Merge branch 'master' into pjhampton/bug-policy-responses

elastic · Oct 4, 2021 · 1b27870 · 1b27870
2 parents 20c7ebe + 59b15df
commit 1b27870
Show file tree

Hide file tree

Showing 183 changed files with 6,689 additions and 2,768 deletions.
diff --git a/.buildkite/scripts/common/env.sh b/.buildkite/scripts/common/env.sh
@@ -56,8 +56,8 @@ else
 fi
 
 # These are for backwards-compatibility
-export GIT_COMMIT="$BUILDKITE_COMMIT"
-export GIT_BRANCH="$BUILDKITE_BRANCH"
+export GIT_COMMIT="${BUILDKITE_COMMIT:-}"
+export GIT_BRANCH="${BUILDKITE_BRANCH:-}"
 
 export FLEET_PACKAGE_REGISTRY_PORT=6104
 export TEST_CORS_SERVER_PORT=6105

diff --git a/.buildkite/scripts/packer_cache.sh b/.buildkite/scripts/packer_cache.sh
@@ -2,6 +2,7 @@
 
 set -euo pipefail
 
+source .buildkite/scripts/common/util.sh
 source .buildkite/scripts/common/env.sh
 source .buildkite/scripts/common/setup_node.sh
 

diff --git a/package.json b/package.json
@@ -272,7 +272,6 @@
     "json-stable-stringify": "^1.0.1",
     "json-stringify-pretty-compact": "1.2.0",
     "json-stringify-safe": "5.0.1",
-    "jsonwebtoken": "^8.5.1",
     "jsts": "^1.6.2",
     "kea": "^2.4.2",
     "load-json-file": "^6.2.0",
@@ -554,7 +553,6 @@
     "@types/jsdom": "^16.2.3",
     "@types/json-stable-stringify": "^1.0.32",
     "@types/json5": "^0.0.30",
-    "@types/jsonwebtoken": "^8.5.5",
     "@types/license-checker": "15.0.0",
     "@types/listr": "^0.14.0",
     "@types/loader-utils": "^1.1.3",
@@ -662,7 +660,6 @@
     "babel-plugin-styled-components": "^1.13.2",
     "babel-plugin-transform-react-remove-prop-types": "^0.4.24",
     "backport": "^5.6.6",
-    "base64url": "^3.0.1",
     "callsites": "^3.1.0",
     "chai": "3.5.0",
     "chance": "1.0.18",

diff --git a/packages/kbn-test/src/jest/utils/get_url.ts b/packages/kbn-test/src/jest/utils/get_url.ts
@@ -22,11 +22,6 @@ interface UrlParam {
   username?: string;
 }
 
-interface App {
-  pathname?: string;
-  hash?: string;
-}
-
 /**
  * Converts a config and a pathname to a url
  * @param {object} config A url config
@@ -46,11 +41,11 @@ interface App {
  * @return {string}
  */
 
-function getUrl(config: UrlParam, app: App) {
+function getUrl(config: UrlParam, app: UrlParam) {
   return url.format(_.assign({}, config, app));
 }
 
-getUrl.noAuth = function getUrlNoAuth(config: UrlParam, app: App) {
+getUrl.noAuth = function getUrlNoAuth(config: UrlParam, app: UrlParam) {
   config = _.pickBy(config, function (val, param) {
     return param !== 'auth';
   });

diff --git a/renovate.json5 b/renovate.json5
@@ -86,10 +86,9 @@
       {
         groupName: 'platform security modules',
         packageNames: [
-          'broadcast-channel', 
-          'jsonwebtoken', '@types/jsonwebtoken', 
-          'node-forge', '@types/node-forge', 
-          'require-in-the-middle', 
+          'broadcast-channel',
+          'node-forge', '@types/node-forge',
+          'require-in-the-middle',
           'tough-cookie', '@types/tough-cookie',
           'xml-crypto', '@types/xml-crypto'
         ],

diff --git a/src/plugins/console/common/constants/index.ts b/src/plugins/console/common/constants/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export { MAJOR_VERSION } from './plugin';
diff --git a/src/plugins/console/common/constants/plugin.ts b/src/plugins/console/common/constants/plugin.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export const MAJOR_VERSION = '8.0.0';
diff --git a/src/plugins/console/kibana.json b/src/plugins/console/kibana.json
@@ -1,12 +1,14 @@
 {
   "id": "console",
-  "version": "kibana",
+  "version": "8.0.0",
+  "kibanaVersion": "kibana",
   "server": true,
   "ui": true,
   "owner": {
     "name": "Stack Management",
     "githubTeam": "kibana-stack-management"
   },
+  "configPath": ["console"],
   "requiredPlugins": ["devTools", "share"],
   "optionalPlugins": ["usageCollection", "home"],
   "requiredBundles": ["esUiShared", "kibanaReact", "kibanaUtils", "home"]

diff --git a/src/plugins/console/server/config.ts b/src/plugins/console/server/config.ts
@@ -6,37 +6,70 @@
  * Side Public License, v 1.
  */
 
+import { SemVer } from 'semver';
 import { schema, TypeOf } from '@kbn/config-schema';
+import { PluginConfigDescriptor } from 'kibana/server';
 
-export type ConfigType = TypeOf<typeof config>;
+import { MAJOR_VERSION } from '../common/constants';
 
-export const config = schema.object(
-  {
-    enabled: schema.boolean({ defaultValue: true }),
-    proxyFilter: schema.arrayOf(schema.string(), { defaultValue: ['.*'] }),
-    ssl: schema.object({ verify: schema.boolean({ defaultValue: false }) }, {}),
-    proxyConfig: schema.arrayOf(
-      schema.object({
-        match: schema.object({
-          protocol: schema.string({ defaultValue: '*' }),
-          host: schema.string({ defaultValue: '*' }),
-          port: schema.string({ defaultValue: '*' }),
-          path: schema.string({ defaultValue: '*' }),
-        }),
-
-        timeout: schema.number(),
-        ssl: schema.object(
-          {
-            verify: schema.boolean(),
-            ca: schema.arrayOf(schema.string()),
-            cert: schema.string(),
-            key: schema.string(),
-          },
-          { defaultValue: undefined }
-        ),
+const kibanaVersion = new SemVer(MAJOR_VERSION);
+
+const baseSettings = {
+  enabled: schema.boolean({ defaultValue: true }),
+  ssl: schema.object({ verify: schema.boolean({ defaultValue: false }) }, {}),
+};
+
+// Settings only available in 7.x
+const deprecatedSettings = {
+  proxyFilter: schema.arrayOf(schema.string(), { defaultValue: ['.*'] }),
+  proxyConfig: schema.arrayOf(
+    schema.object({
+      match: schema.object({
+        protocol: schema.string({ defaultValue: '*' }),
+        host: schema.string({ defaultValue: '*' }),
+        port: schema.string({ defaultValue: '*' }),
+        path: schema.string({ defaultValue: '*' }),
       }),
-      { defaultValue: [] }
-    ),
+
+      timeout: schema.number(),
+      ssl: schema.object(
+        {
+          verify: schema.boolean(),
+          ca: schema.arrayOf(schema.string()),
+          cert: schema.string(),
+          key: schema.string(),
+        },
+        { defaultValue: undefined }
+      ),
+    }),
+    { defaultValue: [] }
+  ),
+};
+
+const configSchema = schema.object(
+  {
+    ...baseSettings,
   },
   { defaultValue: undefined }
 );
+
+const configSchema7x = schema.object(
+  {
+    ...baseSettings,
+    ...deprecatedSettings,
+  },
+  { defaultValue: undefined }
+);
+
+export type ConfigType = TypeOf<typeof configSchema>;
+export type ConfigType7x = TypeOf<typeof configSchema7x>;
+
+export const config: PluginConfigDescriptor<ConfigType | ConfigType7x> = {
+  schema: kibanaVersion.major < 8 ? configSchema7x : configSchema,
+  deprecations: ({ deprecate, unused }) => [
+    deprecate('enabled', '8.0.0'),
+    deprecate('proxyFilter', '8.0.0'),
+    deprecate('proxyConfig', '8.0.0'),
+    unused('ssl'),
+  ],
+};
diff --git a/src/plugins/console/server/index.ts b/src/plugins/console/server/index.ts
@@ -6,16 +6,11 @@
  * Side Public License, v 1.
  */
 
-import { PluginConfigDescriptor, PluginInitializerContext } from 'kibana/server';
+import { PluginInitializerContext } from 'kibana/server';
 
-import { ConfigType, config as configSchema } from './config';
 import { ConsoleServerPlugin } from './plugin';
 
 export { ConsoleSetup, ConsoleStart } from './types';
+export { config } from './config';
 
 export const plugin = (ctx: PluginInitializerContext) => new ConsoleServerPlugin(ctx);
-
-export const config: PluginConfigDescriptor<ConfigType> = {
-  deprecations: ({ deprecate, unused, rename }) => [deprecate('enabled', '8.0.0'), unused('ssl')],
-  schema: configSchema,
-};
diff --git a/src/plugins/console/server/plugin.ts b/src/plugins/console/server/plugin.ts
@@ -7,10 +7,11 @@
  */
 
 import { CoreSetup, Logger, Plugin, PluginInitializerContext } from 'kibana/server';
+import { SemVer } from 'semver';
 
 import { ProxyConfigCollection } from './lib';
 import { SpecDefinitionsService, EsLegacyConfigService } from './services';
-import { ConfigType } from './config';
+import { ConfigType, ConfigType7x } from './config';
 
 import { registerRoutes } from './routes';
 
@@ -23,7 +24,7 @@ export class ConsoleServerPlugin implements Plugin<ConsoleSetup, ConsoleStart> {
 
   esLegacyConfigService = new EsLegacyConfigService();
 
-  constructor(private readonly ctx: PluginInitializerContext<ConfigType>) {
+  constructor(private readonly ctx: PluginInitializerContext<ConfigType | ConfigType7x>) {
     this.log = this.ctx.logger.get();
   }
 
