Removing circular dependency between spaces and security

x-pack/plugins/actions/server/lib/task_runner_factory.test.ts

@@ -12,7 +12,7 @@ import { TaskRunnerFactory } from './task_runner_factory';
 import { actionTypeRegistryMock } from '../action_type_registry.mock';
 import { actionExecutorMock } from './action_executor.mock';
 import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/mocks';
-import { savedObjectsClientMock, loggingSystemMock } from 'src/core/server/mocks';
+import { savedObjectsClientMock, loggingSystemMock, httpServiceMock } from 'src/core/server/mocks';
 import { eventLoggerMock } from '../../../event_log/server/mocks';
 import { ActionTypeDisabledError } from './errors';
 import { actionsClientMock } from '../mocks';
@@ -70,7 +70,7 @@ const taskRunnerFactoryInitializerParams = {
   actionTypeRegistry,
   logger: loggingSystemMock.create().get(),
   encryptedSavedObjectsClient: mockedEncryptedSavedObjectsClient,
-  getBasePath: jest.fn().mockReturnValue(undefined),
+  basePathService: httpServiceMock.createBasePath(),
   getUnsecuredSavedObjectsClient: jest.fn().mockReturnValue(services.savedObjectsClient),
 };
 

x-pack/plugins/actions/server/lib/task_runner_factory.ts

@@ -5,14 +5,16 @@
  */
 
 import { pick } from 'lodash';
+import type { Request } from '@hapi/hapi';
 import { pipe } from 'fp-ts/lib/pipeable';
 import { map, fromNullable, getOrElse } from 'fp-ts/lib/Option';
 import {
   Logger,
   SavedObjectsClientContract,
   KibanaRequest,
   SavedObjectReference,
-} from 'src/core/server';
+  IBasePath,
+} from '../../../../../src/core/server';
 import { ActionExecutorContract } from './action_executor';
 import { ExecutorError } from './executor_error';
 import { RunContext } from '../../../task_manager/server';
@@ -21,7 +23,6 @@ import { ActionTypeDisabledError } from './errors';
 import {
   ActionTaskParams,
   ActionTypeRegistryContract,
-  GetBasePathFunction,
   SpaceIdToNamespaceFunction,
   ActionTypeExecutorResult,
 } from '../types';
@@ -33,7 +34,7 @@ export interface TaskRunnerContext {
   actionTypeRegistry: ActionTypeRegistryContract;
   encryptedSavedObjectsClient: EncryptedSavedObjectsClient;
   spaceIdToNamespace: SpaceIdToNamespaceFunction;
-  getBasePath: GetBasePathFunction;
+  basePathService: IBasePath;
   getUnsecuredSavedObjectsClient: (request: KibanaRequest) => SavedObjectsClientContract;
 }
 
@@ -64,7 +65,7 @@ export class TaskRunnerFactory {
       logger,
       encryptedSavedObjectsClient,
       spaceIdToNamespace,
-      getBasePath,
+      basePathService,
       getUnsecuredSavedObjectsClient,
     } = this.taskRunnerContext!;
 
@@ -87,11 +88,12 @@ export class TaskRunnerFactory {
           requestHeaders.authorization = `ApiKey ${apiKey}`;
         }
 
+        const path = spaceId ? `/s/${spaceId}` : '/';
+
         // Since we're using API keys and accessing elasticsearch can only be done
         // via a request, we're faking one with the proper authorization headers.
-        const fakeRequest = ({
+        const fakeRequest = KibanaRequest.from(({
           headers: requestHeaders,
-          getBasePath: () => getBasePath(spaceId),
           path: '/',
           route: { settings: {} },
           url: {
@@ -102,7 +104,9 @@ export class TaskRunnerFactory {
               url: '/',
             },
           },
-        } as unknown) as KibanaRequest;
+        } as unknown) as Request);
+
+        basePathService.set(fakeRequest, path);
 
