Migrate the rest of the API endpoints to the New Platform plugin

docs/user/security/authentication/index.asciidoc

@@ -163,7 +163,7 @@ required by {kib}. If you want to use Third Party initiated SSO , then you must
 +
 [source,yaml]
 --------------------------------------------------------------------------------
-server.xsrf.whitelist: [/api/security/v1/oidc]
+server.xsrf.whitelist: [/api/security/oidc/initiate_login]
 --------------------------------------------------------------------------------
 
 [float]

test/common/services/security/user.ts

@@ -38,7 +38,7 @@ export class User {
   public async create(username: string, user: any) {
     this.log.debug(`creating user ${username}`);
     const { data, status, statusText } = await this.axios.post(
-      `/api/security/v1/users/${username}`,
+      `/internal/security/users/${username}`,
       {
         username,
         ...user,
@@ -55,7 +55,7 @@ export class User {
   public async delete(username: string) {
     this.log.debug(`deleting user ${username}`);
     const { data, status, statusText } = await this.axios.delete(
-      `/api/security/v1/users/${username}`
+      `/internal/security/users/${username}`
     );
     if (status !== 204) {
       throw new Error(

x-pack/legacy/plugins/apm/scripts/kibana-security/setup-custom-kibana-user-role.ts

@@ -183,7 +183,7 @@ async function createOrUpdateUser(newUser: User) {
 async function createUser(newUser: User) {
   const user = await callKibana<User>({
     method: 'POST',
-    url: `/api/security/v1/users/${newUser.username}`,
+    url: `/internal/security/users/${newUser.username}`,
     data: {
       ...newUser,
       enabled: true,
@@ -209,7 +209,7 @@ async function updateUser(existingUser: User, newUser: User) {
   // assign role to user
   await callKibana({
     method: 'POST',
-    url: `/api/security/v1/users/${username}`,
+    url: `/internal/security/users/${username}`,
     data: { ...existingUser, roles: allRoles }
   });
 
@@ -219,7 +219,7 @@ async function updateUser(existingUser: User, newUser: User) {
 async function getUser(username: string) {
   try {
     return await callKibana<User>({
-      url: `/api/security/v1/users/${username}`
+      url: `/internal/security/users/${username}`
     });
   } catch (e) {
     const err = e as AxiosError;

x-pack/legacy/plugins/security/common/model/index.ts → x-pack/legacy/plugins/security/common/model.ts

@@ -4,8 +4,9 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export { ApiKey } from './api_key';
 export {
+  ApiKey,
+  ApiKeyToInvalidate,
   AuthenticatedUser,
   BuiltinESPrivileges,
   EditUser,
@@ -19,4 +20,4 @@ export {
   User,
   canUserChangePassword,
   getUserDisplayName,
-} from '../../../../../plugins/security/common/model';
+} from '../../../../plugins/security/common/model';

x-pack/legacy/plugins/security/index.js

@@ -5,10 +5,6 @@
  */
 
 import { resolve } from 'path';
-import { initAuthenticateApi } from './server/routes/api/v1/authenticate';
-import { initUsersApi } from './server/routes/api/v1/users';
-import { initApiKeysApi } from './server/routes/api/v1/api_keys';
-import { initIndicesApi } from './server/routes/api/v1/indices';
 import { initOverwrittenSessionView } from './server/routes/views/overwritten_session';
 import { initLoginView } from './server/routes/views/login';
 import { initLogoutView } from './server/routes/views/logout';
@@ -34,7 +30,7 @@ export const security = (kibana) => new kibana.Plugin({
         lifespan: Joi.any().description('This key is handled in the new platform security plugin ONLY'),
       }).default(),
       secureCookies: Joi.any().description('This key is handled in the new platform security plugin ONLY'),
-      loginAssistanceMessage: Joi.string().default(),
+      loginAssistanceMessage: Joi.any().description('This key is handled in the new platform security plugin ONLY'),
       authorization: Joi.object({
         legacyFallback: Joi.object({
           enabled: Joi.boolean().default(true) // deprecated
@@ -145,10 +141,6 @@ export const security = (kibana) => new kibana.Plugin({
 
     server.expose({ getUser: request => securityPlugin.authc.getCurrentUser(KibanaRequest.from(request)) });
 
-    initAuthenticateApi(securityPlugin, server);
-    initUsersApi(securityPlugin, server);
-    initApiKeysApi(server);
-    initIndicesApi(server);
     initLoginView(securityPlugin, server);
     initLogoutView(server);
     initLoggedOutView(securityPlugin, server);

x-pack/legacy/plugins/security/public/hacks/on_unauthorized_response.js

@@ -11,8 +11,8 @@ import 'plugins/security/services/auto_logout';
 
 function isUnauthorizedResponseAllowed(response) {
   const API_WHITELIST = [
-    '/api/security/v1/login',
-    '/api/security/v1/users/.*/password'
+    '/internal/security/login',
+    '/internal/security/users/.*/password'
   ];
 
   const url = response.config.url;

x-pack/legacy/plugins/security/public/lib/api.ts

@@ -7,12 +7,12 @@
 import { kfetch } from 'ui/kfetch';
 import { AuthenticatedUser, Role, User, EditUser } from '../../common/model';
 
