Check for security first (#73821)
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This commit is contained in:
parent
c66ea65ec1
commit
3793ae5381
|
@ -10,7 +10,12 @@ import { getCollectionStatus } from '..';
|
|||
import { getIndexPatterns } from '../../../cluster/get_index_patterns';
|
||||
|
||||
const liveClusterUuid = 'a12';
|
||||
const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions = true) => {
|
||||
const mockReq = (
|
||||
searchResult = {},
|
||||
securityEnabled = true,
|
||||
userHasPermissions = true,
|
||||
securityErrorMessage = null
|
||||
) => {
|
||||
return {
|
||||
server: {
|
||||
newPlatform: {
|
||||
|
@ -37,12 +42,14 @@ const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions =
|
|||
},
|
||||
},
|
||||
plugins: {
|
||||
xpack_main: {
|
||||
monitoring: {
|
||||
info: {
|
||||
isAvailable: () => true,
|
||||
feature: () => ({
|
||||
isEnabled: () => securityEnabled,
|
||||
}),
|
||||
getSecurityFeature: () => {
|
||||
return {
|
||||
isAvailable: securityEnabled,
|
||||
isEnabled: securityEnabled,
|
||||
};
|
||||
},
|
||||
},
|
||||
},
|
||||
elasticsearch: {
|
||||
|
@ -61,6 +68,11 @@ const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions =
|
|||
params &&
|
||||
params.path === '/_security/user/_has_privileges'
|
||||
) {
|
||||
if (securityErrorMessage !== null) {
|
||||
return Promise.reject({
|
||||
message: securityErrorMessage,
|
||||
});
|
||||
}
|
||||
return Promise.resolve({ has_all_requested: userHasPermissions });
|
||||
}
|
||||
if (type === 'transport.request' && params && params.path === '/_nodes') {
|
||||
|
@ -245,6 +257,34 @@ describe('getCollectionStatus', () => {
|
|||
expect(result.kibana.detected.doesExist).to.be(true);
|
||||
});
|
||||
|
||||
it('should work properly with an unknown security message', async () => {
|
||||
const req = mockReq({ hits: { total: { value: 1 } } }, true, true, 'foobar');
|
||||
const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
|
||||
expect(result._meta.hasPermissions).to.be(false);
|
||||
});
|
||||
|
||||
it('should work properly with a known security message', async () => {
|
||||
const req = mockReq(
|
||||
{ hits: { total: { value: 1 } } },
|
||||
true,
|
||||
true,
|
||||
'no handler found for uri [/_security/user/_has_privileges] and method [POST]'
|
||||
);
|
||||
const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
|
||||
expect(result.kibana.detected.doesExist).to.be(true);
|
||||
});
|
||||
|
||||
it('should work properly with another known security message', async () => {
|
||||
const req = mockReq(
|
||||
{ hits: { total: { value: 1 } } },
|
||||
true,
|
||||
true,
|
||||
'Invalid index name [_security]'
|
||||
);
|
||||
const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
|
||||
expect(result.kibana.detected.doesExist).to.be(true);
|
||||
});
|
||||
|
||||
it('should not work if the user does not have the necessary permissions', async () => {
|
||||
const req = mockReq({ hits: { total: { value: 1 } } }, true, false);
|
||||
const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
|
||||
|
|
|
@ -233,6 +233,10 @@ function isBeatFromAPM(bucket) {
|
|||
}
|
||||
|
||||
async function hasNecessaryPermissions(req) {
|
||||
const securityFeature = req.server.plugins.monitoring.info.getSecurityFeature();
|
||||
if (!securityFeature.isAvailable || !securityFeature.isEnabled) {
|
||||
return true;
|
||||
}
|
||||
try {
|
||||
const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('data');
|
||||
const response = await callWithRequest(req, 'transport.request', {
|
||||
|
@ -250,6 +254,9 @@ async function hasNecessaryPermissions(req) {
|
|||
) {
|
||||
return true;
|
||||
}
|
||||
if (err.message.includes('Invalid index name [_security]')) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue