maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Check for security first (#73821)

Browse source 
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This commit is contained in:
Chris Roberson 2020-07-31 09:57:07 -04:00 committed by GitHub
parent c66ea65ec1
commit 3793ae5381
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
x-pack/plugins/monitoring/server/lib/setup/collection/__test__/get_collection_status.test.js
View file

@ -10,7 +10,12 @@ import { getCollectionStatus } from '..';
import { getIndexPatterns } from '../../../cluster/get_index_patterns';
const liveClusterUuid = 'a12';
const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions = true) => {
const mockReq = (
searchResult = {},
securityEnabled = true,
userHasPermissions = true,
securityErrorMessage = null
) => {
return {
server: {
newPlatform: {
@ -37,12 +42,14 @@ const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions =
},
},
plugins: {
xpack_main: {
monitoring: {
info: {
isAvailable: () => true,
feature: () => ({
isEnabled: () => securityEnabled,
}),
getSecurityFeature: () => {
return {
isAvailable: securityEnabled,
isEnabled: securityEnabled,
};
},
},
},
elasticsearch: {
@ -61,6 +68,11 @@ const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions =
params &&
params.path === '/_security/user/_has_privileges'
) {
if (securityErrorMessage !== null) {
return Promise.reject({
message: securityErrorMessage,
});
}
return Promise.resolve({ has_all_requested: userHasPermissions });
}
if (type === 'transport.request' && params && params.path === '/_nodes') {
@ -245,6 +257,34 @@ describe('getCollectionStatus', () => {
expect(result.kibana.detected.doesExist).to.be(true);
});
it('should work properly with an unknown security message', async () => {
const req = mockReq({ hits: { total: { value: 1 } } }, true, true, 'foobar');
const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
expect(result._meta.hasPermissions).to.be(false);
});
it('should work properly with a known security message', async () => {
const req = mockReq(
{ hits: { total: { value: 1 } } },
true,
true,
'no handler found for uri [/_security/user/_has_privileges] and method [POST]'
);
const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
expect(result.kibana.detected.doesExist).to.be(true);
});
it('should work properly with another known security message', async () => {
const req = mockReq(
{ hits: { total: { value: 1 } } },
true,
true,
'Invalid index name [_security]'
);
const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
expect(result.kibana.detected.doesExist).to.be(true);
});
it('should not work if the user does not have the necessary permissions', async () => {
const req = mockReq({ hits: { total: { value: 1 } } }, true, false);
const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);

7
x-pack/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
View file

@ -233,6 +233,10 @@ function isBeatFromAPM(bucket) {
}
async function hasNecessaryPermissions(req) {
const securityFeature = req.server.plugins.monitoring.info.getSecurityFeature();
if (!securityFeature.isAvailable || !securityFeature.isEnabled) {
return true;
}
try {
const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('data');
const response = await callWithRequest(req, 'transport.request', {
@ -250,6 +254,9 @@ async function hasNecessaryPermissions(req) {
) {
return true;
}
if (err.message.includes('Invalid index name [_security]')) {
return true;
}
return false;
}
}