From ac0c347baadf481bbe3190e3c35f1d4976ff64be Mon Sep 17 00:00:00 2001 From: Eyo Okon Eyo Date: Tue, 6 Aug 2024 11:11:40 +0200 Subject: [PATCH 1/8] create role-management-model package and replace relative references with package identifier --- package.json | 1 + tsconfig.base.json | 2 + .../security/role_management_model/README.md | 3 + .../security/role_management_model/index.ts | 16 ++ .../role_management_model/jest.config.js | 16 ++ .../role_management_model/kibana.jsonc | 5 + .../role_management_model/package.json | 6 + .../src}/kibana_privilege.ts | 0 .../src/kibana_privileges.test.ts | 186 ++++++++++++++++++ .../src}/kibana_privileges.ts | 27 ++- .../src}/primary_feature_privilege.ts | 0 .../src}/privilege_collection.test.ts | 0 .../src}/privilege_collection.ts | 0 .../src}/secured_feature.ts | 0 .../src}/secured_sub_feature.ts | 0 .../src}/sub_feature_privilege.ts | 0 .../src}/sub_feature_privilege_group.ts | 0 .../role_management_model/tsconfig.json | 15 ++ .../roles/__fixtures__/kibana_privileges.ts | 4 +- .../roles/edit_role/edit_role_page.tsx | 2 +- .../roles/edit_role/privilege_utils.test.ts | 50 ----- .../roles/edit_role/privilege_utils.ts | 19 -- .../feature_table/change_all_privileges.tsx | 2 +- .../kibana/feature_table/feature_table.tsx | 4 +- .../feature_table_expanded_row.tsx | 2 +- .../feature_table/sub_feature_form.test.tsx | 4 +- .../kibana/feature_table/sub_feature_form.tsx | 4 +- .../feature_table_cell/feature_table_cell.tsx | 2 +- .../kibana/kibana_privileges_region.test.tsx | 4 +- .../kibana/kibana_privileges_region.tsx | 2 +- .../privilege_form_calculator.ts | 9 +- .../privilege_summary/privilege_summary.tsx | 4 +- .../privilege_summary_calculator.ts | 13 +- .../privilege_summary_expanded_row.tsx | 6 +- .../privilege_summary_table.tsx | 10 +- .../privilege_summary/space_column_header.tsx | 4 +- .../simple_privilege_section.test.tsx | 4 +- .../simple_privilege_section.tsx | 6 +- .../privilege_space_form.tsx | 2 +- .../privilege_space_table.tsx | 4 +- .../space_aware_privilege_section.tsx | 4 +- .../public/management/roles/model/index.ts | 15 -- .../roles/model/kibana_privileges.test.ts | 144 -------------- yarn.lock | 4 + 44 files changed, 334 insertions(+), 271 deletions(-) create mode 100644 x-pack/packages/security/role_management_model/README.md create mode 100644 x-pack/packages/security/role_management_model/index.ts create mode 100644 x-pack/packages/security/role_management_model/jest.config.js create mode 100644 x-pack/packages/security/role_management_model/kibana.jsonc create mode 100644 x-pack/packages/security/role_management_model/package.json rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/kibana_privilege.ts (100%) create mode 100644 x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/kibana_privileges.ts (80%) rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/primary_feature_privilege.ts (100%) rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/privilege_collection.test.ts (100%) rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/privilege_collection.ts (100%) rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/secured_feature.ts (100%) rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/secured_sub_feature.ts (100%) rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/sub_feature_privilege.ts (100%) rename x-pack/{plugins/security/public/management/roles/model => packages/security/role_management_model/src}/sub_feature_privilege_group.ts (100%) create mode 100644 x-pack/packages/security/role_management_model/tsconfig.json delete mode 100644 x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.test.ts delete mode 100644 x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts delete mode 100644 x-pack/plugins/security/public/management/roles/model/index.ts delete mode 100644 x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts diff --git a/package.json b/package.json index 0b93cb96d4e47..ec6403124a37f 100644 --- a/package.json +++ b/package.json @@ -770,6 +770,7 @@ "@kbn/security-plugin-types-common": "link:x-pack/packages/security/plugin_types_common", "@kbn/security-plugin-types-public": "link:x-pack/packages/security/plugin_types_public", "@kbn/security-plugin-types-server": "link:x-pack/packages/security/plugin_types_server", + "@kbn/security-role-management-model": "link:x-pack/packages/security/role_management_model", "@kbn/security-solution-distribution-bar": "link:x-pack/packages/security-solution/distribution_bar", "@kbn/security-solution-ess": "link:x-pack/plugins/security_solution_ess", "@kbn/security-solution-features": "link:x-pack/packages/security-solution/features", diff --git a/tsconfig.base.json b/tsconfig.base.json index fb98e0160cb76..7bc96a83e87e1 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1500,6 +1500,8 @@ "@kbn/security-plugin-types-public/*": ["x-pack/packages/security/plugin_types_public/*"], "@kbn/security-plugin-types-server": ["x-pack/packages/security/plugin_types_server"], "@kbn/security-plugin-types-server/*": ["x-pack/packages/security/plugin_types_server/*"], + "@kbn/security-role-management-model": ["x-pack/packages/security/role_management_model"], + "@kbn/security-role-management-model/*": ["x-pack/packages/security/role_management_model/*"], "@kbn/security-solution-distribution-bar": ["x-pack/packages/security-solution/distribution_bar"], "@kbn/security-solution-distribution-bar/*": ["x-pack/packages/security-solution/distribution_bar/*"], "@kbn/security-solution-ess": ["x-pack/plugins/security_solution_ess"], diff --git a/x-pack/packages/security/role_management_model/README.md b/x-pack/packages/security/role_management_model/README.md new file mode 100644 index 0000000000000..f87e15a76e453 --- /dev/null +++ b/x-pack/packages/security/role_management_model/README.md @@ -0,0 +1,3 @@ +# @kbn/security-role-management + +Contains business logic for RBAC administration within Kibana. diff --git a/x-pack/packages/security/role_management_model/index.ts b/x-pack/packages/security/role_management_model/index.ts new file mode 100644 index 0000000000000..e3998306f1cee --- /dev/null +++ b/x-pack/packages/security/role_management_model/index.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { SecuredFeature } from './src/secured_feature'; +export { SecuredSubFeature } from './src/secured_sub_feature'; +export { SubFeaturePrivilegeGroup } from './src/sub_feature_privilege_group'; +export { SubFeaturePrivilege } from './src/sub_feature_privilege'; +export { PrimaryFeaturePrivilege } from './src/primary_feature_privilege'; +export { KibanaPrivileges, isGlobalPrivilegeDefinition } from './src/kibana_privileges'; +export type { RawKibanaPrivileges } from './src/kibana_privileges'; +export { KibanaPrivilege } from './src/kibana_privilege'; +export { PrivilegeCollection } from './src/privilege_collection'; diff --git a/x-pack/packages/security/role_management_model/jest.config.js b/x-pack/packages/security/role_management_model/jest.config.js new file mode 100644 index 0000000000000..4223e717dec5e --- /dev/null +++ b/x-pack/packages/security/role_management_model/jest.config.js @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + coverageDirectory: + '/target/kibana-coverage/jest/x-pack/packages/security/role_management_model', + coverageReporters: ['text', 'html'], + collectCoverageFrom: ['/x-pack/packages/security/role_management_model/**/*.{ts,tsx}'], + preset: '@kbn/test', + rootDir: '../../../..', + roots: ['/x-pack/packages/security/role_management_model'], +}; diff --git a/x-pack/packages/security/role_management_model/kibana.jsonc b/x-pack/packages/security/role_management_model/kibana.jsonc new file mode 100644 index 0000000000000..9ba7936494167 --- /dev/null +++ b/x-pack/packages/security/role_management_model/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/security-role-management-model", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/role_management_model/package.json b/x-pack/packages/security/role_management_model/package.json new file mode 100644 index 0000000000000..d231b70912484 --- /dev/null +++ b/x-pack/packages/security/role_management_model/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-role-management-model", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/plugins/security/public/management/roles/model/kibana_privilege.ts b/x-pack/packages/security/role_management_model/src/kibana_privilege.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/kibana_privilege.ts rename to x-pack/packages/security/role_management_model/src/kibana_privilege.ts diff --git a/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts b/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts new file mode 100644 index 0000000000000..b02448d461bc5 --- /dev/null +++ b/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts @@ -0,0 +1,186 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// import { KibanaPrivilege } from './kibana_privilege'; +import { /* KibanaPrivileges,*/ isGlobalPrivilegeDefinition } from './kibana_privileges'; +// import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +// import { kibanaFeatures } from '../__fixtures__/kibana_features'; +// import { createRawKibanaPrivileges } from '../__fixtures__/kibana_privileges'; + +describe('KibanaPrivileges', () => { + describe('isGlobalPrivilegeDefinition', () => { + it('returns true if no spaces are defined', () => { + expect( + // @ts-ignore + isGlobalPrivilegeDefinition({ + base: [], + feature: {}, + }) + ).toEqual(true); + }); + + it('returns true if spaces is an empty array', () => { + expect( + isGlobalPrivilegeDefinition({ + spaces: [], + base: [], + feature: {}, + }) + ).toEqual(true); + }); + + it('returns true if spaces contains "*"', () => { + expect( + isGlobalPrivilegeDefinition({ + spaces: ['*'], + base: [], + feature: {}, + }) + ).toEqual(true); + }); + + it('returns false if spaces does not contain "*"', () => { + expect( + isGlobalPrivilegeDefinition({ + spaces: ['foo', 'bar'], + base: [], + feature: {}, + }) + ).toEqual(false); + }); + }); + + // describe('#getBasePrivileges', () => { + // it('returns the space base privileges for a non-global entry', () => { + // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + // const entry: RoleKibanaPrivilege = { + // base: [], + // feature: {}, + // spaces: ['foo'], + // }; + + // const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); + + // const expectedPrivileges = rawPrivileges.space; + + // expect(basePrivileges).toHaveLength(2); + // expect(basePrivileges[0]).toMatchObject({ + // id: 'all', + // actions: expectedPrivileges.all, + // }); + // expect(basePrivileges[1]).toMatchObject({ + // id: 'read', + // actions: expectedPrivileges.read, + // }); + // }); + + // it('returns the global base privileges for a global entry', () => { + // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + // const entry: RoleKibanaPrivilege = { + // base: [], + // feature: {}, + // spaces: ['*'], + // }; + + // const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); + + // const expectedPrivileges = rawPrivileges.global; + + // expect(basePrivileges).toHaveLength(2); + // expect(basePrivileges[0]).toMatchObject({ + // id: 'all', + // actions: expectedPrivileges.all, + // }); + // expect(basePrivileges[1]).toMatchObject({ + // id: 'read', + // actions: expectedPrivileges.read, + // }); + // }); + // }); + + // describe('#createCollectionFromRoleKibanaPrivileges', () => { + // it('creates a collection from a role with no privileges assigned', () => { + // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + // const assignedPrivileges: RoleKibanaPrivilege[] = []; + // kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + // }); + + // it('creates a collection ignoring unknown privileges', () => { + // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + // const assignedPrivileges: RoleKibanaPrivilege[] = [ + // { + // base: ['read', 'some-unknown-base-privilege'], + // feature: {}, + // spaces: ['*'], + // }, + // { + // base: [], + // feature: { + // with_sub_features: ['read', 'cool_all', 'some-unknown-feature-privilege'], + // some_unknown_feature: ['all'], + // }, + // spaces: ['foo'], + // }, + // ]; + // kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + // }); + + // it('creates a collection using all assigned privileges, and only the assigned privileges', () => { + // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + // const assignedPrivileges: RoleKibanaPrivilege[] = [ + // { + // base: ['read'], + // feature: {}, + // spaces: ['*'], + // }, + // { + // base: [], + // feature: { + // with_sub_features: ['read', 'cool_all'], + // }, + // spaces: ['foo'], + // }, + // ]; + // const collection = + // kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + + // expect( + // collection.grantsPrivilege( + // new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.read]) + // ) + // ).toEqual(true); + + // expect( + // collection.grantsPrivilege( + // new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.all]) + // ) + // ).toEqual(false); + + // expect( + // collection.grantsPrivilege( + // new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_all]) + // ) + // ).toEqual(true); + + // expect( + // collection.grantsPrivilege( + // new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_toggle_1]) + // ) + // ).toEqual(false); + // }); + // }); +}); diff --git a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts b/x-pack/packages/security/role_management_model/src/kibana_privileges.ts similarity index 80% rename from x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts rename to x-pack/packages/security/role_management_model/src/kibana_privileges.ts index 78b312c123a3f..9da38d0f3ec5a 100644 --- a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.ts +++ b/x-pack/packages/security/role_management_model/src/kibana_privileges.ts @@ -7,11 +7,23 @@ import type { KibanaFeature } from '@kbn/features-plugin/common'; +import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; import { KibanaPrivilege } from './kibana_privilege'; import { PrivilegeCollection } from './privilege_collection'; import { SecuredFeature } from './secured_feature'; -import type { RawKibanaPrivileges, RoleKibanaPrivilege } from '../../../../common'; -import { isGlobalPrivilegeDefinition } from '../edit_role/privilege_utils'; + +export interface RawKibanaFeaturePrivileges { + [featureId: string]: { + [privilegeId: string]: string[]; + }; +} + +export interface RawKibanaPrivileges { + global: Record; + features: RawKibanaFeaturePrivileges; + space: Record; + reserved: Record; +} function toBasePrivilege(entry: [string, string[]]): [string, KibanaPrivilege] { const [privilegeId, actions] = entry; @@ -24,6 +36,17 @@ function recordsToBasePrivilegeMap( return new Map(Object.entries(record).map((entry) => toBasePrivilege(entry))); } +/** + * Determines if the passed privilege spec defines global privileges. + * @param privilegeSpec + */ +export function isGlobalPrivilegeDefinition(privilegeSpec: RoleKibanaPrivilege): boolean { + if (!privilegeSpec.spaces || privilegeSpec.spaces.length === 0) { + return true; + } + return privilegeSpec.spaces.includes('*'); +} + export class KibanaPrivileges { private global: ReadonlyMap; diff --git a/x-pack/plugins/security/public/management/roles/model/primary_feature_privilege.ts b/x-pack/packages/security/role_management_model/src/primary_feature_privilege.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/primary_feature_privilege.ts rename to x-pack/packages/security/role_management_model/src/primary_feature_privilege.ts diff --git a/x-pack/plugins/security/public/management/roles/model/privilege_collection.test.ts b/x-pack/packages/security/role_management_model/src/privilege_collection.test.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/privilege_collection.test.ts rename to x-pack/packages/security/role_management_model/src/privilege_collection.test.ts diff --git a/x-pack/plugins/security/public/management/roles/model/privilege_collection.ts b/x-pack/packages/security/role_management_model/src/privilege_collection.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/privilege_collection.ts rename to x-pack/packages/security/role_management_model/src/privilege_collection.ts diff --git a/x-pack/plugins/security/public/management/roles/model/secured_feature.ts b/x-pack/packages/security/role_management_model/src/secured_feature.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/secured_feature.ts rename to x-pack/packages/security/role_management_model/src/secured_feature.ts diff --git a/x-pack/plugins/security/public/management/roles/model/secured_sub_feature.ts b/x-pack/packages/security/role_management_model/src/secured_sub_feature.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/secured_sub_feature.ts rename to x-pack/packages/security/role_management_model/src/secured_sub_feature.ts diff --git a/x-pack/plugins/security/public/management/roles/model/sub_feature_privilege.ts b/x-pack/packages/security/role_management_model/src/sub_feature_privilege.