Merge branch 'master' into alerting-ui/data-apis

elastic · Mar 9, 2020 · a335115 · a335115
2 parents fbebcc8 + 8a4bb61
commit a335115
Show file tree

Hide file tree

Showing 251 changed files with 2,994 additions and 1,092 deletions.
diff --git a/docs/development/core/server/kibana-plugin-server.authnothandled.md b/docs/development/core/server/kibana-plugin-server.authnothandled.md
@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthNotHandled](./kibana-plugin-server.authnothandled.md)
+
+## AuthNotHandled interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthNotHandled 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [type](./kibana-plugin-server.authnothandled.type.md) | <code>AuthResultType.notHandled</code> |  |
+
diff --git a/docs/development/core/server/kibana-plugin-server.authnothandled.type.md b/docs/development/core/server/kibana-plugin-server.authnothandled.type.md
@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthNotHandled](./kibana-plugin-server.authnothandled.md) &gt; [type](./kibana-plugin-server.authnothandled.type.md)
+
+## AuthNotHandled.type property
+
+<b>Signature:</b>
+
+```typescript
+type: AuthResultType.notHandled;
+```
diff --git a/docs/development/core/server/kibana-plugin-server.authredirected.md b/docs/development/core/server/kibana-plugin-server.authredirected.md
@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirected](./kibana-plugin-server.authredirected.md)
+
+## AuthRedirected interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthRedirected extends AuthRedirectedParams 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [type](./kibana-plugin-server.authredirected.type.md) | <code>AuthResultType.redirected</code> |  |
+
diff --git a/docs/development/core/server/kibana-plugin-server.authredirected.type.md b/docs/development/core/server/kibana-plugin-server.authredirected.type.md
@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirected](./kibana-plugin-server.authredirected.md) &gt; [type](./kibana-plugin-server.authredirected.type.md)
+
+## AuthRedirected.type property
+
+<b>Signature:</b>
+
+```typescript
+type: AuthResultType.redirected;
+```
diff --git a/docs/development/core/server/kibana-plugin-server.authredirectedparams.headers.md b/docs/development/core/server/kibana-plugin-server.authredirectedparams.headers.md
@@ -0,0 +1,15 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md) &gt; [headers](./kibana-plugin-server.authredirectedparams.headers.md)
+
+## AuthRedirectedParams.headers property
+
+Headers to attach for auth redirect. Must include "location" header
+
+<b>Signature:</b>
+
+```typescript
+headers: {
+        location: string;
+    } & ResponseHeaders;
+```
diff --git a/docs/development/core/server/kibana-plugin-server.authredirectedparams.md b/docs/development/core/server/kibana-plugin-server.authredirectedparams.md
@@ -0,0 +1,20 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md)
+
+## AuthRedirectedParams interface
+
+Result of auth redirection.
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthRedirectedParams 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [headers](./kibana-plugin-server.authredirectedparams.headers.md) | <code>{</code><br/><code>        location: string;</code><br/><code>    } &amp; ResponseHeaders</code> | Headers to attach for auth redirect. Must include "location" header |
+
diff --git a/docs/development/core/server/kibana-plugin-server.authresult.md b/docs/development/core/server/kibana-plugin-server.authresult.md
@@ -8,5 +8,5 @@
 <b>Signature:</b>
 
 ```typescript
-export declare type AuthResult = Authenticated;
+export declare type AuthResult = Authenticated | AuthNotHandled | AuthRedirected;
 ```
diff --git a/docs/development/core/server/kibana-plugin-server.authresultparams.md b/docs/development/core/server/kibana-plugin-server.authresultparams.md
@@ -4,7 +4,7 @@
 
 ## AuthResultParams interface
 
-Result of an incoming request authentication.
+Result of successful authentication.
 
 <b>Signature:</b>
 

diff --git a/docs/development/core/server/kibana-plugin-server.authresulttype.md b/docs/development/core/server/kibana-plugin-server.authresulttype.md
@@ -16,4 +16,6 @@ export declare enum AuthResultType
 |  Member | Value | Description |
 |  --- | --- | --- |
 |  authenticated | <code>&quot;authenticated&quot;</code> |  |
+|  notHandled | <code>&quot;notHandled&quot;</code> |  |
+|  redirected | <code>&quot;redirected&quot;</code> |  |
 
diff --git a/docs/development/core/server/kibana-plugin-server.authtoolkit.md b/docs/development/core/server/kibana-plugin-server.authtoolkit.md
@@ -17,4 +17,6 @@ export interface AuthToolkit
 |  Property | Type | Description |
 |  --- | --- | --- |
 |  [authenticated](./kibana-plugin-server.authtoolkit.authenticated.md) | <code>(data?: AuthResultParams) =&gt; AuthResult</code> | Authentication is successful with given credentials, allow request to pass through |
+|  [notHandled](./kibana-plugin-server.authtoolkit.nothandled.md) | <code>() =&gt; AuthResult</code> | User has no credentials. Allows user to access a resource when authRequired: 'optional' Rejects a request when authRequired: true |
+|  [redirected](./kibana-plugin-server.authtoolkit.redirected.md) | <code>(headers: {</code><br/><code>        location: string;</code><br/><code>    } &amp; ResponseHeaders) =&gt; AuthResult</code> | Redirect user to IdP when authRequired: true Allows user to access a resource without redirection when authRequired: 'optional' |
 
diff --git a/docs/development/core/server/kibana-plugin-server.authtoolkit.nothandled.md b/docs/development/core/server/kibana-plugin-server.authtoolkit.nothandled.md
@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthToolkit](./kibana-plugin-server.authtoolkit.md) &gt; [notHandled](./kibana-plugin-server.authtoolkit.nothandled.md)
+
+## AuthToolkit.notHandled property
+
+User has no credentials. Allows user to access a resource when authRequired: 'optional' Rejects a request when authRequired: true
+
+<b>Signature:</b>
+
+```typescript
+notHandled: () => AuthResult;
+```
diff --git a/docs/development/core/server/kibana-plugin-server.authtoolkit.redirected.md b/docs/development/core/server/kibana-plugin-server.authtoolkit.redirected.md
@@ -0,0 +1,15 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthToolkit](./kibana-plugin-server.authtoolkit.md) &gt; [redirected](./kibana-plugin-server.authtoolkit.redirected.md)
+
+## AuthToolkit.redirected property
+
+Redirect user to IdP when authRequired: true Allows user to access a resource without redirection when authRequired: 'optional'
+
+<b>Signature:</b>
+
+```typescript
+redirected: (headers: {
+        location: string;
+    } & ResponseHeaders) => AuthResult;
+```
diff --git a/docs/development/core/server/kibana-plugin-server.kibanarequest.auth.md b/docs/development/core/server/kibana-plugin-server.kibanarequest.auth.md
@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [KibanaRequest](./kibana-plugin-server.kibanarequest.md) &gt; [auth](./kibana-plugin-server.kibanarequest.auth.md)
+
+## KibanaRequest.auth property
+
+<b>Signature:</b>
+
+```typescript
+readonly auth: {
+        isAuthenticated: boolean;
+    };
+```
diff --git a/docs/development/core/server/kibana-plugin-server.kibanarequest.md b/docs/development/core/server/kibana-plugin-server.kibanarequest.md
@@ -22,6 +22,7 @@ export declare class KibanaRequest<Params = unknown, Query = unknown, Body = unk
 
 |  Property | Modifiers | Type | Description |
 |  --- | --- | --- | --- |
+|  [auth](./kibana-plugin-server.kibanarequest.auth.md) |  | <code>{</code><br/><code>        isAuthenticated: boolean;</code><br/><code>    }</code> |  |
 |  [body](./kibana-plugin-server.kibanarequest.body.md) |  | <code>Body</code> |  |
 |  [events](./kibana-plugin-server.kibanarequest.events.md) |  | <code>KibanaRequestEvents</code> | Request events [KibanaRequestEvents](./kibana-plugin-server.kibanarequestevents.md) |
 |  [headers](./kibana-plugin-server.kibanarequest.headers.md) |  | <code>Headers</code> | Readonly copy of incoming request headers. |

diff --git a/docs/development/core/server/kibana-plugin-server.md b/docs/development/core/server/kibana-plugin-server.md
@@ -53,7 +53,10 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [AssistanceAPIResponse](./kibana-plugin-server.assistanceapiresponse.md) |  |
 |  [AssistantAPIClientParams](./kibana-plugin-server.assistantapiclientparams.md) |  |
 |  [Authenticated](./kibana-plugin-server.authenticated.md) |  |
-|  [AuthResultParams](./kibana-plugin-server.authresultparams.md) | Result of an incoming request authentication. |
+|  [AuthNotHandled](./kibana-plugin-server.authnothandled.md) |  |
+|  [AuthRedirected](./kibana-plugin-server.authredirected.md) |  |
+|  [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md) | Result of auth redirection. |
+|  [AuthResultParams](./kibana-plugin-server.authresultparams.md) | Result of successful authentication. |
 |  [AuthToolkit](./kibana-plugin-server.authtoolkit.md) | A tool set defining an outcome of Auth interceptor for incoming request. |
 |  [CallAPIOptions](./kibana-plugin-server.callapioptions.md) | The set of options that defines how API call should be made and result be processed. |
 |  [Capabilities](./kibana-plugin-server.capabilities.md) | The read-only set of capabilities available for the current UI session. Capabilities are simple key-value pairs of (string, boolean), where the string denotes the capability ID, and the boolean is a flag indicating if the capability is enabled or disabled. |

diff --git a/...development/core/server/kibana-plugin-server.routeconfigoptions.authrequired.md b/...development/core/server/kibana-plugin-server.routeconfigoptions.authrequired.md
@@ -4,12 +4,12 @@
 
 ## RouteConfigOptions.authRequired property
 
-A flag shows that authentication for a route: `enabled` when true `disabled` when false
+Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource if has valid credentials or no credentials at all. Can be useful when we grant access to a resource but want to identify a user if possible.
 
-Enabled by default.
+Defaults to `true` if an auth mechanism is registered.
 
 <b>Signature:</b>
 
 ```typescript
-authRequired?: boolean;
+authRequired?: boolean | 'optional';
 ```
diff --git a/docs/development/core/server/kibana-plugin-server.routeconfigoptions.md b/docs/development/core/server/kibana-plugin-server.routeconfigoptions.md
@@ -16,7 +16,7 @@ export interface RouteConfigOptions<Method extends RouteMethod>
 
 |  Property | Type | Description |
 |  --- | --- | --- |
-|  [authRequired](./kibana-plugin-server.routeconfigoptions.authrequired.md) | <code>boolean</code> | A flag shows that authentication for a route: <code>enabled</code> when true <code>disabled</code> when false<!-- -->Enabled by default. |
+|  [authRequired](./kibana-plugin-server.routeconfigoptions.authrequired.md) | <code>boolean &#124; 'optional'</code> | Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource if has valid credentials or no credentials at all. Can be useful when we grant access to a resource but want to identify a user if possible.<!-- -->Defaults to <code>true</code> if an auth mechanism is registered. |
 |  [body](./kibana-plugin-server.routeconfigoptions.body.md) | <code>Method extends 'get' &#124; 'options' ? undefined : RouteConfigOptionsBody</code> | Additional body options [RouteConfigOptionsBody](./kibana-plugin-server.routeconfigoptionsbody.md)<!-- -->. |
 |  [tags](./kibana-plugin-server.routeconfigoptions.tags.md) | <code>readonly string[]</code> | Additional metadata tag strings to attach to the route. |
 |  [xsrfRequired](./kibana-plugin-server.routeconfigoptions.xsrfrequired.md) | <code>Method extends 'get' ? never : boolean</code> | Defines xsrf protection requirements for a route: - true. Requires an incoming POST/PUT/DELETE request to contain <code>kbn-xsrf</code> header. - false. Disables xsrf protection.<!-- -->Set to true by default |

diff --git a/src/core/MIGRATION.md b/src/core/MIGRATION.md
@@ -1178,10 +1178,10 @@ import { setup, start } from '../core_plugins/visualizations/public/legacy';
 | `ui/index_patterns`                               | `data.indexPatterns`                                         | still in progress                                                                                                                    |
 | `ui/registry/field_formats`                       | `data.fieldFormats`                                          |                                                                                                                                      |
 | `ui/registry/feature_catalogue`                   | `home.featureCatalogue.register`                             | Must add `home` as a dependency in your kibana.json.                                                                                 |
-| `ui/registry/vis_types`                           | `visualizations.types`                                       | --                                                                                                                                   |
-| `ui/vis`                                          | `visualizations.types`                                       | --                                                                                                                                   |
+| `ui/registry/vis_types`                           | `visualizations`                                       | --                                                                                                                                   |
+| `ui/vis`                                          | `visualizations`                                       | --                                                                                                                                   |
 | `ui/share`                                        | `share`                                                      | `showShareContextMenu` is now called `toggleShareContextMenu`, `ShareContextMenuExtensionsRegistryProvider` is now called `register` |
-| `ui/vis/vis_factory`                              | `visualizations.types`                                       | --                                                                                                                                   |
+| `ui/vis/vis_factory`                              | `visualizations`                                       | --                                                                                                                                   |
 | `ui/vis/vis_filters`                              | `visualizations.filters`                                     | --                                                                                                                                   |
 | `ui/utils/parse_es_interval`                      | `import { parseEsInterval } from '../data/public'`           | `parseEsInterval`, `ParsedInterval`, `InvalidEsCalendarIntervalError`, `InvalidEsIntervalFormatError` items were moved to the `Data Plugin` as a static code |
 