         let executorResult: ActionTypeExecutorResult<unknown>;
         try {

x-pack/plugins/actions/server/plugin.ts

@@ -133,7 +133,6 @@ export class ActionsPlugin implements Plugin<Promise<PluginSetupContract>, Plugi
 
   private readonly logger: Logger;
   private actionsConfig?: ActionsConfig;
-  private serverBasePath?: string;
   private taskRunnerFactory?: TaskRunnerFactory;
   private actionTypeRegistry?: ActionTypeRegistry;
   private actionExecutor?: ActionExecutor;
@@ -210,7 +209,6 @@ export class ActionsPlugin implements Plugin<Promise<PluginSetupContract>, Plugi
     });
     this.taskRunnerFactory = taskRunnerFactory;
     this.actionTypeRegistry = actionTypeRegistry;
-    this.serverBasePath = core.http.basePath.serverBasePath;
     this.actionExecutor = actionExecutor;
     this.security = plugins.security;
 
@@ -357,12 +355,6 @@ export class ActionsPlugin implements Plugin<Promise<PluginSetupContract>, Plugi
           : undefined,
     });
 
-    const getBasePath = (spaceId?: string): string => {
-      return plugins.spaces && spaceId
-        ? plugins.spaces.spacesService.getBasePath(spaceId)
-        : this.serverBasePath!;
-    };
-
     const spaceIdToNamespace = (spaceId?: string): string | undefined => {
       return plugins.spaces && spaceId
         ? plugins.spaces.spacesService.spaceIdToNamespace(spaceId)
@@ -373,7 +365,7 @@ export class ActionsPlugin implements Plugin<Promise<PluginSetupContract>, Plugi
       logger,
       actionTypeRegistry: actionTypeRegistry!,
       encryptedSavedObjectsClient,
-      getBasePath,
+      basePathService: core.http.basePath,
       spaceIdToNamespace,
       getUnsecuredSavedObjectsClient: (request: KibanaRequest) =>
         this.getUnsecuredSavedObjectsClient(core.savedObjects, request),

x-pack/plugins/actions/server/types.ts

@@ -22,7 +22,6 @@ export { ActionTypeExecutorResult } from '../common';
 export type WithoutQueryAndParams<T> = Pick<T, Exclude<keyof T, 'query' | 'params'>>;
 export type GetServicesFunction = (request: KibanaRequest) => Services;
 export type ActionTypeRegistryContract = PublicMethodsOf<ActionTypeRegistry>;
-export type GetBasePathFunction = (spaceId?: string) => string;
 export type SpaceIdToNamespaceFunction = (spaceId?: string) => string | undefined;
 export type ActionTypeConfig = Record<string, unknown>;
 export type ActionTypeSecrets = Record<string, unknown>;

x-pack/plugins/alerts/server/plugin.ts

@@ -115,7 +115,6 @@ export class AlertingPlugin {
   private readonly logger: Logger;
   private alertTypeRegistry?: AlertTypeRegistry;
   private readonly taskRunnerFactory: TaskRunnerFactory;
-  private serverBasePath?: string;
   private licenseState: LicenseState | null = null;
   private isESOUsingEphemeralEncryptionKey?: boolean;
   private security?: SecurityPluginSetup;
@@ -182,8 +181,6 @@ export class AlertingPlugin {
     });
     this.alertTypeRegistry = alertTypeRegistry;
 
-    this.serverBasePath = core.http.basePath.serverBasePath;
-
     const usageCollection = plugins.usageCollection;
     if (usageCollection) {
       initializeAlertingTelemetry(
@@ -259,12 +256,6 @@ export class AlertingPlugin {
       includedHiddenTypes: ['alert'],
     });
 
