Skip to content

Commit

Permalink
Handle scenario security plugin is enabled but Elasticsearch security…
Browse files Browse the repository at this point in the history
… is disabled (#47504)
  • Loading branch information
mikecote authored Oct 9, 2019
1 parent 4a73672 commit a901d7e
Show file tree
Hide file tree
Showing 8 changed files with 5 additions and 114 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ describe('execute()', () => {
test('schedules the action with all given parameters', async () => {
const executeFn = createExecuteFunction({
getBasePath,
isSecurityEnabled: true,
taskManager: mockTaskManager,
getScopedSavedObjectsClient: jest.fn().mockReturnValueOnce(savedObjectsClient),
});
Expand Down Expand Up @@ -72,7 +71,6 @@ describe('execute()', () => {
getBasePath,
taskManager: mockTaskManager,
getScopedSavedObjectsClient,
isSecurityEnabled: true,
});
savedObjectsClient.get.mockResolvedValueOnce({
id: '123',
Expand Down Expand Up @@ -117,7 +115,6 @@ describe('execute()', () => {
test(`doesn't use API keys when not provided`, async () => {
const getScopedSavedObjectsClient = jest.fn().mockReturnValueOnce(savedObjectsClient);
const executeFn = createExecuteFunction({
isSecurityEnabled: false,
getBasePath,
taskManager: mockTaskManager,
getScopedSavedObjectsClient,
Expand Down Expand Up @@ -157,22 +154,4 @@ describe('execute()', () => {
},
});
});

test(`throws an error when isSecurityEnabled is true and key not passed in`, async () => {
const executeFn = createExecuteFunction({
getBasePath,
taskManager: mockTaskManager,
getScopedSavedObjectsClient: jest.fn().mockReturnValueOnce(savedObjectsClient),
isSecurityEnabled: true,
});
await expect(
executeFn({
id: '123',
params: { baz: false },
spaceId: 'default',
})
).rejects.toThrowErrorMatchingInlineSnapshot(
`"API key is required. The attribute \\"apiKey\\" is missing."`
);
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import { TaskManagerStartContract } from './shim';
import { GetBasePathFunction } from './types';

interface CreateExecuteFunctionOptions {
isSecurityEnabled: boolean;
taskManager: TaskManagerStartContract;
getScopedSavedObjectsClient: (request: any) => SavedObjectsClientContract;
getBasePath: GetBasePathFunction;
Expand All @@ -25,15 +24,12 @@ export interface ExecuteOptions {
export function createExecuteFunction({
getBasePath,
taskManager,
isSecurityEnabled,
getScopedSavedObjectsClient,
}: CreateExecuteFunctionOptions) {
return async function execute({ id, params, spaceId, apiKey }: ExecuteOptions) {
const requestHeaders: Record<string, string> = {};

if (isSecurityEnabled && !apiKey) {
throw new Error('API key is required. The attribute "apiKey" is missing.');
} else if (isSecurityEnabled) {
if (apiKey) {
requestHeaders.authorization = `ApiKey ${apiKey}`;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ const taskRunnerFactoryInitializerParams = {
spaceIdToNamespace,
encryptedSavedObjectsPlugin: mockedEncryptedSavedObjectsPlugin,
getBasePath: jest.fn().mockReturnValue(undefined),
isSecurityEnabled: true,
};

beforeEach(() => {
Expand Down Expand Up @@ -217,52 +216,7 @@ test('uses API key when provided', async () => {

test(`doesn't use API key when not provided`, async () => {
const factory = new TaskRunnerFactory(mockedActionExecutor);
factory.initialize({
...taskRunnerFactoryInitializerParams,
isSecurityEnabled: false,
});
const taskRunner = factory.create({ taskInstance: mockedTaskInstance });

mockedActionExecutor.execute.mockResolvedValueOnce({ status: 'ok' });
spaceIdToNamespace.mockReturnValueOnce('namespace-test');
mockedEncryptedSavedObjectsPlugin.getDecryptedAsInternalUser.mockResolvedValueOnce({
id: '3',
type: 'action_task_params',
attributes: {
actionId: '2',
params: { baz: true },
},
references: [],
});

await taskRunner.run();

expect(mockedActionExecutor.execute).toHaveBeenCalledWith({
actionId: '2',
params: { baz: true },
request: {
getBasePath: expect.anything(),
headers: {},
path: '/',
route: { settings: {} },
url: {
href: '/',
},
raw: {
req: {
url: '/',
},
},
},
});
});

test(`doesn't use API key when provided and isSecurityEnabled is set to false`, async () => {
const factory = new TaskRunnerFactory(mockedActionExecutor);
factory.initialize({
...taskRunnerFactoryInitializerParams,
isSecurityEnabled: false,
});
factory.initialize(taskRunnerFactoryInitializerParams);
const taskRunner = factory.create({ taskInstance: mockedTaskInstance });

mockedActionExecutor.execute.mockResolvedValueOnce({ status: 'ok' });
Expand All @@ -273,7 +227,6 @@ test(`doesn't use API key when provided and isSecurityEnabled is set to false`,
attributes: {
actionId: '2',
params: { baz: true },
apiKey: Buffer.from('123:abc').toString('base64'),
},
references: [],
});
Expand All @@ -299,25 +252,3 @@ test(`doesn't use API key when provided and isSecurityEnabled is set to false`,
},
});
});

test(`throws an error when isSecurityEnabled is true but key isn't provided`, async () => {
const taskRunner = taskRunnerFactory.create({
taskInstance: mockedTaskInstance,
});

mockedActionExecutor.execute.mockResolvedValueOnce({ status: 'ok' });
spaceIdToNamespace.mockReturnValueOnce('namespace-test');
mockedEncryptedSavedObjectsPlugin.getDecryptedAsInternalUser.mockResolvedValueOnce({
id: '3',
type: 'action_task_params',
attributes: {
actionId: '2',
params: { baz: true },
},
references: [],
});

await expect(taskRunner.run()).rejects.toThrowErrorMatchingInlineSnapshot(
`"API key is required. The attribute \\"apiKey\\" is missing."`
);
});
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ export interface TaskRunnerContext {
encryptedSavedObjectsPlugin: EncryptedSavedObjectsStartContract;
spaceIdToNamespace: SpaceIdToNamespaceFunction;
getBasePath: GetBasePathFunction;
isSecurityEnabled: boolean;
}

export class TaskRunnerFactory {
Expand Down Expand Up @@ -44,7 +43,6 @@ export class TaskRunnerFactory {
encryptedSavedObjectsPlugin,
spaceIdToNamespace,
getBasePath,
isSecurityEnabled,
} = this.taskRunnerContext!;

return {
Expand All @@ -61,9 +59,7 @@ export class TaskRunnerFactory {
);

const requestHeaders: Record<string, string> = {};
if (isSecurityEnabled && !apiKey) {
throw new ExecutorError('API key is required. The attribute "apiKey" is missing.');
} else if (isSecurityEnabled) {
if (apiKey) {
requestHeaders.authorization = `ApiKey ${apiKey}`;
}

Expand Down
2 changes: 0 additions & 2 deletions x-pack/legacy/plugins/actions/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -170,14 +170,12 @@ export class Plugin {
encryptedSavedObjectsPlugin: plugins.encrypted_saved_objects,
getBasePath,
spaceIdToNamespace,
isSecurityEnabled: !!plugins.security,
});

const executeFn = createExecuteFunction({
taskManager: plugins.task_manager,
getScopedSavedObjectsClient: core.savedObjects.getScopedSavedObjectsClient,
getBasePath,
isSecurityEnabled: !!plugins.security,
});

return {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ const services = {
};

const taskRunnerFactoryInitializerParams: jest.Mocked<TaskRunnerContext> = {
isSecurityEnabled: true,
getServices: jest.fn().mockReturnValue(services),
executeAction: jest.fn(),
encryptedSavedObjectsPlugin,
Expand Down Expand Up @@ -315,10 +314,7 @@ test('uses API key when provided', async () => {

test(`doesn't use API key when not provided`, async () => {
const factory = new TaskRunnerFactory();
factory.initialize({
...taskRunnerFactoryInitializerParams,
isSecurityEnabled: false,
});
factory.initialize(taskRunnerFactoryInitializerParams);
const taskRunner = factory.create(alertType, {
taskInstance: mockedTaskInstance,
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import {

export interface TaskRunnerContext {
logger: Logger;
isSecurityEnabled: boolean;
getServices: GetServicesFunction;
executeAction: ActionsPluginStartContract['execute'];
encryptedSavedObjectsPlugin: EncryptedSavedObjectsStartContract;
Expand All @@ -51,7 +50,6 @@ export class TaskRunnerFactory {

const {
logger,
isSecurityEnabled,
getServices,
executeAction,
encryptedSavedObjectsPlugin,
Expand All @@ -74,9 +72,7 @@ export class TaskRunnerFactory {
{ namespace }
);

if (isSecurityEnabled && !apiKey) {
throw new Error('API key is required. The attribute "apiKey" is missing.');
} else if (isSecurityEnabled) {
if (apiKey) {
requestHeaders.authorization = `ApiKey ${apiKey}`;
}

Expand Down
1 change: 0 additions & 1 deletion x-pack/legacy/plugins/alerting/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,6 @@ export class Plugin {

this.taskRunnerFactory.initialize({
logger: this.logger,
isSecurityEnabled: !!plugins.security,
getServices(request: Hapi.Request): Services {
return {
callCluster: (...args) =>
Expand Down

0 comments on commit a901d7e

Please sign in to comment.