From 3793ae538148a1cdd650db9ecca2a141404875ee Mon Sep 17 00:00:00 2001
From: Chris Roberson <chrisronline@gmail.com>
Date: Fri, 31 Jul 2020 09:57:07 -0400
Subject: [PATCH] Check for security first (#73821)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 .../__test__/get_collection_status.test.js    | 52 ++++++++++++++++---
 .../setup/collection/get_collection_status.js |  7 +++
 2 files changed, 53 insertions(+), 6 deletions(-)

diff --git a/x-pack/plugins/monitoring/server/lib/setup/collection/__test__/get_collection_status.test.js b/x-pack/plugins/monitoring/server/lib/setup/collection/__test__/get_collection_status.test.js
index e56627369475..083ebfb27fd5 100644
--- a/x-pack/plugins/monitoring/server/lib/setup/collection/__test__/get_collection_status.test.js
+++ b/x-pack/plugins/monitoring/server/lib/setup/collection/__test__/get_collection_status.test.js
@@ -10,7 +10,12 @@ import { getCollectionStatus } from '..';
 import { getIndexPatterns } from '../../../cluster/get_index_patterns';
 
 const liveClusterUuid = 'a12';
-const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions = true) => {
+const mockReq = (
+  searchResult = {},
+  securityEnabled = true,
+  userHasPermissions = true,
+  securityErrorMessage = null
+) => {
   return {
     server: {
       newPlatform: {
@@ -37,12 +42,14 @@ const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions =
         },
       },
       plugins: {
-        xpack_main: {
+        monitoring: {
           info: {
-            isAvailable: () => true,
-            feature: () => ({
-              isEnabled: () => securityEnabled,
-            }),
+            getSecurityFeature: () => {
+              return {
+                isAvailable: securityEnabled,
+                isEnabled: securityEnabled,
+              };
+            },
           },
         },
         elasticsearch: {
@@ -61,6 +68,11 @@ const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions =
                   params &&
                   params.path === '/_security/user/_has_privileges'
                 ) {
+                  if (securityErrorMessage !== null) {
+                    return Promise.reject({
+                      message: securityErrorMessage,
+                    });
+                  }
                   return Promise.resolve({ has_all_requested: userHasPermissions });
                 }
                 if (type === 'transport.request' && params && params.path === '/_nodes') {
@@ -245,6 +257,34 @@ describe('getCollectionStatus', () => {
     expect(result.kibana.detected.doesExist).to.be(true);
   });
 
+  it('should work properly with an unknown security message', async () => {
+    const req = mockReq({ hits: { total: { value: 1 } } }, true, true, 'foobar');
+    const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
+    expect(result._meta.hasPermissions).to.be(false);
+  });
+
+  it('should work properly with a known security message', async () => {
+    const req = mockReq(
+      { hits: { total: { value: 1 } } },
+      true,
+      true,
+      'no handler found for uri [/_security/user/_has_privileges] and method [POST]'
+    );
+    const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
+    expect(result.kibana.detected.doesExist).to.be(true);
+  });
+
+  it('should work properly with another known security message', async () => {
+    const req = mockReq(
+      { hits: { total: { value: 1 } } },
+      true,
+      true,
+      'Invalid index name [_security]'
+    );
+    const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
+    expect(result.kibana.detected.doesExist).to.be(true);
+  });
+
   it('should not work if the user does not have the necessary permissions', async () => {
     const req = mockReq({ hits: { total: { value: 1 } } }, true, false);
     const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
diff --git a/x-pack/plugins/monitoring/server/lib/setup/collection/get_collection_status.js b/x-pack/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
index 607503673276..81cdfd6ecd17 100644
--- a/x-pack/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
+++ b/x-pack/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
@@ -233,6 +233,10 @@ function isBeatFromAPM(bucket) {
 }
 
 async function hasNecessaryPermissions(req) {
+  const securityFeature = req.server.plugins.monitoring.info.getSecurityFeature();
+  if (!securityFeature.isAvailable || !securityFeature.isEnabled) {
+    return true;
+  }
   try {
     const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('data');
     const response = await callWithRequest(req, 'transport.request', {
@@ -250,6 +254,9 @@ async function hasNecessaryPermissions(req) {
     ) {
       return true;
     }
+    if (err.message.includes('Invalid index name [_security]')) {
+      return true;
+    }
     return false;
   }
 }