We have to upgrade to ELK 7.9 and I've been unable to retrieve user details from a Kibana plugin on both the LP and NP. Ideally there's a way to get this working on the Legacy Platform which would provide time to perform the migration.
Legacy Platform
Up until Kibana 7.8 the username and roles could be fetched within HAPI middleware (or route handler) as follows. In version 7.9 the handler started failing because there's no longer a getUser
method attached to the security plugin. It seems the only property remaining is server.plugins.security.status
which doesn't help.
export default server => {
server.ext('onPreHandler', async (req, h) => {
try{
if (server.plugins.security) {
console.log('LEGACY: console.dir(server.plugins.security)')
console.dir(server.plugins.security)
//const userObj = await server.plugins.security.getUser(req);
//req.app.user = { username: userObj.username, roles: userObj.roles };
} else{
throw new Error('The security plugin is unavailable.')
}
}
catch(e) {
req.app.user = { username: null, roles: [] };
}
return h.continue;
});
};
Legacy request handler output:
LEGACY: console.dir(server.plugins.security)
{
status: Status {
_events: [Object: null prototype] {
change: [Function]
},
_eventsCount: 1,
_maxListeners: undefined,
id: 'plugin:security@7.9.0',
since: 2020 - 09 - 21 T03: 43: 21.237 Z,
state: 'green',
message: 'Ready',
plugin: Plugin {
kbnServer: [KbnServer],
spec: [ScopedPluginSpec],
pkg: [Object],
path: '/usr/share/kibana/x-pack',
id: 'security',
version: '7.9.0',
requiredIds: [Array],
externalPreInit: undefined,
externalInit: [Function: init],
externalPostInit: undefined,
enabled: true,
configPrefix: 'xpack.security',
publicDir: '/usr/share/kibana/x-pack/legacy/plugins/security/public',
preInit: [Function],
init: [Function],
postInit: [Function],
_server: [Object],
_options: [Object],
status: [Circular]
},
error: null
}
}
New Platform
Here are some things that I've explored within plugin.ts:
public setup(core: CoreSetup, plugins: PluginDeps) {
const router = core.http.createRouter();
console.log('SETUP: core.http.auth', Object.keys(core.http.auth))
console.log('SETUP: core.http.auth.get()', core.http.auth.get())
console.log('SETUP: plugins.security.authc.isAuthenticated()', plugins.security.authc.isAuthenticated())
console.log('SETUP: console.dir(plugins.security.authc)')
console.dir(plugins.security.authc)
console.log('SETUP: plugins.security.authc.isAuthenticated()', plugins.security.authc.isAuthenticated())
console.log('SETUP: plugins.security.authc.getCurrentUser()', plugins.security.authc.getCurrentUser())
defineRoutes(router);
this.logger.debug('Plugin Initialized');
return {};
}
public start(core: CoreStart, plugins: PluginDeps) {
console.log('START: core.http.auth', Object.keys(core.http.auth))
console.log('START: core.http.auth.get()', core.http.auth.get())
console.log('START: console.dir(plugins.security)')
console.dir(plugins.security)
this.logger.debug('Plugin Started');
return {};
}
plugin.ts console output:
SETUP: core.http.auth [ 'get', 'isAuthenticated' ]
SETUP: core.http.auth.get() { status: 'unauthenticated', state: undefined }
SETUP: plugins.security.authc.isAuthenticated() false
SETUP: console.dir(plugins.security.authc)
{ isAuthenticated: [Function: isAuthenticated],
getCurrentUser: [Function: getCurrentUser],
areAPIKeysEnabled: [Function: areAPIKeysEnabled],
createAPIKey: [Function: createAPIKey],
invalidateAPIKey: [Function: invalidateAPIKey],
grantAPIKeyAsInternalUser: [Function: grantAPIKeyAsInternalUser],
invalidateAPIKeyAsInternalUser: [Function: invalidateAPIKeyAsInternalUser] }
SETUP: plugins.security.authc.isAuthenticated() false
SETUP: plugins.security.authc.getCurrentUser() null
...
START: core.http.auth [ 'get', 'isAuthenticated' ]
START: core.http.auth.get() { status: 'unauthenticated', state: undefined }
START: console.dir(plugins.security)
There's no .get()
method exposed to the route handler, just .isAuthenticated
. That flag is working properly, but it doesn't help me get the username
or the roles
.
export function defineRoutes(router: IRouter) {
router.get(
{
path: '/api/my_plugin_name/example',
options: { authRequired: 'required' },
validate: false,
},
async (context, request, response) => {
console.log('ROUTE HANDLER: Object.keys(request.auth)', Object.keys(request.auth))
console.log('ROUTE HANDLER: request.auth.isAuthenticated', request.auth.isAuthenticated)
return response.ok({
body: {
time: new Date().toISOString(),
},
});
}
);
}
route handler console output:
ROUTE HANDLER: Object.keys(request.auth) [ 'isAuthenticated' ]
ROUTE HANDLER: request.auth.isAuthenticated true