-    const getBasePath = (spaceId?: string): string => {
-      return plugins.spaces && spaceId
-        ? plugins.spaces.spacesService.getBasePath(spaceId)
-        : this.serverBasePath!;
-    };
-
     const spaceIdToNamespace = (spaceId?: string): string | undefined => {
       return plugins.spaces && spaceId
         ? plugins.spaces.spacesService.spaceIdToNamespace(spaceId)
@@ -306,7 +297,7 @@ export class AlertingPlugin {
       spaceIdToNamespace,
       actionsPlugin: plugins.actions,
       encryptedSavedObjectsClient,
-      getBasePath,
+      basePathService: core.http.basePath,
       eventLogger: this.eventLogger!,
       internalSavedObjectsRepository: core.savedObjects.createInternalRepository(['alert']),
     });

x-pack/plugins/alerts/server/task_runner/task_runner.test.ts

@@ -18,6 +18,7 @@ import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/serv
 import {
   loggingSystemMock,
   savedObjectsRepositoryMock,
+  httpServiceMock,
 } from '../../../../../src/core/server/mocks';
 import { PluginStartContract as ActionsPluginStart } from '../../../actions/server';
 import { actionsMock, actionsClientMock } from '../../../actions/server/mocks';
@@ -78,7 +79,7 @@ describe('Task Runner', () => {
     encryptedSavedObjectsClient,
     logger: loggingSystemMock.create().get(),
     spaceIdToNamespace: jest.fn().mockReturnValue(undefined),
-    getBasePath: jest.fn().mockReturnValue(undefined),
+    basePathService: httpServiceMock.createBasePath(),
     eventLogger: eventLoggerMock.create(),
     internalSavedObjectsRepository: savedObjectsRepositoryMock.create(),
   };

x-pack/plugins/alerts/server/task_runner/task_runner.ts

@@ -5,6 +5,7 @@
  */
 import type { PublicMethodsOf } from '@kbn/utility-types';
 import { Dictionary, pickBy, mapValues, without, cloneDeep } from 'lodash';
+import type { Request } from '@hapi/hapi';
 import { Logger, KibanaRequest } from '../../../../../src/core/server';
 import { TaskRunnerContext } from './task_runner_factory';
 import { ConcreteTaskInstance, throwUnrecoverableError } from '../../../task_manager/server';
@@ -91,9 +92,10 @@ export class TaskRunner {
       requestHeaders.authorization = `ApiKey ${apiKey}`;
     }
 
-    return ({
+    const path = spaceId ? `/s/${spaceId}` : '/';
+
+    const fakeRequest = KibanaRequest.from(({
       headers: requestHeaders,
-      getBasePath: () => this.context.getBasePath(spaceId),
       path: '/',
       route: { settings: {} },
       url: {
@@ -104,7 +106,11 @@ export class TaskRunner {
           url: '/',
         },
       },
-    } as unknown) as KibanaRequest;
+    } as unknown) as Request);
+
+    this.context.basePathService.set(fakeRequest, path);
+
+    return fakeRequest;
   }
 
   private getServicesWithSpaceLevelPermissions(

x-pack/plugins/alerts/server/task_runner/task_runner_factory.test.ts

@@ -11,6 +11,7 @@ import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/serv
 import {
   loggingSystemMock,
   savedObjectsRepositoryMock,
+  httpServiceMock,
 } from '../../../../../src/core/server/mocks';
 import { actionsMock } from '../../../actions/server/mocks';
 import { alertsMock, alertsClientMock } from '../mocks';
@@ -64,7 +65,7 @@ describe('Task Runner Factory', () => {
     encryptedSavedObjectsClient: encryptedSavedObjectsPlugin.getClient(),
     logger: loggingSystemMock.create().get(),
     spaceIdToNamespace: jest.fn().mockReturnValue(undefined),
-    getBasePath: jest.fn().mockReturnValue(undefined),
+    basePathService: httpServiceMock.createBasePath(),
     eventLogger: eventLoggerMock.create(),
     internalSavedObjectsRepository: savedObjectsRepositoryMock.create(),
   };

