github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[ES 9.0] Remove body workaround (@elastic/kibana-security) (#217222)

Browse source 
## Summary

Follow up to https://github.com/elastic/kibana/pull/213375: The latest
version of the ES client fixed the issue
https://github.com/elastic/elasticsearch-js/issues/2584.

We should be able to remove all usages of `// @ts-expect-error
elasticsearch@9.0.0
https://github.com/elastic/elasticsearch-js/issues/2584`.


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
This commit is contained in:
Alejandro Fernández Haro 2025-04-07 22:34:25 +02:00 committed by GitHub
parent 0d84936259
commit 1bd3385d5d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 45 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

90
x-pack/platform/plugins/shared/security/server/authentication/api_keys/api_keys.test.ts
View file

@ -483,16 +483,14 @@ describe('API Keys', () => {
});
expect(mockValidateKibanaPrivileges).not.toHaveBeenCalled(); // this is only called if kibana_role_descriptors is defined
expect(mockClusterClient.asInternalUser.security.grantApiKey).toHaveBeenCalledWith({
body: {
api_key: {
name: 'test_api_key',
role_descriptors: { foo: true },
expiration: '1d',
},
grant_type: 'password',
username: 'foo',
password: 'bar',
api_key: {
name: 'test_api_key',
role_descriptors: { foo: true },
expiration: '1d',
},
grant_type: 'password',
username: 'foo',
password: 'bar',
});
});
@ -522,15 +520,13 @@ describe('API Keys', () => {
});
expect(mockValidateKibanaPrivileges).not.toHaveBeenCalled(); // this is only called if kibana_role_descriptors is defined
expect(mockClusterClient.asInternalUser.security.grantApiKey).toHaveBeenCalledWith({
body: {
api_key: {
name: 'test_api_key',
role_descriptors: roleDescriptors,
expiration: '1d',
},
grant_type: 'access_token',
access_token: 'foo-access-token',
api_key: {
name: 'test_api_key',
role_descriptors: roleDescriptors,
expiration: '1d',
},
grant_type: 'access_token',
access_token: 'foo-access-token',
});
});
@ -563,18 +559,16 @@ describe('API Keys', () => {
});
expect(mockValidateKibanaPrivileges).not.toHaveBeenCalled(); // this is only called if kibana_role_descriptors is defined
expect(mockClusterClient.asInternalUser.security.grantApiKey).toHaveBeenCalledWith({
body: {
api_key: {
name: 'test_api_key',
role_descriptors: { foo: true },
expiration: '1d',
},
grant_type: 'access_token',
access_token: 'foo-access-token',
client_authentication: {
scheme: 'SharedSecret',
value: 'secret',
},
api_key: {
name: 'test_api_key',
role_descriptors: { foo: true },
expiration: '1d',
},
grant_type: 'access_token',
access_token: 'foo-access-token',
client_authentication: {
scheme: 'SharedSecret',
value: 'secret',
},
});
});
@ -857,29 +851,27 @@ describe('API Keys', () => {
name: 'key-name',
});
expect(mockClusterClient.asInternalUser.security.grantApiKey).toHaveBeenCalledWith({
body: {
api_key: {
name: 'key-name',
role_descriptors: {
synthetics_writer: {
applications: [
{
application: 'kibana-.kibana',
privileges: ['feature_uptime.all'],
resources: ['*'],
},
],
cluster: ['manage'],
indices: [],
run_as: [],
},
api_key: {
name: 'key-name',
role_descriptors: {
synthetics_writer: {
applications: [
{
application: 'kibana-.kibana',
privileges: ['feature_uptime.all'],
resources: ['*'],
},
],
cluster: ['manage'],
indices: [],
run_as: [],
},
expiration: '1d',
},
grant_type: 'password',
password: 'bar',
username: 'foo',
expiration: '1d',
},
grant_type: 'password',
password: 'bar',
username: 'foo',
});
});

3
x-pack/platform/plugins/shared/security/server/authentication/api_keys/api_keys.ts
View file

@ -290,8 +290,7 @@ export class APIKeys implements APIKeysType {
// User needs `manage_api_key` or `grant_api_key` privilege to use this API
let result: GrantAPIKeyResult;
try {
// @ts-expect-error elasticsearch@9.0.0 https://github.com/elastic/elasticsearch-js/issues/2584 (client_authentication)
result = await this.clusterClient.asInternalUser.security.grantApiKey({ body: params });
result = await this.clusterClient.asInternalUser.security.grantApiKey(params);
this.logger.debug('API key was granted successfully');
} catch (e) {
this.logger.error(`Failed to grant API key: ${e.message}`);

4
x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts
View file

@ -340,7 +340,7 @@ describe('Session index', () => {
expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledTimes(1);
expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledWith({
index: aliasName,
body: getSessionIndexSettings({ indexName, aliasName }).mappings,
...getSessionIndexSettings({ indexName, aliasName }).mappings,
});
});
@ -367,7 +367,7 @@ describe('Session index', () => {
expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledTimes(1);
expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledWith({
index: aliasName,
body: getSessionIndexSettings({ indexName, aliasName }).mappings,
...getSessionIndexSettings({ indexName, aliasName }).mappings,
});
});

3
x-pack/platform/plugins/shared/security/server/session_management/session_index.ts
View file

@ -761,8 +761,7 @@ export class SessionIndex {
try {
await this.options.elasticsearchClient.indices.putMapping({
index: this.aliasName,
// @ts-expect-error elasticsearch@9.0.0 https://github.com/elastic/elasticsearch-js/issues/2584
body: sessionIndexSettings.mappings,
...sessionIndexSettings.mappings,
});
this.options.logger.debug('Successfully updated session index mappings.');
} catch (err) {