Add lint rule to prevent server code being imported into client #52447
Conversation
|
Didn't get this rule quite right, but now that I have some failures I can play around with it. Will circle back next week. |
|
Fixes #49053 btw |
joshdover
force-pushed
the
np/server-client-imports
branch
4 times, most recently
from
9800f40
to
ab87325
Compare
joshdover
added
Feature:New Platform
release_note:skip
|
Pinging @elastic/kibana-platform (Team:Platform) |
| @@ -31,7 +31,7 @@ import { | |||
| import { AuthenticationResult } from './authentication_result'; | |||
| import { DeauthenticationResult } from './deauthentication_result'; | |||
| import { Tokens } from './tokens'; | |||
| import { SessionInfo } from '../../public/types'; | |||
| import { SessionInfo } from '../../public'; | |||
There was a problem hiding this comment.
FWIW, I like the changes you made. Did the lint rule require these changes?
There was a problem hiding this comment.
Yes it does. If you don't want this to be part of the public contract, we can move this up into a shared types file that only security can import from.
There was a problem hiding this comment.
BTW shouldn't we ban public code to be imported from server as well? I'm concern about cases when a plugin accesses browser specific API and can throw on the server side
There was a problem hiding this comment.
I'm not against that, was just focusing this change on fixing the Webpack bundling problems. It looks like there are more violations of this pattern, let me see about doing that change in a separate PR.
joshdover
force-pushed
the
np/server-client-imports
branch
from
ab87325
to
a0f830f
Compare
There was a problem hiding this comment.
Shall we also add rules that:
/src/plugins/*/server/**/*should not be able to import from/src/plugins/*/public/**/*/src/plugins/*/public/**/*should not be able to import from/src/plugins/*/server/**/*/src/plugins/*/common/**/*should not be able to import from server, nor public
joshdover
force-pushed
the
np/server-client-imports
branch
from
a0f830f
to
2a10c37
Compare
As mentioned above, I will do this in a separate change as there are more things to fix here and this is less urgent.
Both of these are already covered in this PR. Nothing may import from |
|
I see, thanks, every time I get confused by |
|
Is this only for NP plugins? It seems useful for many. Anecdotally, I've done this twice in the last few months in an x-pack/legacy plugin and would love some protection from myself :) Just curious, nothing to hold up this PR. |
|
Added a rule to cover legacy plugins as well. There are a lot more violations here, some of which were trivial to fix, others which are not. For the more complex ones I have added eslint-ignore lines. These should be cleaned up when migrating to the New Platform. |
joshdover
force-pushed
the
np/server-client-imports
branch
2 times, most recently
from
a5394fc
to
f25494d
Compare
joshdover
force-pushed
the
np/server-client-imports
branch
from
f25494d
to
a9816d5
Compare
There was a problem hiding this comment.
@streamich comments aside, the changes to @elastic/kibana-app-arch files are LGTM
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
|
Opened #53021 to track adding a lint rule to forbid importing in the other direction (client code -> server code) |
Summary
Fixes #49053
This adds new configurations for the
no-restricted-pathseslint rule to prevent:server/directory.commondirectories often used by plugins. Necessary to ensure that modules containing shared code do not import anything that should be exclusively used on the server.ui/*oruiExports/*into New Platform plugins.Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.For maintainers