@@ -34,10 +35,17 @@ export class ConsoleServerPlugin implements Plugin<ConsoleSetup, ConsoleStart> {
         save: true,
       },
     }));
-
+    const kibanaVersion = new SemVer(this.ctx.env.packageInfo.version);
     const config = this.ctx.config.get();
     const globalConfig = this.ctx.config.legacy.get();
-    const proxyPathFilters = config.proxyFilter.map((str: string) => new RegExp(str));
+
+    let pathFilters: RegExp[] | undefined;
+    let proxyConfigCollection: ProxyConfigCollection | undefined;
+    if (kibanaVersion.major < 8) {
+      // "pathFilters" and "proxyConfig" are only used in 7.x
+      pathFilters = (config as ConfigType7x).proxyFilter.map((str: string) => new RegExp(str));
+      proxyConfigCollection = new ProxyConfigCollection((config as ConfigType7x).proxyConfig);
+    }
 
     this.esLegacyConfigService.setup(elasticsearch.legacy.config$);
 
@@ -51,16 +59,18 @@ export class ConsoleServerPlugin implements Plugin<ConsoleSetup, ConsoleStart> {
         specDefinitionService: this.specDefinitionsService,
       },
       proxy: {
-        proxyConfigCollection: new ProxyConfigCollection(config.proxyConfig),
         readLegacyESConfig: async (): Promise<ESConfigForProxy> => {
           const legacyConfig = await this.esLegacyConfigService.readConfig();
           return {
             ...globalConfig.elasticsearch,
             ...legacyConfig,
           };
         },
-        pathFilters: proxyPathFilters,
+        // Deprecated settings (only used in 7.x):
+        proxyConfigCollection,
+        pathFilters,
       },
+      kibanaVersion,
     });
 
     return {

diff --git a/src/plugins/console/server/routes/api/console/proxy/create_handler.ts b/src/plugins/console/server/routes/api/console/proxy/create_handler.ts
@@ -9,6 +9,7 @@
 import { Agent, IncomingMessage } from 'http';
 import * as url from 'url';
 import { pick, trimStart, trimEnd } from 'lodash';
+import { SemVer } from 'semver';
 
 import { KibanaRequest, RequestHandler } from 'kibana/server';
 
@@ -58,17 +59,22 @@ function filterHeaders(originalHeaders: object, headersToKeep: string[]): object
 function getRequestConfig(
   headers: object,
   esConfig: ESConfigForProxy,
-  proxyConfigCollection: ProxyConfigCollection,
-  uri: string
+  uri: string,
+  kibanaVersion: SemVer,
+  proxyConfigCollection?: ProxyConfigCollection
 ): { agent: Agent; timeout: number; headers: object; rejectUnauthorized?: boolean } {
   const filteredHeaders = filterHeaders(headers, esConfig.requestHeadersWhitelist);
   const newHeaders = setHeaders(filteredHeaders, esConfig.customHeaders);
 
-  if (proxyConfigCollection.hasConfig()) {
-    return {
-      ...proxyConfigCollection.configForUri(uri),
-      headers: newHeaders,
-    };
+  if (kibanaVersion.major < 8) {
+    // In 7.x we still support the proxyConfig setting defined in kibana.yml
+    // From 8.x we don't support it anymore so we don't try to read it here.
+    if (proxyConfigCollection!.hasConfig()) {
+      return {
+        ...proxyConfigCollection!.configForUri(uri),
+        headers: newHeaders,
+      };
+    }
   }
 
   return {
@@ -106,18 +112,23 @@ export const createHandler =
   ({
     log,
     proxy: { readLegacyESConfig, pathFilters, proxyConfigCollection },
+    kibanaVersion,
   }: RouteDependencies): RequestHandler<unknown, Query, Body> =>
   async (ctx, request, response) => {
     const { body, query } = request;
     const { path, method } = query;
 
-    if (!pathFilters.some((re) => re.test(path))) {
-      return response.forbidden({
-        body: `Error connecting to '${path}':\n\nUnable to send requests to that path.`,
-        headers: {
-          'Content-Type': 'text/plain',
-        },
-      });
+    if (kibanaVersion.major < 8) {
+      // The "console.proxyFilter" setting in kibana.yaml has been deprecated in 8.x
+      // We only read it on the 7.x branch
+      if (!pathFilters!.some((re) => re.test(path))) {
+        return response.forbidden({
+          body: `Error connecting to '${path}':\n\nUnable to send requests to that path.`,
+          headers: {
+            'Content-Type': 'text/plain',
+          },
+        });
+      }
     }
 
     const legacyConfig = await readLegacyESConfig();
@@ -134,8 +145,9 @@ export const createHandler =
         const { timeout, agent, headers, rejectUnauthorized } = getRequestConfig(
           request.headers,
           legacyConfig,
-          proxyConfigCollection,
-          uri.toString()
+          uri.toString(),
+          kibanaVersion,
+          proxyConfigCollection
         );
 
         const requestHeaders = {