Remove circular dependency between features and security (elastic#100206

) (elastic#100341)

Co-authored-by: Kibana Machine <[email protected]>

Co-authored-by: Larry Gregory <[email protected]>

api_docs/features.json

@@ -2101,7 +2101,7 @@
         ],
         "source": {
           "path": "x-pack/plugins/features/server/plugin.ts",
-          "lineNumber": 33
+          "lineNumber": 41
         },
         "deprecated": false,
         "children": [
@@ -2125,7 +2125,7 @@
             ],
             "source": {
               "path": "x-pack/plugins/features/server/plugin.ts",
-              "lineNumber": 34
+              "lineNumber": 42
             },
             "deprecated": false,
             "children": [
@@ -2147,7 +2147,7 @@
                 ],
                 "source": {
                   "path": "x-pack/plugins/features/server/plugin.ts",
-                  "lineNumber": 34
+                  "lineNumber": 42
                 },
                 "deprecated": false,
                 "isRequired": true
@@ -2175,7 +2175,7 @@
             ],
             "source": {
               "path": "x-pack/plugins/features/server/plugin.ts",
-              "lineNumber": 35
+              "lineNumber": 43
             },
             "deprecated": false,
             "children": [
@@ -2197,7 +2197,7 @@
                 ],
                 "source": {
                   "path": "x-pack/plugins/features/server/plugin.ts",
-                  "lineNumber": 35
+                  "lineNumber": 43
                 },
                 "deprecated": false,
                 "isRequired": true
@@ -2225,7 +2225,7 @@
             ],
             "source": {
               "path": "x-pack/plugins/features/server/plugin.ts",
-              "lineNumber": 41
+              "lineNumber": 49
             },
             "deprecated": false,
             "children": [],
@@ -2251,7 +2251,7 @@
             ],
             "source": {
               "path": "x-pack/plugins/features/server/plugin.ts",
-              "lineNumber": 47
+              "lineNumber": 55
             },
             "deprecated": false,
             "children": [],
@@ -2270,7 +2270,7 @@
             ],
             "source": {
               "path": "x-pack/plugins/features/server/plugin.ts",
-              "lineNumber": 48
+              "lineNumber": 56
             },
             "deprecated": false,
             "children": [],
@@ -2288,11 +2288,47 @@
             ],
             "source": {
               "path": "x-pack/plugins/features/server/plugin.ts",
-              "lineNumber": 56
+              "lineNumber": 64
             },
             "deprecated": false,
             "children": [],
             "returnComment": []
+          },
+          {
+            "parentPluginId": "features",
+            "id": "def-server.PluginSetupContract.featurePrivilegeIterator",
+            "type": "Function",
+            "tags": [],
+            "label": "featurePrivilegeIterator",
+            "description": [
+              "\nUtility for iterating through all privileges belonging to a specific feature.\n{@see FeaturePrivilegeIterator }"
+            ],
+            "signature": [
+              "FeaturePrivilegeIterator"
+            ],
+            "source": {
+              "path": "x-pack/plugins/features/server/plugin.ts",
+              "lineNumber": 70
+            },
+            "deprecated": false
+          },
+          {
+            "parentPluginId": "features",
+            "id": "def-server.PluginSetupContract.subFeaturePrivilegeIterator",
+            "type": "Function",
+            "tags": [],
+            "label": "subFeaturePrivilegeIterator",
+            "description": [
+              "\nUtility for iterating through all sub-feature privileges belonging to a specific feature.\n{@see SubFeaturePrivilegeIterator }"
+            ],
+            "signature": [
+              "SubFeaturePrivilegeIterator"
+            ],
+            "source": {
+              "path": "x-pack/plugins/features/server/plugin.ts",
+              "lineNumber": 76
+            },
+            "deprecated": false
           }
         ],
         "initialIsOpen": false
@@ -2306,7 +2342,7 @@
         "description": [],
         "source": {
           "path": "x-pack/plugins/features/server/plugin.ts",
-          "lineNumber": 59
+          "lineNumber": 79
         },
         "deprecated": false,
         "children": [
@@ -2330,7 +2366,7 @@
             ],
             "source": {
               "path": "x-pack/plugins/features/server/plugin.ts",
-              "lineNumber": 60
+              "lineNumber": 80
             },
             "deprecated": false,
             "children": [],
@@ -2356,7 +2392,7 @@
             ],
             "source": {
               "path": "x-pack/plugins/features/server/plugin.ts",
-              "lineNumber": 61
+              "lineNumber": 81
             },
             "deprecated": false,
             "children": [],

x-pack/plugins/security/server/authorization/privileges/feature_privilege_iterator/feature_privilege_iterator.test.ts → x-pack/plugins/features/server/feature_privilege_iterator/feature_privilege_iterator.test.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { KibanaFeature } from '../../../../../features/server';
+import { KibanaFeature } from '../';
 import { featurePrivilegeIterator } from './feature_privilege_iterator';
 
 describe('featurePrivilegeIterator', () => {

x-pack/plugins/security/server/authorization/privileges/feature_privilege_iterator/feature_privilege_iterator.ts → x-pack/plugins/features/server/feature_privilege_iterator/feature_privilege_iterator.ts

