { UpdateApiKeyValidationError } from '../../authentication/api_keys/api_keys'; import { wrapIntoCustomErrorResponse } from '../../errors'; -import { elasticsearchRoleSchema, getKibanaRoleSchema } from '../../lib'; import { createLicensedRouteHandler } from '../licensed_route_handler'; /** diff --git a/x-pack/plugins/security/server/routes/authentication/common.test.ts b/x-pack/plugins/security/server/routes/authentication/common.test.ts index 44b56b73b220d..6abf1b445b98a 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.test.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.test.ts @@ -12,7 +12,7 @@ import { httpServerMock } from '@kbn/core/server/mocks'; import type { DeeplyMockedKeys } from '@kbn/utility-types-jest'; import { defineCommonRoutes } from './common'; -import type { SecurityLicense, SecurityLicenseFeatures } from '../../../common/licensing'; +import type { SecurityLicense, SecurityLicenseFeatures } from '../../../common'; import { mockAuthenticatedUser } from '../../../common/model/authenticated_user.mock'; import type { InternalAuthenticationServiceStart } from '../../authentication'; import { diff --git a/x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts b/x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts index 5c8a07d15000d..6bd8e5a4ec70a 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts @@ -7,13 +7,10 @@ import type { TypeOf } from '@kbn/config-schema'; import { schema } from '@kbn/config-schema'; +import { elasticsearchRoleSchema, getKibanaRoleSchema } from '@kbn/security-plugin-types-server'; import type { ElasticsearchRole } from '../../../../authorization'; -import { - elasticsearchRoleSchema, - getKibanaRoleSchema, - transformPrivilegesToElasticsearchPrivileges, -} from '../../../../lib'; +import { transformPrivilegesToElasticsearchPrivileges } from '../../../../lib'; export const transformPutPayloadToElasticsearchRole = ( rolePayload: RolePayloadSchemaType, diff --git a/x-pack/plugins/security/server/routes/authorization/roles/put.test.ts b/x-pack/plugins/security/server/routes/authorization/roles/put.test.ts index 77e3bd51b5e80..18a07bce0a23e 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/put.test.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/put.test.ts @@ -10,9 +10,9 @@ import { kibanaResponseFactory } from '@kbn/core/server'; import { coreMock, httpServerMock } from '@kbn/core/server/mocks'; import { KibanaFeature } from '@kbn/features-plugin/server'; import type { LicenseCheck } from '@kbn/licensing-plugin/server'; +import { GLOBAL_RESOURCE } from '@kbn/security-plugin-types-server'; import { definePutRolesRoutes } from './put'; -import { GLOBAL_RESOURCE } from '../../../../common/constants'; import { securityFeatureUsageServiceMock } from '../../../feature_usage/index.mock'; import { routeDefinitionParamsMock } from '../../index.mock'; diff --git a/x-pack/plugins/security/server/routes/authorization/spaces/share_saved_object_permissions.test.ts b/x-pack/plugins/security/server/routes/authorization/spaces/share_saved_object_permissions.test.ts index 8329be6a91862..c518030a76f1c 100644 --- a/x-pack/plugins/security/server/routes/authorization/spaces/share_saved_object_permissions.test.ts +++ b/x-pack/plugins/security/server/routes/authorization/spaces/share_saved_object_permissions.test.ts @@ -8,11 +8,11 @@ import type { RequestHandler, RouteConfig } from '@kbn/core/server'; import { kibanaResponseFactory } from '@kbn/core/server'; import { httpServerMock } from '@kbn/core/server/mocks'; +import type { CheckPrivileges } from '@kbn/security-plugin-types-server'; import type { DeeplyMockedKeys } from '@kbn/utility-types-jest'; import { defineShareSavedObjectPermissionRoutes } from './share_saved_object_permissions'; import type { RouteDefinitionParams } from '../..'; -import type { CheckPrivileges } from '../../../authorization/types'; import type { SecurityRequestHandlerContext, SecurityRouter } from '../../../types'; import { routeDefinitionParamsMock } from '../../index.mock'; diff --git a/x-pack/plugins/security/server/routes/security_checkup/get_state.test.ts b/x-pack/plugins/security/server/routes/security_checkup/get_state.test.ts index c40f0b92b54a2..3a7f89589c846 100644 --- a/x-pack/plugins/security/server/routes/security_checkup/get_state.test.ts +++ b/x-pack/plugins/security/server/routes/security_checkup/get_state.test.ts @@ -15,7 +15,7 @@ import { kibanaResponseFactory } from '@kbn/core/server'; import { httpServerMock } from '@kbn/core/server/mocks'; import { defineSecurityCheckupGetStateRoutes } from './get_state'; -import type { SecurityLicenseFeatures } from '../../../common/licensing'; +import type { SecurityLicenseFeatures } from '../../../common'; import { licenseMock } from '../../../common/licensing/index.mock'; import { routeDefinitionParamsMock, securityRequestHandlerContextMock } from '../index.mock'; diff --git a/x-pack/plugins/security/server/routes/views/access_agreement.test.ts b/x-pack/plugins/security/server/routes/views/access_agreement.test.ts index 6190f03e6ed78..ef588ae1cfcfc 100644 --- a/x-pack/plugins/security/server/routes/views/access_agreement.test.ts +++ b/x-pack/plugins/security/server/routes/views/access_agreement.test.ts @@ -16,8 +16,11 @@ import { httpResourcesMock, httpServerMock } from '@kbn/core/server/mocks'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { defineAccessAgreementRoutes } from './access_agreement'; -import type { SecurityLicense, SecurityLicenseFeatures } from '../../../common/licensing'; -import type { AuthenticationProvider } from '../../../common/model'; +import type { + AuthenticationProvider, + SecurityLicense, + SecurityLicenseFeatures, +} from '../../../common'; import type { ConfigType } from '../../config'; import type { Session } from '../../session_management'; import { sessionMock } from '../../session_management/session.mock'; diff --git a/x-pack/plugins/security/server/routes/views/login.test.ts b/x-pack/plugins/security/server/routes/views/login.test.ts index b73b048d9f4d3..086c0c785e6bc 100644 --- a/x-pack/plugins/security/server/routes/views/login.test.ts +++ b/x-pack/plugins/security/server/routes/views/login.test.ts @@ -18,7 +18,7 @@ import { kibanaResponseFactory } from '@kbn/core/server'; import { coreMock, httpResourcesMock, httpServerMock } from '@kbn/core/server/mocks'; import { defineLoginRoutes } from './login'; -import type { SecurityLicense } from '../../../common/licensing'; +import type { SecurityLicense } from '../../../common'; import type { LoginSelectorProvider } from '../../../common/login_state'; import type { ConfigType } from '../../config'; import type { SecurityRequestHandlerContext, SecurityRouter } from '../../types'; diff --git a/x-pack/plugins/security/server/saved_objects/ensure_authorized.test.ts b/x-pack/plugins/security/server/saved_objects/ensure_authorized.test.ts index 2c7799eae5261..22c219a5668ab 100644 --- a/x-pack/plugins/security/server/saved_objects/ensure_authorized.test.ts +++ b/x-pack/plugins/security/server/saved_objects/ensure_authorized.test.ts @@ -6,6 +6,10 @@ */ import type { SavedObjectsErrorHelpers } from '@kbn/core/server'; +import type { + CheckPrivilegesResponse, + CheckSavedObjectsPrivileges, +} from '@kbn/security-plugin-types-server'; import type { EnsureAuthorizedResult } from './ensure_authorized'; import { @@ -13,9 +17,7 @@ import { getEnsureAuthorizedActionResult, isAuthorizedForObjectInAllSpaces, } from './ensure_authorized'; -import type { CheckSavedObjectsPrivileges } from '../authorization'; import { Actions } from '../authorization'; -import type { CheckPrivilegesResponse } from '../authorization/types'; describe('ensureAuthorized', () => { function setupDependencies() { diff --git a/x-pack/plugins/security/server/saved_objects/ensure_authorized.ts b/x-pack/plugins/security/server/saved_objects/ensure_authorized.ts index 79e15be650773..950cba3f103ad 100644 --- a/x-pack/plugins/security/server/saved_objects/ensure_authorized.ts +++ b/x-pack/plugins/security/server/saved_objects/ensure_authorized.ts @@ -6,9 +6,11 @@ */ import type { SavedObjectsErrorHelpers } from '@kbn/core/server'; - -import type { Actions, CheckSavedObjectsPrivileges } from '../authorization'; -import type { CheckPrivilegesResponse } from '../authorization/types'; +import type { + Actions, + CheckPrivilegesResponse, + CheckSavedObjectsPrivileges, +} from '@kbn/security-plugin-types-server'; export interface EnsureAuthorizedDependencies { actions: Actions; diff --git a/x-pack/plugins/security/server/saved_objects/index.ts b/x-pack/plugins/security/server/saved_objects/index.ts index 6068ada7a3729..3fa610485a288 100644 --- a/x-pack/plugins/security/server/saved_objects/index.ts +++ b/x-pack/plugins/security/server/saved_objects/index.ts @@ -7,9 +7,9 @@ import type { CoreSetup } from '@kbn/core/server'; import { SavedObjectsClient } from '@kbn/core/server'; +import type { AuditServiceSetup } from '@kbn/security-plugin-types-server'; import { SavedObjectsSecurityExtension } from './saved_objects_security_extension'; -import type { AuditServiceSetup } from '../audit'; import type { AuthorizationServiceSetupInternal } from '../authorization'; interface SetupSavedObjectsParams { diff --git a/x-pack/plugins/security/server/saved_objects/saved_objects_security_extension.test.ts b/x-pack/plugins/security/server/saved_objects/saved_objects_security_extension.test.ts index ff962c3421ce7..42fd2f8eb0d92 100644 --- a/x-pack/plugins/security/server/saved_objects/saved_objects_security_extension.test.ts +++ b/x-pack/plugins/security/server/saved_objects/saved_objects_security_extension.test.ts @@ -19,6 +19,10 @@ import type { AuthorizeUpdateObject, BulkResolveError, } from '@kbn/core-saved-objects-server'; +import type { + CheckPrivilegesResponse, + CheckSavedObjectsPrivileges, +} from '@kbn/security-plugin-types-server'; import { AuditAction, @@ -26,9 +30,7 @@ import { SecurityAction, } from './saved_objects_security_extension'; import { auditLoggerMock } from '../audit/mocks'; -import type { CheckSavedObjectsPrivileges } from '../authorization'; import { Actions } from '../authorization'; -import type { CheckPrivilegesResponse } from '../authorization/types'; const