Make the Chrome project API "protected" for the Serverless plugin #157307
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tsullivan
commented
May 10, 2023
| ): ServerlessSearchPluginStart { | ||
| core.chrome.project.setSideNavComponent(createComponent(core)); | ||
| serverless.setSideNavComponent(createComponent(core)); |
There was a problem hiding this comment.
2bb0753 to
26e462c
Compare
26e462c to
060f94a
Compare
|
Pinging @elastic/appex-sharedux (Team:SharedUX) |
Dosant
approved these changes
May 15, 2023
clintandrewhall
approved these changes
May 15, 2023
| @@ -64,7 +63,8 @@ export class ServerlessPlugin | |||
|
|
|||
| return { | |||
| setSideNavComponent: (sideNavigationComponent) => | |||
| core.chrome.project.setSideNavComponent(sideNavigationComponent), | |||
| // Casting the "chrome.projects" service to an "internal" type: it's intentional to call the service only from here. | |||
| (core.chrome as InternalChromeStart).project.setSideNavComponent(sideNavigationComponent), | |||
There was a problem hiding this comment.
We should couple this with a throw on these methods if chromeStyle is not set properly.
| @@ -64,7 +63,8 @@ export class ServerlessPlugin | |||
|
|
|||
| return { | |||
| setSideNavComponent: (sideNavigationComponent) => | |||
There was a problem hiding this comment.
nit: I've always disliked abbreviations, (and Component feels redundant, as the parameter is a React component)... perhaps we could consider setSidebarNavigation...?
There was a problem hiding this comment.
I agree w/ you, but serverless.setSideNavComponent already has presence in the 3 serverless project plugins. Let's find a new name at our next sync and change this in a standalone PR.
There was a problem hiding this comment.
setSidebarNavigation() is reserved (™) and will be used when there is no need to provide a component (UI) (define the navigation through an object - see first example in Proposal #157702).
Well actually it will even be shorter: setNavigation() 😊
I do think "Component" is explicit of the intent. It could be "UI" suffix instead.
Co-authored-by: Clint Andrew Hall <clint@clintandrewhall.com>
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
jasonrhodes
pushed a commit
that referenced
this pull request
May 17, 2023
…57307) ## Summary Addresses #156600 (comment) > Let's think if there is a way to throw an error when core chrome api are called from invalid plugins (in this cases only the serverless plugin would be allowed. This PR can be a starting point for discussion on the behavior we really want. This PR has a simple goal to ensure that non-serverless plugins do not call the `chrome.projects` API. However, it's not complete security, as the compile-time error would be easy to override. cc @sebelga @Dosant @clintandrewhall --- --- ### Checklist Delete any items that are not applicable to this PR. - [x] Documentation was added for features that require explanation or tutorials Internal documentation: https://docs.google.com/document/d/1ew8KYl6ROs_V7jeIXgeP_C9YgkYK2IPtuceo6KVF_jE/edit# --------- Co-authored-by: Clint Andrew Hall <clint@clintandrewhall.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Addresses #156600 (comment)
This PR can be a starting point for discussion on the behavior we really want. This PR has a simple goal to ensure that non-serverless plugins do not call the
chrome.projectsAPI. However, it's not complete security, as the compile-time error would be easy to override.cc @sebelga @Dosant @clintandrewhall
Checklist
Delete any items that are not applicable to this PR.
Internal documentation: https://docs.google.com/document/d/1ew8KYl6ROs_V7jeIXgeP_C9YgkYK2IPtuceo6KVF_jE/edit#