Add Mock IDP login page and role switcher

[thomheymann]

Follow up to #170852

Summary

Adds login page and role switcher for development-only identity provider.

Screenshots

Login page

Role switcher

Testing

SAML is only supported by ES when running in SSL mode.

1. To test the mock identity provider run a serverless project in SSL mode using:

yarn es serverless --ssl
yarn start --serverless=es --ssl

2. Then access Kibana and login in using "Continue as Test User".

[pgayvallet]

I can feel the pain and suffering in this comment addition 😄

[jbudz]

Mind if we add a ci:cloud-deploy label? This seems like a gap in the packaging system with a development plugin included in production.

I can see we're skipping the server load but I'm not sure how the client is going to behave.

[jbudz]

Oh..it's not a development plugin but it's pulling in mock-idp-utils which is devOnly. Can you help me understand the workflow in production?

[thomheymann]

@jbudz Both plugins are development-only and are not used in production. The only reason they're broken up into two separate plugins is to avoid cyclic TS projects.

[jbudz]

Can we add devOnly to https://github.com/elastic/kibana/pull/172257/files#diff-04504e6ebadd3cdc5ecb3ff8e4e2aa2d793812f94fbe64f727b2a4b3fcb79a66R6

[thomheymann]

Both plugins already have devOnly enabled:

https://github.com/elastic/kibana/pull/172257/files#diff-04504e6ebadd3cdc5ecb3ff8e4e2aa2d793812f94fbe64f727b2a4b3fcb79a66L5

https://github.com/elastic/kibana/pull/172257/files#diff-776e20a48718f6a26de3c35a65c305b1b1f4b4e16576e4328842d4f04a80343bR5

Is something not working as expected?

[jbudz]

Is opts.dev enabled for these QA cloud deployments?

It's not. We're using the same build script we use for releases, i.e. the node scripts/build --release

[thomheymann]

@pgayvallet Is there any other mechanism in place where Kibana would load in this plugin despite the dev CLI arg not being set?

[pgayvallet]

@thomheymann I apologize, I missed the ping. We have one CI script (the SO schema check) that loads Kibana while forcing all plugins to be enabled. but I don't think it would be the issue here.

However, fwiw, I'm not sure the optimizer / bundler ever supported evicting "devOnly" plugins @jbudz?

Having the plugin disabled in production for sure. Not bundling specific plugins into the distributable? AFAIK this was never implemented. I think the bundler will consider all plugins as production code?

[pgayvallet]

Looking at your PR and at the @kbn/mock-idp-plugin, I'm not sure how we got to the conclusion that this plugin is disabled by default and/or not bundled for production?

The plugin discovery system is now plugged on the package list, so it's not because a plugin in under package instead of /src/plugins or /x-pack/plugins that it will be disabled by default. All packages with a kibana.jsonc file will be considered as a plugin and included in the plugin list automatically (and then loaded).

Also IIRC, the bundler will consider all plugins as production code, meaning that they WILL be included (ignoring, I assume, the devOnly flag that is supposed to work on packages, not plugins)

@jbudz will have to confirm those assumptions of course, bundling/bazel is Operations' territory, not Core's. But if that was the case, the only approach I would think of is to add a configuration to your plugin with a schema forcing it to be disabled for production, like

        enabled: schema.conditional(
          schema.contextRef('dist'),
          true,
          schema.boolean({ defaultValue: false, validate: (raw) => {
              if(raw !== false) { throw "mock idp plugin cannot be enabled in production"}
          } }),
          schema.boolean({ defaultValue: true })
        ),

[jbudz]

However, fwiw, I'm not sure the optimizer / bundler ever supported evicting "devOnly" plugins @jbudz?

It's safe to ignore any of my assumptions here. I haven't really been involved with any of the packaging changes. @mistic do you know?

[jbudz]

buildkite test this

[azasypkin]

@elastic/kibana-operations @elastic/kibana-qa @elastic/kibana-security PR is ready for your review!

[azasypkin]

note: without this change, @kbn/mock-idp-plugin (dev-only) is included into package-map.json even though it's not actually bundled into the build. Let me know if you have any better ideas how to solve this!

[delanni]

Is this not going to interfere with other builds?
Is it related to this thread: #172257 (comment)?

@mistic , do you have any opinions on this?

[mistic]

@azasypkin I suggest we change that line https://github.com/elastic/kibana/blob/main/src/dev/build/lib/config.ts#L249 with (!p.isPlugin() || (this.pluginFilter(p) && !p.isDevOnly())) instead of adding the check on this line

[azasypkin]

Sure, @mistic, thanks! Applied your suggestion in f979aa7.

[dmlemeshko]

Code LGTM. Tested locally for all the projects, works perfectly.

[delanni]

Ops related changes 👍

[mistic]

Suggested change

	.filter((p) => p.isPlugin() && !p.isDevOnly())
	.filter((p) => p.isPlugin())

[kibana-ci]

💔 Build Failed

• Buildkite Build
• Commit: f979aa7
• Interpreting CI Failures
• Kibana Serverless Image: docker.elastic.co/kibana-ci/kibana-serverless:pr-172257-f979aa7a006f
• Elasticsearch Serverless Deployment

Failed CI Steps

• FTR Configs #24
• Build and Deploy to Cloud
• Build and Deploy to Cloud

Test Failures

• [job] [logs] FTR Configs #24 / Detection Engine API - Update Prebuilt Rules Package @ess @serverless @skipInQA update_prebuilt_rules_package should allow user to install prebuilt rules from scratch, then install new rules and upgrade existing rules from the new package

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
mockIdpPlugin	-	43	+43

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
@kbn/mock-idp-utils	-	18	+18
mockIdpPlugin	19	2	-17
total			+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
mockIdpPlugin	-	27.8KB	+27.8KB

Canvas Sharable Runtime

The Canvas "shareable runtime" is an bundle produced to enable running Canvas workpads outside of Kibana. This bundle is included in third-party webpages that embed canvas and therefor should be as slim as possible.

id	before	after	diff
module count	-	5724	+5724
total size	-	6.0MB	+6.0MB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
mockIdpPlugin	-	12.2KB	+12.2KB

Unknown metric groups

API count

id	before	after	diff
@kbn/mock-idp-utils	-	25	+25
mockIdpPlugin	25	2	-23
total			+2

async chunk count

id	before	after	diff
mockIdpPlugin	-	1	+1

ESLint disabled line counts

id	before	after	diff
mockIdpPlugin	0	1	+1

Total ESLint disabled count

id	before	after	diff
mockIdpPlugin	0	1	+1

History

• 💛 Build #186957 was flaky eaba0ef
• 💔 Build #186952 failed ae6aabf
• 💛 Build #186223 was flaky b9a3298
• 💔 Build #186212 failed b9a3298

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[legrego]

Resolves #166340