From 610902b421df9ca6bc4970b54619e1b921ad93cc Mon Sep 17 00:00:00 2001 From: Josh Dover <1813008+joshdover@users.noreply.github.com> Date: Mon, 29 Mar 2021 17:31:34 +0200 Subject: [PATCH] Add test to verify Console proxy doesn't forward system index header (#95562) * Add test to verify Console API does not forward system index header * Add integration test to Core to verify system indices warning behavior Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../integration_tests/client.test.ts | 57 +++++++++++++++++++ test/api_integration/apis/console/index.ts | 15 +++++ .../apis/console/proxy_route.ts | 44 ++++++++++++++ test/api_integration/apis/index.ts | 1 + 4 files changed, 117 insertions(+) create mode 100644 src/core/server/elasticsearch/integration_tests/client.test.ts create mode 100644 test/api_integration/apis/console/index.ts create mode 100644 test/api_integration/apis/console/proxy_route.ts diff --git a/src/core/server/elasticsearch/integration_tests/client.test.ts b/src/core/server/elasticsearch/integration_tests/client.test.ts new file mode 100644 index 0000000000000..3a4b7c5c4af22 --- /dev/null +++ b/src/core/server/elasticsearch/integration_tests/client.test.ts @@ -0,0 +1,57 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { + createTestServers, + TestElasticsearchUtils, + TestKibanaUtils, +} from '../../../test_helpers/kbn_server'; + +describe('elasticsearch clients', () => { + let esServer: TestElasticsearchUtils; + let kibanaServer: TestKibanaUtils; + + beforeAll(async () => { + const { startES, startKibana } = createTestServers({ + adjustTimeout: jest.setTimeout, + }); + + esServer = await startES(); + kibanaServer = await startKibana(); + }); + + afterAll(async () => { + await kibanaServer.stop(); + await esServer.stop(); + }); + + it('does not return deprecation warning when x-elastic-product-origin header is set', async () => { + // Header should be automatically set by Core + const resp1 = await kibanaServer.coreStart.elasticsearch.client.asInternalUser.indices.getSettings( + { index: '.kibana' } + ); + expect(resp1.headers).not.toHaveProperty('warning'); + + // Also test setting it explicitly + const resp2 = await kibanaServer.coreStart.elasticsearch.client.asInternalUser.indices.getSettings( + { index: '.kibana' }, + { headers: { 'x-elastic-product-origin': 'kibana' } } + ); + expect(resp2.headers).not.toHaveProperty('warning'); + }); + + it('returns deprecation warning when x-elastic-product-orign header is not set', async () => { + const resp = await kibanaServer.coreStart.elasticsearch.client.asInternalUser.indices.getSettings( + { index: '.kibana' }, + { headers: { 'x-elastic-product-origin': null } } + ); + + expect(resp.headers).toHaveProperty('warning'); + expect(resp.headers!.warning).toMatch('system indices'); + }); +}); diff --git a/test/api_integration/apis/console/index.ts b/test/api_integration/apis/console/index.ts new file mode 100644 index 0000000000000..ad4f8256f97ad --- /dev/null +++ b/test/api_integration/apis/console/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { FtrProviderContext } from '../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('core', () => { + loadTestFile(require.resolve('./proxy_route')); + }); +} diff --git a/test/api_integration/apis/console/proxy_route.ts b/test/api_integration/apis/console/proxy_route.ts new file mode 100644 index 0000000000000..d8a5f57a41a6e --- /dev/null +++ b/test/api_integration/apis/console/proxy_route.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import expect from '@kbn/expect'; +import { FtrProviderContext } from '../../ftr_provider_context'; + +export default function ({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + describe('POST /api/console/proxy', () => { + describe('system indices behavior', () => { + it('returns warning header when making requests to .kibana index', async () => { + return await supertest + .post('/api/console/proxy?method=GET&path=/.kibana/_settings') + .set('kbn-xsrf', 'true') + .then((response) => { + expect(response.header).to.have.property('warning'); + const { warning } = response.header as { warning: string }; + expect(warning.startsWith('299')).to.be(true); + expect(warning.includes('system indices')).to.be(true); + }); + }); + + it('does not forward x-elastic-product-origin', async () => { + // If we pass the header and we still get the warning back, we assume that the header was not forwarded. + return await supertest + .post('/api/console/proxy?method=GET&path=/.kibana/_settings') + .set('kbn-xsrf', 'true') + .set('x-elastic-product-origin', 'kibana') + .then((response) => { + expect(response.header).to.have.property('warning'); + const { warning } = response.header as { warning: string }; + expect(warning.startsWith('299')).to.be(true); + expect(warning.includes('system indices')).to.be(true); + }); + }); + }); + }); +} diff --git a/test/api_integration/apis/index.ts b/test/api_integration/apis/index.ts index 33495ad2c604b..0d87569cb8b97 100644 --- a/test/api_integration/apis/index.ts +++ b/test/api_integration/apis/index.ts @@ -10,6 +10,7 @@ import { FtrProviderContext } from '../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('apis', () => { + loadTestFile(require.resolve('./console')); loadTestFile(require.resolve('./core')); loadTestFile(require.resolve('./general')); loadTestFile(require.resolve('./home'));