github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[kbn/test/es] remove unnecessary es user management logic (#102584)

Browse source 
Co-authored-by: spalger <spalger@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Spencer 2021-06-21 15:36:43 -07:00 committed by GitHub
parent c52f5edfcc
commit 3084de6782
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 3 additions and 235 deletions
Download patch file Download diff file Expand all files Collapse all files

188
packages/kbn-test/src/functional_tests/lib/auth.ts
View file

@ -1,188 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import fs from 'fs';
import util from 'util';
import { format as formatUrl } from 'url';
import request from 'request';
import type { ToolingLog } from '@kbn/dev-utils';
export const DEFAULT_SUPERUSER_PASS = 'changeme';
const readFile = util.promisify(fs.readFile);
function delay(delayMs: number) {
return new Promise((res) => setTimeout(res, delayMs));
}
interface UpdateCredentialsOptions {
port: number;
auth: string;
username: string;
password: string;
retries?: number;
protocol: string;
caCert?: Buffer | string;
}
async function updateCredentials({
port,
auth,
username,
password,
retries = 10,
protocol,
caCert,
}: UpdateCredentialsOptions): Promise<void> {
const result = await new Promise<{ body: any; httpResponse: request.Response }>(
(resolve, reject) =>
request(
{
method: 'PUT',
uri: formatUrl({
protocol: `${protocol}:`,
auth,
hostname: 'localhost',
port,
pathname: `/_security/user/${username}/_password`,
}),
json: true,
body: { password },
ca: caCert,
},
(err, httpResponse, body) => {
if (err) return reject(err);
resolve({ httpResponse, body });
}
)
);
const { body, httpResponse } = result;
const { statusCode } = httpResponse;
if (statusCode === 200) {
return;
}
if (retries > 0) {
await delay(2500);
return await updateCredentials({
port,
auth,
username,
password,
retries: retries - 1,
protocol,
caCert,
});
}
throw new Error(`${statusCode} response, expected 200 -- ${JSON.stringify(body)}`);
}
interface SetupUsersOptions {
log: ToolingLog;
esPort: number;
updates: Array<{ username: string; password: string; roles?: string[] }>;
protocol?: string;
caPath?: string;
}
export async function setupUsers({
log,
esPort,
updates,
protocol = 'http',
caPath,
}: SetupUsersOptions): Promise<void> {
// track the current credentials for the `elastic` user as
// they will likely change as we apply updates
let auth = `elastic:${DEFAULT_SUPERUSER_PASS}`;
const caCert = caPath ? await readFile(caPath) : undefined;
for (const { username, password, roles } of updates) {
// If working with a built-in user, just change the password
if (['logstash_system', 'elastic', 'kibana'].includes(username)) {
await updateCredentials({ port: esPort, auth, username, password, protocol, caCert });
log.info('setting %j user password to %j', username, password);
// If not a builtin user, add them
} else {
await insertUser({ port: esPort, auth, username, password, roles, protocol, caCert });
log.info('Added %j user with password to %j', username, password);
}
if (username === 'elastic') {
auth = `elastic:${password}`;
}
}
}
interface InserUserOptions {
port: number;
auth: string;
username: string;
password: string;
roles?: string[];
retries?: number;
protocol: string;
caCert?: Buffer | string;
}
async function insertUser({
port,
auth,
username,
password,
roles = [],
retries = 10,
protocol,
caCert,
}: InserUserOptions): Promise<void> {
const result = await new Promise<{ body: any; httpResponse: request.Response }>(
(resolve, reject) =>
request(
{
method: 'POST',
uri: formatUrl({
protocol: `${protocol}:`,
auth,
hostname: 'localhost',
port,
pathname: `/_security/user/${username}`,
}),
json: true,
body: { password, roles },
ca: caCert,
},
(err, httpResponse, body) => {
if (err) return reject(err);
resolve({ httpResponse, body });
}
)
);
const { body, httpResponse } = result;
const { statusCode } = httpResponse;
if (statusCode === 200) {
return;
}
if (retries > 0) {
await delay(2500);
return await insertUser({
port,
auth,
username,
password,
roles,
retries: retries - 1,
protocol,
caCert,
});
}
throw new Error(`${statusCode} response, expected 200 -- ${JSON.stringify(body)}`);
}

