mirror of
https://github.com/elastic/kibana.git
synced 2025-04-25 02:09:32 -04:00
[Fleet Plugin] Use server-side authc.getCurrentUser from core.security (#186932)
Part of https://github.com/elastic/kibana/issues/186574 Background: This PR serves as an example of a plugin migrating away from depending on the Security plugin, which is a high priority effort for the last release before 9.0. The Fleet plugin uses the `authc.getCurrentUser` in server-side code, and they are addressed in this PR. It also uses `authc.apiKeys` in a few areas, but that isn't ready to be migrated yet. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Tim Sullivan
GitHub
parent
3d99878c96
commit
55bbd76fce
15 changed files with 56 additions and 45 deletions
|
|
@ -12,6 +12,7 @@ import {
|
||||||
loggingSystemMock,
|
loggingSystemMock,
|
||||||
savedObjectsClientMock,
|
savedObjectsClientMock,
|
||||||
savedObjectsServiceMock,
|
savedObjectsServiceMock,
|
||||||
|
securityServiceMock,
|
||||||
} from '@kbn/core/server/mocks';
|
} from '@kbn/core/server/mocks';
|
||||||
import { dataPluginMock } from '@kbn/data-plugin/server/mocks';
|
import { dataPluginMock } from '@kbn/data-plugin/server/mocks';
|
||||||
import { licensingMock } from '@kbn/licensing-plugin/server/mocks';
|
import { licensingMock } from '@kbn/licensing-plugin/server/mocks';
|
||||||
|
|
@ -50,6 +51,7 @@ export interface MockedFleetAppContext extends FleetAppContext {
|
||||||
data: ReturnType<typeof dataPluginMock.createStartContract>;
|
data: ReturnType<typeof dataPluginMock.createStartContract>;
|
||||||
encryptedSavedObjectsStart?: ReturnType<typeof encryptedSavedObjectsMock.createStart>;
|
encryptedSavedObjectsStart?: ReturnType<typeof encryptedSavedObjectsMock.createStart>;
|
||||||
savedObjects: ReturnType<typeof savedObjectsServiceMock.createStartContract>;
|
savedObjects: ReturnType<typeof savedObjectsServiceMock.createStartContract>;
|
||||||
|
securityCoreStart: ReturnType<typeof securityServiceMock.createStart>;
|
||||||
securitySetup: ReturnType<typeof securityMock.createSetup>;
|
securitySetup: ReturnType<typeof securityMock.createSetup>;
|
||||||
securityStart: ReturnType<typeof securityMock.createStart>;
|
securityStart: ReturnType<typeof securityMock.createStart>;
|
||||||
logger: ReturnType<ReturnType<typeof loggingSystemMock.create>['get']>;
|
logger: ReturnType<ReturnType<typeof loggingSystemMock.create>['get']>;
|
||||||
|
|
@ -74,6 +76,7 @@ export const createAppContextStartContractMock = (
|
||||||
encryptedSavedObjectsStart: encryptedSavedObjectsMock.createStart(),
|
encryptedSavedObjectsStart: encryptedSavedObjectsMock.createStart(),
|
||||||
encryptedSavedObjectsSetup: encryptedSavedObjectsMock.createSetup({ canEncrypt: true }),
|
encryptedSavedObjectsSetup: encryptedSavedObjectsMock.createSetup({ canEncrypt: true }),
|
||||||
savedObjects: savedObjectsServiceMock.createStartContract(),
|
savedObjects: savedObjectsServiceMock.createStartContract(),
|
||||||
|
securityCoreStart: securityServiceMock.createStart(),
|
||||||
securitySetup: securityMock.createSetup(),
|
securitySetup: securityMock.createSetup(),
|
||||||
securityStart: securityMock.createStart(),
|
securityStart: securityMock.createStart(),
|
||||||
logger: loggingSystemMock.create().get(),
|
logger: loggingSystemMock.create().get(),
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ import type {
|
||||||
PluginInitializerContext,
|
PluginInitializerContext,
|
||||||
SavedObjectsClientContract,
|
SavedObjectsClientContract,
|
||||||
SavedObjectsServiceStart,
|
SavedObjectsServiceStart,
|
||||||
|
SecurityServiceStart,
|
||||||
ServiceStatus,
|
ServiceStatus,
|
||||||
} from '@kbn/core/server';
|
} from '@kbn/core/server';
|
||||||
import { DEFAULT_APP_CATEGORIES, SavedObjectsClient, ServiceStatusLevels } from '@kbn/core/server';
|
