Skip to content

Commit

Permalink
Warn users when security is not configured (#78545)
Browse files Browse the repository at this point in the history
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
  • Loading branch information
legrego and kibanamachine authored Oct 5, 2020
1 parent 4d4e53f commit 49c669c
Show file tree
Hide file tree
Showing 42 changed files with 1,867 additions and 7 deletions.
2 changes: 2 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,8 @@

# Security
/src/core/server/csp/ @elastic/kibana-security @elastic/kibana-platform
/src/plugins/security_oss/ @elastic/kibana-security
/test/security_functional/ @elastic/kibana-security
/x-pack/plugins/spaces/ @elastic/kibana-security
/x-pack/plugins/encrypted_saved_objects/ @elastic/kibana-security
/x-pack/plugins/security/ @elastic/kibana-security
Expand Down
1 change: 1 addition & 0 deletions .i18nrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
"regionMap": "src/plugins/region_map",
"savedObjects": "src/plugins/saved_objects",
"savedObjectsManagement": "src/plugins/saved_objects_management",
"security": "src/plugins/security_oss",
"server": "src/legacy/server",
"statusPage": "src/legacy/core_plugins/status_page",
"telemetry": [
Expand Down
5 changes: 5 additions & 0 deletions docs/developer/plugin-list.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,11 @@ It also provides a stateful version of it on the start contract.
|WARNING: Missing README.
|{kib-repo}blob/{branch}/src/plugins/security_oss/README.md[securityOss]
|securityOss is responsible for educating users about Elastic's free security features,
so they can properly protect the data within their clusters.
|{kib-repo}blob/{branch}/src/plugins/share/README.md[share]
|Replaces the legacy ui/share module for registering share context menus.
Expand Down
1 change: 1 addition & 0 deletions scripts/functional_tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ const alwaysImportedTests = [
require.resolve('../test/plugin_functional/config.ts'),
require.resolve('../test/ui_capabilities/newsfeed_err/config.ts'),
require.resolve('../test/new_visualize_flow/config.js'),
require.resolve('../test/security_functional/config.ts'),
];
// eslint-disable-next-line no-restricted-syntax
const onlyNotInCoverageTests = [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ kibana_vars=(
path.data
pid.file
regionmap
security.showInsecureClusterWarning
server.basePath
server.customResponseHeaders
server.compression.enabled
Expand Down
4 changes: 4 additions & 0 deletions src/plugins/security_oss/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# `securityOss` plugin

`securityOss` is responsible for educating users about Elastic's free security features,
so they can properly protect the data within their clusters.
10 changes: 10 additions & 0 deletions src/plugins/security_oss/kibana.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"id": "securityOss",
"version": "8.0.0",
"kibanaVersion": "kibana",
"configPath": ["security"],
"ui": true,
"server": true,
"requiredPlugins": [],
"requiredBundles": []
}
22 changes: 22 additions & 0 deletions src/plugins/security_oss/public/config.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

export interface ConfigType {
showInsecureClusterWarning: boolean;
}
26 changes: 26 additions & 0 deletions src/plugins/security_oss/public/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

import { PluginInitializerContext } from 'kibana/public';

import { SecurityOssPlugin } from './plugin';

export { SecurityOssPluginSetup, SecurityOssPluginStart } from './plugin';
export const plugin = (initializerContext: PluginInitializerContext) =>
new SecurityOssPlugin(initializerContext);
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

import { defaultAlertText } from './default_alert';

describe('defaultAlertText', () => {
it('creates a valid MountPoint that can cleanup correctly', () => {
const mountPoint = defaultAlertText(jest.fn());

const el = document.createElement('div');
const unmount = mountPoint(el);

expect(el.querySelectorAll('[data-test-subj="insecureClusterDefaultAlertText"]')).toHaveLength(
1
);

unmount();

expect(el).toMatchInlineSnapshot(`<div />`);
});
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

import {
EuiButton,
EuiCheckbox,
EuiFlexGroup,
EuiFlexItem,
EuiSpacer,
EuiText,
} from '@elastic/eui';
import { i18n } from '@kbn/i18n';
import { I18nProvider, FormattedMessage } from '@kbn/i18n/react';
import { MountPoint } from 'kibana/public';
import React, { useState } from 'react';
import { render, unmountComponentAtNode } from 'react-dom';

export const defaultAlertTitle = i18n.translate('security.checkup.insecureClusterTitle', {
defaultMessage: 'Please secure your installation',
});

export const defaultAlertText: (onDismiss: (persist: boolean) => void) => MountPoint = (
onDismiss
) => (e) => {
const AlertText = () => {
const [persist, setPersist] = useState(false);

return (
<I18nProvider>
<div data-test-subj="insecureClusterDefaultAlertText">
<EuiText size="s">
<FormattedMessage
id="security.checkup.insecureClusterMessage"
defaultMessage="Our free security features can protect against unauthorized access."
/>
</EuiText>
<EuiSpacer />
<EuiCheckbox
id="persistDismissedAlertPreference"
checked={persist}
onChange={(changeEvent) => setPersist(changeEvent.target.checked)}
label={i18n.translate('security.checkup.dontShowAgain', {
defaultMessage: `Don't show again`,
})}
/>
<EuiSpacer />
<EuiFlexGroup justifyContent="spaceBetween">
<EuiFlexItem grow={false}>
<EuiButton
size="s"
color="primary"
fill
href="https://www.elastic.co/what-is/elastic-stack-security"
target="_blank"
>
{i18n.translate('security.checkup.learnMoreButtonText', {
defaultMessage: `Learn more`,
})}
</EuiButton>
</EuiFlexItem>
<EuiFlexItem grow={false}>
<EuiButton
size="s"
onClick={() => onDismiss(persist)}
data-test-subj="defaultDismissAlertButton"
>
{i18n.translate('security.checkup.dismissButtonText', {
defaultMessage: `Dismiss`,
})}
</EuiButton>
</EuiFlexItem>
</EuiFlexGroup>
</div>
</I18nProvider>
);
};

render(<AlertText />, e);

return () => unmountComponentAtNode(e);
};
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

export { defaultAlertTitle, defaultAlertText } from './default_alert';
24 changes: 24 additions & 0 deletions src/plugins/security_oss/public/insecure_cluster_service/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

export {
InsecureClusterService,
InsecureClusterServiceSetup,
InsecureClusterServiceStart,
} from './insecure_cluster_service';
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

import {
InsecureClusterServiceSetup,
InsecureClusterServiceStart,
} from './insecure_cluster_service';

export const mockInsecureClusterService = {
createSetup: () => {
return {
setAlertTitle: jest.fn(),
setAlertText: jest.fn(),
} as InsecureClusterServiceSetup;
},
createStart: () => {
return {
hideAlert: jest.fn(),
} as InsecureClusterServiceStart;
},
};
Loading

0 comments on commit 49c669c

Please sign in to comment.