-
Notifications
You must be signed in to change notification settings - Fork 8.2k
/
plugin.ts
127 lines (111 loc) · 3.79 KB
/
plugin.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import { first } from 'rxjs/operators';
import {
ClusterClient,
CoreSetup,
KibanaRequest,
Logger,
PluginInitializerContext,
RecursiveReadonly,
} from '../../../../src/core/server';
import { deepFreeze } from '../../../../src/core/utils';
import { XPackInfo } from '../../../legacy/plugins/xpack_main/server/lib/xpack_info';
import { AuthenticatedUser } from '../common/model';
import { Authenticator, setupAuthentication } from './authentication';
import { createConfig$ } from './config';
import {
CreateAPIKeyParams,
CreateAPIKeyResult,
InvalidateAPIKeyParams,
InvalidateAPIKeyResult,
} from './authentication/api_keys';
/**
* Describes a set of APIs that is available in the legacy platform only and required by this plugin
* to function properly.
*/
export interface LegacyAPI {
xpackInfo: Pick<XPackInfo, 'isAvailable' | 'feature'>;
isSystemAPIRequest: (request: KibanaRequest) => boolean;
}
/**
* Describes public Security plugin contract returned at the `setup` stage.
*/
export interface PluginSetupContract {
authc: {
login: Authenticator['login'];
logout: Authenticator['logout'];
getCurrentUser: (request: KibanaRequest) => Promise<AuthenticatedUser | null>;
isAuthenticated: (request: KibanaRequest) => Promise<boolean>;
createAPIKey: (
request: KibanaRequest,
params: CreateAPIKeyParams
) => Promise<CreateAPIKeyResult | null>;
invalidateAPIKey: (
request: KibanaRequest,
params: InvalidateAPIKeyParams
) => Promise<InvalidateAPIKeyResult | null>;
};
config: RecursiveReadonly<{
sessionTimeout: number | null;
secureCookies: boolean;
authc: { providers: string[] };
}>;
registerLegacyAPI: (legacyAPI: LegacyAPI) => void;
}
/**
* Represents Security Plugin instance that will be managed by the Kibana plugin system.
*/
export class Plugin {
private readonly logger: Logger;
private clusterClient?: ClusterClient;
private legacyAPI?: LegacyAPI;
private readonly getLegacyAPI = () => {
if (!this.legacyAPI) {
throw new Error('Legacy API is not registered!');
}
return this.legacyAPI;
};
constructor(private readonly initializerContext: PluginInitializerContext) {
this.logger = this.initializerContext.logger.get();
}
public async setup(core: CoreSetup): Promise<RecursiveReadonly<PluginSetupContract>> {
const config = await createConfig$(this.initializerContext, core.http.isTlsEnabled)
.pipe(first())
.toPromise();
this.clusterClient = core.elasticsearch.createClient('security', {
plugins: [require('../../../legacy/server/lib/esjs_shield_plugin')],
});
return deepFreeze({
registerLegacyAPI: (legacyAPI: LegacyAPI) => (this.legacyAPI = legacyAPI),
authc: await setupAuthentication({
core,
config,
clusterClient: this.clusterClient,
loggers: this.initializerContext.logger,
getLegacyAPI: this.getLegacyAPI,
}),
// We should stop exposing this config as soon as only new platform plugin consumes it. The only
// exception may be `sessionTimeout` as other parts of the app may want to know it.
config: {
sessionTimeout: config.sessionTimeout,
secureCookies: config.secureCookies,
cookieName: config.cookieName,
authc: { providers: config.authc.providers },
},
});
}
public start() {
this.logger.debug('Starting plugin');
}
public stop() {
this.logger.debug('Stopping plugin');
if (this.clusterClient) {
this.clusterClient.close();
this.clusterClient = undefined;
}
}
}