[Uptime] Decrypt Synthetics Monitors on sync and ensure API key is space agnostic (#130379) (#130454)

* uptime - synthetics service - pass namespace when decrypting monitor during sync task * synthetics - make api key agnostic Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 64befe355f) Co-authored-by: Dominique Clarke <dominique.clarke@elastic.co>
2025-04-23 17:28:26 -04:00 · 2022-04-18 09:54:18 -05:00 · 2022-04-18 09:54:18 -05:00 · f46a5ccaa5
commit f46a5ccaa5
parent e979a58b5a
3 changed files with 86 additions and 2 deletions
--- a/x-pack/plugins/uptime/server/lib/saved_objects/service_api_key.ts
+++ b/x-pack/plugins/uptime/server/lib/saved_objects/service_api_key.ts
@ -20,7 +20,7 @@ export const syntheticsApiKeyObjectType = 'uptime-synthetics-api-key';
 export const syntheticsServiceApiKey: SavedObjectsType = {
  name: syntheticsApiKeyObjectType,
  hidden: true,
-  namespaceType: 'single',
+  namespaceType: 'agnostic',
  mappings: {
    dynamic: false,
    properties: {
--- a/x-pack/plugins/uptime/server/lib/synthetics_service/synthetics_service.ts
+++ b/x-pack/plugins/uptime/server/lib/synthetics_service/synthetics_service.ts
@ -369,7 +369,10 @@ export class SyntheticsService {
      encryptedMonitors.map((monitor) =>
        encryptedClient.getDecryptedAsInternalUser<SyntheticsMonitorWithSecrets>(
          syntheticsMonitor.name,
-          monitor.id
+          monitor.id,
+          {
+            namespace: monitor.namespaces?.[0],
+          }
        )
      )
    );
--- a/x-pack/test/api_integration/apis/uptime/rest/synthetics_enablement.ts
+++ b/x-pack/test/api_integration/apis/uptime/rest/synthetics_enablement.ts
@ -15,6 +15,7 @@ export default function ({ getService }: FtrProviderContext) {
    const supertestWithAuth = getService('supertest');
    const supertest = getService('supertestWithoutAuth');
    const security = getService('security');
+    const kibanaServer = getService('kibanaServer');

    before(async () => {
      await supertestWithAuth.delete(API_URLS.SYNTHETICS_ENABLEMENT).set('kbn-xsrf', 'true');
@ -311,6 +312,86 @@ export default function ({ getService }: FtrProviderContext) {
          await security.role.delete(roleName);
        }
      });
+
+      it('is space agnostic', async () => {
+        const username = 'admin';
+        const roleName = `synthetics_admin`;
+        const password = `${username}-password`;
+        const SPACE_ID = 'test-space';
+        const SPACE_NAME = 'test-space-name';
+        await kibanaServer.spaces.create({ id: SPACE_ID, name: SPACE_NAME });
+        try {
+          await security.role.create(roleName, {
+            kibana: [
+              {
+                feature: {
+                  uptime: ['all'],
+                },
+                spaces: ['*'],
+              },
+            ],
+            elasticsearch: {
+              cluster: ['manage_security', ...serviceApiKeyPrivileges.cluster],
+              indices: serviceApiKeyPrivileges.index,
+            },
+          });
+
+          await security.user.create(username, {
+            password,
+            roles: [roleName],
+            full_name: 'a kibana user',
+          });
+
+          // can disable synthetics in default space when enabled in a non default space
+          await supertest
+            .post(`/s/${SPACE_ID}${API_URLS.SYNTHETICS_ENABLEMENT}`)
+            .auth(username, password)
+            .set('kbn-xsrf', 'true')
+            .expect(200);
+          await supertest
+            .delete(API_URLS.SYNTHETICS_ENABLEMENT)
+            .auth(username, password)
+            .set('kbn-xsrf', 'true')
+            .expect(200);
+          const apiResponse = await supertest
+            .get(API_URLS.SYNTHETICS_ENABLEMENT)
+            .auth(username, password)
+            .set('kbn-xsrf', 'true')
+            .expect(200);
+
+          expect(apiResponse.body).eql({
+            areApiKeysEnabled: true,
+            canEnable: true,
+            isEnabled: false,
+          });
+
+          // can disable synthetics in non default space when enabled in default space
+          await supertest
+            .post(API_URLS.SYNTHETICS_ENABLEMENT)
+            .auth(username, password)
+            .set('kbn-xsrf', 'true')
+            .expect(200);
+          await supertest
+            .delete(`/s/${SPACE_ID}${API_URLS.SYNTHETICS_ENABLEMENT}`)
+            .auth(username, password)
+            .set('kbn-xsrf', 'true')
+            .expect(200);
+          const apiResponse2 = await supertest
+            .get(API_URLS.SYNTHETICS_ENABLEMENT)
+            .auth(username, password)
+            .set('kbn-xsrf', 'true')
+            .expect(200);
+
+          expect(apiResponse2.body).eql({
+            areApiKeysEnabled: true,
+            canEnable: true,
+            isEnabled: false,
+          });
+        } finally {
+          await security.user.delete(username);
+          await security.role.delete(roleName);
+        }
+      });
    });
  });
 }