import { DEFAULT_APP_CATEGORIES, SavedObjectsClient, ServiceStatusLevels } from '@kbn/core/server';
|
||||||
|
|
@ -155,6 +156,7 @@ export interface FleetAppContext {
|
||||||
data: DataPluginStart;
|
data: DataPluginStart;
|
||||||
encryptedSavedObjectsStart?: EncryptedSavedObjectsPluginStart;
|
encryptedSavedObjectsStart?: EncryptedSavedObjectsPluginStart;
|
||||||
encryptedSavedObjectsSetup?: EncryptedSavedObjectsPluginSetup;
|
encryptedSavedObjectsSetup?: EncryptedSavedObjectsPluginSetup;
|
||||||
|
securityCoreStart: SecurityServiceStart;
|
||||||
securitySetup: SecurityPluginSetup;
|
securitySetup: SecurityPluginSetup;
|
||||||
securityStart: SecurityPluginStart;
|
securityStart: SecurityPluginStart;
|
||||||
config$?: Observable<FleetConfigType>;
|
config$?: Observable<FleetConfigType>;
|
||||||
|
|
@ -613,6 +615,7 @@ export class FleetPlugin
|
||||||
data: plugins.data,
|
data: plugins.data,
|
||||||
encryptedSavedObjectsStart: plugins.encryptedSavedObjects,
|
encryptedSavedObjectsStart: plugins.encryptedSavedObjects,
|
||||||
encryptedSavedObjectsSetup: this.encryptedSavedObjectsSetup,
|
encryptedSavedObjectsSetup: this.encryptedSavedObjectsSetup,
|
||||||
|
securityCoreStart: core.security,
|
||||||
securitySetup: this.securitySetup,
|
securitySetup: this.securitySetup,
|
||||||
securityStart: plugins.security,
|
securityStart: plugins.security,
|
||||||
configInitialValue: this.configInitialValue,
|
configInitialValue: this.configInitialValue,
|
||||||
|
|
|
||||||
|
|
@ -215,7 +215,7 @@ export const createAgentPolicyHandler: FleetRequestHandler<
|
||||||
const fleetContext = await context.fleet;
|
const fleetContext = await context.fleet;
|
||||||
const soClient = fleetContext.internalSoClient;
|
const soClient = fleetContext.internalSoClient;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
const withSysMonitoring = request.query.sys_monitoring ?? false;
|
const withSysMonitoring = request.query.sys_monitoring ?? false;
|
||||||
const monitoringEnabled = request.body.monitoring_enabled;
|
const monitoringEnabled = request.body.monitoring_enabled;
|
||||||
const { has_fleet_server: hasFleetServer, force, ...newPolicy } = request.body;
|
const { has_fleet_server: hasFleetServer, force, ...newPolicy } = request.body;
|
||||||
|
|
@ -261,7 +261,7 @@ export const updateAgentPolicyHandler: FleetRequestHandler<
|
||||||
const fleetContext = await context.fleet;
|
const fleetContext = await context.fleet;
|
||||||
const soClient = coreContext.savedObjects.client;
|
const soClient = coreContext.savedObjects.client;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
const { force, ...data } = request.body;
|
const { force, ...data } = request.body;
|
||||||
|
|
||||||
const spaceId = fleetContext.spaceId;
|
const spaceId = fleetContext.spaceId;
|
||||||
|
|
@ -271,11 +271,7 @@ export const updateAgentPolicyHandler: FleetRequestHandler<
|
||||||
esClient,
|
esClient,
|
||||||
request.params.agentPolicyId,
|
request.params.agentPolicyId,
|
||||||
data,
|
data,
|
||||||
{
|
{ force, user, spaceId }
|
||||||
force,
|
|
||||||
user: user || undefined,
|
|
||||||
spaceId,
|
|
||||||
}
|
|
||||||
);
|
);
|
||||||
const body: UpdateAgentPolicyResponse = { item: agentPolicy };
|
const body: UpdateAgentPolicyResponse = { item: agentPolicy };
|
||||||
return response.ok({
|
return response.ok({
|
||||||
|
|
@ -300,16 +296,14 @@ export const copyAgentPolicyHandler: RequestHandler<
|
||||||
const coreContext = await context.core;
|
const coreContext = await context.core;
|
||||||
const soClient = coreContext.savedObjects.client;
|
const soClient = coreContext.savedObjects.client;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
try {
|
try {
|
||||||
const agentPolicy = await agentPolicyService.copy(
|
const agentPolicy = await agentPolicyService.copy(
|
||||||
soClient,
|
soClient,
|
||||||
esClient,
|
esClient,
|
||||||
request.params.agentPolicyId,
|
request.params.agentPolicyId,
|
||||||
request.body,
|
request.body,
|
||||||
{
|
{ user }
|
||||||
user: user || undefined,
|
|
||||||
}
|
|
||||||
);
|
);
|
||||||
|
|
||||||
const body: CopyAgentPolicyResponse = { item: agentPolicy };
|
const body: CopyAgentPolicyResponse = { item: agentPolicy };
|
||||||
|
|
@ -329,16 +323,13 @@ export const deleteAgentPoliciesHandler: RequestHandler<
|
||||||
const coreContext = await context.core;
|
const coreContext = await context.core;
|
||||||
const soClient = coreContext.savedObjects.client;
|
const soClient = coreContext.savedObjects.client;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
try {
|
try {
|
||||||
const body: DeleteAgentPolicyResponse = await agentPolicyService.delete(
|
const body: DeleteAgentPolicyResponse = await agentPolicyService.delete(
|
||||||
soClient,
|
soClient,
|
||||||
esClient,
|
esClient,
|
||||||
request.body.agentPolicyId,
|
request.body.agentPolicyId,
|
||||||
{
|
{ user, force: request.body.force }
|
||||||
user: user || undefined,
|
|
||||||
force: request.body.force,
|
|
||||||
}
|
|
||||||
);
|
);
|
||||||
return response.ok({
|
return response.ok({
|
||||||
body,
|
body,
|
||||||
|
|
|
||||||
|
|
@ -307,7 +307,7 @@ export const installPackageFromRegistryHandler: FleetRequestHandler<
|
||||||
const fleetContext = await context.fleet;
|
const fleetContext = await context.fleet;
|
||||||
const savedObjectsClient = fleetContext.internalSoClient;
|
const savedObjectsClient = fleetContext.internalSoClient;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
|
|
||||||
const { pkgName, pkgVersion } = request.params;
|
const { pkgName, pkgVersion } = request.params;
|
||||||
|
|
||||||
|
|
@ -350,7 +350,7 @@ export const createCustomIntegrationHandler: FleetRequestHandler<
|
||||||
const fleetContext = await context.fleet;
|
const fleetContext = await context.fleet;
|
||||||
const savedObjectsClient = fleetContext.internalSoClient;
|
const savedObjectsClient = fleetContext.internalSoClient;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
const kibanaVersion = appContextService.getKibanaVersion();
|
const kibanaVersion = appContextService.getKibanaVersion();
|
||||||
const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
|
const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
|
||||||
const spaceId = fleetContext.spaceId;
|
const spaceId = fleetContext.spaceId;
|
||||||
|
|
@ -425,7 +425,7 @@ export const bulkInstallPackagesFromRegistryHandler: FleetRequestHandler<
|
||||||
const savedObjectsClient = fleetContext.internalSoClient;
|
const savedObjectsClient = fleetContext.internalSoClient;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const spaceId = fleetContext.spaceId;
|
const spaceId = fleetContext.spaceId;
|
||||||
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
|
const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
|
||||||
|
|
||||||
const bulkInstalledResponses = await bulkInstallPackages({
|
const bulkInstalledResponses = await bulkInstallPackages({
|
||||||
|
|
@ -457,7 +457,7 @@ export const installPackageByUploadHandler: FleetRequestHandler<
|
||||||
const contentType = request.headers['content-type'] as string; // from types it could also be string[] or undefined but this is checked later
|
const contentType = request.headers['content-type'] as string; // from types it could also be string[] or undefined but this is checked later
|
||||||
const archiveBuffer = Buffer.from(request.body);
|
const archiveBuffer = Buffer.from(request.body);
|
||||||
const spaceId = fleetContext.spaceId;
|
const spaceId = fleetContext.spaceId;
|
||||||
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
|
const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
|
||||||
|
|
||||||
const res = await installPackage({
|
const res = await installPackage({
|
||||||
|
|
