Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move and refactor x-pack plugin code for Security and Spaces #104152

Closed
jportner opened this issue Jul 1, 2021 · 5 comments · Fixed by #109258 or #113946
Closed

Move and refactor x-pack plugin code for Security and Spaces #104152

jportner opened this issue Jul 1, 2021 · 5 comments · Fixed by #109258 or #113946
Assignees
@jportner
Labels
chore impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:medium Medium Level of Effort Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@jportner
Copy link
Contributor

jportner commented Jul 1, 2021
edited
Loading

The Security team maintains several plugins:

  • /src/plugins/security_oss
  • /src/plugins/spaces_oss
  • /x-pack/plugins/encrypted_saved_objects
  • /x-pack/plugins/security
  • /x-pack/plugins/spaces

Now that we are only shipping the Default distribution, we can refactor consumers to get rid of the security_oss/spaces_oss plugins. Optionally, we may move the existing plugins from the x-pack directory to the regular plugin directory, though this would entail changing the license of existing x-pack code (adding SSPL)
@jportner jportner added chore Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Jul 1, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@lukasolson lukasolson mentioned this issue Jul 1, 2021
Closed
10 tasks
@thomasneirynck
Copy link
Contributor

thomasneirynck commented Jul 7, 2021
edited
Loading

thx for raising this issue.

There is an existing use-case that would greatly benefit from this refactor.

The Vega plugin (formerly OSS, now Elastic v2/SSPL) uses EMS. To enable Vega to use on-prem deployments of EMS (#89304), the user needs to have an enterprise license. It would be nice if we can perform this license-check client-side (just like that same check in the x-pack Maps-app).

In order to do this license-check, plugins need to depend on the licensing-plugin. It appears Vega-plugin cannot directly add a dependency on the licensing-plugin (because this would bundle code from the licensing-plugin inside the Vega-bundle). The work-around would require the reintroduction of the same kind of "enhancer"-plugin. Similar "enhancer plugins" were used to distinguish between OSS and Basic in "pre-license change" era, to "upgrade" functionality of the OSS-plugins. It would be great if this sort of work-around would no longer be needed.

@jportner
Copy link
Contributor Author

jportner commented Jul 7, 2021

CC @kobelb

@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Aug 4, 2021
@jportner jportner mentioned this issue Aug 17, 2021
Closed
5 tasks
@jportner jportner self-assigned this Aug 18, 2021
@jportner jportner mentioned this issue Aug 19, 2021
Merged
6 tasks
@jportner
Copy link
Contributor Author

jportner commented Sep 8, 2021

Reopening this, still need to get rid of securityOss plugin

@jportner jportner reopened this Sep 8, 2021
@exalate-issue-sync exalate-issue-sync bot added loe:medium Medium Level of Effort and removed loe:small Small Level of Effort labels Sep 29, 2021
@jportner
Copy link
Contributor Author

jportner commented Oct 5, 2021
edited
Loading

In attempting to get rid of the securityOss plugin, I noticed a couple of hiccups:

  1. This adds a direct dependency from share to security, creating a new circular dependency: data -> share -> security -> data
    The share plugin is one of the few required by data, and tons of other plugins require data. So I think we'll need to invert the dependency between security and share.
  2. We would also need to deprecate the security.showInsecureClusterWarning setting, renaming it to xpack.security.showInsecureClusterWarning

@jportner jportner mentioned this issue Oct 5, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jportner jportner

Labels
chore impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:medium Medium Level of Effort Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
4 participants
@thomasneirynck @legrego @jportner @elasticmachine