Migrate config deprecations and ShieldUser functionality to the New Platform

x-pack/legacy/plugins/security/index.js

@@ -28,31 +28,16 @@ export const security = kibana =>
         enabled: Joi.boolean().default(true),
         cookieName: HANDLED_IN_NEW_PLATFORM,
         encryptionKey: HANDLED_IN_NEW_PLATFORM,
-        session: Joi.object({
-          idleTimeout: HANDLED_IN_NEW_PLATFORM,
-          lifespan: HANDLED_IN_NEW_PLATFORM,
-        }).default(),
+        session: HANDLED_IN_NEW_PLATFORM,
         secureCookies: HANDLED_IN_NEW_PLATFORM,
         loginAssistanceMessage: HANDLED_IN_NEW_PLATFORM,
-        authorization: Joi.object({
-          legacyFallback: Joi.object({
-            enabled: Joi.boolean().default(true), // deprecated
-          }).default(),
-        }).default(),
         audit: Joi.object({
           enabled: Joi.boolean().default(false),
         }).default(),
         authc: HANDLED_IN_NEW_PLATFORM,
       }).default();
     },
 
-    deprecations: function({ rename, unused }) {
-      return [
-        unused('authorization.legacyFallback.enabled'),
-        rename('sessionTimeout', 'session.idleTimeout'),
-      ];
-    },
-
     uiExports: {
       chromeNavControls: [],
       managementSections: ['plugins/security/views/management'],

x-pack/plugins/security/server/config.ts

@@ -8,7 +8,6 @@ import crypto from 'crypto';
 import { Observable } from 'rxjs';
 import { map } from 'rxjs/operators';
 import { schema, Type, TypeOf } from '@kbn/config-schema';
-import { duration } from 'moment';
 import { PluginInitializerContext } from '../../../../src/core/server';
 
 export type ConfigType = ReturnType<typeof createConfig$> extends Observable<infer P>
@@ -35,7 +34,6 @@ export const ConfigSchema = schema.object(
       schema.maybe(schema.string({ minLength: 32 })),
       schema.string({ minLength: 32, defaultValue: 'a'.repeat(32) })
     ),
-    sessionTimeout: schema.maybe(schema.nullable(schema.number())), // DEPRECATED
     session: schema.object({
       idleTimeout: schema.nullable(schema.duration()),
       lifespan: schema.nullable(schema.duration()),
@@ -88,22 +86,11 @@ export function createConfig$(context: PluginInitializerContext, isTLSEnabled: b
         secureCookies = true;
       }
 
-      // "sessionTimeout" is deprecated and replaced with "session.idleTimeout"
-      // however, NP does not yet have a mechanism to automatically rename deprecated keys
-      // for the time being, we'll do it manually:
-      const deprecatedSessionTimeout =
-        typeof config.sessionTimeout === 'number' ? duration(config.sessionTimeout) : null;
-      const val = {
+      return {
         ...config,
         encryptionKey,
         secureCookies,
-        session: {
-          ...config.session,
-          idleTimeout: config.session.idleTimeout || deprecatedSessionTimeout,
-        },
       };
-      delete val.sessionTimeout; // DEPRECATED
-      return val;
     })
   );
 }

x-pack/plugins/security/server/index.ts

@@ -4,15 +4,30 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { PluginInitializerContext } from '../../../../src/core/server';
+import { TypeOf } from '@kbn/config-schema';
+import {
+  PluginConfigDescriptor,
+  PluginInitializer,
+  PluginInitializerContext,
+  RecursiveReadonly,
+} from '../../../../src/core/server';
 import { ConfigSchema } from './config';
-import { Plugin } from './plugin';
+import { Plugin, PluginSetupContract, PluginSetupDependencies } from './plugin';
 
 // These exports are part of public Security plugin contract, any change in signature of exported
 // functions or removal of exports should be considered as a breaking change.
 export { AuthenticationResult, DeauthenticationResult, CreateAPIKeyResult } from './authentication';
-export { PluginSetupContract } from './plugin';
+export { PluginSetupContract };
 
-export const config = { schema: ConfigSchema };
-export const plugin = (initializerContext: PluginInitializerContext) =>
-  new Plugin(initializerContext);
+export const config: PluginConfigDescriptor<TypeOf<typeof ConfigSchema>> = {
+  schema: ConfigSchema,
+  deprecations: ({ rename, unused }) => [
+    rename('sessionTimeout', 'session.idleTimeout'),
+    unused('authorization.legacyFallback.enabled'),
+  ],
+};
+export const plugin: PluginInitializer<
+  RecursiveReadonly<PluginSetupContract>,
+  void,
+  PluginSetupDependencies
+> = (initializerContext: PluginInitializerContext) => new Plugin(initializerContext);

x-pack/plugins/security/server/plugin.ts

@@ -110,10 +110,7 @@ export class Plugin {
     this.logger = this.initializerContext.logger.get();
   }
 
-  public async setup(
-    core: CoreSetup,
-    { features, licensing }: PluginSetupDependencies
-  ): Promise<RecursiveReadonly<PluginSetupContract>> {
+  public async setup(core: CoreSetup, { features, licensing }: PluginSetupDependencies) {
     const [config, legacyConfig] = await combineLatest([
       createConfig$(this.initializerContext, core.http.isTlsEnabled),
       this.initializerContext.config.legacy.globalConfig$,
@@ -169,7 +166,7 @@ export class Plugin {
       csp: core.http.csp,
     });
 
-    return deepFreeze({
+    return deepFreeze<PluginSetupContract>({
       authc,
 
       authz: {