@ -561,7 +561,7 @@ export const reauthorizeTransformsHandler: FleetRequestHandler<
|
||||||
|
|
||||||
let username;
|
let username;
|
||||||
try {
|
try {
|
||||||
const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request);
|
||||||
if (user) {
|
if (user) {
|
||||||
username = user.username;
|
username = user.username;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -231,7 +231,7 @@ export const createPackagePolicyHandler: FleetRequestHandler<
|
||||||
const fleetContext = await context.fleet;
|
const fleetContext = await context.fleet;
|
||||||
const soClient = fleetContext.internalSoClient;
|
const soClient = fleetContext.internalSoClient;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
const { force, id, package: pkg, ...newPolicy } = request.body;
|
const { force, id, package: pkg, ...newPolicy } = request.body;
|
||||||
const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
|
const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
|
||||||
let wasPackageAlreadyInstalled = false;
|
let wasPackageAlreadyInstalled = false;
|
||||||
|
|
@ -339,7 +339,7 @@ export const updatePackagePolicyHandler: FleetRequestHandler<
|
||||||
const soClient = fleetContext.internalSoClient;
|
const soClient = fleetContext.internalSoClient;
|
||||||
const limitedToPackages = fleetContext.limitedToPackages;
|
const limitedToPackages = fleetContext.limitedToPackages;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
const packagePolicy = await packagePolicyService.get(soClient, request.params.packagePolicyId);
|
const packagePolicy = await packagePolicyService.get(soClient, request.params.packagePolicyId);
|
||||||
|
|
||||||
if (!packagePolicy) {
|
if (!packagePolicy) {
|
||||||
|
|
@ -442,7 +442,7 @@ export const deletePackagePolicyHandler: RequestHandler<
|
||||||
const coreContext = await context.core;
|
const coreContext = await context.core;
|
||||||
const soClient = coreContext.savedObjects.client;
|
const soClient = coreContext.savedObjects.client;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const body: PostDeletePackagePoliciesResponse = await packagePolicyService.delete(
|
const body: PostDeletePackagePoliciesResponse = await packagePolicyService.delete(
|
||||||
|
|
@ -470,7 +470,7 @@ export const deleteOnePackagePolicyHandler: RequestHandler<
|
||||||
const coreContext = await context.core;
|
const coreContext = await context.core;
|
||||||
const soClient = coreContext.savedObjects.client;
|
const soClient = coreContext.savedObjects.client;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const res = await packagePolicyService.delete(
|
const res = await packagePolicyService.delete(
|
||||||
|
|
@ -509,7 +509,7 @@ export const upgradePackagePolicyHandler: RequestHandler<
|
||||||
const coreContext = await context.core;
|
const coreContext = await context.core;
|
||||||
const soClient = coreContext.savedObjects.client;
|
const soClient = coreContext.savedObjects.client;
|
||||||
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
const esClient = coreContext.elasticsearch.client.asInternalUser;
|
||||||
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
try {
|
try {
|
||||||
const body: UpgradePackagePolicyResponse = await packagePolicyService.upgrade(
|
const body: UpgradePackagePolicyResponse = await packagePolicyService.upgrade(
|
||||||
soClient,
|
soClient,
|
||||||
|
|
|
||||||
|
|
@ -49,13 +49,11 @@ export const putSettingsHandler: FleetRequestHandler<
|
||||||
> = async (context, request, response) => {
|
> = async (context, request, response) => {
|
||||||
const soClient = (await context.fleet).internalSoClient;
|
const soClient = (await context.fleet).internalSoClient;
|
||||||
const esClient = (await context.core).elasticsearch.client.asInternalUser;
|
const esClient = (await context.core).elasticsearch.client.asInternalUser;
|
||||||
