Migrate Management views to Kibana Platform plugin

[azasypkin]

In this PR I'm moving all management screens and related code to Kibana Platform plugin. Legacy plugin is only responsible for the routing part (this API will available in Kibana Platform after #52579).

Additionally I removed some legacy and not used code.

Note to reviewers: It'd be easier to review this PR commit by commit (pure move commit and then changes). Also lots of changes are just import ... from ... changes. The riskiest change is Edit Role page.

Blocked by: #53768, #53620, #55136
Fixes: #51756

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[azasypkin]

note: we don't use any common mode in the legacy plugin anymore.

[azasypkin]

note: looks like it's the only way to import style from platform plugin right now.

[azasypkin]

I think home can be listed as an optional dependency. We're treating it that way for the Spaces plugin, so it would at least be consistent between our two main plugins.

++, it makes sense, will do (even though Kibana can't start without home right now since legacy Kibana plugin assumes that home is always present 🙈 , I don't think it's correct @TinaHeiligers?).

Disabling data will likely cause most of Kibana itself to become unusable in the future...

Yeah, and looking at its name it feels like it's a some sort of a fundamental plugin and I can't think of reason why user would want to disable it.

For management -- a lot of what the Security plugin has to offer is done via its Management screens, but I could see certain customers/users wanting to disable management, but still take advantage of our security features. They could, for example, manage their users and roles via our API, while still allowing users to authenticate and use Kibana normally. I think our ideal answer would be to use Feature Controls to disable management features, but that's not a reality for us yet (#35965)

That's an interesting thought, and management is clear "domain" that can potentially be disabled. It costs nothing for us to make it optional - let's try (same story here though - Kibana just fails if management is disabled - that's bad and we should change that all or nothing behaviour and enforce during review).

[azasypkin]

note: looks like a legacy we don't need anymore

[azasypkin]

note: looks like a legacy we don't need anymore

[azasypkin]

note: looks like it was just a typo....

[legrego]

Did a first pass, and this is looking good! I think the generalizations you put in place will suit the role mappings UI as well

[azasypkin]

note: we'll get rid of these PublicMethodsOf approximately at the same time this issue is being handled in the core #54906

[legrego]

This is probably a bug or design choice in the management plugin, but disabling our apps does not prevent routing to them. It merely hides the link from the management side nav. If you know the link to a disabled app, or if another app links you to a disabled app, it will still render as if it's enabled. @mattkime do you know if this is intentional or not?

@azasypkin If this is intentional, then I think we still need some version of the checkLicense toast message below that you asked about.

[azasypkin]

Hmm, good catch! Having disable that just hides doesn't feel right to me, it must be a bug or the wrong method name...

[mattkime]

I'll help with this. This is a case where the solution during and after the transition to the new api is different.

[legrego]

Great job on this! I've made it through most of the PR, and my feedback is really minor. I have some more testing I want to do yet, but so far so good!

[legrego]

🎉

[legrego]

This link ultimately navigates to /app/kibana#/management?section=security, which just places the user at the root of the management application.

I'm not sure where else we'd want to put them, but we can probably just do away with the /security portion of this URL, unless we're going to have our own landing page within management for our security offerings.

I also assume at some point that management won't live within the kibana app. I don't think we have a functional test for this catalogue entry, so we'll want to keep track of when this happens so we can update accordingly.

[azasypkin]

I'm not sure where else we'd want to put them, but we can probably just do away with the /security portion of this URL, unless we're going to have our own landing page within management for our security offerings.

Right, I forgot to mention that we previously could set default app for the section and made users app as default. It seems we cannot do this anymore with the NP API. I'll switch to users URL here for now to keep existing behavior.

@mattkime can you please confirm that it's intentional that new Management API doesn't provide a way to specify default application for the section URL (e.g. previously if user navigated to #/management/security we'd forward them to #/management/security/users with something like this: uiRoutes.when(SECURITY_PATH, { redirectTo: USERS_PATH });)?

I also assume at some point that management won't live within the kibana app. I don't think we have a functional test for this catalogue entry, so we'll want to keep track of when this happens so we can update accordingly.

Yeah, I see we have quite a few places in Kibana where app/kibana#/management/ is hard-coded, so I believe it's safe to assume that whoever will be changing this URL will grep for places like this or setup an automatic forwarder with deprecation warning (and announcement).

[mattkime]

can you please confirm that it's intentional that new Management API doesn't provide a way to specify default application for the section URL

Its intentional but I'm happy to have a discussion. You can implement the redirect, I don't see the importance of having it at the api level but I might be unfamiliar with your particular challenge.

[legrego]

Suggested change

	? { text: name, href: `#${basePath}/edit/${name}` }
	? { text: name, href: `#${basePath}/edit/${encodeURIComponent(name)}` }

[legrego]

question Is this logic needed as a result of the new routing we have to do?

[azasypkin]

Yeah, when you open Edit User page and manually change username in the URL or just remove it and hit Enter, Router logic will be triggered and for example will update breadcrumbs. But since view is already mounted we need to reload user as well.

That made me realize that we need componentDidUpdate for Edit Role Mappings as well, I'll add it. Edit Role page is based on Hooks so it already should work properly.

[azasypkin]

note: Just noticed that ML also uses 100 🙈

[legrego]

Rather than using a fatal error here, we could instead show a toast notification. That would allow us to resolve #51756. When we fail, returning an empty array should allow the app to continue functioning.

[azasypkin]

Do you think we should make a distinction between 403 and the rest?

[legrego]

I'm torn -- checking for the 403 is more intentional, but on the other hand, this request isn't required for the page to function...

Let's check for the 403, and use a fatal error for other failure codes. We'll have a better chance of catching a regression this way, instead of silently failing when we expected a successful response.

[azasypkin]

👍

[legrego]

LGTM pending green CI and change to check for the 403 error response on index patterns. Nice work!

[azasypkin]

note: discussed with @rudolf that's no longer necessary since BWC is maintained within HttpFetchError itself now.

[azasypkin]

@elasticmachine merge upstream

[azasypkin]

#55136 is merged, now everything should be in place :)

[rudolf]

👍 for Platform changes

[azasypkin]

@elasticmachine merge upstream

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: c4cba87

History

• 💚 Build #21245 succeeded 28aff3b
• 💚 Build #21202 succeeded e9cb504
• 💚 Build #20787 succeeded 093b223
• 💚 Build #20490 succeeded c352d13
• 💔 Build #20369 failed 0a2e2d2

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[legrego]

Sorry for the delay, most recent changes LGTM!

[azasypkin]

7.x/7.7.0: d57c7b7