[stats] fix error when requesting extended stats by unauth users (#160520)

## Summary Fix https://github.com/elastic/kibana/issues/160385 Use the internal client instead of the scoped one for the extended stats ES requests to avoid an error with unauthenticated users (when anonymous access is allowed) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-23 09:19:04 -04:00 · 2023-06-27 11:01:55 +02:00 · 2023-06-27 11:01:55 +02:00 · 7fb8f6be8d
commit 7fb8f6be8d
parent 3d05f74cfd
6 changed files with 85 additions and 5 deletions
--- a/.buildkite/ftr_configs.yml
+++ b/.buildkite/ftr_configs.yml
@ -196,6 +196,7 @@ enabled:
  - x-pack/test/api_integration/apis/security/config.ts
  - x-pack/test/api_integration/apis/security_solution/config.ts
  - x-pack/test/api_integration/apis/spaces/config.ts
+  - x-pack/test/api_integration/apis/stats/config.ts
  - x-pack/test/api_integration/apis/status/config.ts
  - x-pack/test/api_integration/apis/synthetics/config.ts
  - x-pack/test/api_integration/apis/telemetry/config.ts
--- a/src/plugins/usage_collection/server/routes/stats/stats.ts
+++ b/src/plugins/usage_collection/server/routes/stats/stats.ts
@ -72,13 +72,13 @@ export function registerStatsRoute({
      const isExtended = requestQuery.extended === '' || requestQuery.extended;
      const isLegacy = requestQuery.legacy === '' || requestQuery.legacy;

-      let extended;
+      let extended = {};
      if (isExtended) {
        const core = await context.core;
-        const { asCurrentUser } = core.elasticsearch.client;
+        const { asInternalUser } = core.elasticsearch.client;
        // as of https://github.com/elastic/kibana/pull/151082, usage will always be an empty object.

-        const clusterUuid = await getClusterUuid(asCurrentUser);
+        const clusterUuid = await getClusterUuid(asInternalUser);
        const extendedClusterUuid = isLegacy ? { clusterUuid } : { cluster_uuid: clusterUuid };
        extended = {
          usage: {},
--- a/x-pack/test/api_integration/apis/kibana/stats/stats.js
+++ b/x-pack/test/api_integration/apis/kibana/stats/stats.js
@ -30,8 +30,9 @@ export default function ({ getService }) {
          expect(isUUID(body.kibana.uuid)).to.be.ok();
        });

-        it('should return 401 for extended', async () => {
-          await supertestNoAuth.get('/api/stats?extended').auth(null, null).expect(401);
+        it('should return 200 for extended', async () => {
+          const { body } = await supertestNoAuth.get('/api/stats').expect(200);
+          expect(isUUID(body.kibana.uuid)).to.be.ok();
        });
      });

--- a/x-pack/test/api_integration/apis/stats/config.ts
+++ b/x-pack/test/api_integration/apis/stats/config.ts
@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const baseIntegrationTestsConfig = await readConfigFile(require.resolve('../../config.ts'));
+
+  return {
+    ...baseIntegrationTestsConfig.getAll(),
+    kbnTestServer: {
+      ...baseIntegrationTestsConfig.get('kbnTestServer'),
+      serverArgs: [
+        ...baseIntegrationTestsConfig.get('kbnTestServer.serverArgs'),
+        '--status.allowAnonymous=true',
+      ],
+    },
+    testFiles: [require.resolve('.')],
+  };
+}
--- a/x-pack/test/api_integration/apis/stats/index.ts
+++ b/x-pack/test/api_integration/apis/stats/index.ts
@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('Stats API', () => {
+    loadTestFile(require.resolve('./stats'));
+  });
+}
--- a/x-pack/test/api_integration/apis/stats/stats.ts
+++ b/x-pack/test/api_integration/apis/stats/stats.ts
@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ getService }: FtrProviderContext) {
+  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+
+  describe('GET /api/stats', () => {
+    describe('When status.allowAnonymous is true', () => {
+      describe('when requesting extended stats', () => {
+        it('returns extended stats payload for authenticated requests', async () => {
+          const { body } = await supertest
+            .get('/api/stats?extended=true')
+            .set('kbn-xsrf', 'kibana')
+            .expect(200);
+
+          expect(body.cluster_uuid).to.be.a('string');
+          expect(body.usage).to.be.an('object');
+        });
+        it('returns extended stats payload for unauthenticated requests', async () => {
+          const { body } = await supertestWithoutAuth
+            .get('/api/stats?extended=true')
+            .set('kbn-xsrf', 'kibana')
+            .expect(200);
+
+          expect(body.cluster_uuid).to.be.a('string');
+          expect(body.usage).to.be.an('object');
+        });
+      });
+    });
+  });
+}