const user = await appContextService.getSecurity()?.authc.getCurrentUser(request);
|
const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const settings = await settingsService.saveSettings(soClient, request.body);
|
const settings = await settingsService.saveSettings(soClient, request.body);
|
||||||
await agentPolicyService.bumpAllAgentPolicies(esClient, {
|
await agentPolicyService.bumpAllAgentPolicies(esClient, { user });
|
||||||
user: user || undefined,
|
|
||||||
});
|
|
||||||
const body = {
|
const body = {
|
||||||
item: settings,
|
item: settings,
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ import { safeDump } from 'js-yaml';
|
||||||
import pMap from 'p-map';
|
import pMap from 'p-map';
|
||||||
import { lt } from 'semver';
|
import { lt } from 'semver';
|
||||||
import type {
|
import type {
|
||||||
|
AuthenticatedUser,
|
||||||
ElasticsearchClient,
|
ElasticsearchClient,
|
||||||
SavedObjectsBulkUpdateObject,
|
SavedObjectsBulkUpdateObject,
|
||||||
SavedObjectsBulkUpdateResponse,
|
SavedObjectsBulkUpdateResponse,
|
||||||
|
|
@ -20,7 +21,6 @@ import type {
|
||||||
} from '@kbn/core/server';
|
} from '@kbn/core/server';
|
||||||
import { SavedObjectsUtils } from '@kbn/core/server';
|
import { SavedObjectsUtils } from '@kbn/core/server';
|
||||||
|
|
||||||
import type { AuthenticatedUser } from '@kbn/security-plugin/server';
|
|
||||||
import type { BulkResponseItem } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
|
import type { BulkResponseItem } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
|
||||||
|
|
||||||
import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants';
|
import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants';
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,11 @@
|
||||||
* 2.0.
|
* 2.0.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
|
import type {
|
||||||
|
AuthenticatedUser,
|
||||||
import type { AuthenticatedUser } from '@kbn/security-plugin/common';
|
ElasticsearchClient,
|
||||||
|
SavedObjectsClientContract,
|
||||||
|
} from '@kbn/core/server';
|
||||||
|
|
||||||
import type { HTTPAuthorizationHeader } from '../../common/http_authorization_header';
|
import type { HTTPAuthorizationHeader } from '../../common/http_authorization_header';
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ import type {
|
||||||
HttpServiceSetup,
|
HttpServiceSetup,
|
||||||
Logger,
|
Logger,
|
||||||
KibanaRequest,
|
KibanaRequest,
|
||||||
|
SecurityServiceStart,
|
||||||
} from '@kbn/core/server';
|
} from '@kbn/core/server';
|
||||||
|
|
||||||
import { CoreKibanaRequest } from '@kbn/core/server';
|
import { CoreKibanaRequest } from '@kbn/core/server';
|
||||||
|
|
@ -61,6 +62,7 @@ class AppContextService {
|
||||||
private data: DataPluginStart | undefined;
|
private data: DataPluginStart | undefined;
|
||||||
private esClient: ElasticsearchClient | undefined;
|
private esClient: ElasticsearchClient | undefined;
|
||||||
private experimentalFeatures?: ExperimentalFeatures;
|
private experimentalFeatures?: ExperimentalFeatures;
|
||||||
|
private securityCoreStart: SecurityServiceStart | undefined;
|
||||||
private securitySetup: SecurityPluginSetup | undefined;
|
private securitySetup: SecurityPluginSetup | undefined;
|
||||||
private securityStart: SecurityPluginStart | undefined;
|
private securityStart: SecurityPluginStart | undefined;
|
||||||
private config$?: Observable<FleetConfigType>;
|
private config$?: Observable<FleetConfigType>;
|
||||||
|
|
@ -86,6 +88,7 @@ class AppContextService {
|
||||||
this.encryptedSavedObjectsStart = appContext.encryptedSavedObjectsStart;
|
this.encryptedSavedObjectsStart = appContext.encryptedSavedObjectsStart;
|
||||||
this.encryptedSavedObjects = appContext.encryptedSavedObjectsStart?.getClient();
|
this.encryptedSavedObjects = appContext.encryptedSavedObjectsStart?.getClient();
|
||||||
