Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial PR for new security kibana plugin #162

Merged
merged 22 commits into from
Apr 9, 2020

Conversation

zengyan-amazon
Copy link
Member

@zengyan-amazon zengyan-amazon commented Apr 2, 2020

a preview PR for security Kibana plugin.

This plugin is developed based on Kibana new plugin platform .

This version includes:

  • plugin configuration parsing
  • most security plugin APIs
  • http basic authentication support
  • skeleton of browser app

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

server/routes/index.ts Outdated Show resolved Hide resolved
server/routes/index.ts Outdated Show resolved Hide resolved
server/plugin.ts Outdated Show resolved Hide resolved
@zengyan-amazon zengyan-amazon requested a review from tianleh April 2, 2020 17:39
Copy link
Member

@seraphjiang seraphjiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as initial PR, thanks

'/bundles/app/security-customerror/bootstrap.js',
'/',
'/app/login',
'/app/opendistro_login',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need 2 login endpoints?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

those are for my local testing, will remove them

@zengyan-amazon zengyan-amazon merged commit fc24a53 into opensearch-project:dev Apr 9, 2020
import { SecurityPluginConfigType } from "../../..";
import { SecuritySessionCookie } from "../../../session/security_cookie";
import { CoreSetup } from "../../../../../../src/core/server";
import _ from 'lodash';

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we import members we leverage from lodash instead of loading all functions ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

switched to only import specific function from lodash

@@ -0,0 +1,115 @@
/*

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

np: Would be good to have file name and class name to be same to relate.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am trying to follow Kibana's convention here, they use underscore for file names and CamelCase for type names

* permissions and limitations under the License.
*/

export class User {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we intend to have more into this, just trying to understand why can't we leverage type and interface Do we need this instance to have more method in future ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed to type instead of class

npm-debug.log*
node_modules
/build/
/public/app.css

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure we want to remove this from git ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know how it get added to .gitignore, in fact we don't have that file, removed it from .gitignore

@@ -0,0 +1,9 @@
{
"id": "security",

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is different between this id and PLUGIN_ID mentioned inside common/index.ts d

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! it doesn't matter much, but better to make it consistent, changed it to opendistroSecurity in kibana.json

},
async (context, request, response) => {
try {
const alternativeHeaders = this.config.basicauth.alternative_login.headers;

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will there be a case where one of the member could be null in this.config.basicauth.alternative_login.headers

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

get() functions are not available to config types, use optional chaining instead:
const alternativeHeaders = this.config.basicauth?.alternative_login?.headers || [];

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to ensure it is available with TS transformation / latest node version. this works. When I mentioned get function I meant lodash.get function. But if optional chain works with the version we use, it should be godo.

try {
const alternativeHeaders = this.config.basicauth.alternative_login.headers;
if (alternativeHeaders && alternativeHeaders.length) {
let requestHeaders = Object.keys(request.headers).map(header => header.toLowerCase());

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

np: Could just create object instead of an array to simplify finding in next line.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the tip. we decided to move the login page rendering to browser side, so I removed this route handler. Will try to adopt this approach in future cases

}
}

private _handleAuthResponse(request: KibanaRequest, authResponse: AuthResponse, additionalAuthHeaders: any = {}) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

np: can we remove _ prefix as the method is private.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed prefix '-'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants