github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

Remove unused privilege calculator code (#180815)

Browse source 
## Summary

Removes unused privilege calculator code.
This commit is contained in:
Larry Gregory 2024-04-16 04:14:48 -04:00 committed by GitHub
parent 989b678160
commit f728de1191
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 0 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

89
x-pack/plugins/security/common/privilege_calculator_utils.test.ts
View file

@ -1,89 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { areActionsFullyCovered, compareActions } from './privilege_calculator_utils';
describe('#compareActions', () => {
it(`returns -1 when the first action set is more permissive than the second action set`, () => {
const actionSet1 = ['foo:/*', 'bar'];
const actionSet2 = ['foo:/*'];
expect(compareActions(actionSet1, actionSet2)).toEqual(-1);
});
it(`returns 1 when the second action set is more permissive than the first action set`, () => {
const actionSet1 = ['foo:/*'];
const actionSet2 = ['foo:/*', 'bar'];
expect(compareActions(actionSet1, actionSet2)).toEqual(1);
});
it('works without wildcards', () => {
const actionSet1 = ['foo:/bar', 'foo:/bar/baz', 'login', 'somethingElse'];
const actionSet2 = ['foo:/bar', 'foo:/bar/baz', 'login'];
expect(compareActions(actionSet1, actionSet2)).toEqual(-1);
});
it('handles wildcards correctly', () => {
const actionSet1 = ['foo:/bar/*'];
const actionSet2 = ['foo:/bar/bam', 'foo:/bar/baz/*'];
expect(compareActions(actionSet1, actionSet2)).toEqual(-1);
});
it('supports ties in a stable-sort order', () => {
const actionSet1 = ['foo:/bar/bam', 'foo:/bar/baz/*'];
const actionSet2 = ['foo:/bar/bam', 'foo:/bar/baz/*'];
expect(compareActions(actionSet1, actionSet2)).toEqual(-1);
});
it('does not support actions where one is not a subset of the other', () => {
const actionSet1 = ['foo:/bar/bam', 'foo:/bar/baz/*'];
const actionSet2 = ['bar:/*'];
// check both directions
expect(() => compareActions(actionSet1, actionSet2)).toThrowErrorMatchingInlineSnapshot(
`"Non-comparable action sets! Expected one set of actions to be a subset of the other!"`
);
expect(() => compareActions(actionSet2, actionSet1)).toThrowErrorMatchingInlineSnapshot(
`"Non-comparable action sets! Expected one set of actions to be a subset of the other!"`
);
});
});
describe('#areActionsFullyCovered', () => {
it('returns true for two empty sets', () => {
const actionSet1: string[] = [];
const actionSet2: string[] = [];
expect(areActionsFullyCovered(actionSet1, actionSet2)).toEqual(true);
});
it('returns true when the first set fully covers the second set', () => {
const actionSet1: string[] = ['foo:/*', 'bar:/*'];
const actionSet2: string[] = ['foo:/bar', 'bar:/baz'];
expect(areActionsFullyCovered(actionSet1, actionSet2)).toEqual(true);
});
it('returns false when the first set does not fully cover the second set', () => {
const actionSet1: string[] = ['foo:/bar', 'bar:/baz'];
const actionSet2: string[] = ['foo:/*', 'bar:/*'];
expect(areActionsFullyCovered(actionSet1, actionSet2)).toEqual(false);
});
it('returns true for ties', () => {
const actionSet1: string[] = ['foo:/bar', 'bar:/baz'];
const actionSet2: string[] = ['foo:/bar', 'bar:/baz'];
expect(areActionsFullyCovered(actionSet1, actionSet2)).toEqual(true);
});
it('can handle actions where one is not a subset of the other', () => {
const actionSet1 = ['foo:/bar/bam', 'foo:/bar/baz/*'];
const actionSet2 = ['bar:/*'];
expect(areActionsFullyCovered(actionSet1, actionSet2)).toEqual(false);
});
});

59
x-pack/plugins/security/common/privilege_calculator_utils.ts
View file

@ -1,59 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import _ from 'lodash';
/**
* Given two sets of actions, where one set is known to be a subset of the other, this will
* determine which set of actions is most permissive, using standard sorting return values:
* -1: actions1 is most permissive
* 1: actions2 is most permissive
*
* All privileges are hierarchal at this point.
*
* @param actionSet1
* @param actionSet2
*/
export function compareActions(actionSet1: string[], actionSet2: string[]) {
if (areActionsFullyCovered(actionSet1, actionSet2)) {
return -1;
}
if (areActionsFullyCovered(actionSet2, actionSet1)) {
return 1;
}
throw new Error(
`Non-comparable action sets! Expected one set of actions to be a subset of the other!`
);
}
/**
* Given two sets of actions, this will determine if the first set fully covers the second set.
* "fully covers" means that all of the actions granted by the second set are also granted by the first set.
* @param actionSet1
* @param actionSet2
*/
export function areActionsFullyCovered(actionSet1: string[], actionSet2: string[]) {
const actionExpressions = actionSet1.map(actionToRegExp);
const isFullyCovered = actionSet2.every((assigned: string) =>
// Does any expression from the first set match this action in the second set?
actionExpressions.some((exp: RegExp) => exp.test(assigned))
);
return isFullyCovered;
}
function actionToRegExp(action: string) {
// Actions are strings that may or may not end with a wildcard ("*").
// This will excape all characters in the action string that are not the wildcard character.
// Each wildcard character is then turned into a ".*" before the entire thing is turned into a regexp.
return new RegExp(
action
.split('*')
.map((part) => _.escapeRegExp(part))
.join('.*')
);
}