Warn users when security is not configured

.github/CODEOWNERS

@@ -262,6 +262,8 @@
 
 # Security
 /src/core/server/csp/  @elastic/kibana-security @elastic/kibana-platform
+/src/plugins/security_oss/ @elastic/kibana-security
+/test/security_functional/ @elastic/kibana-security
 /x-pack/plugins/spaces/  @elastic/kibana-security
 /x-pack/plugins/encrypted_saved_objects/  @elastic/kibana-security
 /x-pack/plugins/security/  @elastic/kibana-security

.i18nrc.json

@@ -37,6 +37,7 @@
     "regionMap": "src/plugins/region_map",
     "savedObjects": "src/plugins/saved_objects",
     "savedObjectsManagement": "src/plugins/saved_objects_management",
+    "security": "src/plugins/security_oss",
     "server": "src/legacy/server",
     "statusPage": "src/legacy/core_plugins/status_page",
     "telemetry": [

docs/developer/plugin-list.asciidoc

@@ -155,6 +155,11 @@ It also provides a stateful version of it on the start contract.
 |WARNING: Missing README.
 
 
+|{kib-repo}blob/{branch}/src/plugins/security_oss/README.md[securityOSS]
+|securityOSS is responsible for educating users about Elastic's free security features,
+so they can properly protect the data within their clusters.
+
+
 |{kib-repo}blob/{branch}/src/plugins/share/README.md[share]
 |Replaces the legacy ui/share module for registering share context menus.
 

scripts/functional_tests.js

@@ -23,6 +23,7 @@ const alwaysImportedTests = [
   require.resolve('../test/plugin_functional/config.ts'),
   require.resolve('../test/ui_capabilities/newsfeed_err/config.ts'),
   require.resolve('../test/new_visualize_flow/config.js'),
+  require.resolve('../test/security_functional/config.ts'),
 ];
 // eslint-disable-next-line no-restricted-syntax
 const onlyNotInCoverageTests = [

src/dev/build/tasks/os_packages/docker_generator/resources/bin/kibana-docker

@@ -93,6 +93,7 @@ kibana_vars=(
     path.data
     pid.file
     regionmap
+    security.showInsecureClusterWarning
     server.basePath
     server.customResponseHeaders
     server.compression.enabled

src/plugins/security_oss/README.md

@@ -0,0 +1,4 @@
+# `securityOSS` plugin
+
+`securityOSS` is responsible for educating users about Elastic's free security features,
+so they can properly protect the data within their clusters.

src/plugins/security_oss/kibana.json

@@ -0,0 +1,10 @@
+{
+  "id": "securityOSS",
+  "version": "8.0.0",
+  "kibanaVersion": "kibana",
+  "configPath": ["security"],
+  "ui": true,
+  "server": true,
+  "requiredPlugins": [],
+  "requiredBundles": []
+}

src/plugins/security_oss/public/config.ts

@@ -0,0 +1,22 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export interface ConfigType {
+  showInsecureClusterWarning: boolean;
+}

src/plugins/security_oss/public/index.ts

@@ -0,0 +1,26 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { PluginInitializerContext } from 'kibana/public';
+
+import { SecurityOSSPlugin } from './plugin';
+
+export { SecurityOSSPluginSetup, SecurityOSSPluginStart } from './plugin';
+export const plugin = (initializerContext: PluginInitializerContext) =>
+  new SecurityOSSPlugin(initializerContext);

src/plugins/security_oss/public/insecure_cluster_service/components/default_alert.test.tsx

@@ -0,0 +1,37 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { defaultAlertText } from './default_alert';
+
+describe('defaultAlertText', () => {
+  it('creates a valid MountPoint that can cleanup correctly', () => {
+    const mountPoint = defaultAlertText(jest.fn());
+
+    const el = document.createElement('div');
+    const unmount = mountPoint(el);
+
+    expect(el.querySelectorAll('[data-test-subj="insecureClusterDefaultAlertText"]')).toHaveLength(
+      1
+    );
+
+    unmount();
+
+    expect(el).toMatchInlineSnapshot(`<div />`);
+  });
+});

src/plugins/security_oss/public/insecure_cluster_service/components/default_alert.tsx

@@ -0,0 +1,97 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import {
+  EuiButton,
+  EuiCheckbox,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiSpacer,
+  EuiText,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { I18nProvider, FormattedMessage } from '@kbn/i18n/react';
+import { MountPoint } from 'kibana/public';
+import React, { useState } from 'react';
+import { render, unmountComponentAtNode } from 'react-dom';
+
+export const defaultAlertTitle = i18n.translate('security.checkup.insecureClusterTitle', {
+  defaultMessage: 'Please secure your installation',
+});
+
+export const defaultAlertText: (onDismiss: (persist: boolean) => void) => MountPoint = (
+  onDismiss
+) => (e) => {
+  const AlertText = () => {
+    const [persist, setPersist] = useState(false);
+
+    return (
+      <I18nProvider>
+        <div data-test-subj="insecureClusterDefaultAlertText">
+          <EuiText size="s">
+            <FormattedMessage
+              id="security.checkup.insecureClusterMessage"
+              defaultMessage="Our free security features can protect against unauthorized access."
+            />
+          </EuiText>
+          <EuiSpacer />
+          <EuiCheckbox
+            id="persistDismissedAlertPreference"
+            checked={persist}
+            onChange={(changeEvent) => setPersist(changeEvent.target.checked)}
+            label={i18n.translate('security.checkup.dontShowAgain', {
+              defaultMessage: `Don't show again`,
+            })}
+          />
+          <EuiSpacer />
+          <EuiFlexGroup justifyContent="spaceBetween">
+            <EuiFlexItem grow={false}>
+              <EuiButton
+                size="s"
+                color="primary"
+                fill
+                href="https://www.elastic.co/what-is/elastic-stack-security"
+                target="_blank"
+              >
+                {i18n.translate('security.checkup.learnMoreButtonText', {
+                  defaultMessage: `Learn more`,
+                })}
+              </EuiButton>
+            </EuiFlexItem>
+            <EuiFlexItem grow={false}>
+              <EuiButton
+                size="s"
+                onClick={() => onDismiss(persist)}
+                data-test-subj="defaultDismissAlertButton"
+              >
+                {i18n.translate('security.checkup.dismissButtonText', {
+                  defaultMessage: `Dismiss`,
+                })}
+              </EuiButton>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </div>
+      </I18nProvider>
+    );
+  };
+
+  render(<AlertText />, e);
+
+  return () => unmountComponentAtNode(e);
+};

src/plugins/security_oss/public/insecure_cluster_service/components/index.ts

@@ -0,0 +1,20 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export { defaultAlertTitle, defaultAlertText } from './default_alert';

src/plugins/security_oss/public/insecure_cluster_service/index.ts

@@ -0,0 +1,24 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export {
+  InsecureClusterService,
+  InsecureClusterServiceSetup,
+  InsecureClusterServiceStart,
+} from './insecure_cluster_service';

src/plugins/security_oss/public/insecure_cluster_service/insecure_cluster_service.mock.tsx

@@ -0,0 +1,37 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import {
+  InsecureClusterServiceSetup,
+  InsecureClusterServiceStart,
+} from './insecure_cluster_service';
+
+export const mockInsecureClusterService = {
+  createSetup: () => {
+    return {
+      setAlertTitle: jest.fn(),
+      setAlertText: jest.fn(),
+    } as InsecureClusterServiceSetup;
+  },
+  createStart: () => {
+    return {
+      hideAlert: jest.fn(),
+    } as InsecureClusterServiceStart;
+  },
+};