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/sub_feature_privilege.ts rename to x-pack/packages/security/role_management_model/src/sub_feature_privilege.ts diff --git a/x-pack/plugins/security/public/management/roles/model/sub_feature_privilege_group.ts b/x-pack/packages/security/role_management_model/src/sub_feature_privilege_group.ts similarity index 100% rename from x-pack/plugins/security/public/management/roles/model/sub_feature_privilege_group.ts rename to x-pack/packages/security/role_management_model/src/sub_feature_privilege_group.ts diff --git a/x-pack/packages/security/role_management_model/tsconfig.json b/x-pack/packages/security/role_management_model/tsconfig.json new file mode 100644 index 0000000000000..32010d654b5cb --- /dev/null +++ b/x-pack/packages/security/role_management_model/tsconfig.json @@ -0,0 +1,15 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": ["jest", "node", "react"] + }, + "include": ["**/*.ts", "**/*.tsx"], + "exclude": ["target/**/*"], + "kbn_references": [ + "@kbn/core", + "@kbn/i18n", + "@kbn/i18n-react", + "@kbn/security-plugin-types-common" + ] +} diff --git a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts b/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts index 559d479182c89..07e6d6ada57da 100644 --- a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts +++ b/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts @@ -8,11 +8,11 @@ import type { KibanaFeature } from '@kbn/features-plugin/public'; import { featuresPluginMock } from '@kbn/features-plugin/server/mocks'; import type { LicenseType } from '@kbn/licensing-plugin/server'; +import type { SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; +import { KibanaPrivileges } from '@kbn/security-role-management-model'; -import type { SecurityLicenseFeatures } from '../../../../common'; import { Actions } from '../../../../server/authorization'; import { privilegesFactory } from '../../../../server/authorization/privileges'; -import { KibanaPrivileges } from '../model'; export const createRawKibanaPrivileges = ( features: KibanaFeature[], diff --git a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx index ccdc71d119f08..b724acc58f507 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.tsx @@ -44,6 +44,7 @@ import { reactRouterNavigate, useDarkMode } from '@kbn/kibana-react-plugin/publi import { toMountPoint } from '@kbn/react-kibana-mount'; import type { Cluster } from '@kbn/remote-clusters-plugin/public'; import { REMOTE_CLUSTERS_PATH } from '@kbn/remote-clusters-plugin/public'; +import { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import type { PublicMethodsOf } from '@kbn/utility-types'; @@ -72,7 +73,6 @@ import { useCapabilities } from '../../../components/use_capabilities'; import type { CheckSecurityFeaturesResponse } from '../../security_features'; import type { UserAPIClient } from '../../users'; import type { IndicesAPIClient } from '../indices_api_client'; -import { KibanaPrivileges } from '../model'; import type { PrivilegesAPIClient } from '../privileges_api_client'; import type { RolesAPIClient } from '../roles_api_client'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.test.ts deleted file mode 100644 index 7ddbb393bac9f..0000000000000 --- a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.test.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { isGlobalPrivilegeDefinition } from './privilege_utils'; - -describe('isGlobalPrivilegeDefinition', () => { - it('returns true if no spaces are defined', () => { - expect( - // @ts-ignore - isGlobalPrivilegeDefinition({ - base: [], - feature: {}, - }) - ).toEqual(true); - }); - - it('returns true if spaces is an empty array', () => { - expect( - isGlobalPrivilegeDefinition({ - spaces: [], - base: [], - feature: {}, - }) - ).toEqual(true); - }); - - it('returns true if spaces contains "*"', () => { - expect( - isGlobalPrivilegeDefinition({ - spaces: ['*'], - base: [], - feature: {}, - }) - ).toEqual(true); - }); - - it('returns false if spaces does not contain "*"', () => { - expect( - isGlobalPrivilegeDefinition({ - spaces: ['foo', 'bar'], - base: [], - feature: {}, - }) - ).toEqual(false); - }); -}); diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts b/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts deleted file mode 100644 index da912650fee48..0000000000000 --- a/x-pack/plugins/security/public/management/roles/edit_role/privilege_utils.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RoleKibanaPrivilege } from '../../../../common'; - -/** - * Determines if the passed privilege spec defines global privileges. - * @param privilegeSpec - */ -export function isGlobalPrivilegeDefinition(privilegeSpec: RoleKibanaPrivilege): boolean { - if (!privilegeSpec.spaces || privilegeSpec.spaces.length === 0) { - return true; - } - return privilegeSpec.spaces.includes('*'); -} diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/change_all_privileges.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/change_all_privileges.tsx index 00494c48b9efb..4793f86a7a2a5 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/change_all_privileges.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/change_all_privileges.tsx @@ -19,8 +19,8 @@ import _ from 'lodash'; import React, { Component } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { KibanaPrivilege } from '@kbn/security-role-management-model'; -import type { KibanaPrivilege } from '../../../../model'; import { NO_PRIVILEGE_VALUE } from '../constants'; interface Props { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx index 7734d415bf385..6b4e7af240eb5 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.tsx @@ -29,11 +29,11 @@ import React, { Component } from 'react'; import type { AppCategory } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { Role } from '@kbn/security-plugin-types-common'; +import type { KibanaPrivileges, SecuredFeature } from '@kbn/security-role-management-model'; import { ChangeAllPrivilegesControl } from './change_all_privileges'; import { FeatureTableExpandedRow } from './feature_table_expanded_row'; -import type { Role } from '../../../../../../../common'; -import type { KibanaPrivileges, SecuredFeature } from '../../../../model'; import { NO_PRIVILEGE_VALUE } from '../constants'; import { FeatureTableCell } from '../feature_table_cell'; import type { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.tsx index 42090f8c6c044..8e00327fd334b 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.tsx @@ -11,9 +11,9 @@ import React, { useEffect, useState } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { SecuredFeature } from '@kbn/security-role-management-model'; import { SubFeatureForm } from './sub_feature_form'; -import type { SecuredFeature } from '../../../../model'; import type { PrivilegeFormCalculator } from '../privilege_form_calculator'; interface Props { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx index 53e44aefbf1c8..cec876c626ac4 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx @@ -10,13 +10,13 @@ import { act } from '@testing-library/react'; import React from 'react'; import { KibanaFeature } from '@kbn/features-plugin/public'; +import type { Role } from '@kbn/security-plugin-types-common'; +import { SecuredSubFeature } from '@kbn/security-role-management-model'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { SubFeatureForm } from './sub_feature_form'; -import type { Role } from '../../../../../../../common'; import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; -import { SecuredSubFeature } from '../../../../model'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; // Note: these tests are not concerned with the proper display of privileges, diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.tsx index 4f3c1eb103a75..9155d8ae52835 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.tsx @@ -16,12 +16,12 @@ import { import React from 'react'; import { i18n } from '@kbn/i18n'; - import type { SecuredSubFeature, SubFeaturePrivilege, SubFeaturePrivilegeGroup, -} from '../../../../model'; +} from '@kbn/security-role-management-model'; + import { NO_PRIVILEGE_VALUE } from '../constants'; import type { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.tsx index 062597ce46ad2..177b6fb95a413 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.tsx @@ -10,7 +10,7 @@ import './feature_table_cell.scss'; import { EuiFlexGroup, EuiFlexItem, EuiIconTip, EuiText } from '@elastic/eui'; import React from 'react'; -import type { SecuredFeature } from '../../../../model'; +import type { SecuredFeature } from '@kbn/security-role-management-model'; interface Props { feature: SecuredFeature; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx index b12c4f91a3a7a..2c903b170cb2b 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.test.tsx @@ -9,6 +9,8 @@ import { shallow } from 'enzyme'; import React from 'react'; import { coreMock } from '@kbn/core/public/mocks'; +import type { Role } from '@kbn/security-plugin-types-common'; +import { KibanaPrivileges } from '@kbn/security-role-management-model'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; @@ -16,8 +18,6 @@ import { KibanaPrivilegesRegion } from './kibana_privileges_region'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { SpaceAwarePrivilegeSection } from './space_aware_privilege_section'; import { TransformErrorSection } from './transform_error_section'; -import type { Role } from '../../../../../../common'; -import { KibanaPrivileges } from '../../../model'; import { RoleValidator } from '../../validate_role'; const spacesManager = spacesManagerMock.create(); diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx index d7439b19b0d00..5344e582a3b8c 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/kibana_privileges_region.tsx @@ -8,13 +8,13 @@ import React, { Component } from 'react'; import type { Capabilities } from '@kbn/core/public'; +import type { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { SpaceAwarePrivilegeSection } from './space_aware_privilege_section'; import { TransformErrorSection } from './transform_error_section'; import type { Role } from '../../../../../../common'; -import type { KibanaPrivileges } from '../../../model'; import { CollapsiblePanel } from '../../collapsible_panel'; import type { RoleValidator } from '../../validate_role'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts index 227c2be381546..75cdcac34031e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.ts @@ -5,9 +5,12 @@ * 2.0. */ -import type { Role } from '../../../../../../../common'; -import type { KibanaPrivileges, SubFeaturePrivilegeGroup } from '../../../../model'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; +import type { Role } from '@kbn/security-plugin-types-common'; +import { + isGlobalPrivilegeDefinition, + type KibanaPrivileges, + type SubFeaturePrivilegeGroup, +} from '@kbn/security-role-management-model'; /** * Calculator responsible for determining the displayed and effective privilege values for the following interfaces: diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx index 5c6d03569b10a..1ae88a0be781d 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.tsx @@ -17,11 +17,11 @@ import { import React, { Fragment, useState } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { Role } from '@kbn/security-plugin-types-common'; +import type { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { PrivilegeSummaryTable } from './privilege_summary_table'; -import type { Role } from '../../../../../../../common'; -import type { KibanaPrivileges } from '../../../../model'; interface Props { role: Role; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts index 053cd19c98d58..ce8e2fa0e22c4 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.ts @@ -5,10 +5,14 @@ * 2.0. */ -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; -import type { KibanaPrivileges, PrimaryFeaturePrivilege, SecuredFeature } from '../../../../model'; -import type { PrivilegeCollection } from '../../../../model/privilege_collection'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; +import type { Role, RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { + isGlobalPrivilegeDefinition, + type KibanaPrivileges, + type PrimaryFeaturePrivilege, + type PrivilegeCollection, + type SecuredFeature, +} from '@kbn/security-role-management-model'; export interface EffectiveFeaturePrivileges { [featureId: string]: { @@ -17,6 +21,7 @@ export interface EffectiveFeaturePrivileges { hasCustomizedSubFeaturePrivileges: boolean; }; } + export class PrivilegeSummaryCalculator { constructor(private readonly kibanaPrivileges: KibanaPrivileges, private readonly role: Role) {} diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_expanded_row.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_expanded_row.tsx index 727bcdc1b103d..83f1e26ad1284 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_expanded_row.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_expanded_row.tsx @@ -9,13 +9,13 @@ import { EuiFlexGroup, EuiFlexItem, EuiIconTip, EuiText } from '@elastic/eui'; import React from 'react'; import { i18n } from '@kbn/i18n'; - -import type { EffectiveFeaturePrivileges } from './privilege_summary_calculator'; import type { SecuredFeature, SubFeaturePrivilege, SubFeaturePrivilegeGroup, -} from '../../../../model'; +} from '@kbn/security-role-management-model'; + +import type { EffectiveFeaturePrivileges } from './privilege_summary_calculator'; interface Props { feature: SecuredFeature; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx index 7dcbbe85d553c..af15cf82b9be6 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.tsx @@ -20,16 +20,20 @@ import { import React, { Fragment, useMemo, useState } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { Role, RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { + isGlobalPrivilegeDefinition, + type KibanaPrivileges, + type PrimaryFeaturePrivilege, + type SecuredFeature, +} from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import type { EffectiveFeaturePrivileges } from './privilege_summary_calculator'; import { PrivilegeSummaryCalculator } from './privilege_summary_calculator'; import { PrivilegeSummaryExpandedRow } from './privilege_summary_expanded_row'; import { SpaceColumnHeader } from './space_column_header'; -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; import { ALL_SPACES_ID } from '../../../../../../../common/constants'; -import type { KibanaPrivileges, PrimaryFeaturePrivilege, SecuredFeature } from '../../../../model'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { FeatureTableCell } from '../feature_table_cell'; export interface PrivilegeSummaryTableProps { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx index ca4a2d6011c58..e65b7b255efe6 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/space_column_header.tsx @@ -9,10 +9,10 @@ import React, { Fragment, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { isGlobalPrivilegeDefinition } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; -import type { RoleKibanaPrivilege } from '../../../../../../../common'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { SpacesPopoverList } from '../../../spaces_popover_list'; export interface SpaceColumnHeaderProps { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx index e0b0156db7568..3ca7cf5c8b92f 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.test.tsx @@ -9,12 +9,12 @@ import type { EuiButtonGroupProps } from '@elastic/eui'; import { EuiButtonGroup, EuiComboBox, EuiSuperSelect } from '@elastic/eui'; import React from 'react'; +import type { Role } from '@kbn/security-plugin-types-common'; +import { KibanaPrivileges, SecuredFeature } from '@kbn/security-role-management-model'; import { mountWithIntl, shallowWithIntl } from '@kbn/test-jest-helpers'; import { SimplePrivilegeSection } from './simple_privilege_section'; import { UnsupportedSpacePrivilegesWarning } from './unsupported_space_privileges_warning'; -import type { Role } from '../../../../../../../common'; -import { KibanaPrivileges, SecuredFeature } from '../../../../model'; const buildProps = (customProps: any = {}) => { const features = [ diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx index 2e8b395ea07a7..b5b57921705e5 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/simple_privilege_section/simple_privilege_section.tsx @@ -16,12 +16,14 @@ import { import React, { Component, Fragment } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; +import { + isGlobalPrivilegeDefinition, + type KibanaPrivileges, +} from '@kbn/security-role-management-model'; import { UnsupportedSpacePrivilegesWarning } from './unsupported_space_privileges_warning'; import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; import { copyRole } from '../../../../../../../common/model'; -import type { KibanaPrivileges } from '../../../../model'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { CUSTOM_PRIVILEGE_VALUE, NO_PRIVILEGE_VALUE } from '../constants'; import { FeatureTable } from '../feature_table'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx index 6abf5a04ae5c6..fbcc43a3b4b1a 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.tsx @@ -29,13 +29,13 @@ import React, { Component, Fragment } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space } from '@kbn/spaces-plugin/public'; import { SpaceSelector } from './space_selector'; import type { FeaturesPrivileges, Role } from '../../../../../../../common'; import { ALL_SPACES_ID } from '../../../../../../../common/constants'; import { copyRole } from '../../../../../../../common/model'; -import type { KibanaPrivileges } from '../../../../model'; import { CUSTOM_PRIVILEGE_VALUE } from '../constants'; import { FeatureTable } from '../feature_table'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx index 4c0ead6e43167..28e1d50d7f71e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.tsx @@ -22,13 +22,13 @@ import React, { Component } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { FeaturesPrivileges, Role } from '@kbn/security-plugin-types-common'; +import { isGlobalPrivilegeDefinition } from '@kbn/security-role-management-model'; import type { Space } from '@kbn/spaces-plugin/public'; import { getSpaceColor } from '@kbn/spaces-plugin/public'; import { PrivilegeDisplay } from './privilege_display'; -import type { FeaturesPrivileges, Role } from '../../../../../../../common'; import { copyRole } from '../../../../../../../common/model'; -import { isGlobalPrivilegeDefinition } from '../../../privilege_utils'; import { CUSTOM_PRIVILEGE_VALUE } from '../constants'; import type { PrivilegeFormCalculator } from '../privilege_form_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx index f499da5c6973c..404bd39ec9b67 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.tsx @@ -20,13 +20,13 @@ import React, { Component, Fragment } from 'react'; import type { Capabilities } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { Role } from '@kbn/security-plugin-types-common'; +import type { KibanaPrivileges } from '@kbn/security-role-management-model'; import type { Space, SpacesApiUi } from '@kbn/spaces-plugin/public'; import { PrivilegeSpaceForm } from './privilege_space_form'; import { PrivilegeSpaceTable } from './privilege_space_table'; -import type { Role } from '../../../../../../../common'; import { isRoleReserved, isRoleWithWildcardBasePrivilege } from '../../../../../../../common'; -import type { KibanaPrivileges } from '../../../../model'; import type { RoleValidator } from '../../../validate_role'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; import { PrivilegeSummary } from '../privilege_summary'; diff --git a/x-pack/plugins/security/public/management/roles/model/index.ts b/x-pack/plugins/security/public/management/roles/model/index.ts deleted file mode 100644 index 55e90bb4b377d..0000000000000 --- a/x-pack/plugins/security/public/management/roles/model/index.