Expose AnonymousAccess service through Security OSS plugin. (#87091)

docs/development/core/server/kibana-plugin-core-server.capabilitiesstart.md

@@ -16,5 +16,5 @@ export interface CapabilitiesStart
 
 |  Method | Description |
 |  --- | --- |
-|  [resolveCapabilities(request)](./kibana-plugin-core-server.capabilitiesstart.resolvecapabilities.md) | Resolve the [Capabilities](./kibana-plugin-core-server.capabilities.md) to be used for given request |
+|  [resolveCapabilities(request, options)](./kibana-plugin-core-server.capabilitiesstart.resolvecapabilities.md) | Resolve the [Capabilities](./kibana-plugin-core-server.capabilities.md) to be used for given request |
 

docs/development/core/server/kibana-plugin-core-server.capabilitiesstart.resolvecapabilities.md

@@ -9,14 +9,15 @@ Resolve the [Capabilities](./kibana-plugin-core-server.capabilities.md) to be us
 <b>Signature:</b>
 
 ```typescript
-resolveCapabilities(request: KibanaRequest): Promise<Capabilities>;
+resolveCapabilities(request: KibanaRequest, options?: ResolveCapabilitiesOptions): Promise<Capabilities>;
 ```
 
 ## Parameters
 
 |  Parameter | Type | Description |
 |  --- | --- | --- |
 |  request | <code>KibanaRequest</code> |  |
+|  options | <code>ResolveCapabilitiesOptions</code> |  |
 
 <b>Returns:</b>
 

docs/development/core/server/kibana-plugin-core-server.md

@@ -128,6 +128,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [PluginInitializerContext](./kibana-plugin-core-server.plugininitializercontext.md) | Context that's available to plugins during initialization stage. |
 |  [PluginManifest](./kibana-plugin-core-server.pluginmanifest.md) | Describes the set of required and optional properties plugin can define in its mandatory JSON manifest file. |
 |  [RequestHandlerContext](./kibana-plugin-core-server.requesthandlercontext.md) | Plugin specific context passed to a route handler.<!-- -->Provides the following clients and services: - [savedObjects.client](./kibana-plugin-core-server.savedobjectsclient.md) - Saved Objects client which uses the credentials of the incoming request - [savedObjects.typeRegistry](./kibana-plugin-core-server.isavedobjecttyperegistry.md) - Type registry containing all the registered types. - [elasticsearch.client](./kibana-plugin-core-server.iscopedclusterclient.md) - Elasticsearch data client which uses the credentials of the incoming request - [elasticsearch.legacy.client](./kibana-plugin-core-server.legacyscopedclusterclient.md) - The legacy Elasticsearch data client which uses the credentials of the incoming request - [uiSettings.client](./kibana-plugin-core-server.iuisettingsclient.md) - uiSettings client which uses the credentials of the incoming request |
+|  [ResolveCapabilitiesOptions](./kibana-plugin-core-server.resolvecapabilitiesoptions.md) | Defines a set of additional options for the <code>resolveCapabilities</code> method of [CapabilitiesStart](./kibana-plugin-core-server.capabilitiesstart.md)<!-- -->. |
 |  [RouteConfig](./kibana-plugin-core-server.routeconfig.md) | Route specific configuration. |
 |  [RouteConfigOptions](./kibana-plugin-core-server.routeconfigoptions.md) | Additional route options. |
 |  [RouteConfigOptionsBody](./kibana-plugin-core-server.routeconfigoptionsbody.md) | Additional body options for a route |

docs/development/core/server/kibana-plugin-core-server.resolvecapabilitiesoptions.md

@@ -0,0 +1,20 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [ResolveCapabilitiesOptions](./kibana-plugin-core-server.resolvecapabilitiesoptions.md)
+
+## ResolveCapabilitiesOptions interface
+
+Defines a set of additional options for the `resolveCapabilities` method of [CapabilitiesStart](./kibana-plugin-core-server.capabilitiesstart.md)<!-- -->.
+
+<b>Signature:</b>
+
+```typescript
+export interface ResolveCapabilitiesOptions 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [useDefaultCapabilities](./kibana-plugin-core-server.resolvecapabilitiesoptions.usedefaultcapabilities.md) | <code>boolean</code> | Indicates if capability switchers are supposed to return a default set of capabilities. |
+

docs/development/core/server/kibana-plugin-core-server.resolvecapabilitiesoptions.usedefaultcapabilities.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [ResolveCapabilitiesOptions](./kibana-plugin-core-server.resolvecapabilitiesoptions.md) &gt; [useDefaultCapabilities](./kibana-plugin-core-server.resolvecapabilitiesoptions.usedefaultcapabilities.md)
+
+## ResolveCapabilitiesOptions.useDefaultCapabilities property
+
+Indicates if capability switchers are supposed to return a default set of capabilities.
+
+<b>Signature:</b>
+
+```typescript
+useDefaultCapabilities: boolean;
+```

src/core/server/capabilities/capabilities_service.test.ts

@@ -184,5 +184,46 @@ describe('CapabilitiesService', () => {
         }
       `);
     });
+
+    it('allows to indicate that default capabilities should be returned', async () => {
+      setup.registerProvider(() => ({ customSection: { isDefault: true } }));
+      setup.registerSwitcher((req, capabilities, useDefaultCapabilities) =>
+        useDefaultCapabilities ? capabilities : { customSection: { isDefault: false } }
+      );
+
+      const start = service.start();
+      expect(await start.resolveCapabilities({} as any)).toMatchInlineSnapshot(`
+        Object {
+          "catalogue": Object {},
+          "customSection": Object {
+            "isDefault": false,
+          },
+          "management": Object {},
+          "navLinks": Object {},
+        }
+      `);
+      expect(await start.resolveCapabilities({} as any, { useDefaultCapabilities: false }))
+        .toMatchInlineSnapshot(`
+        Object {
+          "catalogue": Object {},
+          "customSection": Object {
+            "isDefault": false,
+          },
+          "management": Object {},
+          "navLinks": Object {},
+        }
+      `);
+      expect(await start.resolveCapabilities({} as any, { useDefaultCapabilities: true }))
+        .toMatchInlineSnapshot(`
+        Object {
+          "catalogue": Object {},
+          "customSection": Object {
+            "isDefault": true,
+          },
+          "management": Object {},
+          "navLinks": Object {},
+        }
+      `);
+    });
   });
 });

src/core/server/capabilities/capabilities_service.ts

@@ -104,6 +104,18 @@ export interface CapabilitiesSetup {
   registerSwitcher(switcher: CapabilitiesSwitcher): void;
 }
 
+/**
+ * Defines a set of additional options for the `resolveCapabilities` method of {@link CapabilitiesStart}.
+ *
+ * @public
+ */
+export interface ResolveCapabilitiesOptions {
+  /**
+   * Indicates if capability switchers are supposed to return a default set of capabilities.
+   */
+  useDefaultCapabilities: boolean;
+}
+
 /**
  * APIs to access the application {@link Capabilities}.
  *
@@ -113,7 +125,10 @@ export interface CapabilitiesStart {
   /**
    * Resolve the {@link Capabilities} to be used for given request
    */
-  resolveCapabilities(request: KibanaRequest): Promise<Capabilities>;
+  resolveCapabilities(
+    request: KibanaRequest,
+    options?: ResolveCapabilitiesOptions
+  ): Promise<Capabilities>;
 }
 
 interface SetupDeps {
@@ -162,7 +177,8 @@ export class CapabilitiesService {
 
   public start(): CapabilitiesStart {
     return {
-      resolveCapabilities: (request) => this.resolveCapabilities(request, [], false),
+      resolveCapabilities: (request, options) =>
+        this.resolveCapabilities(request, [], options?.useDefaultCapabilities ?? false),
     };
   }
 }

src/core/server/capabilities/index.ts

@@ -17,5 +17,10 @@
  * under the License.
  */
 
-export { CapabilitiesService, CapabilitiesSetup, CapabilitiesStart } from './capabilities_service';
+export {
+  CapabilitiesService,
+  CapabilitiesSetup,
+  CapabilitiesStart,
+  ResolveCapabilitiesOptions,
+} from './capabilities_service';
 export { Capabilities, CapabilitiesSwitcher, CapabilitiesProvider } from './types';

src/core/server/index.ts

@@ -87,7 +87,12 @@ export {
 };
 
 export { bootstrap } from './bootstrap';
-export { Capabilities, CapabilitiesProvider, CapabilitiesSwitcher } from './capabilities';
+export {
+  Capabilities,
+  CapabilitiesProvider,
+  CapabilitiesSwitcher,
+  ResolveCapabilitiesOptions,
+} from './capabilities';
 export {
   ConfigPath,
   ConfigService,

src/core/server/server.api.md

@@ -307,7 +307,7 @@ export interface CapabilitiesSetup {
 
 // @public
 export interface CapabilitiesStart {
-    resolveCapabilities(request: KibanaRequest): Promise<Capabilities>;
+    resolveCapabilities(request: KibanaRequest, options?: ResolveCapabilitiesOptions): Promise<Capabilities>;
 }
 
