don't throw if authorization mode is already initialized (#23791)

2018-10-03 19:10:20 -04:00 · 2018-10-03 19:10:20 -04:00 · 125e4fa6ad
parent b6b6ebb5c4
commit 125e4fa6ad
5 changed files with 20 additions and 9 deletions
--- a/x-pack/plugins/security/server/lib/authorization/snapshots/mode.test.js.snap
+++ b/x-pack/plugins/security/server/lib/authorization/snapshots/mode.test.js.snap
@ -1,3 +0,0 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
-
-exports[`#initialize can't be initialized twice for the same request 1`] = `"Authorization mode is already intitialized"`;
--- a/x-pack/plugins/security/server/lib/authorization/mode.js
+++ b/x-pack/plugins/security/server/lib/authorization/mode.js
@ -18,9 +18,10 @@ export function authorizationModeFactory(
  actions,
  checkPrivilegesWithRequest,
  config,
+  log,
  plugins,
  savedObjects,
-  xpackInfoFeature
+  xpackInfoFeature,
 ) {
  const useRbacForRequestCache = new WeakMap();

@ -56,7 +57,8 @@ export function authorizationModeFactory(
  return {
    async initialize(request) {
      if (useRbacForRequestCache.has(request)) {
-        throw new Error('Authorization mode is already intitialized');
+        log(['security', 'debug'], `Authorization mode is already initialized`);
+        return;
      }

      if (!isRbacEnabled()) {
--- a/x-pack/plugins/security/server/lib/authorization/mode.test.js
+++ b/x-pack/plugins/security/server/lib/authorization/mode.test.js
@ -18,6 +18,8 @@ const createMockConfig = (settings) => {
  return mockConfig;
 };

+const createMockLogger = () => jest.fn();
+
 const createMockXpackInfoFeature = (allowRbac) => {
  return {
    getLicenseCheckResults() {
@ -31,36 +33,43 @@ const createMockXpackInfoFeature = (allowRbac) => {
 describe(`#initialize`, () => {
  test(`can't be initialized twice for the same request`, async () => {
    const mockConfig = createMockConfig();
+    const mockLogger = createMockLogger();
    const mockXpackInfoFeature = createMockXpackInfoFeature();
-    const mode = authorizationModeFactory({}, {}, mockConfig, {}, {}, mockXpackInfoFeature);
+    const mode = authorizationModeFactory({}, {}, mockConfig, mockLogger, {}, {}, mockXpackInfoFeature);
    const request = {};

    await mode.initialize(request);
-    expect(mode.initialize(request)).rejects.toThrowErrorMatchingSnapshot();
+    expect(mockLogger).not.toHaveBeenCalled();
+    await mode.initialize(request);
+    expect(mockLogger).toHaveBeenCalledWith(['security', 'debug'], `Authorization mode is already initialized`);
  });
 });

 describe(`#useRbacForRequest`, () => {
  test(`return false if not initialized for request`, async () => {
    const mockConfig = createMockConfig();
+    const mockLogger = createMockLogger();
    const mockXpackInfoFeature = createMockXpackInfoFeature();
-    const mode = authorizationModeFactory({}, {}, mockConfig, {}, {}, mockXpackInfoFeature);
+    const mode = authorizationModeFactory({}, {}, mockConfig, mockLogger, {}, {}, mockXpackInfoFeature);
    const request = {};

    const result = mode.useRbacForRequest(request);
    expect(result).toBe(false);
+    expect(mockLogger).not.toHaveBeenCalled();
  });

  test(`returns true if legacy fallback is disabled`, async () => {
    const mockConfig = createMockConfig({
      'xpack.security.authorization.legacyFallback.enabled': false,
    });
+    const mockLogger = createMockLogger();
    const mockXpackInfoFeature = createMockXpackInfoFeature();
-    const mode = authorizationModeFactory({}, {}, mockConfig, {}, {}, mockXpackInfoFeature);
+    const mode = authorizationModeFactory({}, {}, mockConfig, mockLogger, {}, {}, mockXpackInfoFeature);
    const request = {};

    await mode.initialize(request);
    const result = mode.useRbacForRequest(request);
    expect(result).toBe(true);
+    expect(mockLogger).not.toHaveBeenCalled();
  });
 });
--- a/x-pack/plugins/security/server/lib/authorization/service.js
+++ b/x-pack/plugins/security/server/lib/authorization/service.js
@ -20,6 +20,7 @@ export function createAuthorizationService(server, xpackInfoFeature) {
    actions,
    checkPrivilegesWithRequest,
    config,
+    (...args) => server.log(...args),
    server.plugins,
    server.savedObjects,
    xpackInfoFeature
--- a/x-pack/plugins/security/server/lib/authorization/service.test.js
+++ b/x-pack/plugins/security/server/lib/authorization/service.test.js
@ -46,6 +46,7 @@ test(`calls server.expose with exposed services`, () => {
    config: jest.fn().mockReturnValue(mockConfig),
    plugins: Symbol(),
    savedObjects: Symbol(),
+    log: Symbol(),
  };
  const mockShieldClient = Symbol();
  getClient.mockReturnValue(mockShieldClient);
@ -66,6 +67,7 @@ test(`calls server.expose with exposed services`, () => {
    mockActions,
    mockCheckPrivilegesWithRequest,
    mockConfig,
+    expect.any(Function),
    mockServer.plugins,
    mockServer.savedObjects,
    mockXpackInfoFeature,