this.encryptedSavedObjectsSetup = appContext.encryptedSavedObjectsSetup;
|
this.encryptedSavedObjectsSetup = appContext.encryptedSavedObjectsSetup;
|
||||||
|
this.securityCoreStart = appContext.securityCoreStart;
|
||||||
this.securitySetup = appContext.securitySetup;
|
this.securitySetup = appContext.securitySetup;
|
||||||
this.securityStart = appContext.securityStart;
|
this.securityStart = appContext.securityStart;
|
||||||
this.savedObjects = appContext.savedObjects;
|
this.savedObjects = appContext.savedObjects;
|
||||||
|
|
@ -129,6 +132,10 @@ class AppContextService {
|
||||||
return this.encryptedSavedObjects;
|
return this.encryptedSavedObjects;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public getSecurityCore() {
|
||||||
|
return this.securityCoreStart!;
|
||||||
|
}
|
||||||
|
|
||||||
public getSecurity() {
|
public getSecurity() {
|
||||||
return this.securityStart!;
|
return this.securityStart!;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ import { i18n } from '@kbn/i18n';
|
||||||
import semverLt from 'semver/functions/lt';
|
import semverLt from 'semver/functions/lt';
|
||||||
import { getFlattenedObject } from '@kbn/std';
|
import { getFlattenedObject } from '@kbn/std';
|
||||||
import type {
|
import type {
|
||||||
|
AuthenticatedUser,
|
||||||
KibanaRequest,
|
KibanaRequest,
|
||||||
ElasticsearchClient,
|
ElasticsearchClient,
|
||||||
SavedObjectsClientContract,
|
SavedObjectsClientContract,
|
||||||
|
|
@ -25,8 +26,6 @@ import { safeLoad } from 'js-yaml';
|
||||||
|
|
||||||
import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants';
|
import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants';
|
||||||
|
|
||||||
import { type AuthenticatedUser } from '@kbn/security-plugin/server';
|
|
||||||
|
|
||||||
import pMap from 'p-map';
|
import pMap from 'p-map';
|
||||||
|
|
||||||
import type { SavedObjectError } from '@kbn/core-saved-objects-common';
|
import type { SavedObjectError } from '@kbn/core-saved-objects-common';
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,14 @@
|
||||||
* 2.0.
|
* 2.0.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import type { KibanaRequest, Logger, RequestHandlerContext } from '@kbn/core/server';
|
import type {
|
||||||
import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
|
AuthenticatedUser,
|
||||||
import type { AuthenticatedUser } from '@kbn/security-plugin/server';
|
KibanaRequest,
|
||||||
|
Logger,
|
||||||
|
RequestHandlerContext,
|
||||||
|
ElasticsearchClient,
|
||||||
|
SavedObjectsClientContract,
|
||||||
|
} from '@kbn/core/server';
|
||||||
|
|
||||||
import type { SavedObjectError } from '@kbn/core-saved-objects-common';
|
import type { SavedObjectError } from '@kbn/core-saved-objects-common';
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,12 +10,10 @@ import type {
|
||||||
CheckPrivilegesResponse,
|
CheckPrivilegesResponse,
|
||||||
CheckPrivilegesPayload,
|
CheckPrivilegesPayload,
|
||||||
} from '@kbn/security-plugin/server';
|
} from '@kbn/security-plugin/server';
|
||||||
import type { RequestHandler } from '@kbn/core/server';
|
import type { AuthenticatedUser, RequestHandler } from '@kbn/core/server';
|
||||||
import type { VersionedRouter } from '@kbn/core-http-server';
|
import type { VersionedRouter } from '@kbn/core-http-server';
|
||||||
import { loggingSystemMock } from '@kbn/core/server/mocks';
|
import { loggingSystemMock } from '@kbn/core/server/mocks';
|
||||||
|
|
||||||
import type { AuthenticatedUser } from '@kbn/security-plugin/common';
|
|
||||||
|
|
||||||
import { coreMock } from '@kbn/core/server/mocks';
|
import { coreMock } from '@kbn/core/server/mocks';
|
||||||
|
|
||||||
import { API_VERSIONS } from '../../../common/constants';
|
import { API_VERSIONS } from '../../../common/constants';
|
||||||
|
|
@ -85,7 +83,7 @@ describe('FleetAuthzRouter', () => {
|
||||||
