Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.x] Check auth status via security plugin on our privileges endpoint (#61334) #61383

Merged
merged 1 commit into from
Mar 26, 2020
Merged

[7.x] Check auth status via security plugin on our privileges endpoint (#61334) #61383

merged 1 commit into from
Mar 26, 2020

Conversation

rylnd
Copy link
Contributor

@rylnd rylnd commented Mar 26, 2020

Backports the following commits to 7.x:

@rylnd
Check auth status via security plugin on our privileges endpoint (ela…
996bf47 
…stic#61334)

* Accounts for security being disabled, adds tests
* Updates other auth-aware endpoints (import timeline, graphql) to
account for security being disabled.
@rylnd rylnd added the backport label Mar 26, 2020
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack API Integration Tests.x-pack/test/api_integration/apis/fleet/agents/acks·ts.apis Fleet Endpoints fleet_agents_acks should return a 200 if this a valid acks request

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 3 times on tracked branches: https://github.com/elastic/kibana/issues/60471

[00:00:00]       │
[00:00:00]         └-: apis
[00:00:00]           └-> "before all" hook
[00:08:19]           └-: Fleet Endpoints
[00:08:19]             └-> "before all" hook
[00:08:52]             └-: fleet_agents_acks
[00:08:52]               └-> "before all" hook
[00:08:52]               └-> "before all" hook
[00:08:52]                 │ info [fleet/agents] Loading "mappings.json"
[00:08:52]                 │ info [fleet/agents] Loading "data.json"
[00:08:52]                 │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1585181380707226114] [.kibana_1/uOumRkzuTMe5LFBsQ1JUsg] deleting index
[00:08:52]                 │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1585181380707226114] [.kibana_2/g_ABdi-fQLibaogIkiSmFA] deleting index
[00:08:52]                 │ info [fleet/agents] Deleted existing index [".kibana_2",".kibana_1"]
[00:08:52]                 │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1585181380707226114] [.kibana_1] creating index, cause [api], templates [], shards [1]/[0], mappings [_doc]
[00:08:52]                 │ info [fleet/agents] Created index ".kibana_1"
[00:08:52]                 │ debg [fleet/agents] ".kibana_1" settings {"index":{"auto_expand_replicas":"0-1","number_of_replicas":"0","number_of_shards":"1"}}
[00:08:52]                 │ info [fleet/agents] Indexed 7 docs into ".kibana"
[00:08:52]                 │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-oraclelinux-tests-xl-1585181380707226114] [.kibana_1/ktSWiLn4QbWyJcHCiX2a8w] update_mapping [_doc]
[00:08:52]                 │ debg Migrating saved objects
[00:08:53]                 │ proc [kibana]   log   [01:16:10.109] [info][savedobjects-service] Detected mapping change in "dynamic"
[00:08:53]                 │ proc [kibana]   log   [01:16:10.112] [info][savedobjects-service] Creating index .kibana_2.
[00:08:53]                 │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1585181380707226114] [.kibana_2] creating index, cause [api], templates [], shards [1]/[1], mappings [_doc]
[00:08:53]                 │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-oraclelinux-tests-xl-1585181380707226114] updating number_of_replicas to [0] for indices [.kibana_2]
[00:08:53]                 │ proc [kibana]   log   [01:16:10.213] [info][savedobjects-service] Migrating .kibana_1 saved objects to .kibana_2
[00:08:53]                 │ proc [kibana]   log   [01:16:10.226] [info][savedobjects-service] Pointing alias .kibana to .kibana_2.
[00:08:53]                 │ proc [kibana]   log   [01:16:10.290] [info][savedobjects-service] Finished in 180ms.
[00:08:54]               └-> should return a 401 if this a not a valid acks access
[00:08:54]                 └-> "before each" hook: global before each
[00:08:54]                 │ info [o.e.x.s.a.AuthenticationService] [kibana-ci-immutable-oraclelinux-tests-xl-1585181380707226114] Authentication using apikey failed - Illegal base64 character 5f
[00:08:54]                 │      java.lang.IllegalArgumentException: Illegal base64 character 5f
[00:08:54]                 │      	at java.util.Base64$Decoder.decode0(Base64.java:788) ~[?:?]
[00:08:54]                 │      	at java.util.Base64$Decoder.decode(Base64.java:564) ~[?:?]
[00:08:54]                 │      	at java.util.Base64$Decoder.decode(Base64.java:587) ~[?:?]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.ApiKeyService.getCredentialsFromHeader(ApiKeyService.java:535) ~[x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.ApiKeyService.authenticateWithApiKeyIfPresent(ApiKeyService.java:301) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.checkForApiKey(AuthenticationService.java:348) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$0(AuthenticationService.java:330) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.TokenService.getAndValidateToken(TokenService.java:394) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:326) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$6(AuthenticationService.java:386) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:397) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:321) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:263) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:141) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:126) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.xpack.security.rest.SecurityRestFilter.handleRequest(SecurityRestFilter.java:61) [x-pack-security-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:251) [elasticsearch-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:333) [elasticsearch-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:191) [elasticsearch-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:329) [elasticsearch-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:383) [elasticsearch-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:308) [elasticsearch-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:54) [transport-netty4-client-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:29) [transport-netty4-client-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:58) [transport-netty4-client-7.7.0-SNAPSHOT.jar:7.7.0-SNAPSHOT]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:321) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:295) [netty-codec-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) [netty-handler-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:355) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:377) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:363) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:615) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:578) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [netty-transport-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-common-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.45.Final.jar:4.1.45.Final]
[00:08:54]                 │      	at java.lang.Thread.run(Thread.java:830) [?:?]
[00:08:54]                 │ proc [kibana]   log   [01:16:11.328] [info][authentication][plugins][security] Authentication attempt failed: [security_exception] missing authentication credentials for REST request [/_security/_authenticate], with { header={ WWW-Authenticate={ 0="ApiKey" & 1="Basic realm=\"security\" charset=\"UTF-8\"" } } }
[00:08:54]                 └- ✓ pass  (62ms) "apis Fleet Endpoints fleet_agents_acks should return a 401 if this a not a valid acks access"
[00:08:54]               └-> should return a 200 if this a valid acks request
[00:08:54]                 └-> "before each" hook: global before each
[00:08:54]                 └- ✖ fail: "apis Fleet Endpoints fleet_agents_acks should return a 200 if this a valid acks request"
[00:08:54]                 │

Stack Trace

Error: expected 200 "OK", got 400 "Bad Request"
    at Test._assertStatus (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:268:12)
    at Test._assertFunction (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:283:11)
    at Test.assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:173:18)
    at assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:131:12)
    at /dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:128:5
    at Test.Request.callback (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:718:3)
    at parser (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:906:18)
    at IncomingMessage.res.on (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/parsers/json.js:19:7)
    at endReadableNT (_stream_readable.js:1145:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@rylnd rylnd merged commit e94ee5f into elastic:7.x Mar 26, 2020
@rylnd rylnd deleted the backport/7.x/pr-61334 branch March 26, 2020 02:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rylnd @kibanamachine