diff --git a/src/core/public/application/capabilities/capabilities_service.tsx b/src/core/public/application/capabilities/capabilities_service.tsx
@@ -37,8 +37,7 @@ export interface CapabilitiesStart {
  */
 export class CapabilitiesService {
   public async start({ appIds, http }: StartDeps): Promise<CapabilitiesStart> {
-    const route = http.anonymousPaths.isAnonymous(window.location.pathname) ? '/defaults' : '';
-    const capabilities = await http.post<Capabilities>(`/api/core/capabilities${route}`, {
+    const capabilities = await http.post<Capabilities>('/api/core/capabilities', {
       body: JSON.stringify({ applications: appIds }),
     });
 

diff --git a/src/core/server/capabilities/capabilities_service.test.ts b/src/core/server/capabilities/capabilities_service.test.ts
@@ -41,8 +41,8 @@ describe('CapabilitiesService', () => {
     });
 
     it('registers the capabilities routes', async () => {
-      expect(http.createRouter).toHaveBeenCalledWith('/api/core/capabilities');
-      expect(router.post).toHaveBeenCalledTimes(2);
+      expect(http.createRouter).toHaveBeenCalledWith('');
+      expect(router.post).toHaveBeenCalledTimes(1);
       expect(router.post).toHaveBeenCalledWith(expect.any(Object), expect.any(Function));
     });
 

diff --git a/src/core/server/capabilities/routes/index.ts b/src/core/server/capabilities/routes/index.ts
@@ -22,6 +22,6 @@ import { InternalHttpServiceSetup } from '../../http';
 import { registerCapabilitiesRoutes } from './resolve_capabilities';
 
 export function registerRoutes(http: InternalHttpServiceSetup, resolver: CapabilitiesResolver) {
-  const router = http.createRouter('/api/core/capabilities');
+  const router = http.createRouter('');
   registerCapabilitiesRoutes(router, resolver);
 }
diff --git a/src/core/server/capabilities/routes/resolve_capabilities.ts b/src/core/server/capabilities/routes/resolve_capabilities.ts
@@ -22,30 +22,24 @@ import { IRouter } from '../../http';
 import { CapabilitiesResolver } from '../resolve_capabilities';
 
 export function registerCapabilitiesRoutes(router: IRouter, resolver: CapabilitiesResolver) {
-  // Capabilities are fetched on both authenticated and anonymous routes.
-  // However when `authRequired` is false, authentication is not performed
-  // and only default capabilities are returned (all disabled), even for authenticated users.
-  // So we need two endpoints to handle both scenarios.
-  [true, false].forEach(authRequired => {
-    router.post(
-      {
-        path: authRequired ? '' : '/defaults',
-        options: {
-          authRequired,
-        },
-        validate: {
-          body: schema.object({
-            applications: schema.arrayOf(schema.string()),
-          }),
-        },
+  router.post(
+    {
+      path: '/api/core/capabilities',
+      options: {
+        authRequired: 'optional',
       },
-      async (ctx, req, res) => {
-        const { applications } = req.body;
-        const capabilities = await resolver(req, applications);
-        return res.ok({
-          body: capabilities,
-        });
-      }
-    );
-  });
+      validate: {
+        body: schema.object({
+          applications: schema.arrayOf(schema.string()),
+        }),
+      },
+    },
+    async (ctx, req, res) => {
+      const { applications } = req.body;
+      const capabilities = await resolver(req, applications);
+      return res.ok({
+        body: capabilities,
+      });
+    }
+  );
 }
diff --git a/src/core/server/http/http_server.mocks.ts b/src/core/server/http/http_server.mocks.ts
@@ -36,6 +36,7 @@ import { OnPostAuthToolkit } from './lifecycle/on_post_auth';
 import { OnPreAuthToolkit } from './lifecycle/on_pre_auth';
 
 interface RequestFixtureOptions<P = any, Q = any, B = any> {
+  auth?: { isAuthenticated: boolean };
   headers?: Record<string, string>;
   params?: Record<string, any>;
   body?: Record<string, any>;
@@ -65,11 +66,13 @@ function createKibanaRequestMock<P = any, Q = any, B = any>({
   routeAuthRequired,
   validation = {},
   kibanaRouteState = { xsrfRequired: true },
+  auth = { isAuthenticated: true },
 }: RequestFixtureOptions<P, Q, B> = {}) {
   const queryString = stringify(query, { sort: false });
 
   return KibanaRequest.from<P, Q, B>(
     createRawRequestMock({
+      auth,
       headers,
       params,
       query,
@@ -113,6 +116,9 @@ function createRawRequestMock(customization: DeepPartial<Request> = {}) {
     {},
     {
       app: { xsrfRequired: true } as any,
+      auth: {
+        isAuthenticated: true,
+      },
       headers: {},
       path: '/',
       route: { settings: {} },