Handle scenario security plugin is enabled but Elasticsearch security…

… is disabled (#47504) (#47690)

x-pack/legacy/plugins/actions/server/create_execute_function.test.ts

@@ -18,7 +18,6 @@ describe('execute()', () => {
   test('schedules the action with all given parameters', async () => {
     const executeFn = createExecuteFunction({
       getBasePath,
-      isSecurityEnabled: true,
       taskManager: mockTaskManager,
       getScopedSavedObjectsClient: jest.fn().mockReturnValueOnce(savedObjectsClient),
     });
@@ -72,7 +71,6 @@ describe('execute()', () => {
       getBasePath,
       taskManager: mockTaskManager,
       getScopedSavedObjectsClient,
-      isSecurityEnabled: true,
     });
     savedObjectsClient.get.mockResolvedValueOnce({
       id: '123',
@@ -117,7 +115,6 @@ describe('execute()', () => {
   test(`doesn't use API keys when not provided`, async () => {
     const getScopedSavedObjectsClient = jest.fn().mockReturnValueOnce(savedObjectsClient);
     const executeFn = createExecuteFunction({
-      isSecurityEnabled: false,
       getBasePath,
       taskManager: mockTaskManager,
       getScopedSavedObjectsClient,
@@ -157,22 +154,4 @@ describe('execute()', () => {
       },
     });
   });
-
-  test(`throws an error when isSecurityEnabled is true and key not passed in`, async () => {
-    const executeFn = createExecuteFunction({
-      getBasePath,
-      taskManager: mockTaskManager,
-      getScopedSavedObjectsClient: jest.fn().mockReturnValueOnce(savedObjectsClient),
-      isSecurityEnabled: true,
-    });
-    await expect(
-      executeFn({
-        id: '123',
-        params: { baz: false },
-        spaceId: 'default',
-      })
-    ).rejects.toThrowErrorMatchingInlineSnapshot(
-      `"API key is required. The attribute \\"apiKey\\" is missing."`
-    );
-  });
 });

x-pack/legacy/plugins/actions/server/create_execute_function.ts

@@ -9,7 +9,6 @@ import { TaskManagerStartContract } from './shim';
 import { GetBasePathFunction } from './types';
 
 interface CreateExecuteFunctionOptions {
-  isSecurityEnabled: boolean;
   taskManager: TaskManagerStartContract;
   getScopedSavedObjectsClient: (request: any) => SavedObjectsClientContract;
   getBasePath: GetBasePathFunction;
@@ -25,15 +24,12 @@ export interface ExecuteOptions {
 export function createExecuteFunction({
   getBasePath,
   taskManager,
-  isSecurityEnabled,
   getScopedSavedObjectsClient,
 }: CreateExecuteFunctionOptions) {
   return async function execute({ id, params, spaceId, apiKey }: ExecuteOptions) {
     const requestHeaders: Record<string, string> = {};
 
-    if (isSecurityEnabled && !apiKey) {
-      throw new Error('API key is required. The attribute "apiKey" is missing.');
-    } else if (isSecurityEnabled) {
+    if (apiKey) {
       requestHeaders.authorization = `ApiKey ${apiKey}`;
     }
 

x-pack/legacy/plugins/actions/server/lib/task_runner_factory.test.ts

@@ -67,7 +67,6 @@ const taskRunnerFactoryInitializerParams = {
   spaceIdToNamespace,
   encryptedSavedObjectsPlugin: mockedEncryptedSavedObjectsPlugin,
   getBasePath: jest.fn().mockReturnValue(undefined),
-  isSecurityEnabled: true,
 };
 
 beforeEach(() => {
@@ -217,52 +216,7 @@ test('uses API key when provided', async () => {
 
 test(`doesn't use API key when not provided`, async () => {
   const factory = new TaskRunnerFactory(mockedActionExecutor);
-  factory.initialize({
-    ...taskRunnerFactoryInitializerParams,
-    isSecurityEnabled: false,
-  });
-  const taskRunner = factory.create({ taskInstance: mockedTaskInstance });
-
-  mockedActionExecutor.execute.mockResolvedValueOnce({ status: 'ok' });
-  spaceIdToNamespace.mockReturnValueOnce('namespace-test');
-  mockedEncryptedSavedObjectsPlugin.getDecryptedAsInternalUser.mockResolvedValueOnce({
-    id: '3',
-    type: 'action_task_params',
-    attributes: {
-      actionId: '2',
-      params: { baz: true },
-    },
-    references: [],
-  });
-
-  await taskRunner.run();
-
-  expect(mockedActionExecutor.execute).toHaveBeenCalledWith({
-    actionId: '2',
-    params: { baz: true },
-    request: {
-      getBasePath: expect.anything(),
-      headers: {},
-      path: '/',
-      route: { settings: {} },
-      url: {
-        href: '/',
-      },
-      raw: {
-        req: {
-          url: '/',
-        },
-      },
-    },
-  });
-});
-
-test(`doesn't use API key when provided and isSecurityEnabled is set to false`, async () => {
-  const factory = new TaskRunnerFactory(mockedActionExecutor);
-  factory.initialize({
-    ...taskRunnerFactoryInitializerParams,
-    isSecurityEnabled: false,
-  });
+  factory.initialize(taskRunnerFactoryInitializerParams);
   const taskRunner = factory.create({ taskInstance: mockedTaskInstance });
 
   mockedActionExecutor.execute.mockResolvedValueOnce({ status: 'ok' });
@@ -273,7 +227,6 @@ test(`doesn't use API key when provided and isSecurityEnabled is set to false`,
     attributes: {
       actionId: '2',
       params: { baz: true },
-      apiKey: Buffer.from('123:abc').toString('base64'),
     },
     references: [],
   });
@@ -299,25 +252,3 @@ test(`doesn't use API key when provided and isSecurityEnabled is set to false`,
     },
   });
 });
-
-test(`throws an error when isSecurityEnabled is true but key isn't provided`, async () => {
-  const taskRunner = taskRunnerFactory.create({
-    taskInstance: mockedTaskInstance,
-  });
-
-  mockedActionExecutor.execute.mockResolvedValueOnce({ status: 'ok' });
-  spaceIdToNamespace.mockReturnValueOnce('namespace-test');
-  mockedEncryptedSavedObjectsPlugin.getDecryptedAsInternalUser.mockResolvedValueOnce({
-    id: '3',
-    type: 'action_task_params',
-    attributes: {
-      actionId: '2',
-      params: { baz: true },
-    },
-    references: [],
-  });
-
-  await expect(taskRunner.run()).rejects.toThrowErrorMatchingInlineSnapshot(
-    `"API key is required. The attribute \\"apiKey\\" is missing."`
-  );
-});

x-pack/legacy/plugins/actions/server/lib/task_runner_factory.ts

@@ -14,7 +14,6 @@ export interface TaskRunnerContext {
   encryptedSavedObjectsPlugin: EncryptedSavedObjectsStartContract;
   spaceIdToNamespace: SpaceIdToNamespaceFunction;
   getBasePath: GetBasePathFunction;
-  isSecurityEnabled: boolean;
 }
 
 export class TaskRunnerFactory {
@@ -44,7 +43,6 @@ export class TaskRunnerFactory {
       encryptedSavedObjectsPlugin,
       spaceIdToNamespace,
       getBasePath,
-      isSecurityEnabled,
     } = this.taskRunnerContext!;
 
     return {
@@ -61,9 +59,7 @@ export class TaskRunnerFactory {
         );
 
         const requestHeaders: Record<string, string> = {};
-        if (isSecurityEnabled && !apiKey) {
-          throw new ExecutorError('API key is required. The attribute "apiKey" is missing.');
-        } else if (isSecurityEnabled) {
+        if (apiKey) {
           requestHeaders.authorization = `ApiKey ${apiKey}`;
         }
 

x-pack/legacy/plugins/actions/server/plugin.ts

@@ -170,14 +170,12 @@ export class Plugin {
       encryptedSavedObjectsPlugin: plugins.encrypted_saved_objects,
       getBasePath,
       spaceIdToNamespace,
-      isSecurityEnabled: !!plugins.security,
     });
 
     const executeFn = createExecuteFunction({
       taskManager: plugins.task_manager,
       getScopedSavedObjectsClient: core.savedObjects.getScopedSavedObjectsClient,
       getBasePath,
-      isSecurityEnabled: !!plugins.security,
     });
 
     return {

x-pack/legacy/plugins/alerting/server/lib/task_runner_factory.test.ts

@@ -60,7 +60,6 @@ const services = {
 };
 
 const taskRunnerFactoryInitializerParams: jest.Mocked<TaskRunnerContext> = {
-  isSecurityEnabled: true,
   getServices: jest.fn().mockReturnValue(services),
   executeAction: jest.fn(),
   encryptedSavedObjectsPlugin,
@@ -315,10 +314,7 @@ test('uses API key when provided', async () => {
 
 test(`doesn't use API key when not provided`, async () => {
   const factory = new TaskRunnerFactory();
-  factory.initialize({
-    ...taskRunnerFactoryInitializerParams,
-    isSecurityEnabled: false,
-  });
+  factory.initialize(taskRunnerFactoryInitializerParams);
   const taskRunner = factory.create(alertType, {
     taskInstance: mockedTaskInstance,
   });

x-pack/legacy/plugins/alerting/server/lib/task_runner_factory.ts

@@ -24,7 +24,6 @@ import {
 
 export interface TaskRunnerContext {
   logger: Logger;
-  isSecurityEnabled: boolean;
   getServices: GetServicesFunction;
   executeAction: ActionsPluginStartContract['execute'];
   encryptedSavedObjectsPlugin: EncryptedSavedObjectsStartContract;
@@ -51,7 +50,6 @@ export class TaskRunnerFactory {
 
     const {
       logger,
-      isSecurityEnabled,
       getServices,
       executeAction,
       encryptedSavedObjectsPlugin,
@@ -74,9 +72,7 @@ export class TaskRunnerFactory {
           { namespace }
         );
 
-        if (isSecurityEnabled && !apiKey) {
-          throw new Error('API key is required. The attribute "apiKey" is missing.');
-        } else if (isSecurityEnabled) {
+        if (apiKey) {
           requestHeaders.authorization = `ApiKey ${apiKey}`;
         }
 

x-pack/legacy/plugins/alerting/server/plugin.ts

@@ -139,7 +139,6 @@ export class Plugin {
 
     this.taskRunnerFactory.initialize({
       logger: this.logger,
-      isSecurityEnabled: !!plugins.security,
       getServices(request: Hapi.Request): Services {
         return {
           callCluster: (...args) =>