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export { SecuredFeature } from './secured_feature'; -export { SecuredSubFeature } from './secured_sub_feature'; -export { SubFeaturePrivilegeGroup } from './sub_feature_privilege_group'; -export { SubFeaturePrivilege } from './sub_feature_privilege'; -export { PrimaryFeaturePrivilege } from './primary_feature_privilege'; -export { KibanaPrivileges } from './kibana_privileges'; -export { KibanaPrivilege } from './kibana_privilege'; -export { PrivilegeCollection } from './privilege_collection'; diff --git a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts b/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts deleted file mode 100644 index 494f5a14b1e48..0000000000000 --- a/x-pack/plugins/security/public/management/roles/model/kibana_privileges.test.ts +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { KibanaPrivilege } from './kibana_privilege'; -import { KibanaPrivileges } from './kibana_privileges'; -import type { RoleKibanaPrivilege } from '../../../../common'; -import { kibanaFeatures } from '../__fixtures__/kibana_features'; -import { createRawKibanaPrivileges } from '../__fixtures__/kibana_privileges'; - -describe('KibanaPrivileges', () => { - describe('#getBasePrivileges', () => { - it('returns the space base privileges for a non-global entry', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const entry: RoleKibanaPrivilege = { - base: [], - feature: {}, - spaces: ['foo'], - }; - - const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); - - const expectedPrivileges = rawPrivileges.space; - - expect(basePrivileges).toHaveLength(2); - expect(basePrivileges[0]).toMatchObject({ - id: 'all', - actions: expectedPrivileges.all, - }); - expect(basePrivileges[1]).toMatchObject({ - id: 'read', - actions: expectedPrivileges.read, - }); - }); - - it('returns the global base privileges for a global entry', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const entry: RoleKibanaPrivilege = { - base: [], - feature: {}, - spaces: ['*'], - }; - - const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); - - const expectedPrivileges = rawPrivileges.global; - - expect(basePrivileges).toHaveLength(2); - expect(basePrivileges[0]).toMatchObject({ - id: 'all', - actions: expectedPrivileges.all, - }); - expect(basePrivileges[1]).toMatchObject({ - id: 'read', - actions: expectedPrivileges.read, - }); - }); - }); - - describe('#createCollectionFromRoleKibanaPrivileges', () => { - it('creates a collection from a role with no privileges assigned', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const assignedPrivileges: RoleKibanaPrivilege[] = []; - kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - }); - - it('creates a collection ignoring unknown privileges', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const assignedPrivileges: RoleKibanaPrivilege[] = [ - { - base: ['read', 'some-unknown-base-privilege'], - feature: {}, - spaces: ['*'], - }, - { - base: [], - feature: { - with_sub_features: ['read', 'cool_all', 'some-unknown-feature-privilege'], - some_unknown_feature: ['all'], - }, - spaces: ['foo'], - }, - ]; - kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - }); - - it('creates a collection using all assigned privileges, and only the assigned privileges', () => { - const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - const assignedPrivileges: RoleKibanaPrivilege[] = [ - { - base: ['read'], - feature: {}, - spaces: ['*'], - }, - { - base: [], - feature: { - with_sub_features: ['read', 'cool_all'], - }, - spaces: ['foo'], - }, - ]; - const collection = - kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - - expect( - collection.grantsPrivilege( - new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.read]) - ) - ).toEqual(true); - - expect( - collection.grantsPrivilege( - new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.all]) - ) - ).toEqual(false); - - expect( - collection.grantsPrivilege( - new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_all]) - ) - ).toEqual(true); - - expect( - collection.grantsPrivilege( - new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_toggle_1]) - ) - ).toEqual(false); - }); - }); -}); diff --git a/yarn.lock b/yarn.lock index 73366acb9d613..69e3629347ece 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6296,6 +6296,10 @@ version "0.0.0" uid "" +"@kbn/security-role-management-model@link:x-pack/packages/security/role_management_model": + version "0.0.0" + uid "" + "@kbn/security-solution-distribution-bar@link:x-pack/packages/security-solution/distribution_bar": version "0.0.0" uid "" From d40e337f6f41cf9816cb7021f1e6c64cd4eca50d Mon Sep 17 00:00:00 2001 From: Eyo Okon Eyo Date: Wed, 7 Aug 2024 00:20:35 +0200 Subject: [PATCH 2/8] extract authorization logic into it's own package --- package.json | 1 + tsconfig.base.json | 2 + .../security/authorization_core/README.md | 3 + .../security/authorization_core/index.ts | 15 + .../authorization_core/jest.config.js | 15 + .../security/authorization_core/kibana.jsonc | 5 + .../security/authorization_core/package.json | 6 + .../src/__fixtures__/licensing.mock.ts | 55 ++++ .../__snapshots__/alerting.test.ts.snap | 0 .../actions/__snapshots__/api.test.ts.snap | 0 .../actions/__snapshots__/app.test.ts.snap | 0 .../actions/__snapshots__/cases.test.ts.snap | 0 .../actions/__snapshots__/ui.test.ts.snap | 0 .../src}/actions/actions.mock.ts | 0 .../src}/actions/actions.test.ts | 0 .../src}/actions/actions.ts | 0 .../src}/actions/alerting.test.ts | 0 .../src}/actions/alerting.ts | 0 .../src}/actions/api.test.ts | 0 .../authorization_core/src}/actions/api.ts | 0 .../src}/actions/app.test.ts | 0 .../authorization_core/src}/actions/app.ts | 0 .../src}/actions/cases.test.ts | 0 .../authorization_core/src}/actions/cases.ts | 0 .../authorization_core/src}/actions/index.ts | 0 .../src}/actions/saved_object.test.ts | 0 .../src}/actions/saved_object.ts | 0 .../src}/actions/space.test.ts | 0 .../authorization_core/src}/actions/space.ts | 0 .../src}/actions/ui.test.ts | 0 .../authorization_core/src}/actions/ui.ts | 0 .../__snapshots__/cases.test.ts.snap | 0 .../alerting.test.ts | 0 .../feature_privilege_builder/alerting.ts | 0 .../feature_privilege_builder/api.ts | 0 .../feature_privilege_builder/app.ts | 0 .../feature_privilege_builder/cases.test.ts | 0 .../feature_privilege_builder/cases.ts | 0 .../feature_privilege_builder/catalogue.ts | 0 .../feature_privilege_builder.ts | 0 .../feature_privilege_builder/index.ts | 0 .../feature_privilege_builder/management.ts | 0 .../feature_privilege_builder/navlink.ts | 0 .../feature_privilege_builder/saved_object.ts | 0 .../feature_privilege_builder/ui.ts | 0 .../src}/privileges/index.ts | 1 + .../src}/privileges/privileges.test.ts | 2 +- .../src}/privileges/privileges.ts | 4 +- .../src/privileges}/raw_kibana_privileges.ts | 0 .../src/spaces/service_type.ts | 10 + .../security/authorization_core/tsconfig.json | 16 + .../security/role_management_model/index.ts | 1 - .../src/kibana_privileges.ts | 14 +- .../role_management_model_mocks/index.ts | 9 + .../src/kibana_features.ts | 281 ++++++++++++++++++ x-pack/plugins/security/common/index.ts | 3 +- .../security/common/licensing/index.mock.ts | 49 +-- x-pack/plugins/security/common/model/index.ts | 5 +- .../management/roles/privileges_api_client.ts | 3 +- .../authorization_service.test.ts | 2 +- .../authorization/authorization_service.tsx | 10 +- .../disable_ui_capabilities.test.ts | 2 +- .../server/authorization/index.mock.ts | 3 +- .../security/server/authorization/index.ts | 3 +- .../register_privileges_with_cluster.ts | 2 +- .../authorization/service.test.mocks.ts | 10 +- yarn.lock | 4 + 67 files changed, 454 insertions(+), 82 deletions(-) create mode 100644 x-pack/packages/security/authorization_core/README.md create mode 100644 x-pack/packages/security/authorization_core/index.ts create mode 100644 x-pack/packages/security/authorization_core/jest.config.js create mode 100644 x-pack/packages/security/authorization_core/kibana.jsonc create mode 100644 x-pack/packages/security/authorization_core/package.json create mode 100644 x-pack/packages/security/authorization_core/src/__fixtures__/licensing.mock.ts rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/__snapshots__/alerting.test.ts.snap (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/__snapshots__/api.test.ts.snap (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/__snapshots__/app.test.ts.snap (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/__snapshots__/cases.test.ts.snap (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/__snapshots__/ui.test.ts.snap (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/actions.mock.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/actions.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/actions.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/alerting.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/alerting.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/api.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/api.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/app.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/app.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/cases.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/cases.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/index.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/saved_object.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/saved_object.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/space.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/space.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/ui.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/actions/ui.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/alerting.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/alerting.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/api.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/app.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/cases.test.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/cases.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/catalogue.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/feature_privilege_builder.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/index.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/management.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/navlink.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/saved_object.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/feature_privilege_builder/ui.ts (100%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/index.ts (81%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/privileges.test.ts (99%) rename x-pack/{plugins/security/server/authorization => packages/security/authorization_core/src}/privileges/privileges.ts (98%) rename x-pack/{plugins/security/common/model => packages/security/authorization_core/src/privileges}/raw_kibana_privileges.ts (100%) create mode 100644 x-pack/packages/security/authorization_core/src/spaces/service_type.ts create mode 100644 x-pack/packages/security/authorization_core/tsconfig.json create mode 100644 x-pack/packages/security/role_management_model_mocks/index.ts create mode 100644 x-pack/packages/security/role_management_model_mocks/src/kibana_features.ts diff --git a/package.json b/package.json index ec6403124a37f..3f9f30545325f 100644 --- a/package.json +++ b/package.json @@ -764,6 +764,7 @@ "@kbn/search-types": "link:packages/kbn-search-types", "@kbn/searchprofiler-plugin": "link:x-pack/plugins/searchprofiler", "@kbn/security-api-key-management": "link:x-pack/packages/security/api_key_management", + "@kbn/security-authorization-core": "link:x-pack/packages/security/authorization_core", "@kbn/security-form-components": "link:x-pack/packages/security/form_components", "@kbn/security-hardening": "link:packages/kbn-security-hardening", "@kbn/security-plugin": "link:x-pack/plugins/security", diff --git a/tsconfig.base.json b/tsconfig.base.json index 7bc96a83e87e1..aeb8080d2ed81 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1488,6 +1488,8 @@ "@kbn/security-api-integration-helpers/*": ["x-pack/test/security_api_integration/packages/helpers/*"], "@kbn/security-api-key-management": ["x-pack/packages/security/api_key_management"], "@kbn/security-api-key-management/*": ["x-pack/packages/security/api_key_management/*"], + "@kbn/security-authorization-core": ["x-pack/packages/security/authorization_core"], + "@kbn/security-authorization-core/*": ["x-pack/packages/security/authorization_core/*"], "@kbn/security-form-components": ["x-pack/packages/security/form_components"], "@kbn/security-form-components/*": ["x-pack/packages/security/form_components/*"], "@kbn/security-hardening": ["packages/kbn-security-hardening"], diff --git a/x-pack/packages/security/authorization_core/README.md b/x-pack/packages/security/authorization_core/README.md new file mode 100644 index 0000000000000..ce2c2dd277198 --- /dev/null +++ b/x-pack/packages/security/authorization_core/README.md @@ -0,0 +1,3 @@ +# @kbn/security-authorization-core + +Contains core authorization logic diff --git a/x-pack/packages/security/authorization_core/index.ts b/x-pack/packages/security/authorization_core/index.ts new file mode 100644 index 0000000000000..ccb68eb3bbcec --- /dev/null +++ b/x-pack/packages/security/authorization_core/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { Actions } from './src/actions'; +export { privilegesFactory } from './src/privileges'; +export type { + CasesSupportedOperations, + PrivilegesService, + RawKibanaPrivileges, + RawKibanaFeaturePrivileges, +} from './src/privileges'; diff --git a/x-pack/packages/security/authorization_core/jest.config.js b/x-pack/packages/security/authorization_core/jest.config.js new file mode 100644 index 0000000000000..db3272ac46d92 --- /dev/null +++ b/x-pack/packages/security/authorization_core/jest.config.js @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + coverageDirectory: '/x-pack/packages/security/authorization_core', + coverageReporters: ['text', 'html'], + collectCoverageFrom: ['/x-pack/packages/security/authorization_core/**/*.{ts,tsx}'], + preset: '@kbn/test', + rootDir: '../../../..', + roots: ['/x-pack/packages/security/authorization_core'], +}; diff --git a/x-pack/packages/security/authorization_core/kibana.jsonc b/x-pack/packages/security/authorization_core/kibana.jsonc new file mode 100644 index 0000000000000..f2e33db5c8a81 --- /dev/null +++ b/x-pack/packages/security/authorization_core/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-server", + "id": "@kbn/security-authorization-core", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/authorization_core/package.json b/x-pack/packages/security/authorization_core/package.json new file mode 100644 index 0000000000000..4b270288d4763 --- /dev/null +++ b/x-pack/packages/security/authorization_core/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-authorization-core", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/packages/security/authorization_core/src/__fixtures__/licensing.mock.ts b/x-pack/packages/security/authorization_core/src/__fixtures__/licensing.mock.ts new file mode 100644 index 0000000000000..6ee9910b768bd --- /dev/null +++ b/x-pack/packages/security/authorization_core/src/__fixtures__/licensing.mock.ts @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Observable, of } from 'rxjs'; + +import type { LicenseType } from '@kbn/licensing-plugin/common/types'; +import { LICENSE_TYPE } from '@kbn/licensing-plugin/common/types'; +import type { SecurityLicense, SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; + +export const licenseMock = { + create: ( + features: Partial | Observable> = {}, + licenseType: LicenseType = 'basic', // default to basic if this is not specified, + isAvailable: Observable = of(true) + ): jest.Mocked => ({ + isLicenseAvailable: jest.fn().mockImplementation(() => { + let result = true; + + isAvailable.subscribe((next) => { + result = next; + }); + + return result; + }), + getLicenseType: jest.fn().mockReturnValue(licenseType), + getUnavailableReason: jest.fn(), + isEnabled: jest.fn().mockReturnValue(true), + getFeatures: + features instanceof Observable + ? jest.fn().mockImplementation(() => { + let subbedFeatures: Partial = {}; + + features.subscribe((next) => { + subbedFeatures = next; + }); + + return subbedFeatures; + }) + : jest.fn().mockReturnValue(features), + hasAtLeast: jest + .fn() + .mockImplementation( + (licenseTypeToCheck: LicenseType) => + LICENSE_TYPE[licenseTypeToCheck] <= LICENSE_TYPE[licenseType] + ), + features$: + features instanceof Observable + ? (features as Observable) + : of((features ?? {}) as SecurityLicenseFeatures), + }), +}; diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/alerting.