mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 09:19:04 -04:00
fix(dev, serverless): do not inject mock SAML IdP configuration if conflicting configuration is provided via CLI arguments (#187337)
## Summary Our functional test server provides Kibana configuration via CLI arguments that the code configuring the mock SAML IdP realm in dev mode didn't account for. This means that when we run the test server locally, both FTR and Kibana try to configure the mock SAML IdP, which crashes the local Kibana. This issue only affects those who run functional tests locally and doesn't impact CI, where we use the built version of Kibana to run tests. This built version doesn't include the mock SAML IdP, delegating the mock SAML IdP configuration solely to FTR. This PR updates the code that attempts to automatically configure the mock SAML IdP in dev mode to check the configuration from both config files and CLI arguments to determine whether automatic configuration is possible.
This commit is contained in:
Aleh Zasypkin
GitHub
parent
5cb60aa23f
commit
4007283a84
1 changed files with 31 additions and 16 deletions
|
|
@ -118,7 +118,11 @@ export function applyConfigOverrides(rawConfig, opts, extraCliOptions, keystoreC
|
|||
if (opts.dev) {
|
||||
if (opts.serverless) {
|
||||
setServerlessKibanaDevServiceAccountIfPossible(get, set, opts);
|
||||
isServerlessSamlSupported = tryConfigureServerlessSamlProvider(rawConfig, opts);
|
||||
isServerlessSamlSupported = tryConfigureServerlessSamlProvider(
|
||||
rawConfig,
|
||||
opts,
|
||||
extraCliOptions
|
||||
);
|
||||
}
|
||||
|
||||
if (!has('elasticsearch.serviceAccountToken') && opts.devCredentials !== false) {
|
||||
|
|
@ -342,9 +346,10 @@ function mergeAndReplaceArrays(objValue, srcValue) {
|
|||
* Tries to configure SAML provider in serverless mode and applies the necessary configuration.
|
||||
* @param rawConfig Full configuration object.
|
||||
* @param opts CLI options.
|
||||
* @param extraCliOptions Extra CLI options.
|
||||
* @returns {boolean} True if SAML provider was successfully configured.
|
||||
*/
|
||||
function tryConfigureServerlessSamlProvider(rawConfig, opts) {
|
||||
function tryConfigureServerlessSamlProvider(rawConfig, opts, extraCliOptions) {
|
||||
if (!MOCK_IDP_PLUGIN_SUPPORTED || opts.ssl === false) {
|
||||
return false;
|
||||
}
|
||||
|
|
@ -353,22 +358,32 @@ function tryConfigureServerlessSamlProvider(rawConfig, opts) {
|
|||
// eslint-disable-next-line import/no-dynamic-require
|
||||
const { MOCK_IDP_REALM_NAME } = require(MOCK_IDP_PLUGIN_PATH);
|
||||
|
||||
// Check if there are any custom authentication providers already configure with the order `0` reserved for the
|
||||
// Serverless SAML provider.
|
||||
// Check if there are any custom authentication providers already configured with the order `0` reserved for the
|
||||
// Serverless SAML provider or if there is an existing SAML provider with the name MOCK_IDP_REALM_NAME. We check
|
||||
// both rawConfig and extraCliOptions because the latter can be used to override the former.
|
||||
let hasBasicOrTokenProviderConfigured = false;
|
||||
const providersConfig = _.get(rawConfig, 'xpack.security.authc.providers', {});
|
||||
for (const [providerType, providers] of Object.entries(providersConfig)) {
|
||||
if (providerType === 'basic' || providerType === 'token') {
|
||||
hasBasicOrTokenProviderConfigured = true;
|
||||
}
|
||||
for (const configSource of [rawConfig, extraCliOptions]) {
|
||||
const providersConfig = _.get(configSource, 'xpack.security.authc.providers', {});
|
||||
for (const [providerType, providers] of Object.entries(providersConfig)) {
|
||||
if (providerType === 'basic' || providerType === 'token') {
|
||||
hasBasicOrTokenProviderConfigured = true;
|
||||
}
|
||||
|
||||
for (const [providerName, provider] of Object.entries(providers)) {
|
||||
if (provider.order === 0) {
|
||||
console.warn(
|
||||
`The serverless SAML authentication provider won't be configured because the order "0" is already used by the custom authentication provider "${providerType}/${providerName}".` +
|
||||
`Please update the custom provider to use a different order or remove it to allow the serverless SAML provider to be configured.`
|
||||
);
|
||||
return false;
|
||||
for (const [providerName, provider] of Object.entries(providers)) {
|
||||
if (provider.order === 0) {
|
||||
console.warn(
|
||||
`The serverless SAML authentication provider won't be configured because the order "0" is already used by the custom authentication provider "${providerType}/${providerName}".` +
|
||||
`Please update the custom provider to use a different order or remove it to allow the serverless SAML provider to be configured.`
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (providerType === 'saml' && providerName === MOCK_IDP_REALM_NAME) {
|
||||
console.warn(
|
||||
`The serverless SAML authentication provider won't be configured because the SAML provider with "${MOCK_IDP_REALM_NAME}" name is already configured".`
|
||||
);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue