From beb96ef674058b682fb853ec2162265793872b11 Mon Sep 17 00:00:00 2001 From: Christos Nasikas Date: Fri, 11 Dec 2020 15:52:34 +0200 Subject: [PATCH 1/4] [7.10] [Actions] Fix external service urls (#85556) (#85700) * Fix services urls * Improve tests # Conflicts: # x-pack/plugins/actions/server/builtin_action_types/servicenow/service.ts --- .../builtin_action_types/jira/service.test.ts | 4 +++- .../server/builtin_action_types/jira/service.ts | 17 +++++++++-------- .../resilient/service.test.ts | 4 +++- .../servicenow/service.test.ts | 4 +++- .../builtin_action_types/servicenow/service.ts | 5 +++-- 5 files changed, 21 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/actions/server/builtin_action_types/jira/service.test.ts b/x-pack/plugins/actions/server/builtin_action_types/jira/service.test.ts index fe4e135c76fc..8256dee69637 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/jira/service.test.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/jira/service.test.ts @@ -109,7 +109,9 @@ describe('Jira service', () => { beforeAll(() => { service = createExternalService( { - config: { apiUrl: 'https://siem-kibana.atlassian.net', projectKey: 'CK' }, + // The trailing slash at the end of the url is intended. + // All API calls need to have the trailing slash removed. + config: { apiUrl: 'https://siem-kibana.atlassian.net/', projectKey: 'CK' }, secrets: { apiToken: 'token', email: 'elastic@elastic.com' }, }, logger diff --git a/x-pack/plugins/actions/server/builtin_action_types/jira/service.ts b/x-pack/plugins/actions/server/builtin_action_types/jira/service.ts index f5347891f4f7..cfc9ae4dc7ee 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/jira/service.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/jira/service.ts @@ -46,21 +46,22 @@ export const createExternalService = ( throw Error(`[Action]${i18n.NAME}: Wrong configuration.`); } - const incidentUrl = `${url}/${BASE_URL}/issue`; - const capabilitiesUrl = `${url}/${CAPABILITIES_URL}`; + const urlWithoutTrailingSlash = url.endsWith('/') ? url.slice(0, -1) : url; + const incidentUrl = `${urlWithoutTrailingSlash}/${BASE_URL}/issue`; + const capabilitiesUrl = `${urlWithoutTrailingSlash}/${CAPABILITIES_URL}`; const commentUrl = `${incidentUrl}/{issueId}/comment`; - const getIssueTypesOldAPIURL = `${url}/${BASE_URL}/issue/createmeta?projectKeys=${projectKey}&expand=projects.issuetypes.fields`; - const getIssueTypeFieldsOldAPIURL = `${url}/${BASE_URL}/issue/createmeta?projectKeys=${projectKey}&issuetypeIds={issueTypeId}&expand=projects.issuetypes.fields`; - const getIssueTypesUrl = `${url}/${BASE_URL}/issue/createmeta/${projectKey}/issuetypes`; - const getIssueTypeFieldsUrl = `${url}/${BASE_URL}/issue/createmeta/${projectKey}/issuetypes/{issueTypeId}`; - const searchUrl = `${url}/${BASE_URL}/search`; + const getIssueTypesOldAPIURL = `${urlWithoutTrailingSlash}/${BASE_URL}/issue/createmeta?projectKeys=${projectKey}&expand=projects.issuetypes.fields`; + const getIssueTypeFieldsOldAPIURL = `${urlWithoutTrailingSlash}/${BASE_URL}/issue/createmeta?projectKeys=${projectKey}&issuetypeIds={issueTypeId}&expand=projects.issuetypes.fields`; + const getIssueTypesUrl = `${urlWithoutTrailingSlash}/${BASE_URL}/issue/createmeta/${projectKey}/issuetypes`; + const getIssueTypeFieldsUrl = `${urlWithoutTrailingSlash}/${BASE_URL}/issue/createmeta/${projectKey}/issuetypes/{issueTypeId}`; + const searchUrl = `${urlWithoutTrailingSlash}/${BASE_URL}/search`; const axiosInstance = axios.create({ auth: { username: email, password: apiToken }, }); const getIncidentViewURL = (key: string) => { - return `${url}/${VIEW_INCIDENT_URL}/${key}`; + return `${urlWithoutTrailingSlash}/${VIEW_INCIDENT_URL}/${key}`; }; const getCommentsURL = (issueId: string) => { diff --git a/x-pack/plugins/actions/server/builtin_action_types/resilient/service.test.ts b/x-pack/plugins/actions/server/builtin_action_types/resilient/service.test.ts index 86ea352625a5..e92dd53efebc 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/resilient/service.test.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/resilient/service.test.ts @@ -81,7 +81,9 @@ describe('IBM Resilient service', () => { beforeAll(() => { service = createExternalService( { - config: { apiUrl: 'https://resilient.elastic.co', orgId: '201' }, + // The trailing slash at the end of the url is intended. + // All API calls need to have the trailing slash removed. + config: { apiUrl: 'https://resilient.elastic.co/', orgId: '201' }, secrets: { apiKeyId: 'keyId', apiKeySecret: 'secret' }, }, logger diff --git a/x-pack/plugins/actions/server/builtin_action_types/servicenow/service.test.ts b/x-pack/plugins/actions/server/builtin_action_types/servicenow/service.test.ts index 2adcdf561ce1..a20dc2b08895 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/servicenow/service.test.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/servicenow/service.test.ts @@ -33,7 +33,9 @@ describe('ServiceNow service', () => { beforeAll(() => { service = createExternalService( { - config: { apiUrl: 'https://dev102283.service-now.com' }, + // The trailing slash at the end of the url is intended. + // All API calls need to have the trailing slash removed. + config: { apiUrl: 'https://dev102283.service-now.com/' }, secrets: { username: 'admin', password: 'admin' }, }, logger diff --git a/x-pack/plugins/actions/server/builtin_action_types/servicenow/service.ts b/x-pack/plugins/actions/server/builtin_action_types/servicenow/service.ts index 9b1da4b4007c..07c6cdaade0d 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/servicenow/service.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/servicenow/service.ts @@ -32,13 +32,14 @@ export const createExternalService = ( throw Error(`[Action]${i18n.NAME}: Wrong configuration.`); } - const incidentUrl = `${url}/${INCIDENT_URL}`; + const urlWithoutTrailingSlash = url.endsWith('/') ? url.slice(0, -1) : url; + const incidentUrl = `${urlWithoutTrailingSlash}/${INCIDENT_URL}`; const axiosInstance = axios.create({ auth: { username, password }, }); const getIncidentViewURL = (id: string) => { - return `${url}/${VIEW_INCIDENT_URL}${id}`; + return `${urlWithoutTrailingSlash}/${VIEW_INCIDENT_URL}${id}`; }; const getIncident = async (id: string) => { From 4651404205b685feef72a8b95c05503df4a65ded Mon Sep 17 00:00:00 2001 From: John Dorlus Date: Fri, 11 Dec 2020 17:18:39 -0500 Subject: [PATCH 2/4] Skipped verifying license management tab on cloud in upgrade assistant and license management. (#85650) (#85705) * Added a check for the assertion that checks the number of tabs in the side nav. The License Management tab should not be on cloud since the app is disabled. * add semicolon. * We opted to skip the test on cloud. * Removed unused var declaration. --- .../license_management_security.ts | 17 ++++++++++------- .../upgrade_assistant_security.ts | 19 +++++++++++-------- 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/x-pack/test/functional/apps/license_management/feature_controls/license_management_security.ts b/x-pack/test/functional/apps/license_management/feature_controls/license_management_security.ts index 59fc287c6cf2..810c7c60f383 100644 --- a/x-pack/test/functional/apps/license_management/feature_controls/license_management_security.ts +++ b/x-pack/test/functional/apps/license_management/feature_controls/license_management_security.ts @@ -55,13 +55,16 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { expect(links.map((link) => link.text)).to.contain('Stack Management'); }); - it('should render the "Stack" section with License Management', async () => { - await PageObjects.common.navigateToApp('management'); - const sections = await managementMenu.getSections(); - expect(sections).to.have.length(3); - expect(sections[2]).to.eql({ - sectionId: 'stack', - sectionLinks: ['license_management', 'upgrade_assistant'], + describe('[SkipCloud] global dashboard with license management user: skip cloud', function () { + this.tags('skipCloud'); + it('should render the "Stack" section with License Management', async () => { + await PageObjects.common.navigateToApp('management'); + const sections = await managementMenu.getSections(); + expect(sections).to.have.length(3); + expect(sections[2]).to.eql({ + sectionId: 'stack', + sectionLinks: ['license_management', 'upgrade_assistant'], + }); }); }); }); diff --git a/x-pack/test/functional/apps/upgrade_assistant/feature_controls/upgrade_assistant_security.ts b/x-pack/test/functional/apps/upgrade_assistant/feature_controls/upgrade_assistant_security.ts index 1f541dbe0353..327e38bc66f0 100644 --- a/x-pack/test/functional/apps/upgrade_assistant/feature_controls/upgrade_assistant_security.ts +++ b/x-pack/test/functional/apps/upgrade_assistant/feature_controls/upgrade_assistant_security.ts @@ -13,7 +13,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const appsMenu = getService('appsMenu'); const managementMenu = getService('managementMenu'); - describe('security', () => { + describe('security', function () { before(async () => { await esArchiver.load('empty_kibana'); await PageObjects.common.navigateToApp('home'); @@ -58,13 +58,16 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { expect(links.map((link) => link.text)).to.contain('Stack Management'); }); - it('should render the "Stack" section with Upgrde Assistant', async () => { - await PageObjects.common.navigateToApp('management'); - const sections = await managementMenu.getSections(); - expect(sections).to.have.length(3); - expect(sections[2]).to.eql({ - sectionId: 'stack', - sectionLinks: ['license_management', 'upgrade_assistant'], + describe('[SkipCloud] global dashboard all with global_upgrade_assistant_role', function () { + this.tags('skipCloud'); + it('should render the "Stack" section with Upgrde Assistant', async function () { + await PageObjects.common.navigateToApp('management'); + const sections = await managementMenu.getSections(); + expect(sections).to.have.length(3); + expect(sections[2]).to.eql({ + sectionId: 'stack', + sectionLinks: ['license_management', 'upgrade_assistant'], + }); }); }); }); From 9256de8ae4148bd7544ffd1439e06f6d3842c119 Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Sun, 13 Dec 2020 14:57:53 -0500 Subject: [PATCH 3/4] Fix fleet route protections (#85626) (#85721) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- x-pack/plugins/ingest_manager/server/routes/security.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/ingest_manager/server/routes/security.ts b/x-pack/plugins/ingest_manager/server/routes/security.ts index c2348c313e58..ec8966811186 100644 --- a/x-pack/plugins/ingest_manager/server/routes/security.ts +++ b/x-pack/plugins/ingest_manager/server/routes/security.ts @@ -14,7 +14,12 @@ export function enforceSuperUser( const security = appContextService.getSecurity(); const user = security.authc.getCurrentUser(req); if (!user) { - return res.unauthorized(); + return res.forbidden({ + body: { + message: + 'Access to Fleet API require the superuser role, and for stack security features to be enabled.', + }, + }); } const userRoles = user.roles || []; From 032abfc423ee21145bd7dd69abaae53253809faa Mon Sep 17 00:00:00 2001 From: Joe Portner <5295965+jportner@users.noreply.github.com> Date: Sun, 13 Dec 2020 19:55:04 -0500 Subject: [PATCH 4/4] ini `1.3.5` -> `1.3.7` (#85707) (#85724) --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 6dbcb711e9fe..8dbce89983dc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -15675,9 +15675,9 @@ inherits@2.0.3: integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4= ini@^1.2.0, ini@^1.3.4, ini@^1.3.5, ini@~1.3.0: - version "1.3.5" - resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927" - integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw== + version "1.3.7" + resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.7.tgz#a09363e1911972ea16d7a8851005d84cf09a9a84" + integrity sha512-iKpRpXP+CrP2jyrxvg1kMUpXDyRUFDWurxbnVT1vQPx+Wz9uCYsMIqYuSBLV+PAaZG/d7kRLKRFc9oDMsH+mFQ== inline-style-parser@0.1.1: version "0.1.1"