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/alerting.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/alerting.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/alerting.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/api.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/api.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/api.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/api.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/app.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/app.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/app.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/app.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/cases.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/cases.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/cases.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/cases.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/__snapshots__/ui.test.ts.snap b/x-pack/packages/security/authorization_core/src/actions/__snapshots__/ui.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/__snapshots__/ui.test.ts.snap rename to x-pack/packages/security/authorization_core/src/actions/__snapshots__/ui.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/actions/actions.mock.ts b/x-pack/packages/security/authorization_core/src/actions/actions.mock.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/actions.mock.ts rename to x-pack/packages/security/authorization_core/src/actions/actions.mock.ts diff --git a/x-pack/plugins/security/server/authorization/actions/actions.test.ts b/x-pack/packages/security/authorization_core/src/actions/actions.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/actions.test.ts rename to x-pack/packages/security/authorization_core/src/actions/actions.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/actions.ts b/x-pack/packages/security/authorization_core/src/actions/actions.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/actions.ts rename to x-pack/packages/security/authorization_core/src/actions/actions.ts diff --git a/x-pack/plugins/security/server/authorization/actions/alerting.test.ts b/x-pack/packages/security/authorization_core/src/actions/alerting.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/alerting.test.ts rename to x-pack/packages/security/authorization_core/src/actions/alerting.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/alerting.ts b/x-pack/packages/security/authorization_core/src/actions/alerting.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/alerting.ts rename to x-pack/packages/security/authorization_core/src/actions/alerting.ts diff --git a/x-pack/plugins/security/server/authorization/actions/api.test.ts b/x-pack/packages/security/authorization_core/src/actions/api.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/api.test.ts rename to x-pack/packages/security/authorization_core/src/actions/api.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/api.ts b/x-pack/packages/security/authorization_core/src/actions/api.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/api.ts rename to x-pack/packages/security/authorization_core/src/actions/api.ts diff --git a/x-pack/plugins/security/server/authorization/actions/app.test.ts b/x-pack/packages/security/authorization_core/src/actions/app.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/app.test.ts rename to x-pack/packages/security/authorization_core/src/actions/app.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/app.ts b/x-pack/packages/security/authorization_core/src/actions/app.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/app.ts rename to x-pack/packages/security/authorization_core/src/actions/app.ts diff --git a/x-pack/plugins/security/server/authorization/actions/cases.test.ts b/x-pack/packages/security/authorization_core/src/actions/cases.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/cases.test.ts rename to x-pack/packages/security/authorization_core/src/actions/cases.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/cases.ts b/x-pack/packages/security/authorization_core/src/actions/cases.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/cases.ts rename to x-pack/packages/security/authorization_core/src/actions/cases.ts diff --git a/x-pack/plugins/security/server/authorization/actions/index.ts b/x-pack/packages/security/authorization_core/src/actions/index.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/index.ts rename to x-pack/packages/security/authorization_core/src/actions/index.ts diff --git a/x-pack/plugins/security/server/authorization/actions/saved_object.test.ts b/x-pack/packages/security/authorization_core/src/actions/saved_object.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/saved_object.test.ts rename to x-pack/packages/security/authorization_core/src/actions/saved_object.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/saved_object.ts b/x-pack/packages/security/authorization_core/src/actions/saved_object.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/saved_object.ts rename to x-pack/packages/security/authorization_core/src/actions/saved_object.ts diff --git a/x-pack/plugins/security/server/authorization/actions/space.test.ts b/x-pack/packages/security/authorization_core/src/actions/space.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/space.test.ts rename to x-pack/packages/security/authorization_core/src/actions/space.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/space.ts b/x-pack/packages/security/authorization_core/src/actions/space.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/space.ts rename to x-pack/packages/security/authorization_core/src/actions/space.ts diff --git a/x-pack/plugins/security/server/authorization/actions/ui.test.ts b/x-pack/packages/security/authorization_core/src/actions/ui.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/ui.test.ts rename to x-pack/packages/security/authorization_core/src/actions/ui.test.ts diff --git a/x-pack/plugins/security/server/authorization/actions/ui.ts b/x-pack/packages/security/authorization_core/src/actions/ui.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/actions/ui.ts rename to x-pack/packages/security/authorization_core/src/actions/ui.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/__snapshots__/cases.test.ts.snap diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.test.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/alerting.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.test.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/alerting.test.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/alerting.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/alerting.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/api.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/api.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/api.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/api.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/app.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/app.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/app.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/app.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.test.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/cases.test.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.test.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/cases.test.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/cases.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/cases.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/catalogue.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/catalogue.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/catalogue.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/catalogue.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/feature_privilege_builder.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/feature_privilege_builder.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/feature_privilege_builder.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/feature_privilege_builder.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/index.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/index.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/index.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/index.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/management.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/management.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/management.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/management.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/navlink.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/navlink.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/navlink.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/navlink.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/saved_object.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/saved_object.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/saved_object.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/saved_object.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/ui.ts b/x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/ui.ts similarity index 100% rename from x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/ui.ts rename to x-pack/packages/security/authorization_core/src/privileges/feature_privilege_builder/ui.ts diff --git a/x-pack/plugins/security/server/authorization/privileges/index.ts b/x-pack/packages/security/authorization_core/src/privileges/index.ts similarity index 81% rename from x-pack/plugins/security/server/authorization/privileges/index.ts rename to x-pack/packages/security/authorization_core/src/privileges/index.ts index 1056aa6dcd9af..7113b1b348bec 100644 --- a/x-pack/plugins/security/server/authorization/privileges/index.ts +++ b/x-pack/packages/security/authorization_core/src/privileges/index.ts @@ -8,3 +8,4 @@ export type { PrivilegesService } from './privileges'; export type { CasesSupportedOperations } from './feature_privilege_builder'; export { privilegesFactory } from './privileges'; +export type { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_privileges'; diff --git a/x-pack/plugins/security/server/authorization/privileges/privileges.test.ts b/x-pack/packages/security/authorization_core/src/privileges/privileges.test.ts similarity index 99% rename from x-pack/plugins/security/server/authorization/privileges/privileges.test.ts rename to x-pack/packages/security/authorization_core/src/privileges/privileges.test.ts index 93efd86f52f54..118d63503db22 100644 --- a/x-pack/plugins/security/server/authorization/privileges/privileges.test.ts +++ b/x-pack/packages/security/authorization_core/src/privileges/privileges.test.ts @@ -9,7 +9,7 @@ import { KibanaFeature } from '@kbn/features-plugin/server'; import { featuresPluginMock } from '@kbn/features-plugin/server/mocks'; import { privilegesFactory } from './privileges'; -import { licenseMock } from '../../../common/licensing/index.mock'; +import { licenseMock } from '../__fixtures__/licensing.mock'; import { Actions } from '../actions'; const actions = new Actions(); diff --git a/x-pack/plugins/security/server/authorization/privileges/privileges.ts b/x-pack/packages/security/authorization_core/src/privileges/privileges.ts similarity index 98% rename from x-pack/plugins/security/server/authorization/privileges/privileges.ts rename to x-pack/packages/security/authorization_core/src/privileges/privileges.ts index 4295ae7c89bb4..9fb8dd9f083e2 100644 --- a/x-pack/plugins/security/server/authorization/privileges/privileges.ts +++ b/x-pack/packages/security/authorization_core/src/privileges/privileges.ts @@ -13,9 +13,9 @@ import type { } from '@kbn/features-plugin/common'; import type { FeaturesPluginSetup, KibanaFeature } from '@kbn/features-plugin/server'; +import type { SecurityLicense } from '@kbn/security-plugin-types-common'; import { featurePrivilegeBuilderFactory } from './feature_privilege_builder'; -import type { SecurityLicense } from '../../../common'; -import type { RawKibanaPrivileges } from '../../../common/model'; +import type { RawKibanaPrivileges } from './raw_kibana_privileges'; import type { Actions } from '../actions'; export interface PrivilegesService { diff --git a/x-pack/plugins/security/common/model/raw_kibana_privileges.ts b/x-pack/packages/security/authorization_core/src/privileges/raw_kibana_privileges.ts similarity index 100% rename from x-pack/plugins/security/common/model/raw_kibana_privileges.ts rename to x-pack/packages/security/authorization_core/src/privileges/raw_kibana_privileges.ts diff --git a/x-pack/packages/security/authorization_core/src/spaces/service_type.ts b/x-pack/packages/security/authorization_core/src/spaces/service_type.ts new file mode 100644 index 0000000000000..3aa985596e599 --- /dev/null +++ b/x-pack/packages/security/authorization_core/src/spaces/service_type.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SpacesPluginSetup } from '@kbn/spaces-plugin/server'; + +export type SpacesService = SpacesPluginSetup['spacesService']; diff --git a/x-pack/packages/security/authorization_core/tsconfig.json b/x-pack/packages/security/authorization_core/tsconfig.json new file mode 100644 index 0000000000000..b996feb63c749 --- /dev/null +++ b/x-pack/packages/security/authorization_core/tsconfig.json @@ -0,0 +1,16 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": ["jest", "node", "react"] + }, + "include": ["**/*.ts", "**/*.tsx"], + "exclude": ["target/**/*"], + "kbn_references": [ + "@kbn/core", + "@kbn/i18n", + "@kbn/i18n-react", + "@kbn/features-plugin", + "@kbn/security-plugin-types-common" + ] +} diff --git a/x-pack/packages/security/role_management_model/index.ts b/x-pack/packages/security/role_management_model/index.ts index e3998306f1cee..fa69415d3f8cc 100644 --- a/x-pack/packages/security/role_management_model/index.ts +++ b/x-pack/packages/security/role_management_model/index.ts @@ -11,6 +11,5 @@ export { SubFeaturePrivilegeGroup } from './src/sub_feature_privilege_group'; export { SubFeaturePrivilege } from './src/sub_feature_privilege'; export { PrimaryFeaturePrivilege } from './src/primary_feature_privilege'; export { KibanaPrivileges, isGlobalPrivilegeDefinition } from './src/kibana_privileges'; -export type { RawKibanaPrivileges } from './src/kibana_privileges'; export { KibanaPrivilege } from './src/kibana_privilege'; export { PrivilegeCollection } from './src/privilege_collection'; diff --git a/x-pack/packages/security/role_management_model/src/kibana_privileges.ts b/x-pack/packages/security/role_management_model/src/kibana_privileges.ts index 9da38d0f3ec5a..e78ee9b105bbf 100644 --- a/x-pack/packages/security/role_management_model/src/kibana_privileges.ts +++ b/x-pack/packages/security/role_management_model/src/kibana_privileges.ts @@ -8,23 +8,11 @@ import type { KibanaFeature } from '@kbn/features-plugin/common'; import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import type { RawKibanaPrivileges } from '@kbn/security-authorization-core'; import { KibanaPrivilege } from './kibana_privilege'; import { PrivilegeCollection } from './privilege_collection'; import { SecuredFeature } from './secured_feature'; -export interface RawKibanaFeaturePrivileges { - [featureId: string]: { - [privilegeId: string]: string[]; - }; -} - -export interface RawKibanaPrivileges { - global: Record; - features: RawKibanaFeaturePrivileges; - space: Record; - reserved: Record; -} - function toBasePrivilege(entry: [string, string[]]): [string, KibanaPrivilege] { const [privilegeId, actions] = entry; return [privilegeId, new KibanaPrivilege(privilegeId, actions)]; diff --git a/x-pack/packages/security/role_management_model_mocks/index.ts b/x-pack/packages/security/role_management_model_mocks/index.ts new file mode 100644 index 0000000000000..d25038e7000e3 --- /dev/null +++ b/x-pack/packages/security/role_management_model_mocks/index.