@@ -7,20 +7,48 @@
 
 import _ from 'lodash';
 
-import type { FeatureKibanaPrivileges, KibanaFeature } from '../../../../../features/server';
-import type { LicenseType } from '../../../../../licensing/server';
+import type { FeatureKibanaPrivileges, KibanaFeature } from '../';
+import type { LicenseType } from '../../../licensing/server';
 import { subFeaturePrivilegeIterator } from './sub_feature_privilege_iterator';
 
-interface IteratorOptions {
+/**
+ * Options to control feature privilege iteration.
+ */
+export interface FeaturePrivilegeIteratorOptions {
+  /**
+   * Augment each privilege definition with its sub-feature privileges.
+   */
   augmentWithSubFeaturePrivileges: boolean;
+
+  /**
+   * The current license type. Controls which sub-features are returned, as they may have different license terms than the overall feature.
+   */
   licenseType: LicenseType;
+
+  /**
+   * Optional predicate to filter the returned set of privileges.
+   */
   predicate?: (privilegeId: string, privilege: FeatureKibanaPrivileges) => boolean;
 }
 
-export function* featurePrivilegeIterator(
+/**
+ * Utility for iterating through all privileges belonging to a specific feature.
+ * Iteration can be customized in several ways:
+ * - Filter privileges with a given predicate.
+ * - Augment privileges with their respective sub-feature privileges.
+ *
+ * @param feature the feature whose privileges to iterate through.
+ * @param options options to control iteration.
+ */
+export type FeaturePrivilegeIterator = (
   feature: KibanaFeature,
-  options: IteratorOptions
-): IterableIterator<{ privilegeId: string; privilege: FeatureKibanaPrivileges }> {
+  options: FeaturePrivilegeIteratorOptions
+) => IterableIterator<{ privilegeId: string; privilege: FeatureKibanaPrivileges }>;
+
+const featurePrivilegeIterator: FeaturePrivilegeIterator = function* featurePrivilegeIterator(
+  feature: KibanaFeature,
+  options: FeaturePrivilegeIteratorOptions
+) {
   for (const entry of Object.entries(feature.privileges ?? {})) {
     const [privilegeId, privilege] = entry;
 
@@ -37,7 +65,7 @@ export function* featurePrivilegeIterator(
       yield { privilegeId, privilege };
     }
   }
-}
+};
 
 function mergeWithSubFeatures(
   privilegeId: string,
@@ -97,3 +125,5 @@ function mergeArrays(input1: readonly string[] | undefined, input2: readonly str
   const second = input2 ?? [];
   return Array.from(new Set([...first, ...second]));
 }
+
+export { featurePrivilegeIterator };

x-pack/plugins/security/server/authorization/privileges/feature_privilege_iterator/index.ts → x-pack/plugins/features/server/feature_privilege_iterator/index.ts

@@ -5,5 +5,10 @@
  * 2.0.
  */
 
+export type {
+  FeaturePrivilegeIterator,
+  FeaturePrivilegeIteratorOptions,
+} from './feature_privilege_iterator';
+export type { SubFeaturePrivilegeIterator } from './sub_feature_privilege_iterator';
 export { featurePrivilegeIterator } from './feature_privilege_iterator';
 export { subFeaturePrivilegeIterator } from './sub_feature_privilege_iterator';

x-pack/plugins/security/server/authorization/privileges/feature_privilege_iterator/sub_feature_privilege_iterator.ts → x-pack/plugins/features/server/feature_privilege_iterator/sub_feature_privilege_iterator.ts

@@ -5,10 +5,21 @@
  * 2.0.
  */
 
-import type { KibanaFeature, SubFeaturePrivilegeConfig } from '../../../../../features/common';
-import type { LicenseType } from '../../../../../licensing/server';
+import type { KibanaFeature, SubFeaturePrivilegeConfig } from '../../common';
+import type { LicenseType } from '../../../licensing/server';
 
