### Review notes
This is generally ready for review. We are awaiting https://github.com/elastic/elasticsearch/issues/32777 to improve handling when users do not have any access to Kibana, but this should not hold up the overall review for this PR.
This PR is massive, there's no denying that. Here's what to focus on:
1) `x-pack/plugins/spaces`: This is, well, the Spaces plugin. Everything in here is brand new. The server code is arguably more important, but feel free to review whatever you see fit.
2) `x-pack/plugins/security`: There are large and significant changes here to allow Spaces to be securable. To save a bit of time, you are free to ignore changes in `x-pack/plugins/security/public`: These are the UI changes for the role management screen, which were previously reviewed by both us and the design team.
3) `x-pack/test/saved_object_api_integration` and `x-pack/test/spaces_api_integration`: These are the API test suites which verify functionality for:
a) Both security and spaces enabled
b) Only security enabled
c) Only spaces enabled
What to ignore:
1) As mentioned above, you are free to ignore changes in `x-pack/plugins/security/public`
2) Changes to `kibana/src/server/*`: These changes are part of a [different PR that we're targeting against master](https://github.com/elastic/kibana/pull/23378) for easier review.
## Saved Objects Client Extensions
A bulk of the changes to the saved objects service are in the namespaces PR, but we have a couple of important changes included here.
### Priority Queue for wrappers
We have implemented a priority queue which allows plugins to specify the order in which their SOC wrapper should be applied: `kibana/src/server/saved_objects/service/lib/priority_collection.ts`. We are leveraging this to ensure that both the security SOC wrapper and the spaces SOC wrapper are applied in the correct order (more details below).
### Spaces SOC Wrapper
This wrapper is very simple, and it is only responsible for two things:
1) Prevent users from interacting with any `space` objects (use the Spaces client instead, described below)
2) Provide a `namespace` to the underlying Saved Objects Client, and ensure that no other wrappers/callers have provided a namespace. In order to accomplish this, the Spaces wrapper uses the priority queue to ensure that it is the last wrapper invoked before calling the underlying client.
### Security SOC Wrapper
This wrapper is responsible for performing authorization checks. It uses the priority queue to ensure that it is the first wrapper invoked. To say another way, if the authorization checks fail, then no other wrappers will be called, and the base client will not be called either. This wrapper authorizes users in one of two ways: RBAC or Legacy. More details on this are below.
### Examples:
`GET /s/marketing/api/saved_objects/index-pattern/foo`
**When both Security and Spaces are enabled:**
1) Saved objects API retrieves an instance of the SOC via `savedObjects.getScopedClient()`, and invokes its `get` function
2) The Security wrapper is invoked.
a) Authorization checks are performed to ensure user can access this particular saved object at this space.
3) The Spaces wrapper is invoked.
a) Spaces applies a `namespace` to be used by the underlying client
4) The underlying client/repository are invoked to retrieve the object from ES.
**When only Spaces are enabled:**
1) Saved objects API retrieves an instance of the SOC via `savedObjects.getScopedClient()`, and invokes its `get` function
2) The Spaces wrapper is invoked.
a) Spaces applies a `namespace` to be used by the underlying client
3) The underlying client/repository are invoked to retrieve the object from ES.
**When only Security is enabled:**
(assume `/s/marketing` is no longer part of the request)
1) Saved objects API retrieves an instance of the SOC via `savedObjects.getScopedClient()`, and invokes its `get` function
2) The Security wrapper is invoked.
a) Authorization checks are performed to ensure user can access this particular saved object globally.
3) The underlying client/repository are invoked to retrieve the object from ES.
## Authorization
Authorization changes for this project are centered around Saved Objects, and builds on the work introduced in RBAC Phase 1.
### Saved objects client
#### Security without spaces
When security is enabled, but spaces is disabled, then the authorization model behaves the same way as before: If the user is taking advantage of Kibana Privileges, then we check their privileges "globally" before proceeding. A "global" privilege check specifies `resources: ['*']` when calling the [ES _has_privileges api.](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html). Legacy users (non-rbac) will continue to use the underlying index privileges for authorization.
#### Security with spaces
When both plugins are enabled, then the authorization model becomes more fine-tuned. Rather than checking privileges globally, the privileges are checked against a specific resource that matches the user's active space. In order to accomplish this, the Security plugin needs to know if Spaces is enabled, and if so, it needs to ask Spaces for the user's active space. The subsequent call to the `ES _has_privileges api` would use `resources: ['space:marketing']` to verify that the user is authorized at the `marketing` space. Legacy users (non-rbac) will continue to use the underlying index privileges for authorization. **NOTE** The legacy behavior implies that those users will have access to all spaces. The read/write restrictions are still enforced, but there is no way to restrict access to a specific space for legacy auth users.
#### Spaces without security
No authorization performed. Everyone can access everything.
### Spaces client
Spaces, when enabled, prevents saved objects of type `space` from being CRUD'd via the Saved Objects Client. Instead, the only "approved" way to work with these objects is through the new Spaces client (`kibana/x-pack/plugins/spaces/lib/spaces_client.ts`).
When security is enabled, the Spaces client performs its own set of authorization checks before allowing the request to proceed. The Spaces client knows which authorization checks need to happen for a particular request, but it doesn't know _how_ to check privileges. To accomplish this, the spaces client will delegate the check security's authorization service.
#### FAQ: Why oh why can't you used the Saved Objects Client instead!?
That's a great question! We did this primarily to simplify the authorization model (at least for our initial release). Accessing regular saved objects follows a predictible authorization pattern (described above). Spaces themselves inform the authorization model, and this interplay would have greatly increased the complexity. We are brainstorming ideas to obselete the Spaces client in favor of using the Saved Objects Client everywhere, but that's certainly out of scope for this release.
## Test Coverage
### Saved Objects API
A bulk of the changes to enable spaces are centered around saved objects, so we have spent a majority of our time automating tests against the saved objects api.
**`x-pack/test/saved_object_api_integration/`** contains the test suites for the saved objects api. There is a `common/suites` subfolder which contains a bulk of the test logic. The suites defined here are used in the following test configurations:
1) Spaces only: `./spaces_only`
2) Security and spaces: `./security_and_spaces`
3) Security only: `./security_only`
Each of these test configurations will start up ES/Kibana with the appropriate license and plugin set. Each set runs through the entire test suite described in `common/suites`. Each test with in each suite is run multiple times with different inputs, to test the various permutations of authentication, authorization type (legacy vs RBAC), space-level privileges, and the user's active space.
### Spaces API
Spaces provides an experimental public API.
**`x-pack/test/spaces_api_integration`** contains the test suites for the Spaces API. Similar to the Saved Objects API tests described above, there is a `common/suites` folder which contains a bulk of the test logic. The suites defined here are used in the following test configurations:
1) Spaces only: `./spaces_only`
2) Security and spaces: `./security_and_spaces`
### Role Management UI
We did not provide any new functional UI tests for role management, but the existing suite was updated to accomidate the screen rewrite.
We do have a decent suite of jest unit tests for the various components that make up the new role management screen. They're nested within `kibana/x-pack/plugins/security/public/views/management/edit_role`
### Spaces Management UI
We did not provide any new functional UI tests for spaces management, but the components that make up the screens are well-tested, and can be found within `kibana/x-pack/plugins/spaces/public/views/management/edit_space`
### Spaces Functional UI Tests
There are a couple of UI tests that verify _basic_ functionality. They assert that a user can login, select a space, and then choose a different space once inside: `kibana/x-pack/test/functional/apps/spaces`
## Reference
Notable child PRs are listed below for easier digesting. Note that some of these PRs are built on other PRs, so the deltas in the links below may be outdated. Cross reference with this PR when in doubt.
### UI
- Reactify Role Management Screen: https://github.com/elastic/kibana/pull/19035
- Space Aware Privileges UI: https://github.com/elastic/kibana/pull/21049
- Space Selector (in Kibana Nav): https://github.com/elastic/kibana/pull/19497
- Recently viewed Widget: https://github.com/elastic/kibana/pull/22492
- Support Space rename/delete: https://github.com/elastic/kibana/pull/22586
### Saved Objects Client
- ~~Space Aware Saved Objects: https://github.com/elastic/kibana/pull/18862~~
- ~~Add Space ID to document id: https://github.com/elastic/kibana/pull/21372~~
- Saved object namespaces (supercedes #18862 and #21372): https://github.com/elastic/kibana/pull/22357
- Securing saved objects: https://github.com/elastic/kibana/pull/21995
- Dedicated Spaces client (w/ security): https://github.com/elastic/kibana/pull/21995
### Other
- Public Spaces API (experimental): https://github.com/elastic/kibana/pull/22501
- Telemetry: https://github.com/elastic/kibana/pull/20581
- Reporting: https://github.com/elastic/kibana/pull/21457
- Spencer's original Spaces work: https://github.com/elastic/kibana/pull/18664
- Expose `spaceId` to "Add Data" tutorials: https://github.com/elastic/kibana/pull/22760Closes#18948
"Release Note: Create spaces within Kibana to organize dashboards, visualizations, and other saved objects. Secure access to each space when X-Pack Security is enabled"
* Beginning to work on the role management APIs. Added docs for GET
* Adding PUT docs
* Adding PUT details
* Adding delete docs
* Fixing linking
* Adding Kibana privileges section
* Fixing dashboard only mode docs
* Fixing a few more references to managing roles
* Beginning to work on authorization docs, might be moving some to
stack-docs
* Collapsing authorization description in the kibana privileges page
* Adding audit logging section
* Revising the language on the Kibana role management section
* Splitting back out the auth/privileges and adding legacy fallback
details
* Revising language around impact of disabling security
* Changing Kibana to {kib} and Elasticsearch to {es}
