From 0119bd8e4547b877fe98ba3ca214e5df8cde3c6a Mon Sep 17 00:00:00 2001
From: Nicolas Chaulet <nicolas.chaulet@elastic.co>
Date: Mon, 25 Oct 2021 15:33:33 -0400
Subject: [PATCH] [Fleet] Remove unused authenticateAgentWithAccessToken method
 from agent service (#116183)

---
 x-pack/plugins/fleet/server/mocks/index.ts    |   1 -
 x-pack/plugins/fleet/server/plugin.ts         |   2 -
 .../services/agents/authenticate.test.ts      | 156 ------------------
 .../server/services/agents/authenticate.ts    |  34 ----
 .../fleet/server/services/agents/index.ts     |   1 -
 x-pack/plugins/fleet/server/services/index.ts |  10 +-
 6 files changed, 1 insertion(+), 203 deletions(-)
 delete mode 100644 x-pack/plugins/fleet/server/services/agents/authenticate.test.ts
 delete mode 100644 x-pack/plugins/fleet/server/services/agents/authenticate.ts

diff --git a/x-pack/plugins/fleet/server/mocks/index.ts b/x-pack/plugins/fleet/server/mocks/index.ts
index e6577426974a3..9300e0bb6c3e1 100644
--- a/x-pack/plugins/fleet/server/mocks/index.ts
+++ b/x-pack/plugins/fleet/server/mocks/index.ts
@@ -114,7 +114,6 @@ export const createMockAgentService = (): jest.Mocked<AgentService> => {
   return {
     getAgentStatusById: jest.fn(),
     getAgentStatusForAgentPolicy: jest.fn(),
-    authenticateAgentWithAccessToken: jest.fn(),
     getAgent: jest.fn(),
     listAgents: jest.fn(),
   };
diff --git a/x-pack/plugins/fleet/server/plugin.ts b/x-pack/plugins/fleet/server/plugin.ts
index 8a95065380b69..410682a13733c 100644
--- a/x-pack/plugins/fleet/server/plugin.ts
+++ b/x-pack/plugins/fleet/server/plugin.ts
@@ -74,7 +74,6 @@ import {
 import {
   getAgentStatusById,
   getAgentStatusForAgentPolicy,
-  authenticateAgentWithAccessToken,
   getAgentsByKuery,
   getAgentById,
 } from './services/agents';
@@ -342,7 +341,6 @@ export class FleetPlugin
         listAgents: getAgentsByKuery,
         getAgentStatusById,
         getAgentStatusForAgentPolicy,
-        authenticateAgentWithAccessToken,
       },
       agentPolicyService: {
         get: agentPolicyService.get,
diff --git a/x-pack/plugins/fleet/server/services/agents/authenticate.test.ts b/x-pack/plugins/fleet/server/services/agents/authenticate.test.ts
deleted file mode 100644
index eaa240165e853..0000000000000
--- a/x-pack/plugins/fleet/server/services/agents/authenticate.test.ts
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { KibanaRequest } from 'kibana/server';
-import { elasticsearchServiceMock } from 'src/core/server/mocks';
-
-import { authenticateAgentWithAccessToken } from './authenticate';
-
-describe('test agent autenticate services', () => {
-  it('should succeed with a valid API key and an active agent', async () => {
-    const mockEsClient = elasticsearchServiceMock.createInternalClient();
-
-    mockEsClient.search.mockResolvedValue({
-      body: {
-        hits: {
-          hits: [
-            {
-              // @ts-expect-error
-              _id: 'agent1',
-              _source: {
-                // @ts-expect-error
-                active: true,
-                // @ts-expect-error
-                access_api_key_id: 'pedTuHIBTEDt93wW0Fhr',
-              },
-            },
-          ],
-        },
-      },
-    });
-    await authenticateAgentWithAccessToken(mockEsClient, {
-      auth: { isAuthenticated: true },
-      headers: {
-        authorization: 'ApiKey cGVkVHVISUJURUR0OTN3VzBGaHI6TnU1U0JtbHJSeC12Rm9qQWpoSHlUZw==',
-      },
-    } as KibanaRequest);
-  });
-
-  it('should throw if the request is not authenticated', async () => {
-    const mockEsClient = elasticsearchServiceMock.createInternalClient();
-
-    mockEsClient.search.mockResolvedValue({
-      body: {
-        hits: {
-          hits: [
-            {
-              // @ts-expect-error
-              _id: 'agent1',
-              _source: {
-                // @ts-expect-error
-                active: true,
-                // @ts-expect-error
-                access_api_key_id: 'pedTuHIBTEDt93wW0Fhr',
-              },
-            },
-          ],
-        },
-      },
-    });
-    expect(
-      authenticateAgentWithAccessToken(mockEsClient, {
-        auth: { isAuthenticated: false },
-        headers: {
-          authorization: 'ApiKey cGVkVHVISUJURUR0OTN3VzBGaHI6TnU1U0JtbHJSeC12Rm9qQWpoSHlUZw==',
-        },
-      } as KibanaRequest)
-    ).rejects.toThrow(/Request not authenticated/);
-  });
-
-  it('should throw if the ApiKey headers is malformed', async () => {
-    const mockEsClient = elasticsearchServiceMock.createInternalClient();
-
-    const hits = [
-      {
-        _id: 'agent1',
-        _source: {
-          active: true,
-
-          access_api_key_id: 'pedTuHIBTEDt93wW0Fhr',
-        },
-      },
-    ];
-
-    mockEsClient.search.mockResolvedValue({
-      body: {
-        hits: {
-          // @ts-expect-error
-          hits,
-        },
-      },
-    });
-    expect(
-      authenticateAgentWithAccessToken(mockEsClient, {
-        auth: { isAuthenticated: true },
-        headers: {
-          authorization: 'aaaa',
-        },
-      } as KibanaRequest)
-    ).rejects.toThrow(/Authorization header is malformed/);
-  });
-
-  it('should throw if the agent is not active', async () => {
-    const mockEsClient = elasticsearchServiceMock.createInternalClient();
-
-    const hits = [
-      {
-        _id: 'agent1',
-        _source: {
-          active: false,
-          access_api_key_id: 'pedTuHIBTEDt93wW0Fhr',
-        },
-      },
-    ];
-    mockEsClient.search.mockResolvedValue({
-      body: {
-        hits: {
-          // @ts-expect-error
-          hits,
-        },
-      },
-    });
-    expect(
-      authenticateAgentWithAccessToken(mockEsClient, {
-        auth: { isAuthenticated: true },
-        headers: {
-          authorization: 'ApiKey cGVkVHVISUJURUR0OTN3VzBGaHI6TnU1U0JtbHJSeC12Rm9qQWpoSHlUZw==',
-        },
-      } as KibanaRequest)
-    ).rejects.toThrow(/Agent inactive/);
-  });
-
-  it('should throw if there is no agent matching the API key', async () => {
-    const mockEsClient = elasticsearchServiceMock.createInternalClient();
-
-    mockEsClient.search.mockResolvedValue({
-      body: {
-        hits: {
-          // @ts-expect-error
-          hits: [],
-        },
-      },
-    });
-    expect(
-      authenticateAgentWithAccessToken(mockEsClient, {
-        auth: { isAuthenticated: true },
-        headers: {
-          authorization: 'ApiKey cGVkVHVISUJURUR0OTN3VzBGaHI6TnU1U0JtbHJSeC12Rm9qQWpoSHlUZw==',
-        },
-      } as KibanaRequest)
-    ).rejects.toThrow(/Agent not found/);
-  });
-});
diff --git a/x-pack/plugins/fleet/server/services/agents/authenticate.ts b/x-pack/plugins/fleet/server/services/agents/authenticate.ts
deleted file mode 100644
index 0d0d520528dad..0000000000000
--- a/x-pack/plugins/fleet/server/services/agents/authenticate.ts
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import Boom from '@hapi/boom';
-import type { KibanaRequest } from 'src/core/server';
-import type { ElasticsearchClient } from 'src/core/server';
-
-import type { Agent } from '../../types';
-import * as APIKeyService from '../api_keys';
-
-import { getAgentByAccessAPIKeyId } from './crud';
-
-export async function authenticateAgentWithAccessToken(
-  esClient: ElasticsearchClient,
-  request: KibanaRequest
-): Promise<Agent> {
-  if (!request.auth.isAuthenticated) {
-    throw Boom.unauthorized('Request not authenticated');
-  }
-  let res: { apiKey: string; apiKeyId: string };
-  try {
-    res = APIKeyService.parseApiKeyFromHeaders(request.headers);
-  } catch (err) {
-    throw Boom.unauthorized(err.message);
-  }
-
-  const agent = await getAgentByAccessAPIKeyId(esClient, res.apiKeyId);
-
-  return agent;
-}
diff --git a/x-pack/plugins/fleet/server/services/agents/index.ts b/x-pack/plugins/fleet/server/services/agents/index.ts
index ede548c6fd60d..9b2846b68364e 100644
--- a/x-pack/plugins/fleet/server/services/agents/index.ts
+++ b/x-pack/plugins/fleet/server/services/agents/index.ts
@@ -12,5 +12,4 @@ export * from './crud';
 export * from './update';
 export * from './actions';
 export * from './reassign';
-export * from './authenticate';
 export * from './setup';
diff --git a/x-pack/plugins/fleet/server/services/index.ts b/x-pack/plugins/fleet/server/services/index.ts
index 0ec8a1452beb1..ab88e5af18efa 100644
--- a/x-pack/plugins/fleet/server/services/index.ts
+++ b/x-pack/plugins/fleet/server/services/index.ts
@@ -5,10 +5,9 @@
  * 2.0.
  */
 
-import type { KibanaRequest } from 'kibana/server';
 import type { ElasticsearchClient, SavedObjectsClientContract } from 'kibana/server';
 
-import type { AgentStatus, Agent } from '../types';
+import type { AgentStatus } from '../types';
 
 import type { GetAgentStatusResponse } from '../../common';
 
@@ -48,13 +47,6 @@ export interface AgentService {
    * Get an Agent by id
    */
   getAgent: typeof getAgentById;
-  /**
-   * Authenticate an agent with access toekn
-   */
-  authenticateAgentWithAccessToken(
-    esClient: ElasticsearchClient,
-    request: KibanaRequest
-  ): Promise<Agent>;
   /**
    * Return the status by the Agent's id
    */