[Monitoring] Handle setup mode if security is disabled (#53306) (#58772)

* Handle setup mode if security is disabled * Rename so the test actually runs, and fix/add tests * Use es.js api instead of transport.request * Revert "Use es.js api instead of transport.request" This reverts commit ae0e48f8bd. * Explicitly handle security not enabled Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2020-02-27 19:54:27 -05:00 · 2020-02-27 19:54:27 -05:00 · 535114d87f
commit 535114d87f
parent 0479d0d80c
2 changed files with 49 additions and 25 deletions
--- a/x-pack/legacy/plugins/monitoring/server/lib/setup/collection/test/get_collection_status.test.js
+++ b/x-pack/legacy/plugins/monitoring/server/lib/setup/collection/test/get_collection_status.test.js
@ -6,11 +6,11 @@

 import expect from '@kbn/expect';
 import sinon from 'sinon';
-import { getCollectionStatus } from '../';
+import { getCollectionStatus } from '..';
 import { getIndexPatterns } from '../../../cluster/get_index_patterns';

 const liveClusterUuid = 'a12';
-const mockReq = (searchResult = {}) => {
+const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions = true) => {
  return {
    server: {
      newPlatform: {
@ -40,6 +40,14 @@ const mockReq = (searchResult = {}) => {
        },
      },
      plugins: {
+        xpack_main: {
+          info: {
+            isAvailable: () => true,
+            feature: () => ({
+              isEnabled: () => securityEnabled,
+            }),
+          },
+        },
        elasticsearch: {
          getCluster() {
            return {
@ -51,6 +59,13 @@ const mockReq = (searchResult = {}) => {
                ) {
                  return Promise.resolve({ cluster_uuid: liveClusterUuid });
                }
+                if (
+                  type === 'transport.request' &&
+                  params &&
+                  params.path === '/_security/user/_has_privileges'
+                ) {
+                  return Promise.resolve({ has_all_requested: userHasPermissions });
+                }
                if (type === 'transport.request' && params && params.path === '/_nodes') {
                  return Promise.resolve({ nodes: {} });
                }
@ -218,19 +233,7 @@ describe('getCollectionStatus', () => {
  });

  it('should detect products based on other indices', async () => {
-    const req = mockReq(
-      {},
-      {
-        responses: [
-          { hits: { total: { value: 1 } } },
-          { hits: { total: { value: 1 } } },
-          { hits: { total: { value: 1 } } },
-          { hits: { total: { value: 1 } } },
-          { hits: { total: { value: 1 } } },
-        ],
-      }
-    );
-
+    const req = mockReq({ hits: { total: { value: 1 } } });
    const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);

    expect(result.kibana.detected.doesExist).to.be(true);
@ -238,4 +241,16 @@ describe('getCollectionStatus', () => {
    expect(result.beats.detected.mightExist).to.be(true);
    expect(result.logstash.detected.mightExist).to.be(true);
  });
+
+  it('should work properly when security is disabled', async () => {
+    const req = mockReq({ hits: { total: { value: 1 } } }, false);
+    const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
+    expect(result.kibana.detected.doesExist).to.be(true);
+  });
+
+  it('should not work if the user does not have the necessary permissions', async () => {
+    const req = mockReq({ hits: { total: { value: 1 } } }, true, false);
+    const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
+    expect(result._meta.hasPermissions).to.be(false);
+  });
 });
--- a/x-pack/legacy/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
+++ b/x-pack/legacy/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
@ -226,16 +226,25 @@ function isBeatFromAPM(bucket) {
 }

 async function hasNecessaryPermissions(req) {
-  const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('data');
-  const response = await callWithRequest(req, 'transport.request', {
-    method: 'POST',
-    path: '/_security/user/_has_privileges',
-    body: {
-      cluster: ['monitor'],
-    },
-  });
-  // If there is some problem, assume they do not have access
-  return get(response, 'has_all_requested', false);
+  try {
+    const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('data');
+    const response = await callWithRequest(req, 'transport.request', {
+      method: 'POST',
+      path: '/_security/user/_has_privileges',
+      body: {
+        cluster: ['monitor'],
+      },
+    });
+    // If there is some problem, assume they do not have access
+    return get(response, 'has_all_requested', false);
+  } catch (err) {
+    if (
+      err.message === 'no handler found for uri [/_security/user/_has_privileges] and method [POST]'
+    ) {
+      return true;
+    }
+    return false;
+  }
 }

 /**