[7.x] Migrate authorization subsystem to the new platform. (#46145) (#50289)

Author: azasypkin

src/core/server/http/http_server.mocks.ts

@@ -39,6 +39,7 @@ interface RequestFixtureOptions {
   path?: string;
   method?: RouteMethod;
   socket?: Socket;
+  routeTags?: string[];
 }
 
 function createKibanaRequestMock({
@@ -49,6 +50,7 @@ function createKibanaRequestMock({
   query = {},
   method = 'get',
   socket = new Socket(),
+  routeTags,
 }: RequestFixtureOptions = {}) {
   const queryString = querystring.stringify(query);
   return KibanaRequest.from(
@@ -61,10 +63,11 @@ function createKibanaRequestMock({
       method,
       url: {
         path,
+        pathname: path,
         query: queryString,
         search: queryString ? `?${queryString}` : queryString,
       },
-      route: { settings: {} },
+      route: { settings: { tags: routeTags } },
       raw: {
         req: { socket },
       },

src/core/server/saved_objects/service/index.ts

@@ -34,6 +34,7 @@ export interface SavedObjectsLegacyService<Request = any> {
   addScopedSavedObjectsClientWrapperFactory: SavedObjectsClientProvider<
     Request
   >['addClientWrapperFactory'];
+  setScopedSavedObjectsClientFactory: SavedObjectsClientProvider<Request>['setClientFactory'];
   getScopedSavedObjectsClient: SavedObjectsClientProvider<Request>['getClient'];
   SavedObjectsClient: typeof SavedObjectsClient;
   types: string[];

src/core/server/saved_objects/service/lib/scoped_client_provider.ts

@@ -100,7 +100,7 @@ export class SavedObjectsClientProvider<Request = unknown> {
     this._wrapperFactories.add(priority, { id, factory });
   }
 
-  setClientFactory(customClientFactory: SavedObjectsClientFactory) {
+  setClientFactory(customClientFactory: SavedObjectsClientFactory<Request>) {
     if (this._clientFactory !== this._originalClientFactory) {
       throw new Error(`custom client factory is already set, unable to replace the current one`);
     }

src/core/server/server.api.md

@@ -1492,6 +1492,8 @@ export interface SavedObjectsLegacyService<Request = any> {
     // (undocumented)
     schema: SavedObjectsSchema;
     // (undocumented)
+    setScopedSavedObjectsClientFactory: SavedObjectsClientProvider<Request>['setClientFactory'];
+    // (undocumented)
     types: string[];
 }
 

x-pack/legacy/plugins/actions/server/shim.ts

@@ -42,7 +42,7 @@ export interface KibanaConfig {
  */
 export type TaskManagerStartContract = Pick<TaskManager, 'schedule' | 'fetch' | 'remove'>;
 export type XPackMainPluginSetupContract = Pick<XPackMainPlugin, 'registerFeature'>;
-export type SecurityPluginSetupContract = Pick<SecurityPlugin, 'config' | 'registerLegacyAPI'>;
+export type SecurityPluginSetupContract = Pick<SecurityPlugin, '__legacyCompat'>;
 export type SecurityPluginStartContract = Pick<SecurityPlugin, 'authc'>;
 export type TaskManagerSetupContract = Pick<
   TaskManager,

x-pack/legacy/plugins/alerting/server/shim.ts

@@ -41,7 +41,7 @@ export interface Server extends Legacy.Server {
  * Shim what we're thinking setup and start contracts will look like
  */
 export type TaskManagerStartContract = Pick<TaskManager, 'schedule' | 'fetch' | 'remove'>;
-export type SecurityPluginSetupContract = Pick<SecurityPlugin, 'config' | 'registerLegacyAPI'>;
+export type SecurityPluginSetupContract = Pick<SecurityPlugin, '__legacyCompat'>;
 export type SecurityPluginStartContract = Pick<SecurityPlugin, 'authc'>;
 export type XPackMainPluginSetupContract = Pick<XPackMainPlugin, 'registerFeature'>;
 export type TaskManagerSetupContract = Pick<

x-pack/legacy/plugins/reporting/export_types/common/execute_job/get_custom_logo.ts

@@ -25,6 +25,16 @@ export const getCustomLogo = async ({
     // We use the basePath from the saved job, which we'll have post spaces being implemented;
     // or we use the server base path, which uses the default space
     getBasePath: () => job.basePath || serverBasePath,
+    path: '/',
+    route: { settings: {} },
+    url: {
+      href: '/',
+    },
+    raw: {
+      req: {
+        url: '/',
+      },
+    },
   };
 
   const savedObjects = server.savedObjects;

x-pack/legacy/plugins/reporting/export_types/csv/server/execute_job.js

@@ -53,6 +53,16 @@ function executeJobFn(server) {
       // We use the basePath from the saved job, which we'll have post spaces being implemented;
       // or we use the server base path, which uses the default space
       getBasePath: () => basePath || serverBasePath,
+      path: '/',
+      route: { settings: {} },
+      url: {
+        href: '/',
+      },
+      raw: {
+        req: {
+          url: '/',
+        },
+      },
     };
 
     const callEndpoint = (endpoint, clientParams = {}, options = {}) => {

x-pack/legacy/plugins/reporting/server/lib/get_user.js

@@ -5,23 +5,19 @@
  */
 
 import { oncePerServer } from './once_per_server';
-import { getClient as getShieldClient } from '../../../../server/lib/get_client_shield';
 
 function getUserFn(server) {
-  const callShieldWithRequest = getShieldClient(server).callWithRequest;
-
-  return async function getUser(request) {
-    const xpackInfo = server.plugins.xpack_main.info;
-    if (xpackInfo && xpackInfo.isAvailable() && xpackInfo.feature('security').isEnabled()) {
-      try {
-        return await callShieldWithRequest(request, 'shield.authenticate');
-      } catch (err) {
-        server.log(['reporting', 'getUser', 'debug'], err);
-        return null;
-      }
+  return async request => {
+    if (!server.plugins.security) {
+      return null;
     }
 
-    return null;
+    try {
+      return await server.plugins.security.getUser(request);
+    } catch (err) {
+      server.log(['reporting', 'getUser', 'debug'], err);
+      return null;
+    }
   };
 }
 

x-pack/legacy/plugins/reporting/server/routes/lib/__tests__/authorized_user_pre_routing.test.js

@@ -15,7 +15,7 @@ describe('authorized_user_pre_routing', function () {
   // so createMockServer reuses the same 'instance' of the server and overwrites
   // the properties to contain different values
   const createMockServer = (function () {
-    const callWithRequestStub = sinon.stub();
+    const getUserStub = sinon.stub();
     let mockConfig;
 
     const mockServer = {
@@ -30,13 +30,7 @@ describe('authorized_user_pre_routing', function () {
       log: function () {},
       plugins: {
         xpack_main: {},
-        elasticsearch: {
-          createCluster: function () {
-            return {
-              callWithRequest: callWithRequestStub
-            };
-          }
-        }
+        security: { getUser: getUserStub },
       }
     };
 
@@ -57,8 +51,8 @@ describe('authorized_user_pre_routing', function () {
         }
       };
 
-      callWithRequestStub.resetHistory();
-      callWithRequestStub.returns(Promise.resolve(user));
+      getUserStub.resetHistory();
+      getUserStub.resolves(user);
       return mockServer;
     };
   }());