23
packages/kbn-test/src/functional_tests/lib/run_elasticsearch.ts
View file

@ -12,8 +12,6 @@ import { KIBANA_ROOT } from './paths';
import type { Config } from '../../functional_test_runner/';
import { createTestEsCluster } from '../../es';
import { setupUsers, DEFAULT_SUPERUSER_PASS } from './auth';
interface RunElasticsearchOptions {
log: ToolingLog;
esFrom: string;
@ -34,9 +32,7 @@ export async function runElasticsearch({
const cluster = createTestEsCluster({
port: config.get('servers.elasticsearch.port'),
password: isSecurityEnabled
? DEFAULT_SUPERUSER_PASS
: config.get('servers.elasticsearch.password'),
password: isSecurityEnabled ? 'changeme' : config.get('servers.elasticsearch.password'),
license,
log,
basePath: resolve(KIBANA_ROOT, '.es'),
@ -49,22 +45,5 @@ export async function runElasticsearch({
await cluster.start();
if (isSecurityEnabled) {
await setupUsers({
log,
esPort: config.get('servers.elasticsearch.port'),
updates: [config.get('servers.elasticsearch'), config.get('servers.kibana')],
protocol: config.get('servers.elasticsearch').protocol,
caPath: getRelativeCertificateAuthorityPath(config.get('kbnTestServer.serverArgs')),
});
}
return cluster;
}
function getRelativeCertificateAuthorityPath(esConfig: string[] = []) {
const caConfig = esConfig.find(
(config) => config.indexOf('--elasticsearch.ssl.certificateAuthorities') === 0
);
return caConfig ? caConfig.split('=')[1] : undefined;
}

2
packages/kbn-test/src/index.ts
View file

@ -29,8 +29,6 @@ export { esTestConfig, createTestEsCluster } from './es';
export { kbnTestConfig, kibanaServerTestUser, kibanaTestUser, adminTestUser } from './kbn';
export { setupUsers, DEFAULT_SUPERUSER_PASS } from './functional_tests/lib/auth';
export { readConfigFile } from './functional_test_runner/lib/config/read_config_file';
export { runFtrCli } from './functional_test_runner/cli';

25
src/core/test_helpers/kbn_server.ts
View file

@ -7,15 +7,7 @@
*/
import { ToolingLog, REPO_ROOT } from '@kbn/dev-utils';
import {
createTestEsCluster,
DEFAULT_SUPERUSER_PASS,
esTestConfig,
kbnTestConfig,
kibanaServerTestUser,
kibanaTestUser,
setupUsers,
} from '@kbn/test';
import { createTestEsCluster, esTestConfig, kibanaServerTestUser, kibanaTestUser } from '@kbn/test';
import { defaultsDeep } from 'lodash';
import { resolve } from 'path';
import { BehaviorSubject } from 'rxjs';
@ -208,7 +200,6 @@ export function createTestServers({
defaultsDeep({}, settings.es ?? {}, {
log,
license,
password: license === 'trial' ? DEFAULT_SUPERUSER_PASS : undefined,
})
);
@ -224,19 +215,7 @@ export function createTestServers({
await es.start();
if (['gold', 'trial'].includes(license)) {
await setupUsers({
log,
esPort: esTestConfig.getUrlParts().port,
updates: [
...usersToBeAdded,
// user elastic
esTestConfig.getUrlParts() as { username: string; password: string },
// user kibana
kbnTestConfig.getUrlParts() as { username: string; password: string },
],
});
// Override provided configs, we know what the elastic user is now
// Override provided configs
kbnSettings.elasticsearch = {
hosts: [esTestConfig.getUrl()],
username: kibanaServerTestUser.username,