checkAuthorizationSpy = jest.spyOn( SavedObjectsSecurityExtension.prototype as any, diff --git a/x-pack/plugins/security/server/saved_objects/saved_objects_security_extension.ts b/x-pack/plugins/security/server/saved_objects/saved_objects_security_extension.ts index 81b909da2c984..1eb934d2f2bdc 100644 --- a/x-pack/plugins/security/server/saved_objects/saved_objects_security_extension.ts +++ b/x-pack/plugins/security/server/saved_objects/saved_objects_security_extension.ts @@ -42,13 +42,16 @@ import type { import type { AuthorizeObject } from '@kbn/core-saved-objects-server/src/extensions/security'; import { ALL_NAMESPACES_STRING, SavedObjectsUtils } from '@kbn/core-saved-objects-utils-server'; import type { EcsEvent } from '@kbn/ecs'; +import type { + Actions, + AuditLogger, + CheckPrivilegesResponse, + CheckSavedObjectsPrivileges, +} from '@kbn/security-plugin-types-server'; import { isAuthorizedInAllSpaces } from './authorization_utils'; import { ALL_SPACES_ID, UNKNOWN_SPACE } from '../../common/constants'; -import type { AuditLogger } from '../audit'; import { savedObjectEvent } from '../audit'; -import type { Actions, CheckSavedObjectsPrivileges } from '../authorization'; -import type { CheckPrivilegesResponse } from '../authorization/types'; interface Params { actions: Actions; diff --git a/x-pack/plugins/security/server/session_management/session.test.ts b/x-pack/plugins/security/server/session_management/session.test.ts index 691b6db78b518..b6f9197606e11 100644 --- a/x-pack/plugins/security/server/session_management/session.test.ts +++ b/x-pack/plugins/security/server/session_management/session.test.ts @@ -9,6 +9,7 @@ import nodeCrypto from '@elastic/node-crypto'; import crypto from 'crypto'; import { httpServerMock, loggingSystemMock } from '@kbn/core/server/mocks'; +import type { AuditLogger } from '@kbn/security-plugin-types-server'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { sessionCookieMock, sessionIndexMock, sessionMock } from './index.mock'; @@ -21,7 +22,6 @@ import { SessionUnexpectedError, } from './session_errors'; import type { SessionIndex } from './session_index'; -import type { AuditLogger } from '..'; import { mockAuthenticatedUser } from '../../common/model/authenticated_user.mock'; import { userSessionConcurrentLimitLogoutEvent } from '../audit'; import { auditLoggerMock, auditServiceMock } from '../audit/mocks'; diff --git a/x-pack/plugins/security/server/session_management/session.ts b/x-pack/plugins/security/server/session_management/session.ts index 38b3cc7d2443c..afc917bde78be 100644 --- a/x-pack/plugins/security/server/session_management/session.ts +++ b/x-pack/plugins/security/server/session_management/session.ts @@ -11,6 +11,7 @@ import { createHash, randomBytes } from 'crypto'; import { promisify } from 'util'; import type { KibanaRequest, Logger } from '@kbn/core/server'; +import type { AuditServiceSetup } from '@kbn/security-plugin-types-server'; import type { PublicMethodsOf } from '@kbn/utility-types'; import type { SessionCookie } from './session_cookie'; @@ -21,7 +22,6 @@ import { SessionUnexpectedError, } from './session_errors'; import type { SessionIndex, SessionIndexValue } from './session_index'; -import type { AuditServiceSetup } from '..'; import type { AuthenticationProvider } from '../../common'; import { userSessionConcurrentLimitLogoutEvent } from '../audit'; import type { ConfigType } from '../config'; diff --git a/x-pack/plugins/security/server/session_management/session_index.test.ts b/x-pack/plugins/security/server/session_management/session_index.test.ts index 2a837a7be7807..e1890273469ed 100644 --- a/x-pack/plugins/security/server/session_management/session_index.test.ts +++ b/x-pack/plugins/security/server/session_management/session_index.test.ts @@ -16,6 +16,7 @@ import type { } from '@elastic/elasticsearch/lib/api/types'; import { elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks'; +import type { AuditLogger } from '@kbn/security-plugin-types-server'; import { getSessionIndexSettings, @@ -23,7 +24,6 @@ import { SessionIndex, } from './session_index'; import { sessionIndexMock } from './session_index.mock'; -import type { AuditLogger } from '../audit'; import { auditLoggerMock } from '../audit/mocks'; import { AnonymousAuthenticationProvider } from '../authentication'; import { ConfigSchema, createConfig } from '../config'; diff --git a/x-pack/plugins/security/server/session_management/session_index.ts b/x-pack/plugins/security/server/session_management/session_index.ts index 54f448d151389..700904d4676d7 100644 --- a/x-pack/plugins/security/server/session_management/session_index.ts +++ b/x-pack/plugins/security/server/session_management/session_index.ts @@ -20,9 +20,9 @@ import type { import semver from 'semver'; import type { ElasticsearchClient, Logger } from '@kbn/core/server'; +import type { AuditLogger } from '@kbn/security-plugin-types-server'; -import type { AuthenticationProvider } from '../../common/model'; -import type { AuditLogger } from '../audit'; +import type { AuthenticationProvider } from '../../common'; import { sessionCleanupConcurrentLimitEvent, sessionCleanupEvent } from '../audit'; import { AnonymousAuthenticationProvider } from '../authentication'; import type { ConfigType } from '../config'; diff --git a/x-pack/plugins/security/server/session_management/session_management_service.test.ts b/x-pack/plugins/security/server/session_management/session_management_service.test.ts index 46bb0499f8e4d..e59ba59600b29 100644 --- a/x-pack/plugins/security/server/session_management/session_management_service.test.ts +++ b/x-pack/plugins/security/server/session_management/session_management_service.test.ts @@ -8,6 +8,7 @@ import { Subject } from 'rxjs'; import { coreMock, elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks'; +import type { AuditServiceSetup } from '@kbn/security-plugin-types-server'; import type { TaskManagerStartContract, TaskRunCreatorFunction, @@ -21,7 +22,6 @@ import { SESSION_INDEX_CLEANUP_TASK_NAME, SessionManagementService, } from './session_management_service'; -import type { AuditServiceSetup } from '../audit'; import { auditServiceMock } from '../audit/mocks'; import { ConfigSchema, createConfig } from '../config'; import type { OnlineStatusRetryScheduler } from '../elasticsearch'; diff --git a/x-pack/plugins/security/server/session_management/session_management_service.ts b/x-pack/plugins/security/server/session_management/session_management_service.ts index 4c3298f69bca2..448f5f060500f 100644 --- a/x-pack/plugins/security/server/session_management/session_management_service.ts +++ b/x-pack/plugins/security/server/session_management/session_management_service.ts @@ -10,6 +10,7 @@ import { switchMap } from 'rxjs'; import type { ElasticsearchClient, HttpServiceSetup, Logger } from '@kbn/core/server'; import { SavedObjectsErrorHelpers } from '@kbn/core/server'; +import type { AuditServiceSetup } from '@kbn/security-plugin-types-server'; import type { TaskManagerSetupContract, TaskManagerStartContract, @@ -18,7 +19,6 @@ import type { import { Session } from './session'; import { SessionCookie } from './session_cookie'; import { SessionIndex } from './session_index'; -import type { AuditServiceSetup } from '../audit'; import type { ConfigType } from '../config'; import type { OnlineStatusRetryScheduler } from '../elasticsearch'; diff --git a/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts b/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts index f990bf8095a1b..22b3492d26d72 100644 --- a/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts +++ b/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.test.ts @@ -10,20 +10,21 @@ import { SavedObjectsErrorHelpers } from '@kbn/core/server'; import { httpServerMock } from '@kbn/core/server/mocks'; import { savedObjectsExtensionsMock } from '@kbn/core-saved-objects-api-server-mocks'; import type { ISavedObjectsSecurityExtension } from '@kbn/core-saved-objects-server'; +import type { + AuditEvent, + AuditLogger, + AuthorizationServiceSetup, + CheckPrivilegesResponse, +} from '@kbn/security-plugin-types-server'; import type { GetAllSpacesPurpose, Space } from '@kbn/spaces-plugin/server'; import { spacesClientMock } from '@kbn/spaces-plugin/server/mocks'; import { deepFreeze } from '@kbn/std'; import { SecureSpacesClientWrapper } from './secure_spaces_client_wrapper'; -import type { AuditEvent, AuditLogger } from '../audit'; import { SpaceAuditAction } from '../audit'; import { auditLoggerMock } from '../audit/mocks'; -import type { - AuthorizationServiceSetup, - AuthorizationServiceSetupInternal, -} from '../authorization'; +import type { AuthorizationServiceSetupInternal } from '../authorization'; import { authorizationMock } from '../authorization/index.mock'; -import type { CheckPrivilegesResponse } from '../authorization/types'; interface Opts { securityEnabled?: boolean; diff --git a/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.ts b/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.ts index 1e9e25b6b800d..a4f57e067c098 100644 --- a/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.ts +++ b/x-pack/plugins/security/server/spaces/secure_spaces_client_wrapper.ts @@ -10,6 +10,7 @@ import Boom from '@hapi/boom'; import type { KibanaRequest, SavedObjectsClient } from '@kbn/core/server'; import type { LegacyUrlAliasTarget } from '@kbn/core-saved-objects-common'; import type { ISavedObjectsSecurityExtension } from '@kbn/core-saved-objects-server'; +import type { AuditLogger, AuthorizationServiceSetup } from '@kbn/security-plugin-types-server'; import type { GetAllSpacesOptions, GetAllSpacesPurpose, @@ -18,9 +19,7 @@ import type { Space, } from '@kbn/spaces-plugin/server'; -import type { AuditLogger } from '../audit'; import { SpaceAuditAction, spaceAuditEvent } from '../audit'; -import type { AuthorizationServiceSetup } from '../authorization'; import type { SecurityPluginSetup } from '../plugin'; const PURPOSE_PRIVILEGE_MAP: Record< diff --git a/x-pack/plugins/security/server/spaces/setup_spaces_client.ts b/x-pack/plugins/security/server/spaces/setup_spaces_client.ts index 43351c575d395..6ca68a395fbc7 100644 --- a/x-pack/plugins/security/server/spaces/setup_spaces_client.ts +++ b/x-pack/plugins/security/server/spaces/setup_spaces_client.ts @@ -6,11 +6,13 @@ */ import { SavedObjectsClient } from '@kbn/core/server'; +import type { + AuditServiceSetup, + AuthorizationServiceSetup, +} from '@kbn/security-plugin-types-server'; import type { SpacesPluginSetup } from '@kbn/spaces-plugin/server'; import { SecureSpacesClientWrapper } from './secure_spaces_client_wrapper'; -import type { AuditServiceSetup } from '../audit'; -import type { AuthorizationServiceSetup } from '../authorization'; import { SavedObjectsSecurityExtension } from '../saved_objects'; interface Deps { diff --git a/x-pack/plugins/security/server/usage_collector/security_usage_collector.test.ts b/x-pack/plugins/security/server/usage_collector/security_usage_collector.test.ts index d120aae57a518..19378bfd8488b 100644 --- a/x-pack/plugins/security/server/usage_collector/security_usage_collector.test.ts +++ b/x-pack/plugins/security/server/usage_collector/security_usage_collector.test.ts @@ -13,7 +13,7 @@ import { } from '@kbn/usage-collection-plugin/server/mocks'; import { registerSecurityUsageCollector } from './security_usage_collector'; -import type { SecurityLicenseFeatures } from '../../common/licensing'; +import type { SecurityLicenseFeatures } from '../../common'; import { licenseMock } from '../../common/licensing/index.mock'; import { ConfigSchema, createConfig } from '../config'; diff --git a/x-pack/plugins/security/server/usage_collector/security_usage_collector.ts b/x-pack/plugins/security/server/usage_collector/security_usage_collector.ts index 5859943391442..fc761fb13a50e 100644 --- a/x-pack/plugins/security/server/usage_collector/security_usage_collector.ts +++ b/x-pack/plugins/security/server/usage_collector/security_usage_collector.ts @@ -7,7 +7,7 @@ import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server'; -import type { SecurityLicense } from '../../common/licensing'; +import type { SecurityLicense } from '../../common'; import type { ConfigType } from '../config'; interface Usage { diff --git a/x-pack/plugins/security/server/user_profile/index.ts b/x-pack/plugins/security/server/user_profile/index.ts index 9c6fd67458e6b..a324c685bf7fb 100644 --- a/x-pack/plugins/security/server/user_profile/index.ts +++ b/x-pack/plugins/security/server/user_profile/index.ts @@ -8,12 +8,7 @@ export { UserProfileService } from './user_profile_service'; export type { - UserProfileServiceStart, UserProfileServiceStartInternal, UserProfileServiceStartParams, - UserProfileSuggestParams, - UserProfileBulkGetParams, - UserProfileRequiredPrivileges, - UserProfileGetCurrentParams, } from './user_profile_service'; export type { UserProfileGrant } from './user_profile_grant'; diff --git a/x-pack/plugins/security/server/user_profile/user_profile_service.ts b/x-pack/plugins/security/server/user_profile/user_profile_service.ts index 8ef87b60f9e15..b6e0912b804dc 100644 --- a/x-pack/plugins/security/server/user_profile/user_profile_service.ts +++ b/x-pack/plugins/security/server/user_profile/user_profile_service.ts @@ -8,7 +8,15 @@ import type { SecurityActivateUserProfileRequest } from '@elastic/elasticsearch/lib/api/types'; import type { SecurityUserProfile } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { IClusterClient, KibanaRequest, Logger } from '@kbn/core/server'; +import type { IClusterClient, Logger } from '@kbn/core/server'; +import type { + CheckUserProfilesPrivilegesResponse, + UserProfileBulkGetParams, + UserProfileGetCurrentParams, + UserProfileRequiredPrivileges, + UserProfileServiceStart, + UserProfileSuggestParams, +} from '@kbn/security-plugin-types-server'; import type { PublicMethodsOf } from '@kbn/utility-types'; import type { UserProfileGrant } from './user_profile_grant'; @@ -16,11 +24,9 @@ import type { SecurityLicense, UserProfile, UserProfileData, - UserProfileLabels, UserProfileWithSecurity, } from '../../common'; import type { AuthorizationServiceSetupInternal } from '../authorization'; -import type { CheckUserProfilesPrivilegesResponse } from '../authorization/types'; import { getDetailedErrorMessage, getErrorStatusCode } from '../errors'; import { getPrintableSessionId, type Session } from '../session_management'; @@ -31,46 +37,6 @@ const MAX_SUGGESTIONS_COUNT = 100; const DEFAULT_SUGGESTIONS_COUNT = 10; const MIN_SUGGESTIONS_FOR_PRIVILEGES_CHECK = 10; -/** - * A set of methods to work with Kibana user profiles. - */ -export interface UserProfileServiceStart { - /** - * Retrieves a user profile for the current user extracted from the specified request. If the profile isn't available, - * e.g. for the anonymous users or users authenticated via authenticating proxies, the `null` value is returned. - * @param params Get current user profile operation parameters. - * @param params.request User request instance to get user profile for. - * @param params.dataPath By default Elasticsearch returns user information, but does not return any user data. The - * optional "dataPath" parameter can be used to return personal data for the requested user profiles. - */ - getCurrent( - params: UserProfileGetCurrentParams - ): Promise | null>; - - /** - * Retrieves multiple user profiles by their identifiers. - * @param params Bulk get operation parameters. - * @param params.uids List of user profile identifiers. - * @param params.dataPath By default Elasticsearch returns user information, but does not return any user data. The - * optional "dataPath" parameter can be used to return personal data for the requested user profiles. - */ - bulkGet( - params: UserProfileBulkGetParams - ): Promise>>; - - /** - * Suggests multiple user profiles by search criteria. - * @param params Suggest operation parameters. - * @param params.name Query string used to match name-related fields in user profiles. The following fields are treated as name-related: username, full_name and email. - * @param params.size Desired number of suggestion to return. The default value is 10. - * @param params.dataPath By default, suggest API returns user information, but does not return any user data. The optional "dataPath" parameter can be used to return personal data for this user (within `kibana` namespace only). - * @param params.requiredPrivileges The set of the privileges that users associated with the suggested user profile should have in the specified space. If not specified, privileges check isn't performed and all matched profiles are returned irrespective to the privileges of the associated users. - */ - suggest( - params: UserProfileSuggestParams - ): Promise>>; -} - export interface UserProfileServiceStartInternal extends UserProfileServiceStart { /** * Activates user profile using provided user profile grant. @@ -96,94 +62,6 @@ export interface UserProfileServiceStartParams { session: PublicMethodsOf; } -/** - * The set of privileges that users associated with the suggested user profile should have for a specified space id. - */ -export interface UserProfileRequiredPrivileges { - /** - * The id of the Kibana Space. - */ - spaceId: string; - - /** - * The set of the Kibana specific application privileges. - */ - privileges: { kibana: string[] }; -} - -/** - * Parameters for the get user profile for the current user API. - */ -export interface UserProfileGetCurrentParams { - /** - * User request instance to get user profile for. - */ - request: KibanaRequest; - - /** - * By default, get API returns user information, but does not return any user data. The optional "dataPath" - * parameter can be used to return personal data for this user (within `kibana` namespace only). - */ - dataPath?: string; -} - -/** - * Parameters for the bulk get API. - */ -export interface UserProfileBulkGetParams { - /** - * List of user profile identifiers. - */ - uids: Set; - - /** - * By default, suggest API returns user information, but does not return any user data. The optional "dataPath" - * parameter can be used to return personal data for this user (within `kibana` namespace only). - */ - dataPath?: string; -} - -/** - * Parameters for the suggest API. - */ -export interface UserProfileSuggestParams { - /** - * Query string used to match name-related fields in user profiles. The following fields are treated as - * name-related: username, full_name and email. - */ - name?: string; - - /** - * Extra search criteria to improve relevance of the suggestion result. A profile matching the - * specified hint is ranked higher in the response. But not-matching the hint does not exclude a - * profile from the response as long as it matches the `name` field query. - */ - hint?: { - /** - * A list of Profile UIDs to match against. - */ - uids: string[]; - }; - - /** - * Desired number of suggestion to return. The default value is 10. - */ - size?: number; - - /** - * By default, suggest API returns user information, but does not return any user data. The optional "dataPath" - * parameter can be used to return personal data for this user (within `kibana` namespace only). - */ - dataPath?: string; - - /** - * The set of the privileges that users associated with the suggested user profile should have in the specified space. - * If not specified, privileges check isn't performed and all matched profiles are returned irrespective to the - * privileges of the associated users. - */ - requiredPrivileges?: UserProfileRequiredPrivileges; -} - function parseUserProfile( rawUserProfile: SecurityUserProfile ): UserProfile { diff --git a/x-pack/plugins/security/server/user_profile/user_setting_service.ts b/x-pack/plugins/security/server/user_profile/user_setting_service.ts index 7c5ca3c1c7ef8..f423d75e1a041 100644 --- a/x-pack/plugins/security/server/user_profile/user_setting_service.ts +++ b/x-pack/plugins/security/server/user_profile/user_setting_service.ts @@ -7,8 +7,10 @@ import type { KibanaRequest } from '@kbn/core-http-server'; import type { Logger } from '@kbn/logging'; - -import type { UserProfileGetCurrentParams, UserProfileServiceStart } from './user_profile_service'; +import type { + UserProfileGetCurrentParams, + UserProfileServiceStart, +} from '@kbn/security-plugin-types-server'; export interface UserSettingServiceStart { /** diff --git