// @ts-expect-error type doesn't properly respect deeply mocked keys
|
// @ts-expect-error type doesn't properly respect deeply mocked keys
|
||||||
mockContext.securityStart.authz.actions.ui.get.mockImplementation((priv) => `ui:${priv}`);
|
mockContext.securityStart.authz.actions.ui.get.mockImplementation((priv) => `ui:${priv}`);
|
||||||
|
|
||||||
mockContext.securityStart.authc.getCurrentUser.mockReturnValue({
|
mockContext.securityCoreStart.authc.getCurrentUser.mockReturnValue({
|
||||||
username: 'foo',
|
username: 'foo',
|
||||||
roles,
|
roles,
|
||||||
} as unknown as AuthenticatedUser);
|
} as unknown as AuthenticatedUser);
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@
|
||||||
import { deepFreeze } from '@kbn/std';
|
import { deepFreeze } from '@kbn/std';
|
||||||
import type { SecurityPluginStart, CheckPrivilegesDynamically } from '@kbn/security-plugin/server';
|
import type { SecurityPluginStart, CheckPrivilegesDynamically } from '@kbn/security-plugin/server';
|
||||||
|
|
||||||
|
import { securityServiceMock, type SecurityStartMock } from '@kbn/core-security-server-mocks';
|
||||||
|
|
||||||
import { appContextService } from '../app_context';
|
import { appContextService } from '../app_context';
|
||||||
import type { FleetAuthz } from '../../../common';
|
import type { FleetAuthz } from '../../../common';
|
||||||
|
|
||||||
|
|
@ -554,12 +556,13 @@ describe('When using calculateRouteAuthz()', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('getAuthzFromRequest', () => {
|
describe('getAuthzFromRequest', () => {
|
||||||
|
let mockSecurityCore: SecurityStartMock;
|
||||||
let mockSecurity: jest.MockedObjectDeep<SecurityPluginStart>;
|
let mockSecurity: jest.MockedObjectDeep<SecurityPluginStart>;
|
||||||
let checkPrivileges: jest.MockedFn<CheckPrivilegesDynamically>;
|
let checkPrivileges: jest.MockedFn<CheckPrivilegesDynamically>;
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
checkPrivileges = jest.fn();
|
checkPrivileges = jest.fn();
|
||||||
|
mockSecurityCore = securityServiceMock.createStart();
|
||||||
mockSecurity = {
|
mockSecurity = {
|
||||||
authc: { getCurrentUser: jest.fn() },
|
|
||||||
authz: {
|
authz: {
|
||||||
checkPrivilegesDynamicallyWithRequest: jest.fn().mockReturnValue(checkPrivileges),
|
checkPrivilegesDynamicallyWithRequest: jest.fn().mockReturnValue(checkPrivileges),
|
||||||
actions: {
|
actions: {
|
||||||
|
|
@ -576,6 +579,7 @@ describe('getAuthzFromRequest', () => {
|
||||||
},
|
},
|
||||||
} as unknown as jest.MockedObjectDeep<SecurityPluginStart>;
|
} as unknown as jest.MockedObjectDeep<SecurityPluginStart>;
|
||||||
|
|
||||||
|
jest.mocked(appContextService.getSecurityCore).mockReturnValue(mockSecurityCore);
|
||||||
jest.mocked(appContextService.getSecurity).mockReturnValue(mockSecurity);
|
jest.mocked(appContextService.getSecurity).mockReturnValue(mockSecurity);
|
||||||
jest.mocked(appContextService.getSecurityLicense).mockReturnValue({
|
jest.mocked(appContextService.getSecurityLicense).mockReturnValue({
|
||||||
isEnabled: () => true,
|
isEnabled: () => true,
|
||||||
|
|
|
||||||
|
|
@ -45,7 +45,7 @@ export function checkSuperuser(req: KibanaRequest) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
const security = appContextService.getSecurity();
|
const security = appContextService.getSecurityCore();
|
||||||
const user = security.authc.getCurrentUser(req);
|
const user = security.authc.getCurrentUser(req);
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
|
|
|
||||||
|
|
@ -111,5 +111,6 @@
|
||||||
"@kbn/test-jest-helpers",
|
"@kbn/test-jest-helpers",
|
||||||
"@kbn/core-saved-objects-utils-server",
|
"@kbn/core-saved-objects-utils-server",
|
||||||
"@kbn/integration-assistant-plugin",
|
"@kbn/integration-assistant-plugin",
|
||||||
|
"@kbn/core-security-server-mocks",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue