diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index ba352582bd651..b0c110f5b25c5 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -747,12 +747,14 @@ packages/kbn-search-types @elastic/kibana-data-discovery x-pack/plugins/searchprofiler @elastic/kibana-management x-pack/test/security_api_integration/packages/helpers @elastic/kibana-security x-pack/packages/security/api_key_management @elastic/kibana-security +x-pack/packages/security/authorization_core @elastic/kibana-security x-pack/packages/security/form_components @elastic/kibana-security packages/kbn-security-hardening @elastic/kibana-security x-pack/plugins/security @elastic/kibana-security x-pack/packages/security/plugin_types_common @elastic/kibana-security x-pack/packages/security/plugin_types_public @elastic/kibana-security x-pack/packages/security/plugin_types_server @elastic/kibana-security +x-pack/packages/security/role_management_model @elastic/kibana-security x-pack/packages/security-solution/distribution_bar @elastic/kibana-cloud-security-posture x-pack/plugins/security_solution_ess @elastic/security-solution x-pack/packages/security-solution/features @elastic/security-threat-hunting-explore diff --git a/package.json b/package.json index 0b93cb96d4e47..3f9f30545325f 100644 --- a/package.json +++ b/package.json @@ -764,12 +764,14 @@ "@kbn/search-types": "link:packages/kbn-search-types", "@kbn/searchprofiler-plugin": "link:x-pack/plugins/searchprofiler", "@kbn/security-api-key-management": "link:x-pack/packages/security/api_key_management", + "@kbn/security-authorization-core": "link:x-pack/packages/security/authorization_core", "@kbn/security-form-components": "link:x-pack/packages/security/form_components", "@kbn/security-hardening": "link:packages/kbn-security-hardening", "@kbn/security-plugin": "link:x-pack/plugins/security", "@kbn/security-plugin-types-common": "link:x-pack/packages/security/plugin_types_common", "@kbn/security-plugin-types-public": "link:x-pack/packages/security/plugin_types_public", "@kbn/security-plugin-types-server": "link:x-pack/packages/security/plugin_types_server", + "@kbn/security-role-management-model": "link:x-pack/packages/security/role_management_model", "@kbn/security-solution-distribution-bar": "link:x-pack/packages/security-solution/distribution_bar", "@kbn/security-solution-ess": "link:x-pack/plugins/security_solution_ess", "@kbn/security-solution-features": "link:x-pack/packages/security-solution/features", diff --git a/tsconfig.base.json b/tsconfig.base.json index fb98e0160cb76..aeb8080d2ed81 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1488,6 +1488,8 @@ "@kbn/security-api-integration-helpers/*": ["x-pack/test/security_api_integration/packages/helpers/*"], "@kbn/security-api-key-management": ["x-pack/packages/security/api_key_management"], "@kbn/security-api-key-management/*": ["x-pack/packages/security/api_key_management/*"], + "@kbn/security-authorization-core": ["x-pack/packages/security/authorization_core"], + "@kbn/security-authorization-core/*": ["x-pack/packages/security/authorization_core/*"], "@kbn/security-form-components": ["x-pack/packages/security/form_components"], "@kbn/security-form-components/*": ["x-pack/packages/security/form_components/*"], "@kbn/security-hardening": ["packages/kbn-security-hardening"], @@ -1500,6 +1502,8 @@ "@kbn/security-plugin-types-public/*": ["x-pack/packages/security/plugin_types_public/*"], "@kbn/security-plugin-types-server": ["x-pack/packages/security/plugin_types_server"], "@kbn/security-plugin-types-server/*": ["x-pack/packages/security/plugin_types_server/*"], + "@kbn/security-role-management-model": ["x-pack/packages/security/role_management_model"], + "@kbn/security-role-management-model/*": ["x-pack/packages/security/role_management_model/*"], "@kbn/security-solution-distribution-bar": ["x-pack/packages/security-solution/distribution_bar"], "@kbn/security-solution-distribution-bar/*": ["x-pack/packages/security-solution/distribution_bar/*"], "@kbn/security-solution-ess": ["x-pack/plugins/security_solution_ess"], diff --git a/x-pack/packages/security/authorization_core/README.md b/x-pack/packages/security/authorization_core/README.md new file mode 100644 index 0000000000000..ce2c2dd277198 --- /dev/null +++ b/x-pack/packages/security/authorization_core/README.md @@ -0,0 +1,3 @@ +# @kbn/security-authorization-core + +Contains core authorization logic diff --git a/x-pack/packages/security/authorization_core/index.ts b/x-pack/packages/security/authorization_core/index.ts new file mode 100644 index 0000000000000..ccb68eb3bbcec --- /dev/null +++ b/x-pack/packages/security/authorization_core/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { Actions } from './src/actions'; +export { privilegesFactory } from './src/privileges'; +export type { + CasesSupportedOperations, + PrivilegesService, + RawKibanaPrivileges, + RawKibanaFeaturePrivileges, +} from './src/privileges'; diff --git a/x-pack/packages/security/authorization_core/jest.config.js b/x-pack/packages/security/authorization_core/jest.config.js new file mode 100644 index 0000000000000..db3272ac46d92 --- /dev/null +++ b/x-pack/packages/security/authorization_core/jest.config.js @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + coverageDirectory: '/x-pack/packages/security/authorization_core', + coverageReporters: ['text', 'html'], + collectCoverageFrom: ['/x-pack/packages/security/authorization_core/**/*.{ts,tsx}'], + preset: '@kbn/test', + rootDir: '../../../..', + roots: ['/x-pack/packages/security/authorization_core'], +}; diff --git a/x-pack/packages/security/authorization_core/kibana.jsonc b/x-pack/packages/security/authorization_core/kibana.jsonc new file mode 100644 index 0000000000000..f2e33db5c8a81 --- /dev/null +++ b/x-pack/packages/security/authorization_core/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-server", + "id": "@kbn/security-authorization-core", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/authorization_core/package.json b/x-pack/packages/security/authorization_core/package.json new file mode 100644 index 0000000000000..4b270288d4763 --- /dev/null +++ b/x-pack/packages/security/authorization_core/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-authorization-core", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/packages/security/authorization_core/src/__fixtures__/licensing.mock.ts b/x-pack/packages/security/authorization_core/src/__fixtures__/licensing.mock.ts new file mode 100644 index 0000000000000..6ee9910b768bd --- /dev/null +++ b/x-pack/packages/security/authorization_core/src/__fixtures__/licensing.mock.ts @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Observable, of } from 'rxjs'; + +import type { LicenseType } from '@kbn/licensing-plugin/common/types'; +import { LICENSE_TYPE } from '@kbn/licensing-plugin/common/types'; +import type { SecurityLicense, SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; + +export const licenseMock = { + create: ( + features: Partial | Observable> = {}, + licenseType: LicenseType = 'basic', // default to basic if this is not specified, + isAvailable: Observable = of(true) + ): jest.Mocked => ({ + isLicenseAvailable: jest.fn().mockImplementation(() => { + let result = true; + + isAvailable.subscribe((next) => { + result = next; + }); + + return result; + }), + getLicenseType: jest.fn().mockReturnValue(licenseType), + getUnavailableReason: jest.fn(), + isEnabled: jest.fn().mockReturnValue(true), + getFeatures: + features instanceof Observable + ? jest.fn().mockImplementation(() => { + let subbedFeatures: Partial = {}; + + features.subscribe((next) => { + subbedFeatures = next; + }); + + return subbedFeatures; + }) + : jest.fn().mockReturnValue(features), + hasAtLeast: jest + .fn() + .mockImplementation( + (licenseTypeToCheck: LicenseType) => + LICENSE_TYPE[licenseTypeToCheck] <= LICENSE_TYPE[licenseType] + ), + features$: + features instanceof Observable + ? (features as Observable) + : of((features ?? {}) as SecurityLicenseFeatures), + }), +}; diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/alerting.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/alerting.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/alerting.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/alerting.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/api.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/api.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/api.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/api.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/app.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/app.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/app.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/app.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/cases.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/cases.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/cases.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/cases.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/ui.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/ui.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/ui.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/ui.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/actions.mock.ts b/x-pack/packages/security/authorization_core/src/actions/actions.mock.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/actions.mock.ts rename to x-pack/packages/security/authorization_core/src/actions/actions.mock.ts diff --git a/x-pack/plugins/security/server/authorization/actions/actions.test.ts b/x-pack/packages/security/authorization_core/src/actions/actions.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/actions.test.ts rename to x-pack/packages/security/authorization_core/src/actions/actions.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/actions.ts b/x-pack/packages/security/authorization_core/src/actions/actions.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/actions.ts rename to x-pack/packages/security/authorization_core/src/actions/actions.ts diff --git a/x-pack/plugins/security/server/authorization/actions/alerting.test.ts b/x-pack/packages/security/authorization_core/src/actions/alerting.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/alerting.test.ts rename to x-pack/packages/security/authorization_core/src/actions/alerting.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/alerting.ts b/x-pack/packages/security/authorization_core/src/actions/alerting.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/alerting.ts rename to x-pack/packages/security/authorization_core/src/actions/alerting.ts diff --git a/x-pack/plugins/security/server/authorization/actions/api.test.ts b/x-pack/packages/security/authorization_core/src/actions/api.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/api.test.ts rename to x-pack/packages/security/authorization_core/src/actions/api.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/api.ts b/x-pack/packages/security/authorization_core/src/actions/api.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/api.ts rename to x-pack/packages/security/authorization_core/src/actions/api.ts diff --git a/x-pack/plugins/security/server/authorization/actions/app.test.ts b/x-pack/packages/security/authorization_core/src/actions/app.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/app.test.ts rename to x-pack/packages/security/authorization_core/src/actions/app.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/app.ts b/x-pack/packages/security/authorization_core/src/actions/app.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/app.ts rename to x-pack/packages/security/authorization_core/src/actions/app.ts diff --git a/x-pack/plugins/security/server/authorization/actions/cases.test.ts b/x-pack/packages/security/authorization_core/src/actions/cases.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/cases.test.ts rename to x-pack/packages/security/authorization_core/src/actions/cases.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/cases.ts b/x-pack/packages/security/authorization_core/src/actions/cases.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/cases.ts rename to x-pack/packages/security/authorization_core/src/actions/cases.ts diff --git a/x-pack/plugins/security/server/authorization/actions/index.ts b/x-pack/packages/security/authorization_core/src/actions/index.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/index.ts rename to x-pack/packages/security/authorization_core/src/actions/index.ts diff --git a/x-pack/plugins/security/server/authorization/actions/saved_object.test.ts b/x-pack/packages/security/authorization_core/src/actions/saved_object.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/saved_object.test.ts rename to x-pack/packages/security/authorization_core/src/actions/saved_object.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/saved_object.ts b/x-pack/packages/security/authorization_core/src/actions/saved_object.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/saved_object.ts rename to x-pack/packages/security/authorization_core/src/actions/saved_object.ts diff --git a/x-pack/plugins/security/server/authorization/actions/space.test.ts b/x-pack/packages/security/authorization_core/src/actions/space.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/space.test.ts rename to x-pack/packages/security/authorization_core/src/actions/space.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/space.ts b/x-pack/packages/security/authorization_core/src/actions/space.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/space.ts rename to x-pack/packages/security/authorization_core/src/actions/space.ts diff --git a/x-pack/plugins/security/server/authorization/actions/ui.test.ts b/x-pack/packages/security/authorization_core/src/actions/ui.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/ui.test.ts rename to x-pack/packages/security/authorization_core/src/actions/ui.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/ui.ts b/x-pack/packages/security/authorization_core/src/actions/ui.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/ui.ts rename to x-pack/packages/security/authorization_core/src/actions/ui.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.test.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/alerting.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.test.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/alerting.test.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/alerting.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/alerting.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/api.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/api.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/api.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/api.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/app.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/app.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/app.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/app.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.test.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/cases.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.test.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/cases.test.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/cases.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/cases.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/catalogue.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/catalogue.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/catalogue.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/catalogue.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/feature_privilege_builder.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/feature_privilege_builder.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/feature_privilege_builder.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/feature_privilege_builder.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/index.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/index.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/index.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/index.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/management.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/management.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/management.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/management.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/navlink.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/navlink.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/navlink.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/navlink.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/saved_object.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/saved_object.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/saved_object.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/saved_object.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/ui.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/ui.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/ui.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/ui.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/index.ts b/x-pack/packages/security/authorization_core/src/privileges/index.ts similarity index 81% rename from x-pack/plugins/security/server/authorization/privileges/index.ts rename to x-pack/packages/security/authorization_core/src/privileges/index.ts index 1056aa6dcd9af..7113b1b348bec 100644 --- a/x-pack/plugins/security/server/authorization/privileges/index.ts +++ b/x-pack/packages/security/authorization_core/src/privileges/index.ts @@ -8,3 +8,4 @@ export type { PrivilegesService } from './privileges'; export type { CasesSupportedOperations } from './feature_privilege_builder'; export { privilegesFactory } from './privileges'; +export type { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_privileges'; diff --git a/x-pack/plugins/security/server/authorization/privileges/privileges.test.ts b/x-pack/packages/security/authorization_core/src/privileges/privileges.test.ts similarity index 99% rename from x-pack/plugins/security/server/authorization/privileges/privileges.test.ts rename to x-pack/packages/security/authorization_core/src/privileges/privileges.test.ts index 93efd86f52f54..118d63503db22 100644 --- a/x-pack/plugins/security/server/authorization/privileges/privileges.test.ts +++ b/x-pack/packages/security/authorization_core/src/privileges/privileges.test.ts @@ -9,7 +9,7 @@ import { KibanaFeature } from '@kbn/features-plugin/server'; import { featuresPluginMock } from '@kbn/features-plugin/server/mocks'; import { privilegesFactory } from './privileges'; -import { licenseMock } from '../../../common/licensing/index.mock'; +import { licenseMock } from '../__fixtures__/licensing.mock'; import { Actions } from '../actions'; const actions = new Actions(); diff --git a/x-pack/plugins/security/server/authorization/privileges/privileges.ts b/x-pack/packages/security/authorization_core/src/privileges/privileges.ts similarity index 98% rename from x-pack/plugins/security/server/authorization/privileges/privileges.ts rename to x-pack/packages/security/authorization_core/src/privileges/privileges.ts index 4295ae7c89bb4..9fb8dd9f083e2 100644 --- a/x-pack/plugins/security/server/authorization/privileges/privileges.ts +++ b/x-pack/packages/security/authorization_core/src/privileges/privileges.ts @@ -13,9 +13,9 @@ import type { } from '@kbn/features-plugin/common'; import type { FeaturesPluginSetup, KibanaFeature } from '@kbn/features-plugin/server'; +import type { SecurityLicense } from '@kbn/security-plugin-types-common'; import { featurePrivilegeBuilderFactory } from './feature_privilege_builder'; -import type { SecurityLicense } from '../../../common'; -import type { RawKibanaPrivileges } from '../../../common/model'; +import type { RawKibanaPrivileges } from './raw_kibana_privileges'; import type { Actions } from '../actions'; export interface PrivilegesService { diff --git a/x-pack/plugins/security/common/model/raw_kibana_privileges.ts b/x-pack/packages/security/authorization_core/src/privileges/raw_kibana_privileges.ts similarity index 100% rename from x-pack/plugins/security/common/model/raw_kibana_privileges.ts rename to x-pack/packages/security/authorization_core/src/privileges/raw_kibana_privileges.ts diff --git a/x-pack/packages/security/authorization_core/tsconfig.json b/x-pack/packages/security/authorization_core/tsconfig.json new file mode 100644 index 0000000000000..03870180c12c5 --- /dev/null +++ b/x-pack/packages/security/authorization_core/tsconfig.json @@ -0,0 +1,16 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": ["jest", "node", "react"] + }, + "include": ["**/*.ts", "**/*.tsx"], + "exclude": ["target/**/*"], + "kbn_references": [ + "@kbn/core", + "@kbn/features-plugin", + "@kbn/security-plugin-types-common", + "@kbn/security-plugin-types-server", + "@kbn/licensing-plugin", + ] +} diff --git a/x-pack/packages/security/role_management_model/README.md b/x-pack/packages/security/role_management_model/README.md new file mode 100644 index 0000000000000..f87e15a76e453 --- /dev/null +++ b/x-pack/packages/security/role_management_model/README.md @@ -0,0 +1,3 @@ +# @kbn/security-role-management + +Contains business logic for RBAC administration within Kibana. diff --git a/x-pack/packages/security/role_management_model/index.ts b/x-pack/packages/security/role_management_model/index.ts new file mode 100644 index 0000000000000..fa69415d3f8cc --- /dev/null +++ b/x-pack/packages/security/role_management_model/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { SecuredFeature } from './src/secured_feature'; +export { SecuredSubFeature } from './src/secured_sub_feature'; +export { SubFeaturePrivilegeGroup } from './src/sub_feature_privilege_group'; +export { SubFeaturePrivilege } from './src/sub_feature_privilege'; +export { PrimaryFeaturePrivilege } from './src/primary_feature_privilege'; +export { KibanaPrivileges, isGlobalPrivilegeDefinition } from './src/kibana_privileges'; +export { KibanaPrivilege } from './src/kibana_privilege'; +export { PrivilegeCollection } from './src/privilege_collection'; diff --git a/x-pack/packages/security/role_management_model/jest.config.js b/x-pack/packages/security/role_management_model/jest.config.js new file mode 100644 index 0000000000000..4223e717dec5e --- /dev/null +++ b/x-pack/packages/security/role_management_model/jest.config.js @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + coverageDirectory: + '/target/kibana-coverage/jest/x-pack/packages/security/role_management_model', + coverageReporters: ['text', 'html'], + collectCoverageFrom: ['/x-pack/packages/security/role_management_model/**/*.{ts,tsx}'], + preset: '@kbn/test', + rootDir: '../../../..', + roots: ['/x-pack/packages/security/role_management_model'], +}; diff --git a/x-pack/packages/security/role_management_model/kibana.jsonc b/x-pack/packages/security/role_management_model/kibana.jsonc new file mode 100644 index 0000000000000..9ba7936494167 --- /dev/null +++ b/x-pack/packages/security/role_management_model/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/security-role-management-model", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/role_management_model/package.json b/x-pack/packages/security/role_management_model/package.json new file mode 100644 index 0000000000000..d231b70912484 --- /dev/null +++ b/x-pack/packages/security/role_management_model/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-role-management-model", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/packages/security/role_management_model/src/__fixtures__/index.ts b/x-pack/packages/security/role_management_model/src/__fixtures__/index.ts new file mode 100644 index 0000000000000..32f8d17be94b2 --- /dev/null +++ b/x-pack/packages/security/role_management_model/src/__fixtures__/index.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { createFeature, kibanaFeatures } from './kibana_features'; +export { createKibanaPrivileges, createRawKibanaPrivileges } from './kibana_privileges'; diff --git a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_features.ts b/x-pack/packages/security/role_management_model/src/__fixtures__/kibana_features.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/__fixtures__/kibana_features.ts rename to x-pack/packages/security/role_management_model/src/__fixtures__/kibana_features.ts diff --git a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts b/x-pack/packages/security/role_management_model/src/__fixtures__/kibana_privileges.ts similarity index 54% rename from x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts rename to x-pack/packages/security/role_management_model/src/__fixtures__/kibana_privileges.ts index 559d479182c89..2dc5078038033 100644 --- a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts +++ b/x-pack/packages/security/role_management_model/src/__fixtures__/kibana_privileges.ts @@ -6,19 +6,33 @@ */ import type { KibanaFeature } from '@kbn/features-plugin/public'; -import { featuresPluginMock } from '@kbn/features-plugin/server/mocks'; +import { type FeaturesPluginSetup } from '@kbn/features-plugin/server'; +import { + featurePrivilegeIterator, + subFeaturePrivilegeIterator, +} from '@kbn/features-plugin/server/feature_privilege_iterator'; import type { LicenseType } from '@kbn/licensing-plugin/server'; +import type { SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; +import { Actions, privilegesFactory } from '@kbn/security-authorization-core'; +import { KibanaPrivileges } from '../kibana_privileges'; -import type { SecurityLicenseFeatures } from '../../../../common'; -import { Actions } from '../../../../server/authorization'; -import { privilegesFactory } from '../../../../server/authorization/privileges'; -import { KibanaPrivileges } from '../model'; +const featuresPluginService = (): jest.Mocked => { + return { + getKibanaFeatures: jest.fn(), + getElasticsearchFeatures: jest.fn(), + registerKibanaFeature: jest.fn(), + registerElasticsearchFeature: jest.fn(), + enableReportingUiCapabilities: jest.fn(), + featurePrivilegeIterator: jest.fn().mockImplementation(featurePrivilegeIterator), + subFeaturePrivilegeIterator: jest.fn().mockImplementation(subFeaturePrivilegeIterator), + }; +}; export const createRawKibanaPrivileges = ( features: KibanaFeature[], { allowSubFeaturePrivileges = true } = {} ) => { - const featuresService = featuresPluginMock.createSetup(); + const featuresService = featuresPluginService(); featuresService.getKibanaFeatures.mockReturnValue(features); const licensingService = { diff --git a/x-pack/plugins/security/public/management/roles/model/kibana_privilege.ts b/x-pack/packages/security/role_management_model/src/kibana_privilege.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/kibana_privilege.ts rename to x-pack/packages/security/role_management_model/src/kibana_privilege.ts diff --git a/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts b/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts new file mode 100644 index 0000000000000..6102c853db51b --- /dev/null +++ b/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts @@ -0,0 +1,187 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { KibanaPrivilege } from './kibana_privilege'; +import { KibanaPrivileges, isGlobalPrivilegeDefinition } from './kibana_privileges'; +import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { createRawKibanaPrivileges, kibanaFeatures } from './__fixtures__'; + +describe('kibana_privilege', () => { + describe('isGlobalPrivilegeDefinition', () => { + it('returns true if no spaces are defined', () => { + expect( + // @ts-ignore + isGlobalPrivilegeDefinition({ + base: [], + feature: {}, + }) + ).toEqual(true); + }); + + it('returns true if spaces is an empty array', () => { + expect( + isGlobalPrivilegeDefinition({ + spaces: [], + base: [], + feature: {}, + }) + ).toEqual(true); + }); + + it('returns true if spaces contains "*"', () => { + expect( + isGlobalPrivilegeDefinition({ + spaces: ['*'], + base: [], + feature: {}, + }) + ).toEqual(true); + }); + + it('returns false if spaces does not contain "*"', () => { + expect( + isGlobalPrivilegeDefinition({ + spaces: ['foo', 'bar'], + base: [], + feature: {}, + }) + ).toEqual(false); + }); + }); + + describe('KibanaPrivileges', () => { + describe('#getBasePrivileges', () => { + it('returns the space base privileges for a non-global entry', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const entry: RoleKibanaPrivilege = { + base: [], + feature: {}, + spaces: ['foo'], + }; + + const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); + + const expectedPrivileges = rawPrivileges.space; + + expect(basePrivileges).toHaveLength(2); + expect(basePrivileges[0]).toMatchObject({ + id: 'all', + actions: expectedPrivileges.all, + }); + expect(basePrivileges[1]).toMatchObject({ + id: 'read', + actions: expectedPrivileges.read, + }); + }); + + it('returns the global base privileges for a global entry', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const entry: RoleKibanaPrivilege = { + base: [], + feature: {}, + spaces: ['*'], + }; + + const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); + + const expectedPrivileges = rawPrivileges.global; + + expect(basePrivileges).toHaveLength(2); + expect(basePrivileges[0]).toMatchObject({ + id: 'all', + actions: expectedPrivileges.all, + }); + expect(basePrivileges[1]).toMatchObject({ + id: 'read', + actions: expectedPrivileges.read, + }); + }); + }); + + describe('#createCollectionFromRoleKibanaPrivileges', () => { + it('creates a collection from a role with no privileges assigned', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const assignedPrivileges: RoleKibanaPrivilege[] = []; + kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + }); + + it('creates a collection ignoring unknown privileges', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const assignedPrivileges: RoleKibanaPrivilege[] = [ + { + base: ['read', 'some-unknown-base-privilege'], + feature: {}, + spaces: ['*'], + }, + { + base: [], + feature: { + with_sub_features: ['read', 'cool_all', 'some-unknown-feature-privilege'], + some_unknown_feature: ['all'], + }, + spaces: ['foo'], + }, + ]; + kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + }); + + it('creates a collection using all assigned privileges, and only the assigned privileges', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const assignedPrivileges: RoleKibanaPrivilege[] = [ + { + base: ['read'], + feature: {}, + spaces: ['*'], + }, + { + base: [], + feature: { + with_sub_features: ['read', 'cool_all'], + }, + spaces: ['foo'], + }, + ]; + const collection = + kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + + expect( + collection.grantsPrivilege( + new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.read]) + ) + ).toEqual(true); + + expect( + collection.grantsPrivilege( + new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.all]) + ) + ).toEqual(false); + + expect( + collection.grantsPrivilege( + new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_all]) + ) + ).toEqual(true); + + expect( + collection.grantsPrivilege( + new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_toggle_1]) + ) + ).toEqual(false); + }); + }); + }); +}); diff --git a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts b/x-pack/packages/security/role_management_model/src/kibana_privileges.ts similarity index 86% rename from x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts rename to x-pack/packages/security/role_management_model/src/kibana_privileges.ts index 78b312c123a3f..e78ee9b105bbf 100644 --- a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts +++ b/x-pack/packages/security/role_management_model/src/kibana_privileges.ts @@ -7,11 +7,11 @@ import type { KibanaFeature } from '@kbn/features-plugin/common'; +import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import type { RawKibanaPrivileges } from '@kbn/security-authorization-core'; import { KibanaPrivilege } from './kibana_privilege'; import { PrivilegeCollection } from './privilege_collection'; import { SecuredFeature } from './secured_feature'; -import type { RawKibanaPrivileges, RoleKibanaPrivilege } from '../../../../common'; -import { isGlobalPrivilegeDefinition } from '../edit_role/privilege_utils'; function toBasePrivilege(entry: [string, string[]]): [string, KibanaPrivilege] { const [privilegeId, actions] = entry; @@ -24,6 +24,17 @@ function recordsToBasePrivilegeMap( return new Map(Object.entries(record).map((entry) => toBasePrivilege(entry))); } +/** + * Determines if the passed privilege spec defines global privileges. + * @param privilegeSpec + */ +export function isGlobalPrivilegeDefinition(privilegeSpec: RoleKibanaPrivilege): boolean { + if (!privilegeSpec.spaces || privilegeSpec.spaces.length === 0) { + return true; + } + return privilegeSpec.spaces.includes('*'); +} + export class KibanaPrivileges { private global: ReadonlyMap; diff --git a/x-pack/plugins/security/public/management/roles/model/primary_feature_privilege.ts b/x-pack/packages/security/role_management_model/src/primary_feature_privilege.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/primary_feature_privilege.ts rename to x-pack/packages/security/role_management_model/src/primary_feature_privilege.ts diff --git a/x-pack/plugins/security/public/management/roles/model/privilege_collection.test.ts b/x-pack/packages/security/role_management_model/src/privilege_collection.test.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/privilege_collection.test.ts rename to x-pack/packages/security/role_management_model/src/privilege_collection.test.ts diff --git a/x-pack/plugins/security/public/management/roles/model/privilege_collection.ts b/x-pack/packages/security/role_management_model/src/privilege_collection.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/privilege_collection.ts rename to x-pack/packages/security/role_management_model/src/privilege_collection.ts diff --git a/x-pack/plugins/security/public/management/roles/model/secured_feature.ts b/x-pack/packages/security/role_management_model/src/secured_feature.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/secured_feature.ts rename to x-pack/packages/security/role_management_model/src/secured_feature.ts diff --git a/x-pack/plugins/security/public/management/roles/model/secured_sub_feature.ts b/x-pack/packages/security/role_management_model/src/secured_sub_feature.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/secured_sub_feature.ts rename to x-pack/packages/security/role_management_model/src/secured_sub_feature.ts diff --git a/x-pack/plugins/security/public/management/roles/model/sub_feature_privilege.ts b/x-pack/packages/security/role_management_model/src/sub_feature_privilege.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/sub_feature_privilege.ts rename to x-pack/packages/security/role_management_model/src/sub_feature_privilege.ts diff --git a/x-pack/plugins/security/public/management/roles/model/sub_feature_privilege_group.ts b/x-pack/packages/security/role_management_model/src/sub_feature_privilege_group.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/sub_feature_privilege_group.ts rename to x-pack/packages/security/role_management_model/src/sub_feature_privilege_group.ts diff --git a/x-pack/packages/security/role_management_model/tsconfig.json b/x-pack/packages/security/role_management_model/tsconfig.json new file mode 100644 index 0000000000000..f18ed64fae713 --- /dev/null +++ b/x-pack/packages/security/role_management_model/tsconfig.json @@ -0,0 +1,15 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": ["jest", "node", "react"] + }, + "include": ["**/*.ts", "**/*.tsx"], + "exclude": ["target/**/*"], + "kbn_references": [ + "@kbn/features-plugin", + "@kbn/security-plugin-types-common", + "@kbn/security-authorization-core", + "@kbn/licensing-plugin", + ] +} diff --git a/x-pack/plugins/security/common/index.ts b/x-pack/plugins/security/common/index.ts index 2d5e6fd6ec7f1..c4d76f7c9fd66 100644 --- a/x-pack/plugins/security/common/index.ts +++ b/x-pack/plugins/security/common/index.ts @@ -10,7 +10,6 @@ export type { GetUserDisplayNameParams, EditUser, BuiltinESPrivileges, - RawKibanaPrivileges, RoleMapping, RoleMappingRule, RoleMappingAllRule, @@ -25,6 +24,8 @@ export type { export { getUserDisplayName, isRoleReserved, isRoleWithWildcardBasePrivilege } from './model'; +export type { RawKibanaPrivileges } from '@kbn/security-authorization-core'; + // Re-export types from the plugin directly to enhance the developer experience for consumers of the Security plugin. export type { AuthenticatedUser, diff --git a/x-pack/plugins/security/common/licensing/index.mock.ts b/x-pack/plugins/security/common/licensing/index.mock.ts index 6ee9910b768bd..49f0b578075b0 100644 --- a/x-pack/plugins/security/common/licensing/index.mock.ts +++ b/x-pack/plugins/security/common/licensing/index.mock.ts @@ -5,51 +5,4 @@ * 2.0. */ -import { Observable, of } from 'rxjs'; - -import type { LicenseType } from '@kbn/licensing-plugin/common/types'; -import { LICENSE_TYPE } from '@kbn/licensing-plugin/common/types'; -import type { SecurityLicense, SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; - -export const licenseMock = { - create: ( - features: Partial | Observable> = {}, - licenseType: LicenseType = 'basic', // default to basic if this is not specified, - isAvailable: Observable = of(true) - ): jest.Mocked => ({ - isLicenseAvailable: jest.fn().mockImplementation(() => { - let result = true; - - isAvailable.subscribe((next) => { - result = next; - }); - - return result; - }), - getLicenseType: jest.fn().mockReturnValue(licenseType), - getUnavailableReason: jest.fn(), - isEnabled: jest.fn().mockReturnValue(true), - getFeatures: - features instanceof Observable - ? jest.fn().mockImplementation(() => { - let subbedFeatures: Partial = {}; - - features.subscribe((next) => { - subbedFeatures = next; - }); - - return subbedFeatures; - }) - : jest.fn().mockReturnValue(features), - hasAtLeast: jest - .fn() - .mockImplementation( - (licenseTypeToCheck: LicenseType) => - LICENSE_TYPE[licenseTypeToCheck] <= LICENSE_TYPE[licenseType] - ), - features$: - features instanceof Observable - ? (features as Observable) - : of((features ?? {}) as SecurityLicenseFeatures), - }), -}; +export { licenseMock } from '@kbn/security-authorization-core/src/__fixtures__/licensing.mock'; diff --git a/x-pack/plugins/security/common/model/index.ts b/x-pack/plugins/security/common/model/index.ts index 1e73ead22655e..1331d60d624b6 100644 --- a/x-pack/plugins/security/common/model/index.ts +++ b/x-pack/plugins/security/common/model/index.ts @@ -21,7 +21,10 @@ export { } from './authenticated_user'; export { shouldProviderUseLoginForm } from './authentication_provider'; export type { BuiltinESPrivileges } from './builtin_es_privileges'; -export type { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_privileges'; +export type { + RawKibanaPrivileges, + RawKibanaFeaturePrivileges, +} from '@kbn/security-authorization-core'; export { copyRole, isRoleDeprecated, diff --git a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx index 5f345020d6d8f..9a9abab064fa8 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx @@ -19,6 +19,7 @@ import { dataViewPluginMocks } from '@kbn/data-views-plugin/public/mocks'; import { KibanaFeature } from '@kbn/features-plugin/public'; import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; import { REMOTE_CLUSTERS_PATH } from '@kbn/remote-clusters-plugin/public'; +import { createRawKibanaPrivileges } from '@kbn/security-role-management-model/src/__fixtures__'; import type { Space } from '@kbn/spaces-plugin/public'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; @@ -31,7 +32,6 @@ import { TransformErrorSection } from './privileges/kibana/transform_error_secti import type { Role } from '../../../../common'; import { licenseMock } from '../../../../common/licensing/index.mock'; import { userAPIClientMock } from '../../users/index.mock'; -import { createRawKibanaPrivileges } from '../__fixtures__/kibana_privileges'; import { indicesAPIClientMock, privilegesAPIClientMock, rolesAPIClientMock } from '../index.mock'; const spacesManager = spacesManagerMock.create(); diff --git a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx index ccdc71d119f08..b724acc58f507 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx @@ -44,6 +44,7 @@ import { reactRouterNavigate, useDarkMode } from '@kbn/kibana-react-plugin/publi import { toMountPoint } from '@kbn/react-kibana-mount'; import type { Cluster } from '@kbn/remote-clusters-plugin/public'; import { REMOTE_CLUSTERS_PATH } from '@kbn/remote-clusters-plugin/public'; +import { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import type { PublicMethodsOf } from '@kbn/utility-types'; @@ -72,7 +73,6 @@ import { useCapabilities } from '../../../components/use_capabilities'; import type { CheckSecurityFeaturesResponse } from '../../security_features'; import type { UserAPIClient } from '../../users'; import type { IndicesAPIClient } from '../indices_api_client'; -import { KibanaPrivileges } from '../model'; import type { PrivilegesAPIClient } from '../privileges_api_client'; import type { RolesAPIClient } from '../roles_api_client'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.test.ts deleted file mode 100644 index 7ddbb393bac9f..0000000000000 --- a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.test.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { isGlobalPrivilegeDefinition } from './privilege_utils'; - -describe('isGlobalPrivilegeDefinition', () => { - it('returns true if no spaces are defined', () => { - expect( - // @ts-ignore - isGlobalPrivilegeDefinition({ - base: [], - feature: {}, - }) - ).toEqual(true); - }); - - it('returns true if spaces is an empty array', () => { - expect( - isGlobalPrivilegeDefinition({ - spaces: [], - base: [], - feature: {}, - }) - ).toEqual(true); - }); - - it('returns true if spaces contains "*"', () => { - expect( - isGlobalPrivilegeDefinition({ - spaces: ['*'], - base: [], - feature: {}, - }) - ).toEqual(true); - }); - - it('returns false if spaces does not contain "*"', () => { - expect( - isGlobalPrivilegeDefinition({ - spaces: ['foo', 'bar'], - base: [], - feature: {}, - }) - ).toEqual(false); - }); -}); diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts b/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts deleted file mode 100644 index da912650fee48..0000000000000 --- a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RoleKibanaPrivilege } from '../../../../common'; - -/** - * Determines if the passed privilege spec defines global privileges. - * @param privilegeSpec - */ -export function isGlobalPrivilegeDefinition(privilegeSpec: RoleKibanaPrivilege): boolean { - if (!privilegeSpec.spaces || privilegeSpec.spaces.length === 0) { - return true; - } - return privilegeSpec.spaces.includes('*'); -} diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/change_all_privileges.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/change_all_privileges.tsx index 00494c48b9efb..4793f86a7a2a5 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/change_all_privileges.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/change_all_privileges.tsx @@ -19,8 +19,8 @@ import _ from 'lodash'; import React, { Component } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { KibanaPrivilege } from '@kbn/security-role-management-model'; -import type { KibanaPrivilege } from '../../../../model'; import { NO_PRIVILEGE_VALUE } from '../constants'; interface Props { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx index 8b40b6d16d403..5a43e7931d474 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx @@ -9,13 +9,16 @@ import { EuiAccordion, EuiIconTip } from '@elastic/eui'; import React from 'react'; import type { KibanaFeature, SubFeatureConfig } from '@kbn/features-plugin/public'; +import { + createFeature, + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { getDisplayedFeaturePrivileges } from './__fixtures__'; import { FeatureTable } from './feature_table'; import type { Role } from '../../../../../../../common'; -import { createFeature, kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; const createRole = (kibana: Role['kibana'] = []): Role => { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx index 7734d415bf385..6b4e7af240eb5 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx @@ -29,11 +29,11 @@ import React, { Component } from 'react'; import type { AppCategory } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { Role } from '@kbn/security-plugin-types-common'; +import type { KibanaPrivileges, SecuredFeature } from '@kbn/security-role-management-model'; import { ChangeAllPrivilegesControl } from './change_all_privileges'; import { FeatureTableExpandedRow } from './feature_table_expanded_row'; -import type { Role } from '../../../../../../../common'; -import type { KibanaPrivileges, SecuredFeature } from '../../../../model'; import { NO_PRIVILEGE_VALUE } from '../constants'; import { FeatureTableCell } from '../feature_table_cell'; import type { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx index b3856bb59f1f3..92a33136c7678 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx @@ -8,12 +8,14 @@ import { act } from '@testing-library/react'; import React from 'react'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { FeatureTableExpandedRow } from './feature_table_expanded_row'; import type { Role } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; const createRole = (kibana: Role['kibana'] = []): Role => { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.tsx index 42090f8c6c044..8e00327fd334b 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.tsx @@ -11,9 +11,9 @@ import React, { useEffect, useState } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { SecuredFeature } from '@kbn/security-role-management-model'; import { SubFeatureForm } from './sub_feature_form'; -import type { SecuredFeature } from '../../../../model'; import type { PrivilegeFormCalculator } from '../privilege_form_calculator'; interface Props { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx index 53e44aefbf1c8..8f741f1d48f9d 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx @@ -10,13 +10,15 @@ import { act } from '@testing-library/react'; import React from 'react'; import { KibanaFeature } from '@kbn/features-plugin/public'; +import type { Role } from '@kbn/security-plugin-types-common'; +import { SecuredSubFeature } from '@kbn/security-role-management-model'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { SubFeatureForm } from './sub_feature_form'; -import type { Role } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; -import { SecuredSubFeature } from '../../../../model'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; // Note: these tests are not concerned with the proper display of privileges, diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.tsx index 4f3c1eb103a75..9155d8ae52835 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.tsx @@ -16,12 +16,12 @@ import { import React from 'react'; import { i18n } from '@kbn/i18n'; - import type { SecuredSubFeature, SubFeaturePrivilege, SubFeaturePrivilegeGroup, -} from '../../../../model'; +} from '@kbn/security-role-management-model'; + import { NO_PRIVILEGE_VALUE } from '../constants'; import type { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx index 372b24048fe5b..0c1eac9a70d4e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx @@ -8,11 +8,11 @@ import { EuiIconTip } from '@elastic/eui'; import React from 'react'; +import { SecuredFeature } from '@kbn/security-role-management-model'; +import { createFeature } from '@kbn/security-role-management-model/src/__fixtures__'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { FeatureTableCell } from './feature_table_cell'; -import { createFeature } from '../../../../__fixtures__/kibana_features'; -import { SecuredFeature } from '../../../../model'; describe('FeatureTableCell', () => { it('renders the feature name', () => { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.tsx index 062597ce46ad2..177b6fb95a413 