a/x-pack/plugins/security/server/user_profile/user_settings_service.test.ts b/x-pack/plugins/security/server/user_profile/user_settings_service.test.ts index 07e30826d8f0c..d27887d5716f9 100644 --- a/x-pack/plugins/security/server/user_profile/user_settings_service.test.ts +++ b/x-pack/plugins/security/server/user_profile/user_settings_service.test.ts @@ -12,8 +12,8 @@ import { httpServerMock, loggingSystemMock, } from '@kbn/core/server/mocks'; +import type { UserProfileServiceStart } from '@kbn/security-plugin-types-server'; -import type { UserProfileServiceStart } from './user_profile_service'; import { UserProfileService } from './user_profile_service'; import { UserSettingService } from './user_setting_service'; import type { UserProfileWithSecurity } from '../../common'; diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index 2a055a61bbad5..3a0f7062ec205 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -63,6 +63,9 @@ "@kbn/core-user-settings-server", "@kbn/remote-clusters-plugin", "@kbn/analytics-client", + "@kbn/security-plugin-types-common", + "@kbn/security-plugin-types-public", + "@kbn/security-plugin-types-server" ], "exclude": [ "target/**/*", diff --git a/x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts b/x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts index 043d1a0ab36f0..c1e48a8a9ba98 100644 --- a/x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts +++ b/x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts @@ -12,7 +12,7 @@ import { i18n } from '@kbn/i18n'; import { camelCase, isArray, isObject } from 'lodash'; import { set } from '@kbn/safer-lodash-set'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import type { Capabilities } from '@kbn/core/public'; import type { CasesPermissions } from '@kbn/cases-plugin/common'; import { diff --git a/x-pack/plugins/security_solution/server/lib/framework/types.ts b/x-pack/plugins/security_solution/server/lib/framework/types.ts index 8909bb6160134..ef6df370c03c9 100644 --- a/x-pack/plugins/security_solution/server/lib/framework/types.ts +++ b/x-pack/plugins/security_solution/server/lib/framework/types.ts @@ -6,7 +6,7 @@ */ import type { KibanaRequest, RequestHandlerContext } from '@kbn/core/server'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; export const internalFrameworkRequest = Symbol('internalFrameworkRequest'); diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.test.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.test.ts index 527c46598e922..1fbc51871447f 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.test.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.test.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import type { Note } from '../../../../../common/api/timeline'; import { pickSavedNote } from './saved_object'; diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts index 7169938e335dd..8527b0970f4fd 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts @@ -14,7 +14,7 @@ import { map, fold } from 'fp-ts/lib/Either'; import { identity } from 'fp-ts/lib/function'; import type { SavedObjectsFindOptions } from '@kbn/core/server'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { getUserDisplayName } from '@kbn/user-profile-components'; import { UNAUTHENTICATED_USER } from '../../../../../common/constants'; import type { diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/pinned_events/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/pinned_events/index.ts index 6dad7e61f0b2e..96f2aa3d1c26b 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/pinned_events/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/pinned_events/index.ts @@ -12,7 +12,7 @@ import { map, fold } from 'fp-ts/lib/Either'; import { identity } from 'fp-ts/lib/function'; import type { SavedObjectsFindOptions } from '@kbn/core/server'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { UNAUTHENTICATED_USER } from '../../../../../common/constants'; import type { BarePinnedEvent, diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/pick_saved_timeline.test.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/pick_saved_timeline.test.ts index 98bc33fee3759..db32de9dc65ce 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/pick_saved_timeline.test.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/pick_saved_timeline.test.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import type { SavedTimeline, Note } from '../../../../../common/api/timeline'; import { TimelineStatus, TimelineType } from '../../../../../common/api/timeline'; diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/pick_saved_timeline.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/pick_saved_timeline.ts index bc0c9075887bd..90467a4568244 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/pick_saved_timeline.