 // @public
@@ -1924,6 +1924,11 @@ export type RequestHandlerContextProvider<TContextName extends keyof RequestHand
 // @public
 export type RequestHandlerWrapper = <P, Q, B, Method extends RouteMethod = any, ResponseFactory extends KibanaResponseFactory = KibanaResponseFactory>(handler: RequestHandler<P, Q, B, Method, ResponseFactory>) => RequestHandler<P, Q, B, Method, ResponseFactory>;
 
+// @public
+export interface ResolveCapabilitiesOptions {
+    useDefaultCapabilities: boolean;
+}
+
 // @public
 export type ResponseError = string | Error | {
     message: string | Error;

src/plugins/security_oss/common/app_state.ts

@@ -0,0 +1,29 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Defines Security OSS application state.
+ */
+export interface AppState {
+  insecureClusterAlert: { displayAlert: boolean };
+  anonymousAccess: {
+    isEnabled: boolean;
+    accessURLParameters: Record<string, string> | null;
+  };
+}

src/plugins/security_oss/common/index.ts

@@ -0,0 +1,20 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export type { AppState } from './app_state';

src/plugins/security_oss/public/app_state/app_state_service.mock.ts

@@ -0,0 +1,32 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import type { AppState } from '../../common';
+import type { AppStateServiceStart } from './app_state_service';
+
+export const mockAppStateService = {
+  createStart: (): jest.Mocked<AppStateServiceStart> => {
+    return { getState: jest.fn() };
+  },
+  createAppState: (appState: Partial<AppState> = {}) => ({
+    insecureClusterAlert: { displayAlert: false },
+    anonymousAccess: { isEnabled: false, accessURLParameters: null },
+    ...appState,
+  }),
+};

src/plugins/security_oss/public/app_state/app_state_service.test.ts

@@ -0,0 +1,72 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { coreMock } from '../../../../core/public/mocks';
+import { AppStateService } from './app_state_service';
+
+describe('AppStateService', () => {
+  describe('#start', () => {
+    it('returns default state for the anonymous routes', async () => {
+      const coreStart = coreMock.createStart();
+      coreStart.http.anonymousPaths.isAnonymous.mockReturnValue(true);
+
+      const appStateService = new AppStateService();
+      await expect(appStateService.start({ core: coreStart }).getState()).resolves.toEqual({
+        insecureClusterAlert: { displayAlert: false },
+        anonymousAccess: { isEnabled: false, accessURLParameters: null },
+      });
+
+      expect(coreStart.http.get).not.toHaveBeenCalled();
+    });
+
+    it('returns default state if current state cannot be retrieved', async () => {
+      const coreStart = coreMock.createStart();
+      coreStart.http.anonymousPaths.isAnonymous.mockReturnValue(false);
+
+      const failureReason = new Error('Uh oh.');
+      coreStart.http.get.mockRejectedValue(failureReason);
+
+      const appStateService = new AppStateService();
+      await expect(appStateService.start({ core: coreStart }).getState()).resolves.toEqual({
+        insecureClusterAlert: { displayAlert: false },
+        anonymousAccess: { isEnabled: false, accessURLParameters: null },
+      });
+
+      expect(coreStart.http.get).toHaveBeenCalledTimes(1);
+      expect(coreStart.http.get).toHaveBeenCalledWith('/internal/security_oss/app_state');
+    });
+
+    it('returns retrieved state', async () => {
+      const coreStart = coreMock.createStart();
+      coreStart.http.anonymousPaths.isAnonymous.mockReturnValue(false);
+
+      const state = {
+        insecureClusterAlert: { displayAlert: true },
+        anonymousAccess: { isEnabled: true, accessURLParameters: { hint: 'some-hint' } },
+      };
+      coreStart.http.get.mockResolvedValue(state);
+
+      const appStateService = new AppStateService();
+      await expect(appStateService.start({ core: coreStart }).getState()).resolves.toEqual(state);
+
+      expect(coreStart.http.get).toHaveBeenCalledTimes(1);
+      expect(coreStart.http.get).toHaveBeenCalledWith('/internal/security_oss/app_state');
+    });
+  });
+});