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { createFeature } from './src/kibana_features'; +export { createKibanaPrivileges, createRawKibanaPrivileges } from './src/kibana_privileges'; diff --git a/x-pack/packages/security/role_management_model_mocks/src/kibana_features.ts b/x-pack/packages/security/role_management_model_mocks/src/kibana_features.ts new file mode 100644 index 0000000000000..fd40a64bb0ea6 --- /dev/null +++ b/x-pack/packages/security/role_management_model_mocks/src/kibana_features.ts @@ -0,0 +1,281 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { KibanaFeatureConfig } from '@kbn/features-plugin/public'; +import { KibanaFeature } from '@kbn/features-plugin/public'; + +export const createFeature = ( + config: Pick< + KibanaFeatureConfig, + 'id' | 'name' | 'subFeatures' | 'reserved' | 'privilegesTooltip' | 'description' + > & { + excludeFromBaseAll?: boolean; + excludeFromBaseRead?: boolean; + privileges?: KibanaFeatureConfig['privileges']; + category?: KibanaFeatureConfig['category']; + requireAllSpacesOnAllPrivilege?: boolean; + disabledReadPrivilege?: boolean; + } +) => { + const { + excludeFromBaseAll, + excludeFromBaseRead, + privileges, + category, + requireAllSpacesOnAllPrivilege: requireAllSpaces = false, + disabledReadPrivilege: disabled = false, + ...rest + } = config; + return new KibanaFeature({ + app: [], + category: category ?? { id: 'foo', label: 'foo' }, + catalogue: [], + privileges: + privileges === null + ? null + : { + all: { + excludeFromBasePrivileges: excludeFromBaseAll, + savedObject: { + all: ['all-type'], + read: ['read-type'], + }, + ui: ['read-ui', 'all-ui', `read-${config.id}`, `all-${config.id}`], + requireAllSpaces, + }, + read: { + excludeFromBasePrivileges: excludeFromBaseRead, + savedObject: { + all: [], + read: ['read-type'], + }, + ui: ['read-ui', `read-${config.id}`], + disabled, + }, + }, + ...rest, + }); +}; + +export const kibanaFeatures = [ + createFeature({ + id: 'no_sub_features', + name: 'Feature 1: No Sub Features', + }), + createFeature({ + id: 'with_sub_features', + name: 'Mutually Exclusive Sub Features', + subFeatures: [ + { + name: 'Cool Sub Feature', + privilegeGroups: [ + { + groupType: 'mutually_exclusive', + privileges: [ + { + id: 'cool_all', + name: 'All', + includeIn: 'all', + savedObject: { + all: ['all-cool-type'], + read: ['read-cool-type'], + }, + ui: ['cool_read-ui', 'cool_all-ui'], + }, + { + id: 'cool_read', + name: 'Read', + includeIn: 'read', + savedObject: { + all: [], + read: ['read-cool-type'], + }, + ui: ['cool_read-ui'], + }, + ], + }, + { + groupType: 'independent', + privileges: [ + { + id: 'cool_toggle_1', + name: 'Cool toggle 1', + includeIn: 'all', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_toggle_1-ui'], + }, + { + id: 'cool_toggle_2', + name: 'Cool toggle 2', + includeIn: 'read', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_toggle_2-ui'], + }, + { + id: 'cool_excluded_toggle', + name: 'Cool excluded toggle', + includeIn: 'none', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_excluded_toggle-ui'], + }, + ], + }, + ], + }, + ], + }), + createFeature({ + id: 'with_excluded_sub_features', + name: 'Excluded Sub Features', + subFeatures: [ + { + name: 'Excluded Sub Feature', + privilegeGroups: [ + { + groupType: 'independent', + privileges: [ + { + id: 'cool_toggle_1', + name: 'Cool toggle 1', + includeIn: 'none', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_toggle_1-ui'], + }, + ], + }, + ], + }, + ], + }), + createFeature({ + id: 'excluded_from_base', + name: 'Excluded from base', + excludeFromBaseAll: true, + excludeFromBaseRead: true, + subFeatures: [ + { + name: 'Cool Sub Feature', + privilegeGroups: [ + { + groupType: 'mutually_exclusive', + privileges: [ + { + id: 'cool_all', + name: 'All', + includeIn: 'all', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_read-ui', 'cool_all-ui'], + }, + { + id: 'cool_read', + name: 'Read', + includeIn: 'read', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_read-ui'], + }, + ], + }, + { + groupType: 'independent', + privileges: [ + { + id: 'cool_toggle_1', + name: 'Cool toggle 2', + includeIn: 'all', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_toggle_1-ui'], + }, + { + id: 'cool_toggle_2', + name: 'Cool toggle 2', + includeIn: 'read', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_toggle_2-ui'], + }, + ], + }, + ], + }, + ], + }), + createFeature({ + id: 'with_require_all_spaces_sub_features', + name: 'Require all spaces Sub Features', + subFeatures: [ + { + name: 'Require all spaces Sub Feature', + requireAllSpaces: true, + privilegeGroups: [ + { + groupType: 'mutually_exclusive', + privileges: [ + { + id: 'cool_toggle_1', + name: 'Cool toggle 1', + includeIn: 'read', + savedObject: { + all: [], + read: [], + }, + ui: ['cool_toggle_1-ui'], + }, + ], + }, + ], + }, + ], + }), + createFeature({ + id: 'with_require_all_spaces_for_feature_and_sub_features', + name: 'Require all spaces Features and Sub Features', + requireAllSpacesOnAllPrivilege: true, + subFeatures: [ + { + name: 'Require all spaces Sub Feature', + requireAllSpaces: true, + privilegeGroups: [ + { + groupType: 'mutually_exclusive', + privileges: [ + { + id: 'cool_toggle_1', + name: 'Cool toggle 1', + includeIn: 'all', + savedObject: { all: [], read: [] }, + ui: ['cool_toggle_1-ui'], + }, + ], + }, + ], + }, + ], + }), +]; diff --git a/x-pack/plugins/security/common/index.ts b/x-pack/plugins/security/common/index.ts index 2d5e6fd6ec7f1..c4d76f7c9fd66 100644 --- a/x-pack/plugins/security/common/index.ts +++ b/x-pack/plugins/security/common/index.ts @@ -10,7 +10,6 @@ export type { GetUserDisplayNameParams, EditUser, BuiltinESPrivileges, - RawKibanaPrivileges, RoleMapping, RoleMappingRule, RoleMappingAllRule, @@ -25,6 +24,8 @@ export type { export { getUserDisplayName, isRoleReserved, isRoleWithWildcardBasePrivilege } from './model'; +export type { RawKibanaPrivileges } from '@kbn/security-authorization-core'; + // Re-export types from the plugin directly to enhance the developer experience for consumers of the Security plugin. export type { AuthenticatedUser, diff --git a/x-pack/plugins/security/common/licensing/index.mock.ts b/x-pack/plugins/security/common/licensing/index.mock.ts index 6ee9910b768bd..49f0b578075b0 100644 --- a/x-pack/plugins/security/common/licensing/index.mock.ts +++ b/x-pack/plugins/security/common/licensing/index.mock.ts @@ -5,51 +5,4 @@ * 2.0. */ -import { Observable, of } from 'rxjs'; - -import type { LicenseType } from '@kbn/licensing-plugin/common/types'; -import { LICENSE_TYPE } from '@kbn/licensing-plugin/common/types'; -import type { SecurityLicense, SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; - -export const licenseMock = { - create: ( - features: Partial | Observable> = {}, - licenseType: LicenseType = 'basic', // default to basic if this is not specified, - isAvailable: Observable = of(true) - ): jest.Mocked => ({ - isLicenseAvailable: jest.fn().mockImplementation(() => { - let result = true; - - isAvailable.subscribe((next) => { - result = next; - }); - - return result; - }), - getLicenseType: jest.fn().mockReturnValue(licenseType), - getUnavailableReason: jest.fn(), - isEnabled: jest.fn().mockReturnValue(true), - getFeatures: - features instanceof Observable - ? jest.fn().mockImplementation(() => { - let subbedFeatures: Partial = {}; - - features.subscribe((next) => { - subbedFeatures = next; - }); - - return subbedFeatures; - }) - : jest.fn().mockReturnValue(features), - hasAtLeast: jest - .fn() - .mockImplementation( - (licenseTypeToCheck: LicenseType) => - LICENSE_TYPE[licenseTypeToCheck] <= LICENSE_TYPE[licenseType] - ), - features$: - features instanceof Observable - ? (features as Observable) - : of((features ?? {}) as SecurityLicenseFeatures), - }), -}; +export { licenseMock } from '@kbn/security-authorization-core/src/__fixtures__/licensing.mock'; diff --git a/x-pack/plugins/security/common/model/index.ts b/x-pack/plugins/security/common/model/index.ts index 1e73ead22655e..1331d60d624b6 100644 --- a/x-pack/plugins/security/common/model/index.ts +++ b/x-pack/plugins/security/common/model/index.ts @@ -21,7 +21,10 @@ export { } from './authenticated_user'; export { shouldProviderUseLoginForm } from './authentication_provider'; export type { BuiltinESPrivileges } from './builtin_es_privileges'; -export type { RawKibanaPrivileges, RawKibanaFeaturePrivileges } from './raw_kibana_privileges'; +export type { + RawKibanaPrivileges, + RawKibanaFeaturePrivileges, +} from '@kbn/security-authorization-core'; export { copyRole, isRoleDeprecated, diff --git a/x-pack/plugins/security/public/management/roles/privileges_api_client.ts b/x-pack/plugins/security/public/management/roles/privileges_api_client.ts index a96fdd4340cc6..54c8992698978 100644 --- a/x-pack/plugins/security/public/management/roles/privileges_api_client.ts +++ b/x-pack/plugins/security/public/management/roles/privileges_api_client.ts @@ -6,8 +6,9 @@ */ import type { HttpStart } from '@kbn/core/public'; +import type { RawKibanaPrivileges } from '@kbn/security-authorization-core'; -import type { BuiltinESPrivileges, RawKibanaPrivileges } from '../../../common/model'; +import type { BuiltinESPrivileges } from '../../../common/model'; export class PrivilegesAPIClient { constructor(private readonly http: HttpStart) {} diff --git a/x-pack/plugins/security/server/authorization/authorization_service.test.ts b/x-pack/plugins/security/server/authorization/authorization_service.test.ts index ddc5e26903c2b..275a6d2643f24 100644 --- a/x-pack/plugins/security/server/authorization/authorization_service.test.ts +++ b/x-pack/plugins/security/server/authorization/authorization_service.test.ts @@ -19,6 +19,7 @@ import { Subject } from 'rxjs'; import { coreMock, elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks'; import { featuresPluginMock } from '@kbn/features-plugin/server/mocks'; +import { privilegesFactory } from '@kbn/security-authorization-core'; import { nextTick } from '@kbn/test-jest-helpers'; import { AuthorizationService } from './authorization_service'; @@ -26,7 +27,6 @@ import { checkPrivilegesFactory } from './check_privileges'; import { checkPrivilegesDynamicallyWithRequestFactory } from './check_privileges_dynamically'; import { checkSavedObjectsPrivilegesWithRequestFactory } from './check_saved_objects_privileges'; import { authorizationModeFactory } from './mode'; -import { privilegesFactory } from './privileges'; import { licenseMock } from '../../common/licensing/index.mock'; import type { OnlineStatusRetryScheduler } from '../elasticsearch'; diff --git a/x-pack/plugins/security/server/authorization/authorization_service.tsx b/x-pack/plugins/security/server/authorization/authorization_service.tsx index a926ee4d364b0..c8e036b07679c 100644 --- a/x-pack/plugins/security/server/authorization/authorization_service.tsx +++ b/x-pack/plugins/security/server/authorization/authorization_service.tsx @@ -25,6 +25,11 @@ import type { FeaturesPluginSetup as FeaturesPluginSetup, FeaturesPluginStart as FeaturesPluginStart, } from '@kbn/features-plugin/server'; +import { + Actions, + privilegesFactory, + type PrivilegesService, +} from '@kbn/security-authorization-core'; import type { AuthorizationMode, AuthorizationServiceSetup, @@ -33,7 +38,6 @@ import type { CheckUserProfilesPrivileges, } from '@kbn/security-plugin-types-server'; -import { Actions } from './actions'; import { initAPIAuthorization } from './api_authorization'; import { initAppAuthorization } from './app_authorization'; import { checkPrivilegesFactory } from './check_privileges'; @@ -41,8 +45,6 @@ import { checkPrivilegesDynamicallyWithRequestFactory } from './check_privileges import { checkSavedObjectsPrivilegesWithRequestFactory } from './check_saved_objects_privileges'; import { disableUICapabilitiesFactory } from './disable_ui_capabilities'; import { authorizationModeFactory } from './mode'; -import type { PrivilegesService } from './privileges'; -import { privilegesFactory } from './privileges'; import { registerPrivilegesWithCluster } from './register_privileges_with_cluster'; import { ResetSessionPage } from './reset_session_page'; import { validateFeaturePrivileges } from './validate_feature_privileges'; @@ -53,7 +55,7 @@ import { canRedirectRequest } from '../authentication'; import type { OnlineStatusRetryScheduler } from '../elasticsearch'; import type { SpacesService } from '../plugin'; -export { Actions } from './actions'; +export { Actions } from '@kbn/security-authorization-core'; interface AuthorizationServiceSetupParams { packageVersion: string; diff --git a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts index a271371e5584d..f7ed4ac9cd94b 100644 --- a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts +++ b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts @@ -7,9 +7,9 @@ import { httpServerMock, loggingSystemMock } from '@kbn/core/server/mocks'; import { ElasticsearchFeature, KibanaFeature } from '@kbn/features-plugin/server'; +import { Actions } from '@kbn/security-authorization-core'; import type { CheckPrivilegesResponse } from '@kbn/security-plugin-types-server'; -import { Actions } from './actions'; import { disableUICapabilitiesFactory } from './disable_ui_capabilities'; import { authorizationMock } from './index.mock'; import type { AuthenticatedUser } from '../../common'; diff --git a/x-pack/plugins/security/server/authorization/index.mock.ts b/x-pack/plugins/security/server/authorization/index.mock.ts index 04c389f24fcad..c3b76a0908f13 100644 --- a/x-pack/plugins/security/server/authorization/index.mock.ts +++ b/x-pack/plugins/security/server/authorization/index.mock.ts @@ -5,10 +5,9 @@ * 2.0. */ +import { actionsMock } from '@kbn/security-authorization-core/src/actions/actions.mock'; import type { AuthorizationMode } from '@kbn/security-plugin-types-server'; -import { actionsMock } from './actions/actions.mock'; - export const authorizationMock = { create: ({ version = 'mock-version', diff --git a/x-pack/plugins/security/server/authorization/index.ts b/x-pack/plugins/security/server/authorization/index.ts index 0ebd085ba0e42..3552f85c005dd 100644 --- a/x-pack/plugins/security/server/authorization/index.ts +++ b/x-pack/plugins/security/server/authorization/index.ts @@ -5,9 +5,8 @@ * 2.0. */ -export { Actions } from './actions'; +export { Actions, type CasesSupportedOperations } from '@kbn/security-authorization-core'; export type { AuthorizationServiceSetupInternal } from './authorization_service'; export { AuthorizationService } from './authorization_service'; export type { ElasticsearchRole } from './roles'; export { transformElasticsearchRoleToRole, compareRolesByName } from './roles'; -export type { CasesSupportedOperations } from './privileges'; diff --git a/x-pack/plugins/security/server/authorization/register_privileges_with_cluster.ts b/x-pack/plugins/security/server/authorization/register_privileges_with_cluster.ts index b8fb5f83aadcf..0809626eaf718 100644 --- a/x-pack/plugins/security/server/authorization/register_privileges_with_cluster.ts +++ b/x-pack/plugins/security/server/authorization/register_privileges_with_cluster.ts @@ -8,8 +8,8 @@ import { difference, isEqual, isEqualWith } from 'lodash'; import type { IClusterClient, Logger } from '@kbn/core/server'; +import type { PrivilegesService } from '@kbn/security-authorization-core'; -import type { PrivilegesService } from './privileges'; import { serializePrivileges } from './privileges_serializer'; export async function registerPrivilegesWithCluster( diff --git a/x-pack/plugins/security/server/authorization/service.test.mocks.ts b/x-pack/plugins/security/server/authorization/service.test.mocks.ts index 7fb0908e60cab..d5cbc3375aae2 100644 --- a/x-pack/plugins/security/server/authorization/service.test.mocks.ts +++ b/x-pack/plugins/security/server/authorization/service.test.mocks.ts @@ -21,9 +21,13 @@ jest.mock('./check_saved_objects_privileges', () => ({ })); export const mockPrivilegesFactory = jest.fn(); -jest.mock('./privileges', () => ({ - privilegesFactory: mockPrivilegesFactory, -})); +jest.mock('@kbn/security-authorization-core', () => { + const authzCore = jest.requireActual('@kbn/security-authorization-core'); + return { + ...authzCore, + privilegesFactory: mockPrivilegesFactory, + }; +}); export const mockAuthorizationModeFactory = jest.fn(); jest.mock('./mode', () => ({ diff --git a/yarn.lock b/yarn.lock index 69e3629347ece..27827bf1e18df 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6272,6 +6272,10 @@ version "0.0.0" uid "" +"@kbn/security-authorization-core@link:x-pack/packages/security/authorization_core": + version "0.0.0" + uid "" + "@kbn/security-form-components@link:x-pack/packages/security/form_components": version "0.0.0" uid "" From 0b9992a2b9cb74a81ad82469c8ee513265b47993 Mon Sep 17 00:00:00 2001 From: Eyo Okon Eyo Date: Wed, 7 Aug 2024 01:59:35 +0200 Subject: [PATCH 3/8] extract role privilege fixtures into seperate package --- package.json | 1 + tsconfig.base.json | 2 + .../src/kibana_privileges.test.ts | 276 ++++++++--------- .../role_management_model/tsconfig.json | 1 + .../role_management_model_mocks/README.md | 3 + .../role_management_model_mocks/index.ts | 2 +- .../role_management_model_mocks/kibana.jsonc | 5 + .../role_management_model_mocks/package.json | 6 + .../src}/kibana_privileges.ts | 23 +- .../role_management_model_mocks/tsconfig.json | 16 + .../roles/__fixtures__/kibana_features.ts | 281 ------------------ .../roles/edit_role/edit_role_page.test.tsx | 2 +- .../feature_table/feature_table.test.tsx | 7 +- .../feature_table_expanded_row.test.tsx | 3 +- .../feature_table/sub_feature_form.test.tsx | 3 +- .../feature_table_cell.test.tsx | 4 +- .../privilege_form_calculator.test.ts | 4 +- .../privilege_summary.test.tsx | 3 +- .../privilege_summary_calculator.test.ts | 6 +- .../privilege_summary_table.test.tsx | 5 +- .../privilege_space_form.test.tsx | 7 +- .../privilege_space_table.test.tsx | 4 +- .../space_aware_privilege_section.test.tsx | 3 +- yarn.lock | 4 + 24 files changed, 224 insertions(+), 447 deletions(-) create mode 100644 x-pack/packages/security/role_management_model_mocks/README.md create mode 100644 x-pack/packages/security/role_management_model_mocks/kibana.jsonc create mode 100644 x-pack/packages/security/role_management_model_mocks/package.json rename x-pack/{plugins/security/public/management/roles/__fixtures__ => packages/security/role_management_model_mocks/src}/kibana_privileges.ts (61%) create mode 100644 x-pack/packages/security/role_management_model_mocks/tsconfig.json delete mode 100644 x-pack/plugins/security/public/management/roles/__fixtures__/kibana_features.ts diff --git a/package.json b/package.json index 3f9f30545325f..0eaa12f6652a0 100644 --- a/package.json +++ b/package.json @@ -1423,6 +1423,7 @@ "@kbn/repo-source-classifier": "link:packages/kbn-repo-source-classifier", "@kbn/repo-source-classifier-cli": "link:packages/kbn-repo-source-classifier-cli", "@kbn/security-api-integration-helpers": "link:x-pack/test/security_api_integration/packages/helpers", + "@kbn/security-role-management-model-mocks": "link:x-pack/packages/security/role_management_model_mocks", "@kbn/serverless-storybook-config": "link:packages/serverless/storybook/config", "@kbn/some-dev-log": "link:packages/kbn-some-dev-log", "@kbn/sort-package-json": "link:packages/kbn-sort-package-json", diff --git a/tsconfig.base.json b/tsconfig.base.json index aeb8080d2ed81..fd96ac6aec018 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1504,6 +1504,8 @@ "@kbn/security-plugin-types-server/*": ["x-pack/packages/security/plugin_types_server/*"], "@kbn/security-role-management-model": ["x-pack/packages/security/role_management_model"], "@kbn/security-role-management-model/*": ["x-pack/packages/security/role_management_model/*"], + "@kbn/security-role-management-model-mocks": ["x-pack/packages/security/role_management_model_mocks"], + "@kbn/security-role-management-model-mocks/*": ["x-pack/packages/security/role_management_model_mocks/*"], "@kbn/security-solution-distribution-bar": ["x-pack/packages/security-solution/distribution_bar"], "@kbn/security-solution-distribution-bar/*": ["x-pack/packages/security-solution/distribution_bar/*"], "@kbn/security-solution-ess": ["x-pack/plugins/security_solution_ess"], diff --git a/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts b/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts index b02448d461bc5..4e902270b6b86 100644 --- a/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts +++ b/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts @@ -5,13 +5,15 @@ * 2.0. */ -// import { KibanaPrivilege } from './kibana_privilege'; -import { /* KibanaPrivileges,*/ isGlobalPrivilegeDefinition } from './kibana_privileges'; -// import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; -// import { kibanaFeatures } from '../__fixtures__/kibana_features'; -// import { createRawKibanaPrivileges } from '../__fixtures__/kibana_privileges'; - -describe('KibanaPrivileges', () => { +import { KibanaPrivilege } from './kibana_privilege'; +import { KibanaPrivileges, isGlobalPrivilegeDefinition } from './kibana_privileges'; +import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { + createRawKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model-mocks'; + +describe('kibana_privilege', () => { describe('isGlobalPrivilegeDefinition', () => { it('returns true if no spaces are defined', () => { expect( @@ -54,133 +56,135 @@ describe('KibanaPrivileges', () => { }); }); - // describe('#getBasePrivileges', () => { - // it('returns the space base privileges for a non-global entry', () => { - // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - // const entry: RoleKibanaPrivilege = { - // base: [], - // feature: {}, - // spaces: ['foo'], - // }; - - // const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); - - // const expectedPrivileges = rawPrivileges.space; - - // expect(basePrivileges).toHaveLength(2); - // expect(basePrivileges[0]).toMatchObject({ - // id: 'all', - // actions: expectedPrivileges.all, - // }); - // expect(basePrivileges[1]).toMatchObject({ - // id: 'read', - // actions: expectedPrivileges.read, - // }); - // }); - - // it('returns the global base privileges for a global entry', () => { - // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - // const entry: RoleKibanaPrivilege = { - // base: [], - // feature: {}, - // spaces: ['*'], - // }; - - // const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); - - // const expectedPrivileges = rawPrivileges.global; - - // expect(basePrivileges).toHaveLength(2); - // expect(basePrivileges[0]).toMatchObject({ - // id: 'all', - // actions: expectedPrivileges.all, - // }); - // expect(basePrivileges[1]).toMatchObject({ - // id: 'read', - // actions: expectedPrivileges.read, - // }); - // }); - // }); - - // describe('#createCollectionFromRoleKibanaPrivileges', () => { - // it('creates a collection from a role with no privileges assigned', () => { - // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - // const assignedPrivileges: RoleKibanaPrivilege[] = []; - // kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - // }); - - // it('creates a collection ignoring unknown privileges', () => { - // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - // const assignedPrivileges: RoleKibanaPrivilege[] = [ - // { - // base: ['read', 'some-unknown-base-privilege'], - // feature: {}, - // spaces: ['*'], - // }, - // { - // base: [], - // feature: { - // with_sub_features: ['read', 'cool_all', 'some-unknown-feature-privilege'], - // some_unknown_feature: ['all'], - // }, - // spaces: ['foo'], - // }, - // ]; - // kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - // }); - - // it('creates a collection using all assigned privileges, and only the assigned privileges', () => { - // const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); - // const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); - - // const assignedPrivileges: RoleKibanaPrivilege[] = [ - // { - // base: ['read'], - // feature: {}, - // spaces: ['*'], - // }, - // { - // base: [], - // feature: { - // with_sub_features: ['read', 'cool_all'], - // }, - // spaces: ['foo'], - // }, - // ]; - // const collection = - // kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); - - // expect( - // collection.grantsPrivilege( - // new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.read]) - // ) - // ).toEqual(true); - - // expect( - // collection.grantsPrivilege( - // new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.all]) - // ) - // ).toEqual(false); - - // expect( - // collection.grantsPrivilege( - // new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_all]) - // ) - // ).toEqual(true); - - // expect( - // collection.grantsPrivilege( - // new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_toggle_1]) - // ) - // ).toEqual(false); - // }); - // }); + describe('KibanaPrivileges', () => { + describe('#getBasePrivileges', () => { + it('returns the space base privileges for a non-global entry', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const entry: RoleKibanaPrivilege = { + base: [], + feature: {}, + spaces: ['foo'], + }; + + const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); + + const expectedPrivileges = rawPrivileges.space; + + expect(basePrivileges).toHaveLength(2); + expect(basePrivileges[0]).toMatchObject({ + id: 'all', + actions: expectedPrivileges.all, + }); + expect(basePrivileges[1]).toMatchObject({ + id: 'read', + actions: expectedPrivileges.read, + }); + }); + + it('returns the global base privileges for a global entry', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const entry: RoleKibanaPrivilege = { + base: [], + feature: {}, + spaces: ['*'], + }; + + const basePrivileges = kibanaPrivileges.getBasePrivileges(entry); + + const expectedPrivileges = rawPrivileges.global; + + expect(basePrivileges).toHaveLength(2); + expect(basePrivileges[0]).toMatchObject({ + id: 'all', + actions: expectedPrivileges.all, + }); + expect(basePrivileges[1]).toMatchObject({ + id: 'read', + actions: expectedPrivileges.read, + }); + }); + }); + + describe('#createCollectionFromRoleKibanaPrivileges', () => { + it('creates a collection from a role with no privileges assigned', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const assignedPrivileges: RoleKibanaPrivilege[] = []; + kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + }); + + it('creates a collection ignoring unknown privileges', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const assignedPrivileges: RoleKibanaPrivilege[] = [ + { + base: ['read', 'some-unknown-base-privilege'], + feature: {}, + spaces: ['*'], + }, + { + base: [], + feature: { + with_sub_features: ['read', 'cool_all', 'some-unknown-feature-privilege'], + some_unknown_feature: ['all'], + }, + spaces: ['foo'], + }, + ]; + kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + }); + + it('creates a collection using all assigned privileges, and only the assigned privileges', () => { + const rawPrivileges = createRawKibanaPrivileges(kibanaFeatures); + const kibanaPrivileges = new KibanaPrivileges(rawPrivileges, kibanaFeatures); + + const assignedPrivileges: RoleKibanaPrivilege[] = [ + { + base: ['read'], + feature: {}, + spaces: ['*'], + }, + { + base: [], + feature: { + with_sub_features: ['read', 'cool_all'], + }, + spaces: ['foo'], + }, + ]; + const collection = + kibanaPrivileges.createCollectionFromRoleKibanaPrivileges(assignedPrivileges); + + expect( + collection.grantsPrivilege( + new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.read]) + ) + ).toEqual(true); + + expect( + collection.grantsPrivilege( + new KibanaPrivilege('test', [...rawPrivileges.features.with_excluded_sub_features.all]) + ) + ).toEqual(false); + + expect( + collection.grantsPrivilege( + new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_all]) + ) + ).toEqual(true); + + expect( + collection.grantsPrivilege( + new KibanaPrivilege('test', [...rawPrivileges.features.with_sub_features.cool_toggle_1]) + ) + ).toEqual(false); + }); + }); + }); }); diff --git a/x-pack/packages/security/role_management_model/tsconfig.json b/x-pack/packages/security/role_management_model/tsconfig.json index 32010d654b5cb..b996feb63c749 100644 --- a/x-pack/packages/security/role_management_model/tsconfig.json +++ b/x-pack/packages/security/role_management_model/tsconfig.json @@ -10,6 +10,7 @@ "@kbn/core", "@kbn/i18n", "@kbn/i18n-react", + "@kbn/features-plugin", "@kbn/security-plugin-types-common" ] } diff --git a/x-pack/packages/security/role_management_model_mocks/README.md b/x-pack/packages/security/role_management_model_mocks/README.md new file mode 100644 index 0000000000000..699a3689fc7be --- /dev/null +++ b/x-pack/packages/security/role_management_model_mocks/README.md @@ -0,0 +1,3 @@ +# @kbn/security-role-management-mocks + +Contains business logic for RBAC administration within Kibana. diff --git a/x-pack/packages/security/role_management_model_mocks/index.ts b/x-pack/packages/security/role_management_model_mocks/index.ts index d25038e7000e3..886fc3ea0e691 100644 --- a/x-pack/packages/security/role_management_model_mocks/index.ts +++ b/x-pack/packages/security/role_management_model_mocks/index.ts @@ -5,5 +5,5 @@ * 2.0. */ -export { createFeature } from './src/kibana_features'; +export { createFeature, kibanaFeatures } from './src/kibana_features'; export { createKibanaPrivileges, createRawKibanaPrivileges } from './src/kibana_privileges'; diff --git a/x-pack/packages/security/role_management_model_mocks/kibana.jsonc b/x-pack/packages/security/role_management_model_mocks/kibana.jsonc new file mode 100644 index 0000000000000..db0569e65b588 --- /dev/null +++ b/x-pack/packages/security/role_management_model_mocks/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "test-helper", + "id": "@kbn/security-role-management-model-mocks", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/role_management_model_mocks/package.json b/x-pack/packages/security/role_management_model_mocks/package.json new file mode 100644 index 0000000000000..5f355dcb22dd9 --- /dev/null +++ b/x-pack/packages/security/role_management_model_mocks/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-role-management-model-mocks", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts b/x-pack/packages/security/role_management_model_mocks/src/kibana_privileges.ts similarity index 61% rename from x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts rename to x-pack/packages/security/role_management_model_mocks/src/kibana_privileges.ts index 07e6d6ada57da..8a79b27af2ae7 100644 --- a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_privileges.ts +++ b/x-pack/packages/security/role_management_model_mocks/src/kibana_privileges.ts @@ -6,19 +6,34 @@ */ import type { KibanaFeature } from '@kbn/features-plugin/public'; -import { featuresPluginMock } from '@kbn/features-plugin/server/mocks'; +import { type FeaturesPluginSetup } from '@kbn/features-plugin/server'; +import { + featurePrivilegeIterator, + subFeaturePrivilegeIterator, +} from '@kbn/features-plugin/server/feature_privilege_iterator'; import type { LicenseType } from '@kbn/licensing-plugin/server'; import type { SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; import { KibanaPrivileges } from '@kbn/security-role-management-model'; -import { Actions } from '../../../../server/authorization'; -import { privilegesFactory } from '../../../../server/authorization/privileges'; +import { Actions, privilegesFactory } from '@kbn/security-authorization-core'; + +const featuresPluginService = (): jest.Mocked => { + return { + getKibanaFeatures: jest.fn(), + getElasticsearchFeatures: jest.fn(), + registerKibanaFeature: jest.fn(), + registerElasticsearchFeature: jest.fn(), + enableReportingUiCapabilities: jest.fn(), + featurePrivilegeIterator: jest.fn().mockImplementation(featurePrivilegeIterator), + subFeaturePrivilegeIterator: jest.fn().mockImplementation(subFeaturePrivilegeIterator), + }; +}; export const createRawKibanaPrivileges = ( features: KibanaFeature[], { allowSubFeaturePrivileges = true } = {} ) => { - const featuresService = featuresPluginMock.createSetup(); + const featuresService = featuresPluginService(); featuresService.getKibanaFeatures.mockReturnValue(features); const licensingService = { diff --git a/x-pack/packages/security/role_management_model_mocks/tsconfig.json b/x-pack/packages/security/role_management_model_mocks/tsconfig.json new file mode 100644 index 0000000000000..9bdd341e9b623 --- /dev/null +++ b/x-pack/packages/security/role_management_model_mocks/tsconfig.json @@ -0,0 +1,16 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": ["jest", "node", "react"] + }, + "include": ["**/*.ts", "**/*.tsx"], + "exclude": ["target/**/*"], + "kbn_references": [ + "@kbn/features-plugin", + "@kbn/security-plugin-types-common", + "@kbn/licensing-plugin", + "@kbn/security-role-management-model", + "@kbn/security-authorization-core" + ] +} diff --git a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_features.ts b/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_features.ts deleted file mode 100644 index fd40a64bb0ea6..0000000000000 --- a/x-pack/plugins/security/public/management/roles/__fixtures__/kibana_features.ts +++ /dev/null @@ -1,281 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { KibanaFeatureConfig } from '@kbn/features-plugin/public'; -import { KibanaFeature } from '@kbn/features-plugin/public'; - -export const createFeature = ( - config: Pick< - KibanaFeatureConfig, - 'id' | 'name' | 'subFeatures' | 'reserved' | 'privilegesTooltip' | 'description' - > & { - excludeFromBaseAll?: boolean; - excludeFromBaseRead?: boolean; - privileges?: KibanaFeatureConfig['privileges']; - category?: KibanaFeatureConfig['category']; - requireAllSpacesOnAllPrivilege?: boolean; - disabledReadPrivilege?: boolean; - } -) => { - const { - excludeFromBaseAll, - excludeFromBaseRead, - privileges, - category, - requireAllSpacesOnAllPrivilege: requireAllSpaces = false, - disabledReadPrivilege: disabled = false, - ...rest - } = config; - return new KibanaFeature({ - app: [], - category: category ?? { id: 'foo', label: 'foo' }, - catalogue: [], - privileges: - privileges === null - ? null - : { - all: { - excludeFromBasePrivileges: excludeFromBaseAll, - savedObject: { - all: ['all-type'], - read: ['read-type'], - }, - ui: ['read-ui', 'all-ui', `read-${config.id}`, `all-${config.id}`], - requireAllSpaces, - }, - read: { - excludeFromBasePrivileges: excludeFromBaseRead, - savedObject: { - all: [], - read: ['read-type'], - }, - ui: ['read-ui', `read-${config.id}`], - disabled, - }, - }, - ...rest, - }); -}; - -export const kibanaFeatures = [ - createFeature({ - id: 'no_sub_features', - name: 'Feature 1: No Sub Features', - }), - createFeature({ - id: 'with_sub_features', - name: 'Mutually Exclusive Sub Features', - subFeatures: [ - { - name: 'Cool Sub Feature', - privilegeGroups: [ - { - groupType: 'mutually_exclusive', - privileges: [ - { - id: 'cool_all', - name: 'All', - includeIn: 'all', - savedObject: { - all: ['all-cool-type'], - read: ['read-cool-type'], - }, - ui: ['cool_read-ui', 'cool_all-ui'], - }, - { - id: 'cool_read', - name: 'Read', - includeIn: 'read', - savedObject: { - all: [], - read: ['read-cool-type'], - }, - ui: ['cool_read-ui'], - }, - ], - }, - { - groupType: 'independent', - privileges: [ - { - id: 'cool_toggle_1', - name: 'Cool toggle 1', - includeIn: 'all', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_toggle_1-ui'], - }, - { - id: 'cool_toggle_2', - name: 'Cool toggle 2', - includeIn: 'read', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_toggle_2-ui'], - }, - { - id: 'cool_excluded_toggle', - name: 'Cool excluded toggle', - includeIn: 'none', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_excluded_toggle-ui'], - }, - ], - }, - ], - }, - ], - }), - createFeature({ - id: 'with_excluded_sub_features', - name: 'Excluded Sub Features', - subFeatures: [ - { - name: 'Excluded Sub Feature', - privilegeGroups: [ - { - groupType: 'independent', - privileges: [ - { - id: 'cool_toggle_1', - name: 'Cool toggle 1', - includeIn: 'none', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_toggle_1-ui'], - }, - ], - }, - ], - }, - ], - }), - createFeature({ - id: 'excluded_from_base', - name: 'Excluded from base', - excludeFromBaseAll: true, - excludeFromBaseRead: true, - subFeatures: [ - { - name: 'Cool Sub Feature', - privilegeGroups: [ - { - groupType: 'mutually_exclusive', - privileges: [ - { - id: 'cool_all', - name: 'All', - includeIn: 'all', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_read-ui', 'cool_all-ui'], - }, - { - id: 'cool_read', - name: 'Read', - includeIn: 'read', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_read-ui'], - }, - ], - }, - { - groupType: 'independent', - privileges: [ - { - id: 'cool_toggle_1', - name: 'Cool toggle 2', - includeIn: 'all', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_toggle_1-ui'], - }, - { - id: 'cool_toggle_2', - name: 'Cool toggle 2', - includeIn: 'read', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_toggle_2-ui'], - }, - ], - }, - ], - }, - ], - }), - createFeature({ - id: 'with_require_all_spaces_sub_features', - name: 'Require all spaces Sub Features', - subFeatures: [ - { - name: 'Require all spaces Sub Feature', - requireAllSpaces: true, - privilegeGroups: [ - { - groupType: 'mutually_exclusive', - privileges: [ - { - id: 'cool_toggle_1', - name: 'Cool toggle 1', - includeIn: 'read', - savedObject: { - all: [], - read: [], - }, - ui: ['cool_toggle_1-ui'], - }, - ], - }, - ], - }, - ], - }), - createFeature({ - id: 'with_require_all_spaces_for_feature_and_sub_features', - name: 'Require all spaces Features and Sub Features', - requireAllSpacesOnAllPrivilege: true, - subFeatures: [ - { - name: 'Require all spaces Sub Feature', - requireAllSpaces: true, - privilegeGroups: [ - { - groupType: 'mutually_exclusive', - privileges: [ - { - id: 'cool_toggle_1', - name: 'Cool toggle 1', - includeIn: 'all', - savedObject: { all: [], read: [] }, - ui: ['cool_toggle_1-ui'], - }, - ], - }, - ], - }, - ], - }), -]; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx index 5f345020d6d8f..4e7513bb4f93a 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx @@ -19,6 +19,7 @@ import { dataViewPluginMocks } from '@kbn/data-views-plugin/public/mocks'; import { KibanaFeature } from '@kbn/features-plugin/public'; import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; import { REMOTE_CLUSTERS_PATH } from '@kbn/remote-clusters-plugin/public'; +import { createRawKibanaPrivileges } from '@kbn/security-role-management-model-mocks'; import type { Space } from '@kbn/spaces-plugin/public'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; @@ -31,7 +32,6 @@ import { TransformErrorSection } from './privileges/kibana/transform_error_secti import type { Role } from '../../../../common'; import { licenseMock } from '../../../../common/licensing/index.mock'; import { userAPIClientMock } from '../../users/index.mock'; -import { createRawKibanaPrivileges } from '../__fixtures__/kibana_privileges'; import { indicesAPIClientMock, privilegesAPIClientMock, rolesAPIClientMock } from '../index.mock'; const spacesManager = spacesManagerMock.create(); diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx index 8b40b6d16d403..5a206496a1c81 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx @@ -9,13 +9,16 @@ import { EuiAccordion, EuiIconTip } from '@elastic/eui'; import React from 'react'; import type { KibanaFeature, SubFeatureConfig } from '@kbn/features-plugin/public'; +import { + createFeature, + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model-mocks'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { getDisplayedFeaturePrivileges } from './__fixtures__'; import { FeatureTable } from './feature_table'; import type { Role } from '../../../../../../../common'; -import { createFeature, kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; const createRole = (kibana: Role['kibana'] = []): Role => { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx index b3856bb59f1f3..ed5a6f4c840d6 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx @@ -8,12 +8,11 @@ import { act } from '@testing-library/react'; import React from 'react'; +import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { FeatureTableExpandedRow } from './feature_table_expanded_row'; import type { Role } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; const createRole = (kibana: Role['kibana'] = []): Role => { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx index cec876c626ac4..368720651b013 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx @@ -12,11 +12,10 @@ import React from 'react'; import { KibanaFeature } from '@kbn/features-plugin/public'; import type { Role } from '@kbn/security-plugin-types-common'; import { SecuredSubFeature } from '@kbn/security-role-management-model'; +import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { SubFeatureForm } from './sub_feature_form'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; // Note: these tests are not concerned with the proper display of privileges, diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx index 372b24048fe5b..bfe95fb663513 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx @@ -8,11 +8,11 @@ import { EuiIconTip } from '@elastic/eui'; import React from 'react'; +import { SecuredFeature } from '@kbn/security-role-management-model'; +import { createFeature } from '@kbn/security-role-management-model-mocks'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { FeatureTableCell } from './feature_table_cell'; -import { createFeature } from '../../../../__fixtures__/kibana_features'; -import { SecuredFeature } from '../../../../model'; describe('FeatureTableCell', () => { it('renders the feature name', () => { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts index 20c54fd2ea529..488d7a57e2efe 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts @@ -5,10 +5,10 @@ * 2.0. */ +import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; + import { PrivilegeFormCalculator } from './privilege_form_calculator'; import type { Role } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; const createRole = (kibana: Role['kibana'] = []): Role => { return { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx index 9f6aa8ed69ed9..ea60fe1d9ab34 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx @@ -9,6 +9,7 @@ import { act } from '@testing-library/react'; import React from 'react'; import { coreMock } from '@kbn/core/public/mocks'; +import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; @@ -16,8 +17,6 @@ import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSummary } from './privilege_summary'; import { PrivilegeSummaryTable } from './privilege_summary_table'; import type { RoleKibanaPrivilege } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; const createRole = (roleKibanaPrivileges: RoleKibanaPrivilege[]) => ({ name: 'some-role', diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts index b0418eac51c62..d2eb2584f73b5 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts @@ -5,10 +5,10 @@ * 2.0. */ +import type { Role } from '@kbn/security-plugin-types-common'; +import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; + import { PrivilegeSummaryCalculator } from './privilege_summary_calculator'; -import type { Role } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; const createRole = (kibana: Role['kibana'] = []): Role => { return { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx index b76ac9f1a1fc8..adca9f8114172 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx @@ -9,6 +9,8 @@ import { act } from '@testing-library/react'; import React from 'react'; import { coreMock } from '@kbn/core/public/mocks'; +import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; import { mountWithIntl } from '@kbn/test-jest-helpers'; @@ -16,9 +18,6 @@ import { mountWithIntl } from '@kbn/test-jest-helpers'; import { getDisplayedFeaturePrivileges } from './__fixtures__'; import type { PrivilegeSummaryTableProps } from './privilege_summary_table'; import { PrivilegeSummaryTable } from './privilege_summary_table'; -import type { RoleKibanaPrivilege } from '../../../../../../../common'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; const createRole = (roleKibanaPrivileges: RoleKibanaPrivilege[]) => ({ name: 'some-role', diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx index 6c633d6513692..36df984fb52b1 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx @@ -8,14 +8,17 @@ import { EuiButtonGroup } from '@elastic/eui'; import React from 'react'; +import { + createFeature, + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model-mocks'; import type { Space } from '@kbn/spaces-plugin/public'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSpaceForm } from './privilege_space_form'; import { SpaceSelector } from './space_selector'; import type { Role } from '../../../../../../../common'; -import { createFeature, kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { FeatureTable } from '../feature_table'; import { getDisplayedFeaturePrivileges } from '../feature_table/__fixtures__'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx index 56fe843cceded..04d55c2989603 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx @@ -10,12 +10,12 @@ import type { ReactWrapper } from 'enzyme'; import React from 'react'; import { KibanaFeature } from '@kbn/features-plugin/public'; +import type { Role, RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; +import { createKibanaPrivileges } from '@kbn/security-role-management-model-mocks'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeDisplay } from './privilege_display'; import { PrivilegeSpaceTable } from './privilege_space_table'; -import type { Role, RoleKibanaPrivilege } from '../../../../../../../common'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { PrivilegeFormCalculator } from '../privilege_form_calculator'; interface TableRow { diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx index 3c2df19eb20db..78ceaeb5235bb 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx @@ -7,13 +7,12 @@ import React from 'react'; +import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; import { mountWithIntl, shallowWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSpaceForm } from './privilege_space_form'; import { PrivilegeSpaceTable } from './privilege_space_table'; import { SpaceAwarePrivilegeSection } from './space_aware_privilege_section'; -import { kibanaFeatures } from '../../../../__fixtures__/kibana_features'; -import { createKibanaPrivileges } from '../../../../__fixtures__/kibana_privileges'; import { RoleValidator } from '../../../validate_role'; import { PrivilegeSummary } from '../privilege_summary'; diff --git a/yarn.lock b/yarn.lock index 27827bf1e18df..42a9386014c6c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6300,6 +6300,10 @@ version "0.0.0" uid "" +"@kbn/security-role-management-model-mocks@link:x-pack/packages/security/role_management_model_mocks": + version "0.0.0" + uid "" + "@kbn/security-role-management-model@link:x-pack/packages/security/role_management_model": version "0.0.0" uid "" From bd2690e6954956c2e953a3564cddd57193eaa41f Mon Sep 17 00:00:00 2001 From: Eyo Okon Eyo Date: Wed, 7 Aug 2024 02:02:55 +0200 Subject: [PATCH 4/8] lint fixes --- x-pack/packages/security/authorization_core/tsconfig.json | 7 ++++--- .../packages/security/role_management_model/tsconfig.json | 7 +++---- x-pack/plugins/security/tsconfig.json | 5 ++++- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/x-pack/packages/security/authorization_core/tsconfig.json b/x-pack/packages/security/authorization_core/tsconfig.json index b996feb63c749..b167b6b4ae475 100644 --- a/x-pack/packages/security/authorization_core/tsconfig.json +++ b/x-pack/packages/security/authorization_core/tsconfig.json @@ -8,9 +8,10 @@ "exclude": ["target/**/*"], "kbn_references": [ "@kbn/core", - "@kbn/i18n", - "@kbn/i18n-react", "@kbn/features-plugin", - "@kbn/security-plugin-types-common" + "@kbn/security-plugin-types-common", + "@kbn/security-plugin-types-server", + "@kbn/licensing-plugin", + "@kbn/spaces-plugin" ] } diff --git a/x-pack/packages/security/role_management_model/tsconfig.json b/x-pack/packages/security/role_management_model/tsconfig.json index b996feb63c749..efc6e409b857f 100644 --- a/x-pack/packages/security/role_management_model/tsconfig.json +++ b/x-pack/packages/security/role_management_model/tsconfig.json @@ -7,10 +7,9 @@ "include": ["**/*.ts", "**/*.tsx"], "exclude": ["target/**/*"], "kbn_references": [ - "@kbn/core", - "@kbn/i18n", - "@kbn/i18n-react", "@kbn/features-plugin", - "@kbn/security-plugin-types-common" + "@kbn/security-plugin-types-common", + "@kbn/security-authorization-core", + "@kbn/security-role-management-model-mocks" ] } diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index 10c1ada6ede15..f3425409eed39 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -83,7 +83,10 @@ "@kbn/core-user-profile-browser", "@kbn/security-api-key-management", "@kbn/security-form-components", - "@kbn/core-security-server-mocks" + "@kbn/core-security-server-mocks", + "@kbn/security-authorization-core", + "@kbn/security-role-management-model", + "@kbn/security-role-management-model-mocks" ], "exclude": [ "target/**/*", From 5b7c1c22070fbb74e47aa6d6847e279226fe4588 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 7 Aug 2024 10:21:40 +0000 Subject: [PATCH 5/8] [CI] Auto-commit changed files from 'node scripts/generate codeowners' --- .github/CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index ba352582bd651..d0626887c175c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -747,12 +747,15 @@ packages/kbn-search-types @elastic/kibana-data-discovery x-pack/plugins/searchprofiler @elastic/kibana-management x-pack/test/security_api_integration/packages/helpers @elastic/kibana-security x-pack/packages/security/api_key_management @elastic/kibana-security +x-pack/packages/security/authorization_core @elastic/kibana-security x-pack/packages/security/form_components @elastic/kibana-security packages/kbn-security-hardening @elastic/kibana-security x-pack/plugins/security @elastic/kibana-security x-pack/packages/security/plugin_types_common @elastic/kibana-security x-pack/packages/security/plugin_types_public @elastic/kibana-security x-pack/packages/security/plugin_types_server @elastic/kibana-security +x-pack/packages/security/role_management_model @elastic/kibana-security +x-pack/packages/security/role_management_model_mocks @elastic/kibana-security x-pack/packages/security-solution/distribution_bar @elastic/kibana-cloud-security-posture x-pack/plugins/security_solution_ess @elastic/security-solution x-pack/packages/security-solution/features @elastic/security-threat-hunting-explore From fe318fccfe13b341d88874219f9369fd02ccf20f Mon Sep 17 00:00:00 2001 From: Eyo Okon Eyo Date: Thu, 8 Aug 2024 23:38:40 +0200 Subject: [PATCH 6/8] consolidate changes into one package to resolve pertinent cyclic dependency issue --- .github/CODEOWNERS | 1 - package.json | 1 - tsconfig.base.json | 2 -- .../src/__fixtures__}/index.ts | 4 ++-- .../src/__fixtures__}/kibana_features.ts | 0 .../src/__fixtures__}/kibana_privileges.ts | 3 +-- .../src/kibana_privileges.test.ts | 5 +---- .../security/role_management_model/tsconfig.json | 3 ++- .../role_management_model_mocks/README.md | 3 --- .../role_management_model_mocks/kibana.jsonc | 5 ----- .../role_management_model_mocks/package.json | 6 ------ .../role_management_model_mocks/tsconfig.json | 16 ---------------- .../roles/edit_role/edit_role_page.test.tsx | 2 +- .../kibana/feature_table/feature_table.test.tsx | 2 +- .../feature_table_expanded_row.test.tsx | 5 ++++- .../feature_table/sub_feature_form.test.tsx | 5 ++++- .../feature_table_cell.test.tsx | 2 +- .../privilege_form_calculator.test.ts | 5 ++++- .../privilege_summary/privilege_summary.test.tsx | 5 ++++- .../privilege_summary_calculator.test.ts | 5 ++++- .../privilege_summary_table.test.tsx | 5 ++++- .../privilege_space_form.test.tsx | 2 +- .../privilege_space_table.test.tsx | 2 +- .../space_aware_privilege_section.test.tsx | 5 ++++- x-pack/plugins/security/tsconfig.json | 1 - yarn.lock | 4 ---- 26 files changed, 39 insertions(+), 60 deletions(-) rename x-pack/packages/security/{role_management_model_mocks => role_management_model/src/__fixtures__}/index.ts (76%) rename x-pack/packages/security/{role_management_model_mocks/src => role_management_model/src/__fixtures__}/kibana_features.ts (100%) rename x-pack/packages/security/{role_management_model_mocks/src => role_management_model/src/__fixtures__}/kibana_privileges.ts (96%) delete mode 100644 x-pack/packages/security/role_management_model_mocks/README.md delete mode 100644 x-pack/packages/security/role_management_model_mocks/kibana.jsonc delete mode 100644 x-pack/packages/security/role_management_model_mocks/package.json delete mode 100644 x-pack/packages/security/role_management_model_mocks/tsconfig.json diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index d0626887c175c..b0c110f5b25c5 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -755,7 +755,6 @@ x-pack/packages/security/plugin_types_common @elastic/kibana-security x-pack/packages/security/plugin_types_public @elastic/kibana-security x-pack/packages/security/plugin_types_server @elastic/kibana-security x-pack/packages/security/role_management_model @elastic/kibana-security -x-pack/packages/security/role_management_model_mocks @elastic/kibana-security x-pack/packages/security-solution/distribution_bar @elastic/kibana-cloud-security-posture x-pack/plugins/security_solution_ess @elastic/security-solution x-pack/packages/security-solution/features @elastic/security-threat-hunting-explore diff --git a/package.json b/package.json index 0eaa12f6652a0..3f9f30545325f 100644 --- a/package.json +++ b/package.json @@ -1423,7 +1423,6 @@ "@kbn/repo-source-classifier": "link:packages/kbn-repo-source-classifier", "@kbn/repo-source-classifier-cli": "link:packages/kbn-repo-source-classifier-cli", "@kbn/security-api-integration-helpers": "link:x-pack/test/security_api_integration/packages/helpers", - "@kbn/security-role-management-model-mocks": "link:x-pack/packages/security/role_management_model_mocks", "@kbn/serverless-storybook-config": "link:packages/serverless/storybook/config", "@kbn/some-dev-log": "link:packages/kbn-some-dev-log", "@kbn/sort-package-json": "link:packages/kbn-sort-package-json", diff --git a/tsconfig.base.json b/tsconfig.base.json index fd96ac6aec018..aeb8080d2ed81 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1504,8 +1504,6 @@ "@kbn/security-plugin-types-server/*": ["x-pack/packages/security/plugin_types_server/*"], "@kbn/security-role-management-model": ["x-pack/packages/security/role_management_model"], "@kbn/security-role-management-model/*": ["x-pack/packages/security/role_management_model/*"], - "@kbn/security-role-management-model-mocks": ["x-pack/packages/security/role_management_model_mocks"], - "@kbn/security-role-management-model-mocks/*": ["x-pack/packages/security/role_management_model_mocks/*"], "@kbn/security-solution-distribution-bar": ["x-pack/packages/security-solution/distribution_bar"], "@kbn/security-solution-distribution-bar/*": ["x-pack/packages/security-solution/distribution_bar/*"], "@kbn/security-solution-ess": ["x-pack/plugins/security_solution_ess"], diff --git a/x-pack/packages/security/role_management_model_mocks/index.ts b/x-pack/packages/security/role_management_model/src/__fixtures__/index.ts similarity index 76% rename from x-pack/packages/security/role_management_model_mocks/index.ts rename to x-pack/packages/security/role_management_model/src/__fixtures__/index.ts index 886fc3ea0e691..32f8d17be94b2 100644 --- a/x-pack/packages/security/role_management_model_mocks/index.ts +++ b/x-pack/packages/security/role_management_model/src/__fixtures__/index.ts @@ -5,5 +5,5 @@ * 2.0. */ -export { createFeature, kibanaFeatures } from './src/kibana_features'; -export { createKibanaPrivileges, createRawKibanaPrivileges } from './src/kibana_privileges'; +export { createFeature, kibanaFeatures } from './kibana_features'; +export { createKibanaPrivileges, createRawKibanaPrivileges } from './kibana_privileges'; diff --git a/x-pack/packages/security/role_management_model_mocks/src/kibana_features.ts b/x-pack/packages/security/role_management_model/src/__fixtures__/kibana_features.ts similarity index 100% rename from x-pack/packages/security/role_management_model_mocks/src/kibana_features.ts rename to x-pack/packages/security/role_management_model/src/__fixtures__/kibana_features.ts diff --git a/x-pack/packages/security/role_management_model_mocks/src/kibana_privileges.ts b/x-pack/packages/security/role_management_model/src/__fixtures__/kibana_privileges.ts similarity index 96% rename from x-pack/packages/security/role_management_model_mocks/src/kibana_privileges.ts rename to x-pack/packages/security/role_management_model/src/__fixtures__/kibana_privileges.ts index 8a79b27af2ae7..2dc5078038033 100644 --- a/x-pack/packages/security/role_management_model_mocks/src/kibana_privileges.ts +++ b/x-pack/packages/security/role_management_model/src/__fixtures__/kibana_privileges.ts @@ -13,9 +13,8 @@ import { } from '@kbn/features-plugin/server/feature_privilege_iterator'; import type { LicenseType } from '@kbn/licensing-plugin/server'; import type { SecurityLicenseFeatures } from '@kbn/security-plugin-types-common'; -import { KibanaPrivileges } from '@kbn/security-role-management-model'; - import { Actions, privilegesFactory } from '@kbn/security-authorization-core'; +import { KibanaPrivileges } from '../kibana_privileges'; const featuresPluginService = (): jest.Mocked => { return { diff --git a/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts b/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts index 4e902270b6b86..6102c853db51b 100644 --- a/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts +++ b/x-pack/packages/security/role_management_model/src/kibana_privileges.test.ts @@ -8,10 +8,7 @@ import { KibanaPrivilege } from './kibana_privilege'; import { KibanaPrivileges, isGlobalPrivilegeDefinition } from './kibana_privileges'; import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; -import { - createRawKibanaPrivileges, - kibanaFeatures, -} from '@kbn/security-role-management-model-mocks'; +import { createRawKibanaPrivileges, kibanaFeatures } from './__fixtures__'; describe('kibana_privilege', () => { describe('isGlobalPrivilegeDefinition', () => { diff --git a/x-pack/packages/security/role_management_model/tsconfig.json b/x-pack/packages/security/role_management_model/tsconfig.json index efc6e409b857f..b6d0485117970 100644 --- a/x-pack/packages/security/role_management_model/tsconfig.json +++ b/x-pack/packages/security/role_management_model/tsconfig.json @@ -10,6 +10,7 @@ "@kbn/features-plugin", "@kbn/security-plugin-types-common", "@kbn/security-authorization-core", - "@kbn/security-role-management-model-mocks" + "@kbn/security-role-management-model", + "@kbn/licensing-plugin", ] } diff --git a/x-pack/packages/security/role_management_model_mocks/README.md b/x-pack/packages/security/role_management_model_mocks/README.md deleted file mode 100644 index 699a3689fc7be..0000000000000 --- a/x-pack/packages/security/role_management_model_mocks/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# @kbn/security-role-management-mocks - -Contains business logic for RBAC administration within Kibana. diff --git a/x-pack/packages/security/role_management_model_mocks/kibana.jsonc b/x-pack/packages/security/role_management_model_mocks/kibana.jsonc deleted file mode 100644 index db0569e65b588..0000000000000 --- a/x-pack/packages/security/role_management_model_mocks/kibana.jsonc +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "test-helper", - "id": "@kbn/security-role-management-model-mocks", - "owner": "@elastic/kibana-security" -} diff --git a/x-pack/packages/security/role_management_model_mocks/package.json b/x-pack/packages/security/role_management_model_mocks/package.json deleted file mode 100644 index 5f355dcb22dd9..0000000000000 --- a/x-pack/packages/security/role_management_model_mocks/package.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "@kbn/security-role-management-model-mocks", - "private": true, - "version": "1.0.0", - "license": "Elastic License 2.0" -} diff --git a/x-pack/packages/security/role_management_model_mocks/tsconfig.json b/x-pack/packages/security/role_management_model_mocks/tsconfig.json deleted file mode 100644 index 9bdd341e9b623..0000000000000 --- a/x-pack/packages/security/role_management_model_mocks/tsconfig.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "extends": "../../../../tsconfig.base.json", - "compilerOptions": { - "outDir": "target/types", - "types": ["jest", "node", "react"] - }, - "include": ["**/*.ts", "**/*.tsx"], - "exclude": ["target/**/*"], - "kbn_references": [ - "@kbn/features-plugin", - "@kbn/security-plugin-types-common", - "@kbn/licensing-plugin", - "@kbn/security-role-management-model", - "@kbn/security-authorization-core" - ] -} diff --git a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx index 4e7513bb4f93a..9a9abab064fa8 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/edit_role_page.test.tsx @@ -19,7 +19,7 @@ import { dataViewPluginMocks } from '@kbn/data-views-plugin/public/mocks'; import { KibanaFeature } from '@kbn/features-plugin/public'; import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; import { REMOTE_CLUSTERS_PATH } from '@kbn/remote-clusters-plugin/public'; -import { createRawKibanaPrivileges } from '@kbn/security-role-management-model-mocks'; +import { createRawKibanaPrivileges } from '@kbn/security-role-management-model/src/__fixtures__'; import type { Space } from '@kbn/spaces-plugin/public'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx index 5a206496a1c81..5a43e7931d474 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table.test.tsx @@ -13,7 +13,7 @@ import { createFeature, createKibanaPrivileges, kibanaFeatures, -} from '@kbn/security-role-management-model-mocks'; +} from '@kbn/security-role-management-model/src/__fixtures__'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { getDisplayedFeaturePrivileges } from './__fixtures__'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx index ed5a6f4c840d6..92a33136c7678 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/feature_table_expanded_row.test.tsx @@ -8,7 +8,10 @@ import { act } from '@testing-library/react'; import React from 'react'; -import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { FeatureTableExpandedRow } from './feature_table_expanded_row'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx index 368720651b013..8f741f1d48f9d 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table/sub_feature_form.test.tsx @@ -12,7 +12,10 @@ import React from 'react'; import { KibanaFeature } from '@kbn/features-plugin/public'; import type { Role } from '@kbn/security-plugin-types-common'; import { SecuredSubFeature } from '@kbn/security-role-management-model'; -import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { SubFeatureForm } from './sub_feature_form'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx index bfe95fb663513..0c1eac9a70d4e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/feature_table_cell/feature_table_cell.test.tsx @@ -9,7 +9,7 @@ import { EuiIconTip } from '@elastic/eui'; import React from 'react'; import { SecuredFeature } from '@kbn/security-role-management-model'; -import { createFeature } from '@kbn/security-role-management-model-mocks'; +import { createFeature } from '@kbn/security-role-management-model/src/__fixtures__'; import { mountWithIntl } from '@kbn/test-jest-helpers'; import { FeatureTableCell } from './feature_table_cell'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts index 488d7a57e2efe..b47501e08f376 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_form_calculator/privilege_form_calculator.test.ts @@ -5,7 +5,10 @@ * 2.0. */ -import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { PrivilegeFormCalculator } from './privilege_form_calculator'; import type { Role } from '../../../../../../../common'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx index ea60fe1d9ab34..f42a95693b87b 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary.test.tsx @@ -9,7 +9,10 @@ import { act } from '@testing-library/react'; import React from 'react'; import { coreMock } from '@kbn/core/public/mocks'; -import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts index d2eb2584f73b5..13269dffa5e8c 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_calculator.test.ts @@ -6,7 +6,10 @@ */ import type { Role } from '@kbn/security-plugin-types-common'; -import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { PrivilegeSummaryCalculator } from './privilege_summary_calculator'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx index adca9f8114172..e1ca5300ee9f7 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/privilege_summary/privilege_summary_table.test.tsx @@ -10,7 +10,10 @@ import React from 'react'; import { coreMock } from '@kbn/core/public/mocks'; import type { RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; -import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { spacesManagerMock } from '@kbn/spaces-plugin/public/spaces_manager/mocks'; import { getUiApi } from '@kbn/spaces-plugin/public/ui_api'; import { mountWithIntl } from '@kbn/test-jest-helpers'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx index 36df984fb52b1..7d9d6d015c03e 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_form.test.tsx @@ -12,7 +12,7 @@ import { createFeature, createKibanaPrivileges, kibanaFeatures, -} from '@kbn/security-role-management-model-mocks'; +} from '@kbn/security-role-management-model/src/__fixtures__'; import type { Space } from '@kbn/spaces-plugin/public'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx index 04d55c2989603..316419f479426 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/privilege_space_table.test.tsx @@ -11,7 +11,7 @@ import React from 'react'; import { KibanaFeature } from '@kbn/features-plugin/public'; import type { Role, RoleKibanaPrivilege } from '@kbn/security-plugin-types-common'; -import { createKibanaPrivileges } from '@kbn/security-role-management-model-mocks'; +import { createKibanaPrivileges } from '@kbn/security-role-management-model/src/__fixtures__'; import { findTestSubject, mountWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeDisplay } from './privilege_display'; diff --git a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx index 78ceaeb5235bb..b25a474bc06aa 100644 --- a/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx +++ b/x-pack/plugins/security/public/management/roles/edit_role/privileges/kibana/space_aware_privilege_section/space_aware_privilege_section.test.tsx @@ -7,7 +7,10 @@ import React from 'react'; -import { createKibanaPrivileges, kibanaFeatures } from '@kbn/security-role-management-model-mocks'; +import { + createKibanaPrivileges, + kibanaFeatures, +} from '@kbn/security-role-management-model/src/__fixtures__'; import { mountWithIntl, shallowWithIntl } from '@kbn/test-jest-helpers'; import { PrivilegeSpaceForm } from './privilege_space_form'; diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index f3425409eed39..8e3f38833248d 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -86,7 +86,6 @@ "@kbn/core-security-server-mocks", "@kbn/security-authorization-core", "@kbn/security-role-management-model", - "@kbn/security-role-management-model-mocks" ], "exclude": [ "target/**/*", diff --git a/yarn.lock b/yarn.lock index 42a9386014c6c..27827bf1e18df 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6300,10 +6300,6 @@ version "0.0.0" uid "" -"@kbn/security-role-management-model-mocks@link:x-pack/packages/security/role_management_model_mocks": - version "0.0.0" - uid "" - "@kbn/security-role-management-model@link:x-pack/packages/security/role_management_model": version "0.0.0" uid "" From e5c049d01b39d9b39a11a8af1db7969981538664 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 12 Aug 2024 08:19:02 +0000 Subject: [PATCH 7/8] [CI] Auto-commit changed files from 'node scripts/lint_ts_projects --fix' --- x-pack/packages/security/role_management_model/tsconfig.json | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/packages/security/role_management_model/tsconfig.json b/x-pack/packages/security/role_management_model/tsconfig.json index b6d0485117970..f18ed64fae713 100644 --- a/x-pack/packages/security/role_management_model/tsconfig.json +++ b/x-pack/packages/security/role_management_model/tsconfig.json @@ -10,7 +10,6 @@ "@kbn/features-plugin", "@kbn/security-plugin-types-common", "@kbn/security-authorization-core", - "@kbn/security-role-management-model", "@kbn/licensing-plugin", ] } From 42d457954ac45fe7cfff50b5aa7a055c04370233 Mon Sep 17 00:00:00 2001 From: Eyo Okon Eyo Date: Thu, 22 Aug 2024 12:10:42 +0200 Subject: [PATCH 8/8] remove unused unnecessary type definition --- .../authorization_core/src/spaces/service_type.ts | 10 ---------- .../packages/security/authorization_core/tsconfig.json | 1 - 2 files changed, 11 deletions(-) delete mode 100644 x-pack/packages/security/authorization_core/src/spaces/service_type.ts diff --git a/x-pack/packages/security/authorization_core/src/spaces/service_type.ts b/x-pack/packages/security/authorization_core/src/spaces/service_type.ts deleted file mode 100644 index 3aa985596e599..0000000000000 --- a/x-pack/packages/security/authorization_core/src/spaces/service_type.ts +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SpacesPluginSetup } from '@kbn/spaces-plugin/server'; - -export type SpacesService = SpacesPluginSetup['spacesService']; diff --git a/x-pack/packages/security/authorization_core/tsconfig.json b/x-pack/packages/security/authorization_core/tsconfig.json index b167b6b4ae475..03870180c12c5 100644 --- a/x-pack/packages/security/authorization_core/tsconfig.json +++ b/x-pack/packages/security/authorization_core/tsconfig.json @@ -12,6 +12,5 @@ "@kbn/security-plugin-types-common", "@kbn/security-plugin-types-server", "@kbn/licensing-plugin", - "@kbn/spaces-plugin" ] }