Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes unauthorized error in es datasources #24624

Merged
merged 7 commits into from
Oct 30, 2018
Merged

Fixes unauthorized error in es datasources #24624

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c7d5f38
Fixes check for security plugin
cqliu1 Oct 26, 2018
774e8e5
Merge branch 'master' into fix/esdocs-auth-error
cqliu1 Oct 26, 2018
86dad63
Cleaned up security check logic. Fixed tests for create_handlers. Add…
cqliu1 Oct 26, 2018
dea410c
Updated comment
cqliu1 Oct 26, 2018
8efc212
Added tests
cqliu1 Oct 26, 2018
c401739
Updated variable names
cqliu1 Oct 29, 2018
7c6d705
Merge branch 'master' into fix/esdocs-auth-error
cqliu1 Oct 29, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 50 additions & 1 deletion x-pack/plugins/canvas/server/lib/__tests__/create_handlers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ import expect from 'expect.js';
import { createHandlers } from '../create_handlers';

let securityMode = 'pass';
let isSecurityAvailable = true;
let isSecurityEnabled = true;
const authError = new Error('auth error');

const mockRequest = {
Expand All @@ -27,6 +29,15 @@ const mockServer = {
callWithRequest: (...args) => Promise.resolve(args),
}),
},
// TODO: remove this when we use the method exposed by security https://github.com/elastic/kibana/pull/24616
xpack_main: {
info: {
feature: () => ({
isAvailable: () => isSecurityAvailable,
isEnabled: () => isSecurityEnabled,
}),
},
},
},
config: () => ({
has: () => false,
Expand All @@ -42,6 +53,8 @@ describe('server createHandlers', () => {

beforeEach(() => {
securityMode = 'pass';
isSecurityEnabled = true;
isSecurityAvailable = true;
handlers = createHandlers(mockRequest, mockServer);
});

Expand Down Expand Up @@ -75,7 +88,7 @@ describe('server createHandlers', () => {
});
});

it('works without security', async () => {
it('works without security plugin in kibana', async () => {
// create server without security plugin
const mockServerClone = {
...mockServer,
Expand All @@ -98,5 +111,41 @@ describe('server createHandlers', () => {
expect(endpoint).to.equal('endpoint');
expect(payload).to.equal('payload');
});

it('works without security available', async () => {
// create server with security unavailable (i.e. when user is on a basic license)
isSecurityAvailable = false;

// this shouldn't do anything
securityMode = 'fail';

// make sure the method still works
handlers = createHandlers(mockRequest, mockServer);
const [request, endpoint, payload] = await handlers.elasticsearchClient(
'endpoint',
'payload'
);
expect(request).to.equal(mockRequest);
expect(endpoint).to.equal('endpoint');
expect(payload).to.equal('payload');
});

it('works with security disabled in elasticsearch', async () => {
// create server with security disabled
isSecurityEnabled = false;

// this shouldn't do anything
securityMode = 'fail';

// make sure the method still works
handlers = createHandlers(mockRequest, mockServer);
const [request, endpoint, payload] = await handlers.elasticsearchClient(
'endpoint',
'payload'
);
expect(request).to.equal(mockRequest);
expect(endpoint).to.equal('endpoint');
expect(payload).to.equal('payload');
});
});
});
4 changes: 3 additions & 1 deletion x-pack/plugins/canvas/server/lib/create_handlers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
*/

import boom from 'boom';
import { isSecurityEnabled } from './feature_check';

export const createHandlers = (request, server) => {
const { callWithRequest } = server.plugins.elasticsearch.getCluster('data');
Expand All @@ -19,7 +20,8 @@ export const createHandlers = (request, server) => {
httpHeaders: request.headers,
elasticsearchClient: async (...args) => {
// check if the session is valid because continuing to use it
if (server.plugins.security) {
// TODO: replace this when we use the method exposed by security https://github.com/elastic/kibana/pull/24616
if (isSecurityEnabled(server)) {
const authenticationResult = await server.plugins.security.authenticate(request);
if (!authenticationResult.succeeded()) throw boom.unauthorized(authenticationResult.error);
}
Expand Down
12 changes: 12 additions & 0 deletions x-pack/plugins/canvas/server/lib/feature_check.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export const isSecurityEnabled = server => {
const kibanaSecurity = server.plugins.security;
const esSecurity = server.plugins.xpack_main.info.feature('security');

return kibanaSecurity && esSecurity.isAvailable() && esSecurity.isEnabled();
};