-export function* subFeaturePrivilegeIterator(
+/**
+ * Utility for iterating through all sub-feature privileges belonging to a specific feature.
+ *
+ * @param feature the feature whose sub-feature privileges to iterate through.
+ * @param licenseType the current license.
+ */
+export type SubFeaturePrivilegeIterator = (
+  feature: KibanaFeature,
+  licenseType: LicenseType
+) => IterableIterator<SubFeaturePrivilegeConfig>;
+
+const subFeaturePrivilegeIterator: SubFeaturePrivilegeIterator = function* subFeaturePrivilegeIterator(
   feature: KibanaFeature,
   licenseType: LicenseType
 ): IterableIterator<SubFeaturePrivilegeConfig> {
@@ -19,4 +30,6 @@ export function* subFeaturePrivilegeIterator(
       );
     }
   }
-}
+};
+
+export { subFeaturePrivilegeIterator };

x-pack/plugins/features/server/mocks.ts

@@ -6,6 +6,10 @@
  */
 
 import { PluginSetupContract, PluginStartContract } from './plugin';
+import {
+  featurePrivilegeIterator,
+  subFeaturePrivilegeIterator,
+} from './feature_privilege_iterator';
 
 const createSetup = (): jest.Mocked<PluginSetupContract> => {
   return {
@@ -15,6 +19,8 @@ const createSetup = (): jest.Mocked<PluginSetupContract> => {
     registerKibanaFeature: jest.fn(),
     registerElasticsearchFeature: jest.fn(),
     enableReportingUiCapabilities: jest.fn(),
+    featurePrivilegeIterator: jest.fn().mockImplementation(featurePrivilegeIterator),
+    subFeaturePrivilegeIterator: jest.fn().mockImplementation(subFeaturePrivilegeIterator),
   };
 };
 

x-pack/plugins/features/server/oss_features.test.ts

@@ -6,7 +6,6 @@
  */
 
 import { buildOSSFeatures } from './oss_features';
-// @ts-expect-error
 import { featurePrivilegeIterator } from './feature_privilege_iterator';
 import { KibanaFeature } from '.';
 import { LicenseType } from '../../licensing/server';

x-pack/plugins/features/server/plugin.ts

@@ -26,6 +26,14 @@ import {
   KibanaFeature,
   KibanaFeatureConfig,
 } from '../common';
+import type {
+  FeaturePrivilegeIterator,
+  SubFeaturePrivilegeIterator,
+} from './feature_privilege_iterator';
+import {
+  featurePrivilegeIterator,
+  subFeaturePrivilegeIterator,
+} from './feature_privilege_iterator';
 
 /**
  * Describes public Features plugin contract returned at the `setup` stage.
@@ -54,6 +62,18 @@ export interface PluginSetupContract {
    * `features` to include Reporting when registering OSS features.
    */
   enableReportingUiCapabilities(): void;
+
+  /**
+   * Utility for iterating through all privileges belonging to a specific feature.
+   * {@see FeaturePrivilegeIterator }
+   */
+  featurePrivilegeIterator: FeaturePrivilegeIterator;
+
+  /**
+   * Utility for iterating through all sub-feature privileges belonging to a specific feature.
+   * {@see SubFeaturePrivilegeIterator }
+   */
+  subFeaturePrivilegeIterator: SubFeaturePrivilegeIterator;
 }
 
 export interface PluginStartContract {
@@ -110,6 +130,8 @@ export class FeaturesPlugin
       ),
       getFeaturesUICapabilities,
       enableReportingUiCapabilities: this.enableReportingUiCapabilities.bind(this),
+      featurePrivilegeIterator,
+      subFeaturePrivilegeIterator,
     });
   }
 

x-pack/plugins/security/server/authorization/authorization_service.tsx

@@ -51,7 +51,6 @@ import { validateReservedPrivileges } from './validate_reserved_privileges';
 
 export { Actions } from './actions';
 export { CheckSavedObjectsPrivileges } from './check_saved_objects_privileges';
-export { featurePrivilegeIterator } from './privileges';
 
 interface AuthorizationServiceSetupParams {
   packageVersion: string;

x-pack/plugins/security/server/authorization/index.ts

@@ -8,5 +8,4 @@
 export { Actions } from './actions';
 export { AuthorizationService, AuthorizationServiceSetup } from './authorization_service';
 export { CheckSavedObjectsPrivileges } from './check_saved_objects_privileges';
-export { featurePrivilegeIterator } from './privileges';
 export { CheckPrivilegesPayload } from './types';

x-pack/plugins/security/server/authorization/privileges/index.ts

@@ -6,4 +6,3 @@
  */
 
 export { privilegesFactory, PrivilegesService } from './privileges';
-export { featurePrivilegeIterator } from './feature_privilege_iterator';