mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
[Uptime] Use authorised saved object client only for write operations (#123141)
This commit is contained in:
Shahzad
GitHub
parent
2c52ac28cb
commit
17c3daad93
5 changed files with 22 additions and 7 deletions
|
|
@ -47,6 +47,7 @@ export interface UptimeServerSetup {
|
|||
fleet: FleetStartContract;
|
||||
security: SecurityPluginStart;
|
||||
savedObjectsClient?: SavedObjectsClientContract;
|
||||
authSavedObjectsClient?: SavedObjectsClientContract;
|
||||
encryptedSavedObjects: EncryptedSavedObjectsPluginStart;
|
||||
syntheticsService: SyntheticsService;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ export const getAPIKeyForSyntheticsService = async ({
|
|||
server: UptimeServerSetup;
|
||||
request?: KibanaRequest;
|
||||
}): Promise<SyntheticsServiceApiKey | undefined> => {
|
||||
const { security, encryptedSavedObjects, savedObjectsClient } = server;
|
||||
const { security, encryptedSavedObjects, authSavedObjectsClient } = server;
|
||||
|
||||
const encryptedClient = encryptedSavedObjects.getClient({
|
||||
includedHiddenTypes: [syntheticsServiceApiKey.name],
|
||||
|
|
@ -37,17 +37,22 @@ export const getAPIKeyForSyntheticsService = async ({
|
|||
// TODO: figure out how to handle decryption errors
|
||||
}
|
||||
|
||||
return await generateAndSaveAPIKey({ request, security, savedObjectsClient });
|
||||
return await generateAndSaveAPIKey({
|
||||
request,
|
||||
security,
|
||||
authSavedObjectsClient,
|
||||
});
|
||||
};
|
||||
|
||||
export const generateAndSaveAPIKey = async ({
|
||||
security,
|
||||
request,
|
||||
savedObjectsClient,
|
||||
authSavedObjectsClient,
|
||||
}: {
|
||||
request?: KibanaRequest;
|
||||
security: SecurityPluginStart;
|
||||
savedObjectsClient?: SavedObjectsClientContract;
|
||||
// authSavedObject is needed for write operations
|
||||
authSavedObjectsClient?: SavedObjectsClientContract;
|
||||
}) => {
|
||||
const isApiKeysEnabled = await security.authc.apiKeys?.areAPIKeysEnabled();
|
||||
|
||||
|
|
@ -81,9 +86,9 @@ export const generateAndSaveAPIKey = async ({
|
|||
if (apiKeyResult) {
|
||||
const { id, name, api_key: apiKey } = apiKeyResult;
|
||||
const apiKeyObject = { id, name, apiKey };
|
||||
if (savedObjectsClient) {
|
||||
if (authSavedObjectsClient) {
|
||||
// discard decoded key and rest of the keys
|
||||
await setSyntheticsServiceApiKey(savedObjectsClient, apiKeyObject);
|
||||
await setSyntheticsServiceApiKey(authSavedObjectsClient, apiKeyObject);
|
||||
}
|
||||
return apiKeyObject;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -118,6 +118,9 @@ export class ServiceAPIClient {
|
|||
rxjsFrom(callServiceEndpoint(locMonitors, url)).pipe(
|
||||
tap((result) => {
|
||||
this.logger.debug(result.data);
|
||||
this.logger.debug(
|
||||
`Successfully called service with method ${method} with ${allMonitors.length} monitors `
|
||||
);
|
||||
}),
|
||||
catchError((err) => {
|
||||
pushErrors.push({ locationId: id, error: err });
|
||||
|
|
|
|||
|
|
@ -149,6 +149,7 @@ export class SyntheticsService {
|
|||
try {
|
||||
this.apiKey = await getAPIKeyForSyntheticsService({ server: this.server, request });
|
||||
} catch (err) {
|
||||
this.logger.error(err);
|
||||
throw err;
|
||||
}
|
||||
}
|
||||
|
|
@ -159,6 +160,8 @@ export class SyntheticsService {
|
|||
throw error;
|
||||
}
|
||||
|
||||
this.logger.debug('Found api key and esHosts for service.');
|
||||
|
||||
return {
|
||||
hosts: this.esHosts,
|
||||
api_key: `${this.apiKey.id}:${this.apiKey.apiKey}`,
|
||||
|
|
@ -168,6 +171,7 @@ export class SyntheticsService {
|
|||
async pushConfigs(request?: KibanaRequest, configs?: SyntheticsMonitorWithId[]) {
|
||||
const monitors = this.formatConfigs(configs || (await this.getMonitorConfigs()));
|
||||
if (monitors.length === 0) {
|
||||
this.logger.debug('No monitor found which can be pushed to service.');
|
||||
return;
|
||||
}
|
||||
const data = {
|
||||
|
|
@ -175,6 +179,8 @@ export class SyntheticsService {
|
|||
output: await this.getOutput(request),
|
||||
};
|
||||
|
||||
this.logger.debug(`${monitors.length} monitors will be pushed to synthetics service.`);
|
||||
|
||||
try {
|
||||
return await this.apiClient.post(data);
|
||||
} catch (e) {
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ export const uptimeRouteWrapper: UMKibanaRouteWrapper = (uptimeRoute, server) =>
|
|||
}
|
||||
|
||||
// specifically needed for the synthetics service api key generation
|
||||
server.savedObjectsClient = savedObjectsClient;
|
||||
server.authSavedObjectsClient = savedObjectsClient;
|
||||
|
||||
const isInspectorEnabled = await context.core.uiSettings.client.get<boolean>(
|
||||
enableInspectEsQueries
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue