-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve security server types #101661
Improve security server types #101661
Conversation
💚 Build SucceededMetrics [docs]Public APIs missing comments
Public APIs missing exports
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, thanks a lot! Just a few minor nits and questions.
export { SecurityLicense } from './licensing'; | ||
export { AuthenticatedUser } from './model'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: while you here ....
export { SecurityLicense } from './licensing'; | |
export { AuthenticatedUser } from './model'; | |
export type { SecurityLicense } from './licensing'; | |
export type { AuthenticatedUser } from './model'; |
@@ -51,7 +51,7 @@ interface AuthenticationServiceStartParams { | |||
loggers: LoggerFactory; | |||
} | |||
|
|||
export interface AuthenticationServiceStart { | |||
export interface AuthenticationServiceStartInternal extends AuthenticationServiceStart { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: I see Core uses Internal
as a prefix to internal contracts (e.g. InternalHttpServiceSetup
) and here we use it as a suffix. Do we have any convention for that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not that I am aware of, though I can change to prefix to be consistent.
/** | ||
* Actions are used to create the "actions" that are associated with Elasticsearch's | ||
* application privileges, and are used to perform the authorization checks implemented | ||
* by the various `checkPrivilegesWithRequest` derivatives |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
* by the various `checkPrivilegesWithRequest` derivatives | |
* by the various `checkPrivilegesWithRequest` derivatives. |
} from './authentication'; | ||
export type { CheckPrivilegesPayload } from './authorization'; | ||
export type AuthorizationServiceSetup = SecurityPluginStart['authz']; | ||
export { LegacyAuditLogger, AuditLogger, AuditEvent } from './audit'; | ||
export type { SecurityPluginSetup, SecurityPluginStart }; | ||
export type { AuthenticatedUser } from '../common/model'; | ||
export { ROUTE_TAG_CAN_REDIRECT } from './routes/tags'; | ||
export { AuditServiceSetup } from './audit'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
export { AuditServiceSetup } from './audit'; | |
export type { AuditServiceSetup } from './audit'; |
import type { AuthorizationServiceSetup } from './authorization'; | ||
import { AuthorizationService } from './authorization'; | ||
import type { AuthorizationServiceSetupInternal } from './authorization/authorization_service'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
import type { AuthorizationServiceSetup } from './authorization'; | |
import { AuthorizationService } from './authorization'; | |
import type { AuthorizationServiceSetupInternal } from './authorization/authorization_service'; | |
import type { AuthorizationServiceSetup, AuthorizationServiceSetupInternal } from './authorization'; | |
import { AuthorizationService } from './authorization'; |
import { AuthenticationResult } from '../../authentication'; | ||
import type { AuthenticationServiceStartInternal } from '../../authentication/authentication_service'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
import type { AuthenticationServiceStartInternal } from '../../authentication/authentication_service'; | |
import type { AuthenticationServiceStartInternal } from '../../authentication'; |
@@ -9,15 +9,15 @@ import type { CoreSetup, LegacyRequest } from 'src/core/server'; | |||
|
|||
import { KibanaRequest, SavedObjectsClient } from '../../../../../src/core/server'; | |||
import type { AuditServiceSetup, SecurityAuditLogger } from '../audit'; | |||
import type { AuthorizationServiceSetup } from '../authorization'; | |||
import type { AuthorizationServiceSetupInternal } from '../authorization/authorization_service'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
import type { AuthorizationServiceSetupInternal } from '../authorization/authorization_service'; | |
import type { AuthorizationServiceSetupInternal } from '../authorization'; |
@@ -74,23 +77,29 @@ export interface SecurityPluginSetup { | |||
/** | |||
* @deprecated Use `authz` methods from the `SecurityServiceStart` contract instead. | |||
*/ | |||
authz: Pick< |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: I definitely agree that it's much better to use dedicated interface here, but just out of curiosity - does Pick
not play well with the API docs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, missed that somehow, good to know, thanks!
Wow, didn't realize PR will be automatically merged after a single approval 😢 |
Guess I shouldn't put on auto-merge before a review. 😬 I'll throw up a new PR to address your comments, thanks for the review! |
* Remove RecursiveReadonly wrapper on public API items * Remove Pick and export some types that are part of the public API * Udpate api docs * Export API items that are part of the public API * Add extra comments * update api docs
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
* Remove RecursiveReadonly wrapper on public API items * Remove Pick and export some types that are part of the public API * Udpate api docs * Export API items that are part of the public API * Add extra comments * update api docs Co-authored-by: Stacey Gammon <[email protected]>
* master: clarify which parts of TM are experimental (elastic#101757) Add sh scripts with _bulk_action route usage examples (elastic#101736) [Uptime] Only register route in side nav if uptime show capability is true (elastic#101709) Use KIBANA_DOCS in doc link service (elastic#101667) [Alerting][Event log] Persisting duration information for active alerts in event log (elastic#101387) Address design issues in Discover/Graph (elastic#101584) Optimize performance for document table (elastic#101715) Change file data visualizer links to point to new location in home application (elastic#101393) [Fleet] Tighten policy permissions, take II (elastic#97366) [ML] Add debounce to the severity control update (elastic#101581) [Fleet] Fix routing issues with `getPath` and `history.push` (elastic#101658) [APM] Add link-to/transaction route (elastic#101731) [Index Patterns] Runtime fields CRUD REST API (elastic#101164) [ILM] Refactor types and fix missing aria labels (elastic#101518) [Lens] New summary row feature for datatable (elastic#101075) Blocks save event filter with a white space name (elastic#101599) Improve security server types (elastic#101661) [APM] Replace side nav with tabs on Settings page (elastic#101460) [APM] Only register items in side nav if user has permissions to see app (elastic#101707) [Security solution][Endpoint] Add back button when to the event filters list (elastic#101280)
RecursiveReadonly
wrapper to setup and start types.Before:
There were no setup or start types reported due to the
RecursiveResonly
wrapper.After: