-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add API to refresh authc headers and retry ES request when 401 is enc…
…ountered (#120677) * initial POC * remove test code * update the header holding logic * add new API to plugin context * introduce the IAuthHeadersStorage interface * fix some types, mocks and tests * export types from server entrypoint * also export error type * more doc * update generated doc * Fix ES service tests * add tests for createInternalErrorHandler * fix type in cli_setup * generated doc * add tests for configureClient * add unit tests for custom transport class * fix handler propagation to initial clients * lint * address review comments
- Loading branch information
1 parent
17d2cd1
commit b606054
Showing
45 changed files
with
1,713 additions
and
208 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletions
35
...ana-plugin-core-server.elasticsearchservicesetup.setunauthorizederrorhandler.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [ElasticsearchServiceSetup](./kibana-plugin-core-server.elasticsearchservicesetup.md) > [setUnauthorizedErrorHandler](./kibana-plugin-core-server.elasticsearchservicesetup.setunauthorizederrorhandler.md) | ||
|
||
## ElasticsearchServiceSetup.setUnauthorizedErrorHandler property | ||
|
||
Register a handler that will be called when unauthorized (401) errors are returned from any API call to elasticsearch performed on behalf of a user via a [scoped cluster client](./kibana-plugin-core-server.iscopedclusterclient.md)<!-- -->. | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
setUnauthorizedErrorHandler: (handler: UnauthorizedErrorHandler) => void; | ||
``` | ||
|
||
## Remarks | ||
|
||
The handler will only be invoked for scoped client bound to real [request](./kibana-plugin-core-server.kibanarequest.md) instances. | ||
|
||
## Example | ||
|
||
|
||
```ts | ||
const handler: UnauthorizedErrorHandler = ({ request, error }, toolkit) => { | ||
const reauthenticationResult = await authenticator.reauthenticate(request, error); | ||
if (reauthenticationResult.succeeded()) { | ||
return toolkit.retry({ | ||
authHeaders: reauthenticationResult.authHeaders, | ||
}); | ||
} | ||
return toolkit.notHandled(); | ||
} | ||
|
||
coreSetup.elasticsearch.setUnauthorizedErrorHandler(handler); | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
docs/development/core/server/kibana-plugin-core-server.unauthorizederror.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedError](./kibana-plugin-core-server.unauthorizederror.md) | ||
|
||
## UnauthorizedError type | ||
|
||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
export declare type UnauthorizedError = errors.ResponseError & { | ||
statusCode: 401; | ||
}; | ||
``` |
13 changes: 13 additions & 0 deletions
13
docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandler.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandler](./kibana-plugin-core-server.unauthorizederrorhandler.md) | ||
|
||
## UnauthorizedErrorHandler type | ||
|
||
A handler used to handle unauthorized error returned by elasticsearch | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
export declare type UnauthorizedErrorHandler = (options: UnauthorizedErrorHandlerOptions, toolkit: UnauthorizedErrorHandlerToolkit) => MaybePromise<UnauthorizedErrorHandlerResult>; | ||
``` |
19 changes: 19 additions & 0 deletions
19
...re/server/kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerNotHandledResult](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.md) | ||
|
||
## UnauthorizedErrorHandlerNotHandledResult interface | ||
|
||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
export interface UnauthorizedErrorHandlerNotHandledResult | ||
``` | ||
|
||
## Properties | ||
|
||
| Property | Type | Description | | ||
| --- | --- | --- | | ||
| [type](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.type.md) | 'notHandled' | | | ||
|
11 changes: 11 additions & 0 deletions
11
...rver/kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.type.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerNotHandledResult](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.md) > [type](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.type.md) | ||
|
||
## UnauthorizedErrorHandlerNotHandledResult.type property | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
type: 'notHandled'; | ||
``` |
11 changes: 11 additions & 0 deletions
11
.../core/server/kibana-plugin-core-server.unauthorizederrorhandleroptions.error.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerOptions](./kibana-plugin-core-server.unauthorizederrorhandleroptions.md) > [error](./kibana-plugin-core-server.unauthorizederrorhandleroptions.error.md) | ||
|
||
## UnauthorizedErrorHandlerOptions.error property | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
error: UnauthorizedError; | ||
``` |
20 changes: 20 additions & 0 deletions
20
...opment/core/server/kibana-plugin-core-server.unauthorizederrorhandleroptions.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerOptions](./kibana-plugin-core-server.unauthorizederrorhandleroptions.md) | ||
|
||
## UnauthorizedErrorHandlerOptions interface | ||
|
||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
export interface UnauthorizedErrorHandlerOptions | ||
``` | ||
|
||
## Properties | ||
|
||
| Property | Type | Description | | ||
| --- | --- | --- | | ||
| [error](./kibana-plugin-core-server.unauthorizederrorhandleroptions.error.md) | UnauthorizedError | | | ||
| [request](./kibana-plugin-core-server.unauthorizederrorhandleroptions.request.md) | KibanaRequest | | | ||
|
11 changes: 11 additions & 0 deletions
11
...ore/server/kibana-plugin-core-server.unauthorizederrorhandleroptions.request.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerOptions](./kibana-plugin-core-server.unauthorizederrorhandleroptions.md) > [request](./kibana-plugin-core-server.unauthorizederrorhandleroptions.request.md) | ||
|
||
## UnauthorizedErrorHandlerOptions.request property | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
request: KibanaRequest; | ||
``` |
12 changes: 12 additions & 0 deletions
12
...lopment/core/server/kibana-plugin-core-server.unauthorizederrorhandlerresult.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerResult](./kibana-plugin-core-server.unauthorizederrorhandlerresult.md) | ||
|
||
## UnauthorizedErrorHandlerResult type | ||
|
||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
export declare type UnauthorizedErrorHandlerResult = UnauthorizedErrorHandlerRetryResult | UnauthorizedErrorHandlerNotHandledResult; | ||
``` |
11 changes: 11 additions & 0 deletions
11
...ana-plugin-core-server.unauthorizederrorhandlerresultretryparams.authheaders.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerResultRetryParams](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.md) > [authHeaders](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.authheaders.md) | ||
|
||
## UnauthorizedErrorHandlerResultRetryParams.authHeaders property | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
authHeaders: AuthHeaders; | ||
``` |
19 changes: 19 additions & 0 deletions
19
...e/server/kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerResultRetryParams](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.md) | ||
|
||
## UnauthorizedErrorHandlerResultRetryParams interface | ||
|
||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
export interface UnauthorizedErrorHandlerResultRetryParams | ||
``` | ||
|
||
## Properties | ||
|
||
| Property | Type | Description | | ||
| --- | --- | --- | | ||
| [authHeaders](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.authheaders.md) | AuthHeaders | | | ||
|
20 changes: 20 additions & 0 deletions
20
...nt/core/server/kibana-plugin-core-server.unauthorizederrorhandlerretryresult.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerRetryResult](./kibana-plugin-core-server.unauthorizederrorhandlerretryresult.md) | ||
|
||
## UnauthorizedErrorHandlerRetryResult interface | ||
|
||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
export interface UnauthorizedErrorHandlerRetryResult extends UnauthorizedErrorHandlerResultRetryParams | ||
``` | ||
<b>Extends:</b> UnauthorizedErrorHandlerResultRetryParams | ||
## Properties | ||
| Property | Type | Description | | ||
| --- | --- | --- | | ||
| [type](./kibana-plugin-core-server.unauthorizederrorhandlerretryresult.type.md) | 'retry' | | | ||
11 changes: 11 additions & 0 deletions
11
...re/server/kibana-plugin-core-server.unauthorizederrorhandlerretryresult.type.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerRetryResult](./kibana-plugin-core-server.unauthorizederrorhandlerretryresult.md) > [type](./kibana-plugin-core-server.unauthorizederrorhandlerretryresult.type.md) | ||
|
||
## UnauthorizedErrorHandlerRetryResult.type property | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
type: 'retry'; | ||
``` |
21 changes: 21 additions & 0 deletions
21
...opment/core/server/kibana-plugin-core-server.unauthorizederrorhandlertoolkit.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerToolkit](./kibana-plugin-core-server.unauthorizederrorhandlertoolkit.md) | ||
|
||
## UnauthorizedErrorHandlerToolkit interface | ||
|
||
Toolkit passed to a [UnauthorizedErrorHandler](./kibana-plugin-core-server.unauthorizederrorhandler.md) used to generate responses from the handler | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
export interface UnauthorizedErrorHandlerToolkit | ||
``` | ||
|
||
## Properties | ||
|
||
| Property | Type | Description | | ||
| --- | --- | --- | | ||
| [notHandled](./kibana-plugin-core-server.unauthorizederrorhandlertoolkit.nothandled.md) | () => UnauthorizedErrorHandlerNotHandledResult | The handler cannot handle the error, or was not able to authenticate. | | ||
| [retry](./kibana-plugin-core-server.unauthorizederrorhandlertoolkit.retry.md) | (params: UnauthorizedErrorHandlerResultRetryParams) => UnauthorizedErrorHandlerRetryResult | The handler was able to authenticate. Will retry the failed request with new auth headers | | ||
|
13 changes: 13 additions & 0 deletions
13
.../server/kibana-plugin-core-server.unauthorizederrorhandlertoolkit.nothandled.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerToolkit](./kibana-plugin-core-server.unauthorizederrorhandlertoolkit.md) > [notHandled](./kibana-plugin-core-server.unauthorizederrorhandlertoolkit.nothandled.md) | ||
|
||
## UnauthorizedErrorHandlerToolkit.notHandled property | ||
|
||
The handler cannot handle the error, or was not able to authenticate. | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
notHandled: () => UnauthorizedErrorHandlerNotHandledResult; | ||
``` |
13 changes: 13 additions & 0 deletions
13
.../core/server/kibana-plugin-core-server.unauthorizederrorhandlertoolkit.retry.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<!-- Do not edit this file. It is automatically generated by API Documenter. --> | ||
|
||
[Home](./index.md) > [kibana-plugin-core-server](./kibana-plugin-core-server.md) > [UnauthorizedErrorHandlerToolkit](./kibana-plugin-core-server.unauthorizederrorhandlertoolkit.md) > [retry](./kibana-plugin-core-server.unauthorizederrorhandlertoolkit.retry.md) | ||
|
||
## UnauthorizedErrorHandlerToolkit.retry property | ||
|
||
The handler was able to authenticate. Will retry the failed request with new auth headers | ||
|
||
<b>Signature:</b> | ||
|
||
```typescript | ||
retry: (params: UnauthorizedErrorHandlerResultRetryParams) => UnauthorizedErrorHandlerRetryResult; | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.