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/pick_saved_timeline.ts @@ -6,7 +6,7 @@ */ import { isEmpty } from 'lodash/fp'; -import type { AuthenticatedUser } from '@kbn/security-plugin/common/model'; +import type { AuthenticatedUser } from '@kbn/security-plugin/common'; import { getUserDisplayName } from '@kbn/user-profile-components'; import { UNAUTHENTICATED_USER } from '../../../../../common/constants'; import type { SavedTimelineWithSavedObjectId } from '../../../../../common/api/timeline'; diff --git a/x-pack/test/functional/page_objects/security_page.ts b/x-pack/test/functional/page_objects/security_page.ts index bb127df565ccd..b80219544ef58 100644 --- a/x-pack/test/functional/page_objects/security_page.ts +++ b/x-pack/test/functional/page_objects/security_page.ts @@ -6,7 +6,7 @@ */ import { adminTestUser } from '@kbn/test'; -import { AuthenticatedUser, Role } from '@kbn/security-plugin/common/model'; +import { AuthenticatedUser, Role } from '@kbn/security-plugin/common'; import type { UserFormValues } from '@kbn/security-plugin/public/management/users/edit_user/user_form'; import { Key } from 'selenium-webdriver'; import { FtrService } from '../ftr_provider_context'; diff --git a/x-pack/test/functional/services/observability/users.ts b/x-pack/test/functional/services/observability/users.ts index ba67ce8602f50..0e2915190d126 100644 --- a/x-pack/test/functional/services/observability/users.ts +++ b/x-pack/test/functional/services/observability/users.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { Role } from '@kbn/security-plugin/common/model'; +import { Role } from '@kbn/security-plugin/common'; import { FtrProviderContext } from '../../ftr_provider_context'; type CreateRolePayload = Pick; diff --git a/x-pack/test/security_api_integration/tests/login_selector/basic_functionality.ts b/x-pack/test/security_api_integration/tests/login_selector/basic_functionality.ts index 567b5e5317f7a..1f2dc1ab43775 100644 --- a/x-pack/test/security_api_integration/tests/login_selector/basic_functionality.ts +++ b/x-pack/test/security_api_integration/tests/login_selector/basic_functionality.ts @@ -10,7 +10,7 @@ import { readFileSync } from 'fs'; import url from 'url'; import { CA_CERT_PATH } from '@kbn/dev-utils'; import expect from '@kbn/expect'; -import type { AuthenticationProvider } from '@kbn/security-plugin/common/model'; +import type { AuthenticationProvider } from '@kbn/security-plugin/common'; import { getStateAndNonce } from '@kbn/security-api-integration-helpers/oidc/oidc_tools'; import { getMutualAuthenticationResponseToken, diff --git a/x-pack/test/security_api_integration/tests/session_concurrent_limit/global_limit.ts b/x-pack/test/security_api_integration/tests/session_concurrent_limit/global_limit.ts index 56e1f91a1ef19..b0d65147b054a 100644 --- a/x-pack/test/security_api_integration/tests/session_concurrent_limit/global_limit.ts +++ b/x-pack/test/security_api_integration/tests/session_concurrent_limit/global_limit.ts @@ -8,7 +8,7 @@ import { parse as parseCookie, Cookie } from 'tough-cookie'; import expect from '@kbn/expect'; import { adminTestUser } from '@kbn/test'; -import type { AuthenticationProvider } from '@kbn/security-plugin/common/model'; +import type { AuthenticationProvider } from '@kbn/security-plugin/common'; import { getSAMLRequestId, getSAMLResponse, diff --git a/x-pack/test/security_api_integration/tests/session_invalidate/invalidate.ts b/x-pack/test/security_api_integration/tests/session_invalidate/invalidate.ts index 0f79624c830e3..b97808d535f79 100644 --- a/x-pack/test/security_api_integration/tests/session_invalidate/invalidate.ts +++ b/x-pack/test/security_api_integration/tests/session_invalidate/invalidate.ts @@ -8,7 +8,7 @@ import { parse as parseCookie, Cookie } from 'tough-cookie'; import expect from '@kbn/expect'; import { adminTestUser } from '@kbn/test'; -import type { AuthenticationProvider } from '@kbn/security-plugin/common/model'; +import type { AuthenticationProvider } from '@kbn/security-plugin/common'; import { getSAMLRequestId, getSAMLResponse, diff --git a/x-pack/test/security_api_integration/tests/session_lifespan/cleanup.ts b/x-pack/test/security_api_integration/tests/session_lifespan/cleanup.ts index 09e5e7998750d..8186cdbded722 100644 --- a/x-pack/test/security_api_integration/tests/session_lifespan/cleanup.ts +++ b/x-pack/test/security_api_integration/tests/session_lifespan/cleanup.ts @@ -9,7 +9,7 @@ import { parse as parseCookie, Cookie } from 'tough-cookie'; import { setTimeout as setTimeoutAsync } from 'timers/promises'; import expect from '@kbn/expect'; import { adminTestUser } from '@kbn/test'; -import type { AuthenticationProvider } from '@kbn/security-plugin/common/model'; +import type { AuthenticationProvider } from '@kbn/security-plugin/common'; import { getSAMLRequestId, getSAMLResponse, diff --git a/yarn.lock b/yarn.lock index 6eba5c6fe3da0..5d196b8b344a7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5493,6 +5493,18 @@ version "0.0.0" uid "" +"@kbn/security-plugin-types-common@link:x-pack/packages/security/plugin_types_common": + version "0.0.0" + uid "" + +"@kbn/security-plugin-types-public@link:x-pack/packages/security/plugin_types_public": + version "0.0.0" + uid "" + +"@kbn/security-plugin-types-server@link:x-pack/packages/security/plugin_types_server": + version "0.0.0" + uid "" + "@kbn/security-plugin@link:x-pack/plugins/security": version "0.0.0" uid ""