-const usersUrl = '/api/security/v1/users';
+const usersUrl = '/internal/security/users';
 const rolesUrl = '/api/security/role';
 
 export class UserAPIClient {
   public async getCurrentUser(): Promise<AuthenticatedUser> {
-    return await kfetch({ pathname: `/api/security/v1/me` });
+    return await kfetch({ pathname: `/internal/security/me` });
   }
 
   public async getUsers(): Promise<User[]> {

x-pack/legacy/plugins/security/public/lib/api_keys_api.ts

@@ -5,8 +5,7 @@
  */
 
 import { kfetch } from 'ui/kfetch';
-import { ApiKey, ApiKeyToInvalidate } from '../../common/model/api_key';
-import { INTERNAL_API_BASE_PATH } from '../../common/constants';
+import { ApiKey, ApiKeyToInvalidate } from '../../common/model';
 
 interface CheckPrivilegesResponse {
   areApiKeysEnabled: boolean;
@@ -22,7 +21,7 @@ interface GetApiKeysResponse {
   apiKeys: ApiKey[];
 }
 
-const apiKeysUrl = `${INTERNAL_API_BASE_PATH}/api_key`;
+const apiKeysUrl = `/internal/security/api_key`;
 
 export class ApiKeysApi {
   public static async checkPrivileges(): Promise<CheckPrivilegesResponse> {

x-pack/legacy/plugins/security/public/objects/lib/get_fields.ts

@@ -6,7 +6,7 @@
 import { IHttpResponse } from 'angular';
 import chrome from 'ui/chrome';
 
-const apiBase = chrome.addBasePath(`/api/security/v1/fields`);
+const apiBase = chrome.addBasePath(`/internal/security/fields`);
 
 export async function getFields($http: any, query: string): Promise<string[]> {
   return await $http

x-pack/legacy/plugins/security/public/services/shield_indices.js

@@ -10,7 +10,7 @@ const module = uiModules.get('security', []);
 module.service('shieldIndices', ($http, chrome) => {
   return {
     getFields: (query) => {
-      return $http.get(chrome.addBasePath(`/api/security/v1/fields/${query}`))
+      return $http.get(chrome.addBasePath(`/internal/security/fields/${query}`))
         .then(response => response.data);
     }
   };

x-pack/legacy/plugins/security/public/services/shield_user.js

@@ -10,7 +10,7 @@ import { uiModules } from 'ui/modules';
 
 const module = uiModules.get('security', ['ngResource']);
 module.service('ShieldUser', ($resource, chrome) => {
-  const baseUrl = chrome.addBasePath('/api/security/v1/users/:username');
+  const baseUrl = chrome.addBasePath('/internal/security/users/:username');
   const ShieldUser = $resource(baseUrl, {
     username: '@username'
   }, {
@@ -21,7 +21,7 @@ module.service('ShieldUser', ($resource, chrome) => {
     },
     getCurrent: {
       method: 'GET',
-      url: chrome.addBasePath('/api/security/v1/me')
+      url: chrome.addBasePath('/internal/security/me')
     }
   });
 

x-pack/legacy/plugins/security/public/views/login/components/basic_login_form/basic_login_form.tsx

@@ -190,7 +190,7 @@ class BasicLoginFormUI extends Component<Props, State> {
 
     const { username, password } = this.state;
 
-    http.post('./api/security/v1/login', { username, password }).then(
+    http.post('./internal/security/login', { username, password }).then(
       () => (window.location.href = next),
       (error: any) => {
         const { statusCode = 500 } = error.data || {};

x-pack/legacy/plugins/security/public/views/logout/logout.js

@@ -12,5 +12,5 @@ chrome
     $window.sessionStorage.clear();
 
     // Redirect user to the server logout endpoint to complete logout.
-    $window.location.href = chrome.addBasePath(`/api/security/v1/logout${$window.location.search}`);
+    $window.location.href = chrome.addBasePath(`/api/security/logout${$window.location.search}`);
   });

x-pack/legacy/plugins/security/public/views/management/api_keys_grid/components/api_keys_grid_page.tsx

@@ -29,7 +29,7 @@ import _ from 'lodash';
 import { toastNotifications } from 'ui/notify';
 // eslint-disable-next-line @kbn/eslint/no-restricted-paths
 import { SectionLoading } from '../../../../../../../../../src/plugins/es_ui_shared/public/components/section_loading';
-import { ApiKey, ApiKeyToInvalidate } from '../../../../../common/model/api_key';
+import { ApiKey, ApiKeyToInvalidate } from '../../../../../common/model';
 import { ApiKeysApi } from '../../../../lib/api_keys_api';
 import { PermissionDenied } from './permission_denied';
 import { EmptyPrompt } from './empty_prompt';

x-pack/legacy/plugins/security/public/views/management/api_keys_grid/components/invalidate_provider/invalidate_provider.tsx

@@ -8,7 +8,7 @@ import React, { Fragment, useRef, useState } from 'react';
 import { EuiConfirmModal, EuiOverlayMask } from '@elastic/eui';
 import { toastNotifications } from 'ui/notify';
 import { i18n } from '@kbn/i18n';
-import { ApiKeyToInvalidate } from '../../../../../../common/model/api_key';
+import { ApiKeyToInvalidate } from '../../../../../../common/model';
 import { ApiKeysApi } from '../../../../../lib/api_keys_api';
 
 interface Props {