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.tsx @@ -10,7 +10,7 @@ import './feature_table_cell.scss'; import { EuiFlexGroup, EuiFlexItem, EuiIconTip, EuiText } from '@elastic/eui'; import React from 'react'; -import type { SecuredFeature } from '../../../../model'; +import type { SecuredFeature } from '@kbn/security-role-management-model'; interface Props { feature: SecuredFeature; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx index b12c4f91a3a7a..2c903b170cb2b 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx @@ -9,6 +9,8 @@ import { shallow } from 'enzyme'; import React from 'react'; import { coreMock } from '@kbn/core/public/mocks'; +import type { Role } from '@kbn/security-plugin-types-common'; +import { KibanaPrivileges } from '@kbn/security-role-management-model'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; @@ -16,8 +18,6 @@ import { KibanaPrivilegesRegion } from './kibana_privileges_region'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { SpaceAwarePrivilegeSection } from './space_aware_privilege_section'; import { TransformErrorSection } from './transform_error_section'; -import type { Role } from '../../../../../../common'; -import { KibanaPrivileges } from '../../../model'; import { RoleValidator } from '../../validate_role'; const spacesManager = spacesManagerMock.create(); diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx index d7439b19b0d00..5344e582a3b8c 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx @@ -8,13 +8,13 @@ import React, { Component } from 'react'; import type { Capabilities } from '@kbn/core/public'; +import type { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { SpaceAwarePrivilegeSection } from './space_aware_privilege_section'; import { TransformErrorSection } from './transform_error_section'; import type { Role } from '../../../../../../common'; -import type { KibanaPrivileges } from '../../../model'; import { CollapsiblePanel } from '../../collapsible_panel'; import type { RoleValidator } from '../../validate_role'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts index 20c54fd2ea529..b47501e08f376 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts @@ -5,10 +5,13 @@ * 2.0. */ +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; + import { PrivilegeFormCalculator } from './privilege_form_calculator'; import type { Role } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; const createRole = (kibana: Role['kibana'] = []): Role => { return { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts index 227c2be381546..75cdcac34031e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts @@ -5,9 +5,12 @@ * 2.0. */ -import type { Role } from '../../../../../../../common'; -import type { KibanaPrivileges, SubFeaturePrivilegeGroup } from '../../../../model'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; +import type { Role } from '@kbn/security-plugin-types-common'; +import { + isGlobalPrivilegeDefinition, + type KibanaPrivileges, + type SubFeaturePrivilegeGroup, +} from '@kbn/security-role-management-model'; /** * Calculator responsible for determining the displayed and effective privilege values for the following interfaces: diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx index 9f6aa8ed69ed9..f42a95693b87b 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx @@ -9,6 +9,10 @@ import { act } from '@testing-library/react'; import React from 'react'; import { coreMock } from '@kbn/core/public/mocks'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; @@ -16,8 +20,6 @@ import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSummary } from './privilege_summary'; import { PrivilegeSummaryTable } from './privilege_summary_table'; import type { RoleKibanaPrivilege } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; const createRole = (roleKibanaPrivileges: RoleKibanaPrivilege[]) => ({ name: 'some-role', diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx index 5c6d03569b10a..1ae88a0be781d 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx @@ -17,11 +17,11 @@ import { import React, { Fragment, useState } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { Role } from '@kbn/security-plugin-types-common'; +import type { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { PrivilegeSummaryTable } from './privilege_summary_table'; -import type { Role } from '../../../../../../../common'; -import type { KibanaPrivileges } from '../../../../model'; interface Props { role: Role; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts index b0418eac51c62..13269dffa5e8c 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts @@ -5,10 +5,13 @@ * 2.0. */ +import type { Role } from '@kbn/security-plugin-types-common'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; + import { PrivilegeSummaryCalculator } from './privilege_summary_calculator'; -import type { Role } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; const createRole = (kibana: Role['kibana'] = []): Role => { return { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts index 053cd19c98d58..ce8e2fa0e22c4 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts @@ -5,10 +5,14 @@ * 2.0. */ -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; -import type { KibanaPrivileges, PrimaryFeaturePrivilege, SecuredFeature } from '../../../../model'; -import type { PrivilegeCollection } from '../../../../model/privilege_collection'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; +import type { Role, RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { + isGlobalPrivilegeDefinition, + type KibanaPrivileges, + type PrimaryFeaturePrivilege, + type PrivilegeCollection, + type SecuredFeature, +} from '@kbn/security-role-management-model'; export interface EffectiveFeaturePrivileges { [featureId: string]: { @@ -17,6 +21,7 @@ export interface EffectiveFeaturePrivileges { hasCustomizedSubFeaturePrivileges: boolean; }; } + export class PrivilegeSummaryCalculator { constructor(private readonly kibanaPrivileges: KibanaPrivileges, private readonly role: Role) {} diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_expanded_row.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_expanded_row.tsx index 727bcdc1b103d..83f1e26ad1284 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_expanded_row.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_expanded_row.tsx @@ -9,13 +9,13 @@ import { EuiFlexGroup, EuiFlexItem, EuiIconTip, EuiText } from '@elastic/eui'; import React from 'react'; import { i18n } from '@kbn/i18n'; - -import type { EffectiveFeaturePrivileges } from './privilege_summary_calculator'; import type { SecuredFeature, SubFeaturePrivilege, SubFeaturePrivilegeGroup, -} from '../../../../model'; +} from '@kbn/security-role-management-model'; + +import type { EffectiveFeaturePrivileges } from './privilege_summary_calculator'; interface Props { feature: SecuredFeature; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx index b76ac9f1a1fc8..e1ca5300ee9f7 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx @@ -9,6 +9,11 @@ import { act } from '@testing-library/react'; import React from 'react'; import { coreMock } from '@kbn/core/public/mocks'; +import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; import { mountWithIntl } from '@kbn/test-jest-helpers'; @@ -16,9 +21,6 @@ import { mountWithIntl } from '@kbn/test-jest-helpers'; import { getDisplayedFeaturePrivileges } from './__fixtures__'; import type { PrivilegeSummaryTableProps } from './privilege_summary_table'; import { PrivilegeSummaryTable } from './privilege_summary_table'; -import type { RoleKibanaPrivilege } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; const createRole = (roleKibanaPrivileges: RoleKibanaPrivilege[]) => ({ name: 'some-role', diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx index 7dcbbe85d553c..af15cf82b9be6 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx @@ -20,16 +20,20 @@ import { import React, { Fragment, useMemo, useState } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { Role, RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { + isGlobalPrivilegeDefinition, + type KibanaPrivileges, + type PrimaryFeaturePrivilege, + type SecuredFeature, +} from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import type { EffectiveFeaturePrivileges } from './privilege_summary_calculator'; import { PrivilegeSummaryCalculator } from './privilege_summary_calculator'; import { PrivilegeSummaryExpandedRow } from './privilege_summary_expanded_row'; import { SpaceColumnHeader } from './space_column_header'; -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; import { ALL_SPACES_ID } from '../../../../../../../common/constants'; -import type { KibanaPrivileges, PrimaryFeaturePrivilege, SecuredFeature } from '../../../../model'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { FeatureTableCell } from '../feature_table_cell'; export interface PrivilegeSummaryTableProps { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx index ca4a2d6011c58..e65b7b255efe6 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx @@ -9,10 +9,10 @@ import React, { Fragment, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { isGlobalPrivilegeDefinition } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; -import type { RoleKibanaPrivilege } from '../../../../../../../common'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { SpacesPopoverList } from '../../../spaces_popover_list'; export interface SpaceColumnHeaderProps { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx index e0b0156db7568..3ca7cf5c8b92f 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx @@ -9,12 +9,12 @@ import type { EuiButtonGroupProps } from '@elastic/eui'; import { EuiButtonGroup, EuiComboBox, EuiSuperSelect } from '@elastic/eui'; import React from 'react'; +import type { Role } from '@kbn/security-plugin-types-common'; +import { KibanaPrivileges, SecuredFeature } from '@kbn/security-role-management-model'; import { mountWithIntl, shallowWithIntl } from '@kbn/test-jest-helpers'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { UnsupportedSpacePrivilegesWarning } from './unsupported_space_privileges_warning'; -import type { Role } from '../../../../../../../common'; -import { KibanaPrivileges, SecuredFeature } from '../../../../model'; const buildProps = (customProps: any = {}) => { const features = [ diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx index 2e8b395ea07a7..b5b57921705e5 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx @@ -16,12 +16,14 @@ import { import React, { Component, Fragment } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; +import { + isGlobalPrivilegeDefinition, + type KibanaPrivileges, +} from '@kbn/security-role-management-model'; import { UnsupportedSpacePrivilegesWarning } from './unsupported_space_privileges_warning'; import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; import { copyRole } from '../../../../../../../common/model'; -import type { KibanaPrivileges } from '../../../../model'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { CUSTOM_PRIVILEGE_VALUE, NO_PRIVILEGE_VALUE } from '../constants'; import { FeatureTable } from '../feature_table'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx index 6c633d6513692..7d9d6d015c03e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx @@ -8,14 +8,17 @@ import { EuiButtonGroup } from '@elastic/eui'; import React from 'react'; +import { + createFeature, + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import type { Space } from '@kbn/spaces-plugin/public'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSpaceForm } from './privilege_space_form'; import { SpaceSelector } from './space_selector'; import type { Role } from '../../../../../../../common'; -import { createFeature, kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { FeatureTable } from '../feature_table'; import { getDisplayedFeaturePrivileges } from '../feature_table/__fixtures__'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx index 6abf5a04ae5c6..fbcc43a3b4b1a 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx @@ -29,13 +29,13 @@ import React, { Component, Fragment } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space } from '@kbn/spaces-plugin/public'; import { SpaceSelector } from './space_selector'; import type { FeaturesPrivileges, Role } from '../../../../../../../common'; import { ALL_SPACES_ID } from '../../../../../../../common/constants'; import { copyRole } from '../../../../../../../common/model'; -import type { KibanaPrivileges } from '../../../../model'; import { CUSTOM_PRIVILEGE_VALUE } from '../constants'; import { FeatureTable } from '../feature_table'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx index 56fe843cceded..316419f479426 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx @@ -10,12 +10,12 @@ import type { ReactWrapper } from 'enzyme'; import React from 'react'; import { KibanaFeature } from '@kbn/features-plugin/public'; +import type { Role, RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { createKibanaPrivileges } from '@kbn/security-role-management-model/src/__fixtures__'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeDisplay } from './privilege_display'; import { PrivilegeSpaceTable } from './privilege_space_table'; -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; interface TableRow { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx index 4c0ead6e43167..28e1d50d7f71e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx @@ -22,13 +22,13 @@ import React, { Component } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { FeaturesPrivileges, Role } from '@kbn/security-plugin-types-common'; +import { isGlobalPrivilegeDefinition } from '@kbn/security-role-management-model'; import type { Space } from '@kbn/spaces-plugin/public'; import { getSpaceColor } from '@kbn/spaces-plugin/public'; import { PrivilegeDisplay } from './privilege_display'; -import type { FeaturesPrivileges, Role } from '../../../../../../../common'; import { copyRole } from '../../../../../../../common/model'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { CUSTOM_PRIVILEGE_VALUE } from '../constants'; import type { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx index 3c2df19eb20db..b25a474bc06aa 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx @@ -7,13 +7,15 @@ import React from 'react'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { mountWithIntl, shallowWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSpaceForm } from './privilege_space_form'; import { PrivilegeSpaceTable } from './privilege_space_table'; import { SpaceAwarePrivilegeSection } from './space_aware_privilege_section'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { RoleValidator } from '../../../validate_role'; import { PrivilegeSummary } from '../privilege_summary'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx index f499da5c6973c..404bd39ec9b67 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx @@ -20,13 +20,13 @@ import React, { Component, Fragment } from 'react'; import type { Capabilities } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { Role } from '@kbn/security-plugin-types-common'; +import type { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { PrivilegeSpaceForm } from './privilege_space_form'; import { PrivilegeSpaceTable } from './privilege_space_table'; -import type { Role } from '../../../../../../../common'; import { isRoleReserved, isRoleWithWildcardBasePrivilege } from '../../../../../../../common'; -import type { KibanaPrivileges } from '../../../../model'; import type { RoleValidator } from '../../../validate_role'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; import { PrivilegeSummary } from '../privilege_summary'; diff --git a/x-pack/plugins/security/public/management/roles/model/index.ts b/x-pack/plugins/security/public/management/roles/model/index.ts deleted file mode 100644 index 55e90bb4b377d..0000000000000 --- a/x-pack/plugins/security/public/management/roles/model/index.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export { SecuredFeature } from './secured_feature'; -export { SecuredSubFeature } from './secured_sub_feature'; -export { SubFeaturePrivilegeGroup } from './sub_feature_privilege_group'; -export { SubFeaturePrivilege } from './sub_feature_privilege'; -export { PrimaryFeaturePrivilege } from './primary_feature_privilege'; -export { KibanaPrivileges } from './kibana_privileges'; -export { KibanaPrivilege } from './kibana_privilege'; -export { PrivilegeCollection } from './privilege_collection'; diff --git a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts b/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts deleted file mode 100644 index 494f5a14b1e48..0000000000000 --- a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { KibanaPrivilege } from './kibana_privilege'; -import { KibanaPrivileges } from './kibana_privileges'; -import type { RoleKibanaPrivilege } from '../../../../common'; -import { kibanaFeatures } from '../__fixtures__/kibana_features'; -import { createRawKibanaPrivileges } from '../__fixtures__/kibana_privileges'; - -describe('KibanaPrivileges', () => { - describe('#getBasePrivileges', () => { - it('returns the space base privileges for a non-global entry', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const entry: RoleKibanaPrivilege = { - base: [], - feature: {}, - spaces: ['foo'], - }; - - const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); - - const expectedPrivileges = rawPrivileges.space; - - expect(basePrivileges).toHaveLength(2); - expect(basePrivileges[0]).toMatchObject({ - id: 'all', - actions: expectedPrivileges.all, - }); - expect(basePrivileges[1]).toMatchObject({ - id: 'read', - actions: expectedPrivileges.read, - }); - }); - - it('returns the global base privileges for a global entry', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const entry: RoleKibanaPrivilege = { - base: [], - feature: {}, - spaces: ['*'], - }; - - const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); - - const expectedPrivileges = rawPrivileges.global; - - expect(basePrivileges).toHaveLength(2); - expect(basePrivileges[0]).toMatchObject({ - id: 'all', - actions: expectedPrivileges.all, - }); - expect(basePrivileges[1]).toMatchObject({ - id: 'read', - actions: expectedPrivileges.read, - }); - }); - }); - - describe('#createCollectionFromRoleKibanaPrivileges', () => { - it('creates a collection from a role with no privileges assigned', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const assignedPrivileges: RoleKibanaPrivilege[] = []; - kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - }); - - it('creates a collection ignoring unknown privileges', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const assignedPrivileges: RoleKibanaPrivilege[] = [ - { - base: ['read', 'some-unknown-base-privilege'], - feature: {}, - spaces: ['*'], - }, - { - base: [], - feature: { - with_sub_features: ['read', 'cool_all', 'some-unknown-feature-privilege'], - some_unknown_feature: ['all'], - }, - spaces: ['foo'], - }, - ]; - kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - }); - - it('creates a collection using all assigned privileges, and only the assigned privileges', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const assignedPrivileges: RoleKibanaPrivilege[] = [ - { - base: ['read'], - feature: {}, - spaces: ['*'], - }, - { - base: [], - feature: { - with_sub_features: ['read', 'cool_all'], - }, - spaces: ['foo'], - }, - ]; - const collection = - kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - - expect( - collection.grantsPrivilege( - new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.read]) - ) - ).toEqual(true); - - expect( - collection.grantsPrivilege( - new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.all]) - ) - ).toEqual(false); - - expect( - collection.grantsPrivilege( - new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_all]) - ) - ).toEqual(true); - - expect( - collection.grantsPrivilege( - new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_toggle_1]) - ) - ).toEqual(false); - }); - }); -}); diff --git a/x-pack/plugins/security/public/management/roles/privileges_api_client.ts b/x-pack/plugins/security/public/management/roles/privileges_api_client.ts index a96fdd4340cc6..54c8992698978 100644 --- a/x-pack/plugins/security/public/management/roles/privileges_api_client.ts +++ b/x-pack/plugins/security/public/management/roles/privileges_api_client.ts @@ -6,8 +6,9 @@ */ import type { HttpStart } from '@kbn/core/public'; +import type { RawKibanaPrivileges } from '@kbn/security-authorization-core'; -import type { BuiltinESPrivileges, RawKibanaPrivileges } from '../../../common/model'; +import type { BuiltinESPrivileges } from '../../../common/model'; export class PrivilegesAPIClient { constructor(private readonly http: HttpStart) {} diff --git a/x-pack/plugins/security/server/authorization/authorization_service.test.ts b/x-pack/plugins/security/server/authorization/authorization_service.test.ts index ddc5e26903c2b..275a6d2643f24 100644 --- a/x-pack/plugins/security/server/authorization/authorization_service.test.ts +++ b/x-pack/plugins/security/server/authorization/authorization_service.test.ts @@ -19,6 +19,7 @@ import { Subject } from 'rxjs'; import { coreMock, elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks'; import { featuresPluginMock } from '@kbn/features-plugin/server/mocks'; +import { privilegesFactory } from '@kbn/security-authorization-core'; import { nextTick } from '@kbn/test-jest-helpers'; import { AuthorizationService } from './authorization_service'; @@ -26,7 +27,6 @@ import { checkPrivilegesFactory } from './check_privileges'; import { checkPrivilegesDynamicallyWithRequestFactory } from './check_privileges_dynamically'; import { checkSavedObjectsPrivilegesWithRequestFactory } from './check_saved_objects_privileges'; import { authorizationModeFactory } from './mode'; -import { privilegesFactory } from './privileges'; import { licenseMock } from '../../common/licensing/index.mock'; import type { OnlineStatusRetryScheduler } from '../elasticsearch'; diff --git a/x-pack/plugins/security/server/authorization/authorization_service.tsx b/x-pack/plugins/security/server/authorization/authorization_service.tsx index a926ee4d364b0..c8e036b07679c 100644 --- a/x-pack/plugins/security/server/authorization/authorization_service.tsx +++ b/x-pack/plugins/security/server/authorization/authorization_service.tsx @@ -25,6 +25,11 @@ import type { FeaturesPluginSetup as FeaturesPluginSetup, FeaturesPluginStart as FeaturesPluginStart, } from '@kbn/features-plugin/server'; +import { + Actions, + privilegesFactory, + type PrivilegesService, +} from '@kbn/security-authorization-core'; import type { AuthorizationMode, AuthorizationServiceSetup, @@ -33,7 +38,6 @@ import type { CheckUserProfilesPrivileges, } from '@kbn/security-plugin-types-server'; -import { Actions } from './actions'; import { initAPIAuthorization } from './api_authorization'; import { initAppAuthorization } from './app_authorization'; import { checkPrivilegesFactory } from './check_privileges'; @@ -41,8 +45,6 @@ import { checkPrivilegesDynamicallyWithRequestFactory } from './check_privileges import { checkSavedObjectsPrivilegesWithRequestFactory } from './check_saved_objects_privileges'; import { disableUICapabilitiesFactory } from './disable_ui_capabilities'; import { authorizationModeFactory } from './mode'; -import type { PrivilegesService } from './privileges'; -import { privilegesFactory } from './privileges'; import { registerPrivilegesWithCluster } from './register_privileges_with_cluster'; import { ResetSessionPage } from './reset_session_page'; import { validateFeaturePrivileges } from './validate_feature_privileges'; @@ -53,7 +55,7 @@ import { canRedirectRequest } from '../authentication'; import type { OnlineStatusRetryScheduler } from '../elasticsearch'; import type { SpacesService } from '../plugin'; -export { Actions } from './actions'; +export { Actions } from '@kbn/security-authorization-core'; interface AuthorizationServiceSetupParams { packageVersion: string; diff --git a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts index a271371e5584d..f7ed4ac9cd94b 100644 --- a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts +++ b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts @@ -7,9 +7,9 @@ import { httpServerMock, loggingSystemMock } from '@kbn/core/server/mocks'; import { ElasticsearchFeature, KibanaFeature } from '@kbn/features-plugin/server'; +import { Actions } from '@kbn/security-authorization-core'; import type { CheckPrivilegesResponse } from '@kbn/security-plugin-types-server'; -import { Actions } from './actions'; import { disableUICapabilitiesFactory } from './disable_ui_capabilities'; import { authorizationMock } from './index.mock'; import type { AuthenticatedUser } from '../../common'; diff --git a/x-pack/plugins/security/server/authorization/index.mock.ts b/x-pack/plugins/security/server/authorization/index.mock.ts index 04c389f24fcad..c3b76a0908f13 100644 --- a/x-pack/plugins/security/server/authorization/index.mock.ts +++ b/x-pack/plugins/security/server/authorization/index.mock.ts @@ -5,10 +5,9 @@ * 2.0. */ +import { actionsMock } from '@kbn/security-authorization-core/src/actions/actions.mock'; import type { AuthorizationMode } from '@kbn/security-plugin-types-server'; -import { actionsMock } from './actions/actions.mock'; - export const authorizationMock = { create: ({ version = 'mock-version', diff --git a/x-pack/plugins/security/server/authorization/index.ts b/x-pack/plugins/security/server/authorization/index.ts index 0ebd085ba0e42..3552f85c005dd 100644 --- a/x-pack/plugins/security/server/authorization/index.ts +++ b/x-pack/plugins/security/server/authorization/index.ts @@ -5,9 +5,8 @@ * 2.0. */ -export { Actions } from './actions'; +export { Actions, type CasesSupportedOperations } from '@kbn/security-authorization-core'; export type { AuthorizationServiceSetupInternal } from './authorization_service'; export { AuthorizationService } from './authorization_service'; export type { ElasticsearchRole } from './roles'; export { transformElasticsearchRoleToRole, compareRolesByName } from './roles'; -export type { CasesSupportedOperations } from './privileges'; diff --git a/x-pack/plugins/security/server/authorization/register_privileges_with_cluster.ts b/x-pack/plugins/security/server/authorization/register_privileges_with_cluster.ts index b8fb5f83aadcf..0809626eaf718 100644 --- a/x-pack/plugins/security/server/authorization/register_privileges_with_cluster.ts +++ b/x-pack/plugins/security/server/authorization/register_privileges_with_cluster.ts @@ -8,8 +8,8 @@ import { difference, isEqual, isEqualWith } from 'lodash'; import type { IClusterClient, Logger } from '@kbn/core/server'; +import type { PrivilegesService } from '@kbn/security-authorization-core'; -import type { PrivilegesService } from './privileges'; import { serializePrivileges } from './privileges_serializer'; export async function registerPrivilegesWithCluster( diff --git a/x-pack/plugins/security/server/authorization/service.test.mocks.ts b/x-pack/plugins/security/server/authorization/service.test.mocks.ts index 7fb0908e60cab..d5cbc3375aae2 100644 --- a/x-pack/plugins/security/server/authorization/service.test.mocks.ts +++ b/x-pack/plugins/security/server/authorization/service.test.mocks.ts @@ -21,9 +21,13 @@ jest.mock('./check_saved_objects_privileges', () => ({ })); export const mockPrivilegesFactory = jest.fn(); -jest.mock('./privileges', () => ({ - privilegesFactory: mockPrivilegesFactory, -})); +jest.mock('@kbn/security-authorization-core', () => { + const authzCore = jest.requireActual('@kbn/security-authorization-core'); + return { + ...authzCore, + privilegesFactory: mockPrivilegesFactory, + }; +}); export const mockAuthorizationModeFactory = jest.fn(); jest.mock('./mode', () => ({ diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index 10c1ada6ede15..8e3f38833248d 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -83,7 +83,9 @@ "@kbn/core-user-profile-browser", "@kbn/security-api-key-management", "@kbn/security-form-components", - "@kbn/core-security-server-mocks" + "@kbn/core-security-server-mocks", + "@kbn/security-authorization-core", + "@kbn/security-role-management-model", ], "exclude": [ "target/**/*", diff --git a/yarn.lock b/yarn.lock index 73366acb9d613..27827bf1e18df 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6272,6 +6272,10 @@ version "0.0.0" uid "" +"@kbn/security-authorization-core@link:x-pack/packages/security/authorization_core": + version "0.0.0" + uid "" + "@kbn/security-form-components@link:x-pack/packages/security/form_components": version "0.0.0" uid "" @@ -6296,6 +6300,10 @@ version "0.0.0" uid "" +"@kbn/security-role-management-model@link:x-pack/packages/security/role_management_model": + version "0.0.0" + uid "" + "@kbn/security-solution-distribution-bar@link:x-pack/packages/security-solution/distribution_bar": version "0.0.0" uid ""