* Beginning to work on developer centric docs
* Fixing some formatting, adding some diagrams
* Adding note about the role management APIs
* Adding overview, fixing small syntax issues
* Fixing chunk name for transitioning to application privileges
* Adjusting tone for the authorization introduction
* Changing the tone and structure of the RBAC docs
* Deleting blog stuff after refactoring
* Addressing first round of peer review comments
* Fixing endpoints links
* Peer review suggested edits
* Addressing other PR feedback
* Add Inspector feature
* So long, and thanks for all the fish, spy panel
* Fix several functional tests
* Fix unit tests
* Fix spy panel button tests
* Replace old spy panel documentation
* Disable test temporarily until we have dashboard triggers
* Enter edit mode for dark theme test
* Fix some more functional tests
* Fix more functional tests
* More test fixing
* Fix more functional tests
* Allow opening the inspector via loader handler
* Refactor InspectorViewChooser, remove unused CSS
* Remove dead code
* Fix data download button style
* Remove redundant code
* Load inspectorViews for dashboard_viewer
* Extract inspector views to custom core_plugin
* Switch API to TypeScript 🎉
* Design changes
* Remove icons from views
* Design changes
* Improve typings of API
* Add typing to all adapters
* Show loading spinner in request selector
* Rewrite InspectorView to TypeScript
* Fix help text for data view
* Remove deprecated React lifecycle methods
* Embed inspector into dashboard panel actions
* Remove temporary inspector trigger
* Remove old CSS
* Fix dashboard trigger for new panel action
* Add tests for InspectorPanel and DataAdapter
* Produce a hierarchical table if the vis is hierarchical
* Remove allowJs option again
* Add missing Apache license headers
* Close inspector on dashboard when navigating away
* Use proper title for dashboard panels
* Fix functional tests
* Skip broken test for now
* Flush view chooser button
* Add request adapter tests
* Skip more tests, broken due to typescript
* Add Request Time description
* Add description for courier request
* Fix tests
* Replace icon by new (not yet released) icon
* Finalize design of inspector
* Remove discover test, that relied on spy panels
* Change API to be properly mockable in tests
* Add aria-live region for request status
* Replace old method in functional tests
* Replace abitrary magic number
* Use object destructuring in vis
* Fix issue with crashing requests view
* Add request time tooltip
* Get request body of correct search source
* Make filter buttons properly keyboard accessible
* Follow Dave's design suggestions
* Remove redundant request from name
* Remove unneeded comments
* WIP raw-formatted values
* Fix filtering issue
* Fix tests and more license headers
* Add data view tests
* Remove search from table
* Fix typos
* Implement review suggestion
* Remove artificial delays for testing
* Fix new panel action structure
* Minor design adjustments
* Fix failing functional test
* Update failing snapshot test
* Implement final wording
* Apply new EUI styling
* Fix closing inspector in tests
* Fix sorting of table
* Align punctuation between tooltips
* [typescript] add typescript support for the server and browser
* [ts-jest] upgrade to latest version
* [jest] support test.tsx files
* [jest/ts] modify `ts-jest.tsConfigFile` config based on filePath
* [types] use correct major version of minimatch types
* [jest] add ts support to x-pack jest config
* [ts/projects] fix tsconfig.json not found error message
* [optimizer/ts] use lowercase jsx option
* [tsconfig] remove ui/* alias
* [plguin-helpers] remove mention of `buildSourcePatterns`
* [plugin-helpers] expect typescript to be a devDep
* [dev/build] place transpile tasks next to each other
* [ts/x-pack] add common and server directories to ts project
* [dev/ts/project] use a limited set of globs to find tsconfig files
* Support 1 Kibana and 1 Elasticsearch URL as input params
* Revert a previous change to test char substitution
* Allow setting TEST_KIBANA_URL and TEST_ES_URL for Cloud testing
* cleanup comment
* Update docs
* Refactor after PR review
* Changes from review
* fix default Kibana port to 5620
* Change es_test_config.js similar to kibana_test_server_url_parts.js
* [kbn-plugin-generator] add plugin generator to the repo
* [plugin-generator] use snake_case plugin name for directory name
* [plugin-generator] fix typo
* [plugin-generator] remove translation support until we resume i18n efforts
* [yarn] update lockfile
* [mocha] remove plugin-generator selector from mocha tests
* [plugin-generator] update generated readme to recommend yarn
* [plugin-generator] add readme to generator pacakge
* [plugin-generator] link from plugin-resource docs
* [plugin-generator] mention very important `kbn bootstrap` script
* [plugin-generator] rework some parts of the README
* [plugin-generator] log actual directory name with system separators
* [plugin-generator] include bootstrap/yarn preinstall check script
* tutorial docs
* fixes from ycombinator review
* ElasticSearch -> Elasticsearch
* move out of style guide and into README under server/tutorials
* move to asciidocs
* add new line so list is rendered correctly
* changes from gchaps review
* switch to yarn
* cleanup misc references to npm
* [yarn] loosen dependency ranges so yarn will merge more deps
* fix linting error now that moment uses ESM
* [licenses] font-awesome changed the format of its license id
* Use local yarn
* Misc fixes
* eslintignore built yarn file
* Remove mkdir which doesn't do what it should do
* Check build without upgrading lots of versions
* Fix license check
* too many moments
* Better description
* Review fixes
* Lock to angular@1.6.5
* More specific version locks
* Revert "More specific version locks"
This reverts commit 11ef81102e.
* Revert "Lock to angular@1.6.5"
This reverts commit 3ade68c14c.
* rm yarn.lock; yarn
* Forcing a specific version of React, Angular, Moment
* Using vendored version of yarn in ci
* Use --frozen-lockfile
* fixes
* Simplify promise setup logic
* Import template from own file
* Use angular.element instead of jquery
* Add documentation for loader methods
* Add params.append
* Remove params.editorMode
* Clarify when returned promise resolves
* Add element to handler
* Allow setting CSS class via loader
* Use render-counter on visualize
* Use Angular run method to get access to Private service
* Allow adding data-attributes to the vis element
* Refactor loader to return an EmbeddedVisualizeHandler instance
* Use this.destroy for previous API
* Remove fallback then method, due to bugs
* Reject promise from withId when id not found
* Add tests
* Change developer documentation
* Revert "Use Angular run method to get access to Private service"
This reverts commit 160e47d7709484c0478415436b3c2e8a8fc8aed3.
* Rename parameter for more clarity
* Add more documentation about appState
* Fix broken test utils
* Use chrome to get access to Angular
* Move loader to its own folder
* Use a method instead of getter for element
* Add listeners for renderComplete events
* Use typedef to document params
* Fix documentation
* apply patch
add styling
remove cruft
split up concept of experimental and labs
adjust wording
* improve wording
* improve wording & punctuation. remove concept of feedback-url
* remove duplicate labeling between labs/experimental; resolve some typos
* merging isExperimental and isLabs flags to a stage setting
* adding the option to override feedback message back (and improving it)
* updating the docs
* change text labs to lab
* visualize:enableLabsVisualizations to visualize:enableLabs
* fixing github link
* Adding method to expose the dashboard app container size to reporting
* Adding a data-shared-items-container attribute to the viewport
* Making visualize tell us how large they are
* Removing the controller methods that returned the item size
* Moving the sharing attributes to be on the actual elements, so we can
figure out their dimensions
* Passing the savedObj to the Visualize elements adding the data- attrs
* Adding the title/description to the Dashboard
* Dispatching the initial title/description
* Reverting some accidental whitespace changes
* Fixing metadata selectors
* Adding newline at end of file...
* Putting the $emit('renderComplete') back
* Passing only the savedObj to the Visualize Editor Controller
* Setting the description on the $scope.vis so we don't have to pass the
SavedObj
* Reverting more TSVB title/description code
* Removing savedObj from scope
* Putting $scope.vis back to vis
* [timelion] remove last remaining amd modules
* [eslint-config-kibana] remove env.amd
* [webpack] use absolute loader names
* [webpack] remove absolute node_modules/ imports
* [webpack] upgrade to webpack 3
* [uiFramework] make webpack build compatible with v3
* [eslint-import-resolver] use https://github.com/elastic/eslint-import-resolver-kibana/pull/21
* [baseOptimizer] don't break when pkg has no dependencies
* [optimize] remove unnecessary json-loader
* [optimize] remove local references to webpack vars
* [eslint] upgrade to eslint-import-resolver-kibana 0.9.0
* [baseOptimizer] comment tweaks
* [baseOptimizer] remove loader pinning
In webpack 1 the loaders defined here were resolved relative to the file they were going to load, which meant that plugins in other projects could accidentally overwrite the loaders Kibana was trying to use, which is why the aliases were used to enforce proper resolution.
In webpack 2 loaders are now resolved relative to the webpackConfig.context, which is set to the root of the Kibana repo. See https://webpack.js.org/configuration/module/#useentry
* [webpack] rely on kibana webpack shims before checking node_modules
