Remove legacy API from route definition params, review nits

docs/development/core/server/kibana-plugin-server.cspconfig.default.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CspConfig](./kibana-plugin-server.cspconfig.md) &gt; [DEFAULT](./kibana-plugin-server.cspconfig.default.md)
+
+## CspConfig.DEFAULT property
+
+<b>Signature:</b>
+
+```typescript
+static readonly DEFAULT: CspConfig;
+```

docs/development/core/server/kibana-plugin-server.cspconfig.header.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CspConfig](./kibana-plugin-server.cspconfig.md) &gt; [header](./kibana-plugin-server.cspconfig.header.md)
+
+## CspConfig.header property
+
+<b>Signature:</b>
+
+```typescript
+readonly header: string;
+```

docs/development/core/server/kibana-plugin-server.cspconfig.md

@@ -0,0 +1,28 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CspConfig](./kibana-plugin-server.cspconfig.md)
+
+## CspConfig class
+
+CSP configuration for use in Kibana.
+
+<b>Signature:</b>
+
+```typescript
+export declare class CspConfig implements ICspConfig 
+```
+
+## Properties
+
+|  Property | Modifiers | Type | Description |
+|  --- | --- | --- | --- |
+|  [DEFAULT](./kibana-plugin-server.cspconfig.default.md) | <code>static</code> | <code>CspConfig</code> |  |
+|  [header](./kibana-plugin-server.cspconfig.header.md) |  | <code>string</code> |  |
+|  [rules](./kibana-plugin-server.cspconfig.rules.md) |  | <code>string[]</code> |  |
+|  [strict](./kibana-plugin-server.cspconfig.strict.md) |  | <code>boolean</code> |  |
+|  [warnLegacyBrowsers](./kibana-plugin-server.cspconfig.warnlegacybrowsers.md) |  | <code>boolean</code> |  |
+
+## Remarks
+
+The constructor for this class is marked as internal. Third-party code should not call the constructor directly or create subclasses that extend the `CspConfig` class.
+

docs/development/core/server/kibana-plugin-server.cspconfig.rules.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CspConfig](./kibana-plugin-server.cspconfig.md) &gt; [rules](./kibana-plugin-server.cspconfig.rules.md)
+
+## CspConfig.rules property
+
+<b>Signature:</b>
+
+```typescript
+readonly rules: string[];
+```

docs/development/core/server/kibana-plugin-server.cspconfig.strict.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CspConfig](./kibana-plugin-server.cspconfig.md) &gt; [strict](./kibana-plugin-server.cspconfig.strict.md)
+
+## CspConfig.strict property
+
+<b>Signature:</b>
+
+```typescript
+readonly strict: boolean;
+```

docs/development/core/server/kibana-plugin-server.cspconfig.warnlegacybrowsers.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [CspConfig](./kibana-plugin-server.cspconfig.md) &gt; [warnLegacyBrowsers](./kibana-plugin-server.cspconfig.warnlegacybrowsers.md)
+
+## CspConfig.warnLegacyBrowsers property
+
+<b>Signature:</b>
+
+```typescript
+readonly warnLegacyBrowsers: boolean;
+```

docs/development/core/server/kibana-plugin-server.icspconfig.header.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [ICspConfig](./kibana-plugin-server.icspconfig.md) &gt; [header](./kibana-plugin-server.icspconfig.header.md)
+
+## ICspConfig.header property
+
+The CSP rules in a formatted directives string for use in a `Content-Security-Policy` header.
+
+<b>Signature:</b>
+
+```typescript
+readonly header: string;
+```

docs/development/core/server/kibana-plugin-server.icspconfig.md

@@ -2,12 +2,22 @@
 
 [Home](./index.md) > [kibana-plugin-server](./kibana-plugin-server.md) > [ICspConfig](./kibana-plugin-server.icspconfig.md)
 
-## ICspConfig type
+## ICspConfig interface
 
 CSP configuration for use in Kibana.
 
 <b>Signature:</b>
 
 ```typescript
-export declare type ICspConfig = Pick<CspConfig, keyof CspConfig>;
+export interface ICspConfig 
 ```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [header](./kibana-plugin-server.icspconfig.header.md) | <code>string</code> | The CSP rules in a formatted directives string for use in a <code>Content-Security-Policy</code> header. |
+|  [rules](./kibana-plugin-server.icspconfig.rules.md) | <code>string[]</code> | The CSP rules used for Kibana. |
+|  [strict](./kibana-plugin-server.icspconfig.strict.md) | <code>boolean</code> | Specify whether browsers that do not support CSP should be able to use Kibana. Use <code>true</code> to block and <code>false</code> to allow. |
+|  [warnLegacyBrowsers](./kibana-plugin-server.icspconfig.warnlegacybrowsers.md) | <code>boolean</code> | Specify whether users with legacy browsers should be warned about their lack of Kibana security compliance. |
+

docs/development/core/server/kibana-plugin-server.icspconfig.rules.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [ICspConfig](./kibana-plugin-server.icspconfig.md) &gt; [rules](./kibana-plugin-server.icspconfig.rules.md)
+
+## ICspConfig.rules property
+
+The CSP rules used for Kibana.
+
+<b>Signature:</b>
+
+```typescript
+readonly rules: string[];
+```

docs/development/core/server/kibana-plugin-server.icspconfig.strict.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [ICspConfig](./kibana-plugin-server.icspconfig.md) &gt; [strict](./kibana-plugin-server.icspconfig.strict.md)
+
+## ICspConfig.strict property
+
+Specify whether browsers that do not support CSP should be able to use Kibana. Use `true` to block and `false` to allow.
+
+<b>Signature:</b>
+
+```typescript
+readonly strict: boolean;
+```

docs/development/core/server/kibana-plugin-server.icspconfig.warnlegacybrowsers.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [ICspConfig](./kibana-plugin-server.icspconfig.md) &gt; [warnLegacyBrowsers](./kibana-plugin-server.icspconfig.warnlegacybrowsers.md)
+
+## ICspConfig.warnLegacyBrowsers property
+
+Specify whether users with legacy browsers should be warned about their lack of Kibana security compliance.
+
+<b>Signature:</b>
+
+```typescript
+readonly warnLegacyBrowsers: boolean;
+```

docs/development/core/server/kibana-plugin-server.md

@@ -18,6 +18,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  --- | --- |
 |  [BasePath](./kibana-plugin-server.basepath.md) | Access or manipulate the Kibana base path |
 |  [ClusterClient](./kibana-plugin-server.clusterclient.md) | Represents an Elasticsearch cluster API client and allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via <code>asScoped(...)</code>).<!-- -->See [ClusterClient](./kibana-plugin-server.clusterclient.md)<!-- -->. |
+|  [CspConfig](./kibana-plugin-server.cspconfig.md) | CSP configuration for use in Kibana. |
 |  [ElasticsearchErrorHelpers](./kibana-plugin-server.elasticsearcherrorhelpers.md) | Helpers for working with errors returned from the Elasticsearch service.Since the internal data of errors are subject to change, consumers of the Elasticsearch service should always use these helpers to classify errors instead of checking error internals such as <code>body.error.header[WWW-Authenticate]</code> |
 |  [KibanaRequest](./kibana-plugin-server.kibanarequest.md) | Kibana specific abstraction for an incoming request. |
 |  [SavedObjectsClient](./kibana-plugin-server.savedobjectsclient.md) |  |
@@ -64,6 +65,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [HttpServiceSetup](./kibana-plugin-server.httpservicesetup.md) | Kibana HTTP Service provides own abstraction for work with HTTP stack. Plugins don't have direct access to <code>hapi</code> server and its primitives anymore. Moreover, plugins shouldn't rely on the fact that HTTP Service uses one or another library under the hood. This gives the platform flexibility to upgrade or changing our internal HTTP stack without breaking plugins. If the HTTP Service lacks functionality you need, we are happy to discuss and support your needs. |
 |  [HttpServiceStart](./kibana-plugin-server.httpservicestart.md) |  |
 |  [IContextContainer](./kibana-plugin-server.icontextcontainer.md) | An object that handles registration of context providers and configuring handlers with context. |
+|  [ICspConfig](./kibana-plugin-server.icspconfig.md) | CSP configuration for use in Kibana. |
 |  [IKibanaResponse](./kibana-plugin-server.ikibanaresponse.md) | A response data object, expected to returned as a result of [RequestHandler](./kibana-plugin-server.requesthandler.md) execution |
 |  [IKibanaSocket](./kibana-plugin-server.ikibanasocket.md) | A tiny abstraction for TCP socket. |
 |  [IndexSettingsDeprecationInfo](./kibana-plugin-server.indexsettingsdeprecationinfo.md) |  |
@@ -168,7 +170,6 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [IBasePath](./kibana-plugin-server.ibasepath.md) | Access or manipulate the Kibana base path[BasePath](./kibana-plugin-server.basepath.md) |
 |  [IClusterClient](./kibana-plugin-server.iclusterclient.md) | Represents an Elasticsearch cluster API client and allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via <code>asScoped(...)</code>).<!-- -->See [ClusterClient](./kibana-plugin-server.clusterclient.md)<!-- -->. |
 |  [IContextProvider](./kibana-plugin-server.icontextprovider.md) | A function that returns a context value for a specific key of given context type. |
-|  [ICspConfig](./kibana-plugin-server.icspconfig.md) | CSP configuration for use in Kibana. |
 |  [IsAuthenticated](./kibana-plugin-server.isauthenticated.md) | Return authentication status for a request. |
 |  [ISavedObjectsRepository](./kibana-plugin-server.isavedobjectsrepository.md) | See [SavedObjectsRepository](./kibana-plugin-server.savedobjectsrepository.md) |
 |  [IScopedClusterClient](./kibana-plugin-server.iscopedclusterclient.md) | Serves the same purpose as "normal" <code>ClusterClient</code> but exposes additional <code>callAsCurrentUser</code> method that doesn't use credentials of the Kibana internal user (as <code>callAsInternalUser</code> does) to request Elasticsearch API, but rather passes HTTP headers extracted from the current user request to the API.<!-- -->See [ScopedClusterClient](./kibana-plugin-server.scopedclusterclient.md)<!-- -->. |

src/core/server/csp/csp_config.ts

@@ -22,43 +22,49 @@ import { CspConfigType, config } from './config';
 const DEFAULT_CONFIG = Object.freeze(config.schema.validate({}));
 
 /**
- * CSP configuration for use in Kibana.
+ * Csp configuration for use in Kibana.
  * @public
  */
-export type ICspConfig = Pick<CspConfig, keyof CspConfig>;
-
-/**
- * CSP configuration for use in Kibana.
- * @internal
- */
-export class CspConfig {
-  static readonly DEFAULT = new CspConfig();
-
+export interface ICspConfig {
   /**
    * The CSP rules used for Kibana.
    */
-  public readonly rules: string[];
+  readonly rules: string[];
 
   /**
    * Specify whether browsers that do not support CSP should be
    * able to use Kibana. Use `true` to block and `false` to allow.
    */
-  public readonly strict: boolean;
+  readonly strict: boolean;
 
   /**
    * Specify whether users with legacy browsers should be warned
    * about their lack of Kibana security compliance.
    */
-  public readonly warnLegacyBrowsers: boolean;
+  readonly warnLegacyBrowsers: boolean;
 
   /**
    * The CSP rules in a formatted directives string for use
    * in a `Content-Security-Policy` header.
    */
+  readonly header: string;
+}
+
+/**
+ * CSP configuration for use in Kibana.
+ * @public
+ */
+export class CspConfig implements ICspConfig {
+  static readonly DEFAULT = new CspConfig();
+
+  public readonly rules: string[];
+  public readonly strict: boolean;
+  public readonly warnLegacyBrowsers: boolean;
   public readonly header: string;
 
   /**
    * Returns the default CSP configuration when passed with no config
+   * @internal
    */
   constructor(rawCspConfig: Partial<CspConfigType> = {}) {
     const source = { ...DEFAULT_CONFIG, ...rawCspConfig };

src/core/server/server.api.md

@@ -574,15 +574,21 @@ export interface CoreStart {
     savedObjects: SavedObjectsServiceStart;
 }
 
-// @internal
-export class CspConfig {
+// @public
+export class CspConfig implements ICspConfig {
     // Warning: (ae-forgotten-export) The symbol "CspConfigType" needs to be exported by the entry point index.d.ts
+    // 
+    // @internal
     constructor(rawCspConfig?: Partial<CspConfigType>);
     // (undocumented)
     static readonly DEFAULT: CspConfig;
+    // (undocumented)
     readonly header: string;
+    // (undocumented)
     readonly rules: string[];
+    // (undocumented)
     readonly strict: boolean;
+    // (undocumented)
     readonly warnLegacyBrowsers: boolean;
 }
 
@@ -754,10 +760,13 @@ export interface IContextContainer<THandler extends HandlerFunction<any>> {
 // @public
 export type IContextProvider<THandler extends HandlerFunction<any>, TContextName extends keyof HandlerContextType<THandler>> = (context: Partial<HandlerContextType<THandler>>, ...rest: HandlerParameters<THandler>) => Promise<HandlerContextType<THandler>[TContextName]> | HandlerContextType<THandler>[TContextName];
 
-// Warning: (ae-incompatible-release-tags) The symbol "ICspConfig" is marked as @public, but its signature references "CspConfig" which is marked as @internal
-// 
 // @public
-export type ICspConfig = Pick<CspConfig, keyof CspConfig>;
+export interface ICspConfig {
+    readonly header: string;
+    readonly rules: string[];
+    readonly strict: boolean;
+    readonly warnLegacyBrowsers: boolean;
+}
 
 // @public
 export interface IKibanaResponse<T extends HttpResponsePayload | ResponseError = any> {

x-pack/legacy/plugins/security/index.js

@@ -126,7 +126,6 @@ export const security = (kibana) => new kibana.Plugin({
       isSystemAPIRequest: server.plugins.kibana.systemApi.isSystemApiRequest.bind(
         server.plugins.kibana.systemApi
       ),
-      cspRules: server.newPlatform.setup.core.http.csp.header,
     });
 
     // Legacy xPack Info endpoint returns whatever we return in a callback for `registerLicenseCheckResultsGenerator`

x-pack/plugins/security/server/plugin.ts

@@ -43,7 +43,6 @@ export type FeaturesService = Pick<FeaturesSetupContract, 'getFeatures'>;
  */
 export interface LegacyAPI {
   isSystemAPIRequest: (request: KibanaRequest) => boolean;
-  cspRules: string;
   savedObjects: SavedObjectsLegacyService<KibanaRequest | LegacyRequest>;
   auditLogger: {
     log: (eventType: string, message: string, data?: Record<string, unknown>) => void;
@@ -168,7 +167,7 @@ export class Plugin {
       config,
       authc,
       authz,
-      getLegacyAPI: this.getLegacyAPI,
+      csp: core.http.csp,
     });
 
     const adminClient = await core.elasticsearch.adminClient$.pipe(first()).toPromise();

x-pack/plugins/security/server/routes/authentication/basic.test.ts

@@ -15,7 +15,6 @@ import {
 import { LICENSE_CHECK_STATE } from '../../../../licensing/server';
 import { Authentication, AuthenticationResult } from '../../authentication';
 import { ConfigType } from '../../config';
-import { LegacyAPI } from '../../plugin';
 import { defineBasicRoutes } from './basic';
 
 import {
@@ -50,7 +49,7 @@ describe('Basic authentication routes', () => {
       config: { authc: { providers: ['saml'] } } as ConfigType,
       authc,
       authz: authorizationMock.create(),
-      getLegacyAPI: () => ({ cspRules: 'test-csp-rule' } as LegacyAPI),
+      csp: httpServiceMock.createSetupContract().csp,
     });
   });
 

x-pack/plugins/security/server/routes/authentication/common.test.ts

@@ -15,7 +15,6 @@ import {
 import { LICENSE_CHECK_STATE } from '../../../../licensing/server';
 import { Authentication, DeauthenticationResult } from '../../authentication';
 import { ConfigType } from '../../config';
-import { LegacyAPI } from '../../plugin';
 import { defineCommonRoutes } from './common';
 
 import {
@@ -50,7 +49,7 @@ describe('Common authentication routes', () => {
       config: { authc: { providers: ['saml'] } } as ConfigType,
       authc,
       authz: authorizationMock.create(),
-      getLegacyAPI: () => ({ cspRules: 'test-csp-rule' } as LegacyAPI),
+      csp: httpServiceMock.createSetupContract().csp,
     });
   });
 

x-pack/plugins/security/server/routes/authentication/index.test.ts

@@ -27,7 +27,7 @@ describe('Authentication routes', () => {
       config: { authc: { providers: ['basic'] } } as ConfigType,
       authc: authenticationMock.create(),
       authz: authorizationMock.create(),
-      getLegacyAPI: () => ({ cspRules: 'test-csp-rule' }),
+      csp: httpServiceMock.createSetupContract().csp,
     });
 
     const samlRoutePathPredicate = ([{ path }]: [{ path: string }, any]) =>

x-pack/plugins/security/server/routes/authentication/index.ts

@@ -11,13 +11,13 @@ import { defineCommonRoutes } from './common';
 import { defineOIDCRoutes } from './oidc';
 import { RouteDefinitionParams } from '..';
 
-export function createCustomResourceResponse(body: string, contentType: string, cspRules: string) {
+export function createCustomResourceResponse(body: string, contentType: string, cspHeader: string) {
   return {
     body,
     headers: {
       'content-type': contentType,
       'cache-control': 'private, no-cache, no-store',
-      'content-security-policy': cspRules,
+      'content-security-policy': cspHeader,
     },
     statusCode: 200,
   };