x-pack/plugins/alerts/server/task_runner/task_runner_factory.ts

@@ -4,16 +4,16 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import type { PublicMethodsOf } from '@kbn/utility-types';
-import { Logger, KibanaRequest, ISavedObjectsRepository } from '../../../../../src/core/server';
+import {
+  Logger,
+  KibanaRequest,
+  ISavedObjectsRepository,
+  IBasePath,
+} from '../../../../../src/core/server';
 import { RunContext } from '../../../task_manager/server';
 import { EncryptedSavedObjectsClient } from '../../../encrypted_saved_objects/server';
 import { PluginStartContract as ActionsPluginStartContract } from '../../../actions/server';
-import {
-  AlertType,
-  GetBasePathFunction,
-  GetServicesFunction,
-  SpaceIdToNamespaceFunction,
-} from '../types';
+import { AlertType, GetServicesFunction, SpaceIdToNamespaceFunction } from '../types';
 import { TaskRunner } from './task_runner';
 import { IEventLogger } from '../../../event_log/server';
 import { AlertsClient } from '../alerts_client';
@@ -26,7 +26,7 @@ export interface TaskRunnerContext {
   eventLogger: IEventLogger;
   encryptedSavedObjectsClient: EncryptedSavedObjectsClient;
   spaceIdToNamespace: SpaceIdToNamespaceFunction;
-  getBasePath: GetBasePathFunction;
+  basePathService: IBasePath;
   internalSavedObjectsRepository: ISavedObjectsRepository;
 }
 

x-pack/plugins/alerts/server/types.ts

@@ -32,7 +32,6 @@ import {
 
 export type WithoutQueryAndParams<T> = Pick<T, Exclude<keyof T, 'query' | 'params'>>;
 export type GetServicesFunction = (request: KibanaRequest) => Services;
-export type GetBasePathFunction = (spaceId?: string) => string;
 export type SpaceIdToNamespaceFunction = (spaceId?: string) => string | undefined;
 
 declare module 'src/core/server' {

x-pack/plugins/spaces/server/spaces_service/spaces_service.mock.ts

@@ -30,7 +30,6 @@ const createStartContractMock = (spaceId = DEFAULT_SPACE_ID) => {
     createSpacesClient: jest.fn().mockReturnValue(spacesClientMock.create()),
     getSpaceId: jest.fn().mockReturnValue(spaceId),
     isInDefaultSpace: jest.fn().mockReturnValue(spaceId === DEFAULT_SPACE_ID),
-    getBasePath: jest.fn().mockReturnValue(''),
     getActiveSpace: jest.fn(),
   };
   return startContract;

x-pack/plugins/spaces/server/spaces_service/spaces_service.ts

@@ -12,7 +12,7 @@ import {
   SpacesClientServiceStart,
 } from '../lib/spaces_client';
 import { ConfigType } from '../config';
-import { getSpaceIdFromPath, addSpaceIdToPath } from '../../common/lib/spaces_url_parser';
+import { getSpaceIdFromPath } from '../../common/lib/spaces_url_parser';
 import { DEFAULT_SPACE_ID } from '../../common/constants';
 import { spaceIdToNamespace, namespaceToSpaceId } from '../lib/utils/namespace';
 import { Space } from '..';
@@ -74,12 +74,6 @@ export interface SpacesServiceStart {
    */
   getActiveSpace(request: KibanaRequest): Promise<Space>;
 
-  /**
-   * Gets the space-aware base path for the specified space id.
-   * @param spaceId
-   */
-  getBasePath(spaceId: string): string;
-
   /**
    * Converts the provided space id into the corresponding Saved Objects `namespace` id.
    * @param spaceId
@@ -141,12 +135,7 @@ export class SpacesService {
         const spaceId = this.getSpaceId(request, coreStart.http.basePath);
         return getScopedClient(request).get(spaceId);
       },
-      getBasePath: (spaceId: string) => {
-        if (!spaceId) {
-          throw new TypeError(`spaceId is required to retrieve base path`);
-        }
-        return addSpaceIdToPath(coreStart.http.basePath.serverBasePath, spaceId);
-      },
+
       isInDefaultSpace: (request: KibanaRequest) => {
         const spaceId = this.getSpaceId(request, coreStart.http.basePath);