maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/x-pack/plugins/actions/server/routes/get.test.ts
Gidi Meir Morris 4abe864f10
Adds Role Based Access-Control to the Alerting & Action plugins based on Kibana Feature Controls (#67157) 
This PR adds _Role Based Access-Control_ to the Alerting framework & Actions feature using  Kibana Feature Controls, addressing most of the Meta issue: https://github.com/elastic/kibana/issues/43994

This also closes https://github.com/elastic/kibana/issues/62438

This PR includes the following:

1. Adds `alerting` specific Security Actions (not to be confused with Alerting Actions) to the `security` plugin which allows us to assign alerting specific privileges to users of other plugins using the `features` plugin.
2. Removes the security wrapper from the savedObjectsClient in AlertsClient and instead plugs in the new AlertsAuthorization which performs the privilege checks on each api call made to the AlertsClient.
3. Adds privileges in each plugin that is already using the Alerting Framework which mirror (as closely as possible) the existing api-level tag-based privileges and plugs them into the AlertsClient.
4. Adds feature granted privileges arounds Actions (by relying on Saved Object privileges under the hood) and plugs them into the ActionsClient
5. Removes the legacy api-level tag-based privilege system from both the Alerts and Action HTTP APIs
2020-07-22 14:45:57 +01:00

136 lines
3.5 KiB
TypeScript
Raw Blame History

/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import { getActionRoute } from './get';
import { httpServiceMock } from 'src/core/server/mocks';
import { licenseStateMock } from '../lib/license_state.mock';
import { verifyApiAccess } from '../lib';
import { mockHandlerArguments } from './_mock_handler_arguments';
import { actionsClientMock } from '../actions_client.mock';
jest.mock('../lib/verify_api_access.ts', () => ({
verifyApiAccess: jest.fn(),
}));
beforeEach(() => {
jest.resetAllMocks();
});
describe('getActionRoute', () => {
it('gets an action with proper parameters', async () => {
const licenseState = licenseStateMock.create();
const router = httpServiceMock.createRouter();
getActionRoute(router, licenseState);
const [config, handler] = router.get.mock.calls[0];
expect(config.path).toMatchInlineSnapshot(`"/api/actions/action/{id}"`);
const getResult = {
id: '1',
actionTypeId: '2',
name: 'action name',
config: {},
isPreconfigured: false,
};
const actionsClient = actionsClientMock.create();
actionsClient.get.mockResolvedValueOnce(getResult);
const [context, req, res] = mockHandlerArguments(
{ actionsClient },
{
params: { id: '1' },
},
['ok']
);
expect(await handler(context, req, res)).toMatchInlineSnapshot(`
Object {
"body": Object {
"actionTypeId": "2",
"config": Object {},
"id": "1",
"isPreconfigured": false,
"name": "action name",
},
}
`);
expect(actionsClient.get).toHaveBeenCalledTimes(1);
expect(actionsClient.get.mock.calls[0][0].id).toEqual('1');
expect(res.ok).toHaveBeenCalledWith({
body: getResult,
});
});
it('ensures the license allows getting actions', async () => {
const licenseState = licenseStateMock.create();
const router = httpServiceMock.createRouter();
getActionRoute(router, licenseState);
const [, handler] = router.get.mock.calls[0];
const actionsClient = actionsClientMock.create();
actionsClient.get.mockResolvedValueOnce({
id: '1',
actionTypeId: '2',
name: 'action name',
config: {},
isPreconfigured: false,
});
const [context, req, res] = mockHandlerArguments(
{ actionsClient },
{
params: { id: '1' },
},
['ok']
);
await handler(context, req, res);
expect(verifyApiAccess).toHaveBeenCalledWith(licenseState);
});
it('ensures the license check prevents getting actions', async () => {
const licenseState = licenseStateMock.create();
const router = httpServiceMock.createRouter();
(verifyApiAccess as jest.Mock).mockImplementation(() => {
throw new Error('OMG');
});
getActionRoute(router, licenseState);
const [, handler] = router.get.mock.calls[0];
const actionsClient = actionsClientMock.create();
actionsClient.get.mockResolvedValueOnce({
id: '1',
actionTypeId: '2',
name: 'action name',
config: {},
isPreconfigured: false,
});
const [context, req, res] = mockHandlerArguments(
{ actionsClient },
{
params: { id: '1' },
},
['ok']
);
expect(handler(context, req, res)).rejects.toMatchInlineSnapshot(`[Error: OMG]`);
expect(verifyApiAccess).toHaveBeenCalledWith(licenseState);
});
});
Reference in a new issue View git blame Copy permalink