Skip to content

Security session plugin #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cwperks wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Security session plugin #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0871379
Security session plugin
cwperks Apr 10, 2024
f2bf1ce
Format
cwperks Apr 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 36 additions & 45 deletions public/plugin.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,30 +15,21 @@

import { BehaviorSubject } from 'rxjs';
import { SavedObjectsManagementColumn } from 'src/plugins/saved_objects_management/public';
import { i18n } from '@osd/i18n';
import {
AppMountParameters,
AppStatus,
AppUpdater,
CoreSetup,
CoreStart,
DEFAULT_APP_CATEGORIES,
Plugin,
PluginInitializerContext,
} from '../../../src/core/public';
import { APP_ID_LOGIN, CUSTOM_ERROR_PAGE_URI, LOGIN_PAGE_URI, PLUGIN_NAME } from '../common';
import { APP_ID_LOGIN, CUSTOM_ERROR_PAGE_URI, LOGIN_PAGE_URI } from '../common';
import { APP_ID_CUSTOMERROR } from '../common';
import { setupTopNavButton } from './apps/account/account-app';
import { fetchAccountInfoSafe } from './apps/account/utils';
import {
API_ENDPOINT_PERMISSIONS_INFO,
includeClusterPermissions,
includeIndexPermissions,
} from './apps/configuration/constants';
import {
excludeFromDisabledRestCategories,
excludeFromDisabledTransportCategories,
} from './apps/configuration/panels/audit-logging/constants';
import { API_ENDPOINT_PERMISSIONS_INFO } from './apps/configuration/constants';

import {
SecurityPluginStartDependencies,
ClientConfigType,
Expand Down Expand Up @@ -96,39 +87,39 @@ export class SecurityPlugin
(config.readonly_mode?.roles || DEFAULT_READONLY_ROLES).includes(role)
);

if (apiPermission) {
core.application.register({
id: PLUGIN_NAME,
title: 'Security',
order: 9050,
mount: async (params: AppMountParameters) => {
const { renderApp } = await import('./apps/configuration/configuration-app');
const [coreStart, depsStart] = await core.getStartServices();

// merge OpenSearchDashboards yml configuration
includeClusterPermissions(config.clusterPermissions.include);
includeIndexPermissions(config.indexPermissions.include);

excludeFromDisabledTransportCategories(config.disabledTransportCategories.exclude);
excludeFromDisabledRestCategories(config.disabledRestCategories.exclude);

return renderApp(coreStart, depsStart as SecurityPluginStartDependencies, params, config);
},
category: DEFAULT_APP_CATEGORIES.management,
});

if (deps.managementOverview) {
deps.managementOverview.register({
id: PLUGIN_NAME,
title: 'Security',
order: 9050,
description: i18n.translate('security.securityDescription', {
defaultMessage:
'Configure how users access data in OpenSearch with authentication, access control and audit logging.',
}),
});
}
}
// if (apiPermission) {
// core.application.register({
// id: PLUGIN_NAME,
// title: 'Security',
// order: 9050,
// mount: async (params: AppMountParameters) => {
// const { renderApp } = await import('./apps/configuration/configuration-app');
// const [coreStart, depsStart] = await core.getStartServices();

// // merge OpenSearchDashboards yml configuration
// includeClusterPermissions(config.clusterPermissions.include);
// includeIndexPermissions(config.indexPermissions.include);

// excludeFromDisabledTransportCategories(config.disabledTransportCategories.exclude);
// excludeFromDisabledRestCategories(config.disabledRestCategories.exclude);

// return renderApp(coreStart, depsStart as SecurityPluginStartDependencies, params, config);
// },
// category: DEFAULT_APP_CATEGORIES.management,
// });

// if (deps.managementOverview) {
// deps.managementOverview.register({
// id: PLUGIN_NAME,
// title: 'Security',
// order: 9050,
// description: i18n.translate('security.securityDescription', {
// defaultMessage:
// 'Configure how users access data in OpenSearch with authentication, access control and audit logging.',
// }),
// });
// }
// }

core.application.register({
id: APP_ID_LOGIN,
Expand Down
6 changes: 2 additions & 4 deletions server/plugin.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,7 @@ import {
} from '../../../src/core/server';

import { SecurityPluginSetup, SecurityPluginStart } from './types';
import { defineRoutes } from './routes';
import { SecurityPluginConfigType } from '.';
import opensearchSecurityConfigurationPlugin from './backend/opensearch_security_configuration_plugin';
import opensearchSecurityPlugin from './backend/opensearch_security_plugin';
import { SecuritySessionCookie, getSecurityCookieOptions } from './session/security_cookie';
import { SecurityClient } from './backend/opensearch_security_client';
Expand Down Expand Up @@ -94,7 +92,7 @@ export class SecurityPlugin implements Plugin<SecurityPluginSetup, SecurityPlugi
const esClient: ILegacyClusterClient = core.opensearch.legacy.createClient(
'opendistro_security',
{
plugins: [opensearchSecurityConfigurationPlugin, opensearchSecurityPlugin],
plugins: [opensearchSecurityPlugin],
}
);

Expand Down Expand Up @@ -133,7 +131,7 @@ export class SecurityPlugin implements Plugin<SecurityPluginSetup, SecurityPlugi
}

// Register server side APIs
defineRoutes(router);
// defineRoutes(router);
defineAuthTypeRoutes(router, config);

// set up multi-tenant routes
Expand Down