[Security into Core] expose authc.getCurrentUser from core.security
#177976
Conversation
|
/ci |
pgayvallet
added
Team:Core
|
/ci |
17 similar comments
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
Pinging @elastic/kibana-core (Team:Core) |
|
Pinging @elastic/kibana-security (Team:Security) |
botelastic
bot
added
the
Team:obs-ux-infra_services
|
Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services) |
| export const convertSecurityApi = ( | ||
| privateApi: CoreInternalSecurityContract | ||
| ): InternalSecurityServiceStart => { | ||
| // shapes are the same for now given we only have one API exposed. | ||
| return privateApi; | ||
| }; |
There was a problem hiding this comment.
Double checking if I'm still following our intension: The contracts will diverge because we're not going to expose all of the security API's, correct?
| export type InternalSecurityServiceSetup = SecurityServiceSetup; | ||
| export type InternalSecurityServiceStart = SecurityServiceStart; |
There was a problem hiding this comment.
Double checking: They'll diverge because we only intend to expose authc and authz API's and not the full set that the security plugin currently exposes.
| /** | ||
| * The internal contract exposed by the security provider for Core to | ||
| * consume and re-expose via its security service. | ||
| * | ||
| * @public | ||
| */ | ||
| export interface CoreInternalSecurityContract { | ||
| authc: InternalAuthenticationServiceContract; | ||
| } |
There was a problem hiding this comment.
The types exposed from *-browser and *-server packages are intended to be public. Why then are we including Internal in CoreInternalSecurityContract and not using CoreSecurityContract?
| const services = { | ||
| ...coreStart, | ||
| data, | ||
| maps, |
There was a problem hiding this comment.
Should we anticipate side effects from having security accessible in two ways? The reordering makes sense here because we'll overwrite core.security with security from the plugin. Once we start diverging the API's exposed from these, there might be some confusion as to why the API's (and types etc) are accessible from both. Unless, of course, we're moving the API's from the security plugin to core's security package.
| const core: Partial<CoreStart & ExploratoryViewPublicPluginsStart> = { | ||
| ...defaultCore, | ||
| security: undefined, |
There was a problem hiding this comment.
We're not going to expose all the types anyway. It's best to do that now.
| */ | ||
| export interface SecurityServiceSetup { | ||
| /** | ||
| * Register the security implementation that then will be used and re-exposed by Core. |
There was a problem hiding this comment.
| * Register the security implementation that then will be used and re-exposed by Core. | |
| * Register the security implementation that will be used by core and re-exposed from Core's security service. |
Minor change to specify the intention of moving some pieces to core
| /** | ||
| * Register the security implementation that then will be used and re-exposed by Core. | ||
| * | ||
| * @remark this should **exclusively** be used by the security plugin. |
There was a problem hiding this comment.
I wish we had a simple-ish way of enforcing this....
💡 can we use a hash map perhaps?
There was a problem hiding this comment.
When we discussed about this, (iirc) we came to the conclusion that it was fine to not do any hard-checks, because
- it's already possible to hook up into security by mimicking what the security plugin does today
- the implementation remains in "xpack licensed" code
- ideally we would be avoided doing hard checks on plugin ids (and also it isn't really protecting against 3rd party replacement as they could just the same pluginId as our internal security plugin...
I'll let @elastic/kibana-security confirms that it's still fine
There was a problem hiding this comment.
I'll let @elastic/kibana-security confirms that it's still fine
Yeah, I believe it's fine to keep what we have now. There are so many hurdles and restrictions at various levels to replace the built-in Security plugin with any alternative implementation that it sounds impractical for anyone to even consider.
| #elasticsearch?: CoreElasticsearchRouteHandlerContext; | ||
| #savedObjects?: CoreSavedObjectsRouteHandlerContext; | ||
| #uiSettings?: CoreUiSettingsRouteHandlerContext; | ||
| #deprecations?: CoreDeprecationsRouteHandlerContext; | ||
| #security?: CoreSecurityRouteHandlerContext; |
| { | ||
| "type": "shared-common", | ||
| "id": "@kbn/core-security-common", | ||
| "owner": "@elastic/kibana-core" |
There was a problem hiding this comment.
Kibana security owns @kbn/security-plugin-types-common. Should we add them as co-owners to catch unintended changes to the types?
There was a problem hiding this comment.
Good remark, Any objections @elastic/kibana-security?
There was a problem hiding this comment.
Ah, commented in a different place. Yes, I agree, let's make our team as co-owners for this package.
|
ACK: I'll start reviewing today, sorry for the delay! |
| #elasticsearch?: CoreElasticsearchRouteHandlerContext; | ||
| #savedObjects?: CoreSavedObjectsRouteHandlerContext; | ||
| #uiSettings?: CoreUiSettingsRouteHandlerContext; | ||
| #deprecations?: CoreDeprecationsRouteHandlerContext; | ||
| #security?: CoreSecurityRouteHandlerContext; |
There was a problem hiding this comment.
Off-topic: Oh, native private fields. I remember there was some performance hit (around 2-3 years ago) related to them. Have things improved, and are private fields ready for wider adoption in Kibana now?
| @@ -31,6 +32,7 @@ export interface CoreRequestHandlerContext { | |||
| elasticsearch: ElasticsearchRequestHandlerContext; | |||
| uiSettings: UiSettingsRequestHandlerContext; | |||
| deprecations: DeprecationsRequestHandlerContext; | |||
| security: SecurityRequestHandlerContext; | |||
There was a problem hiding this comment.
question: Thanks for adding security to the request context! Would you be open, in this PR, to update a single route (/me) in the Security plugin to use the Core's request context so that we have a real usage example (literally almost all tests in Security and beyond rely on this route, so it'd be a great indicator that everything works as expected)?
There was a problem hiding this comment.
I was somewhat concerned that the PR didn't add/change any FTR tests, so I think this is a great idea.
| { | ||
| "type": "shared-common", | ||
| "id": "@kbn/core-security-common", | ||
| "owner": "@elastic/kibana-core" |
There was a problem hiding this comment.
Ah, commented in a different place. Yes, I agree, let's make our team as co-owners for this package.
| /** | ||
| * Register the security implementation that then will be used and re-exposed by Core. | ||
| * | ||
| * @remark this should **exclusively** be used by the security plugin. |
There was a problem hiding this comment.
I'll let @elastic/kibana-security confirms that it's still fine
Yeah, I believe it's fine to keep what we have now. There are so many hurdles and restrictions at various levels to replace the built-in Security plugin with any alternative implementation that it sounds impractical for anyone to even consider.
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Page load bundle
Unknown metric groupsAPI count
History
To update your PR or re-run it, just comment with: |
Summary
First part of #174578
securitycore service, both on the browser and server-side.authc.getCurrentUser