mirror of
https://github.com/elastic/kibana.git
synced 2025-04-25 02:09:32 -04:00
064fd8ef84
* Removing circular dependency between spaces and security * Apply suggestions from code review Co-authored-by: Constance <constancecchen@users.noreply.github.com> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com> * Tests refactor - Reorganize top level describes into 3 space-based blocks into based on spaces: - space disabled - spaces plugin unavailable - space enabled (most previous tests go under this new block) with new beforeEach - wrote new tests for uncovered lines 58, 66-69 * Review1: address PR feedback * changing fake requests for alerts/actions * Fixing tests * fixing more tests * Additional testing and refactoring * Apply suggestions from code review Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com> * Review 2: Address feedback * Make ESLint happy again Co-authored-by: Constance <constancecchen@users.noreply.github.com> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com> Co-authored-by: Constance Chen <constance.chen.3@gmail.com> Co-authored-by: Constance <constancecchen@users.noreply.github.com> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com> Co-authored-by: Constance Chen <constance.chen.3@gmail.com>
92 lines
2.9 KiB
TypeScript
92 lines
2.9 KiB
TypeScript
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the Elastic License;
|
|
* you may not use this file except in compliance with the Elastic License.
|
|
*/
|
|
import { LegacySpacesAuditLogger } from './legacy_audit_logger';
|
|
|
|
const createMockAuditLogger = () => {
|
|
return {
|
|
log: jest.fn(),
|
|
};
|
|
};
|
|
|
|
describe(`#savedObjectsAuthorizationFailure`, () => {
|
|
test('logs auth failure with spaceIds via auditLogger', () => {
|
|
const auditLogger = createMockAuditLogger();
|
|
const securityAuditLogger = new LegacySpacesAuditLogger(auditLogger);
|
|
const username = 'foo-user';
|
|
const action = 'foo-action';
|
|
const spaceIds = ['foo-space-1', 'foo-space-2'];
|
|
|
|
securityAuditLogger.spacesAuthorizationFailure(username, action, spaceIds);
|
|
|
|
expect(auditLogger.log).toHaveBeenCalledWith(
|
|
'spaces_authorization_failure',
|
|
expect.stringContaining(`${username} unauthorized to ${action} ${spaceIds.join(',')} spaces`),
|
|
{
|
|
username,
|
|
action,
|
|
spaceIds,
|
|
}
|
|
);
|
|
});
|
|
|
|
test('logs auth failure without spaceIds via auditLogger', () => {
|
|
const auditLogger = createMockAuditLogger();
|
|
const securityAuditLogger = new LegacySpacesAuditLogger(auditLogger);
|
|
const username = 'foo-user';
|
|
const action = 'foo-action';
|
|
|
|
securityAuditLogger.spacesAuthorizationFailure(username, action);
|
|
|
|
expect(auditLogger.log).toHaveBeenCalledWith(
|
|
'spaces_authorization_failure',
|
|
expect.stringContaining(`${username} unauthorized to ${action} spaces`),
|
|
{
|
|
username,
|
|
action,
|
|
}
|
|
);
|
|
});
|
|
});
|
|
|
|
describe(`#savedObjectsAuthorizationSuccess`, () => {
|
|
test('logs auth success with spaceIds via auditLogger', () => {
|
|
const auditLogger = createMockAuditLogger();
|
|
const securityAuditLogger = new LegacySpacesAuditLogger(auditLogger);
|
|
const username = 'foo-user';
|
|
const action = 'foo-action';
|
|
const spaceIds = ['foo-space-1', 'foo-space-2'];
|
|
|
|
securityAuditLogger.spacesAuthorizationSuccess(username, action, spaceIds);
|
|
|
|
expect(auditLogger.log).toHaveBeenCalledWith(
|
|
'spaces_authorization_success',
|
|
expect.stringContaining(`${username} authorized to ${action} ${spaceIds.join(',')} spaces`),
|
|
{
|
|
username,
|
|
action,
|
|
spaceIds,
|
|
}
|
|
);
|
|
});
|
|
|
|
test('logs auth success without spaceIds via auditLogger', () => {
|
|
const auditLogger = createMockAuditLogger();
|
|
const securityAuditLogger = new LegacySpacesAuditLogger(auditLogger);
|
|
const username = 'foo-user';
|
|
const action = 'foo-action';
|
|
|
|
securityAuditLogger.spacesAuthorizationSuccess(username, action);
|
|
|
|
expect(auditLogger.log).toHaveBeenCalledWith(
|
|
'spaces_authorization_success',
|
|
expect.stringContaining(`${username} authorized to ${action} spaces`),
|
|
{
|
|
username,
|
|
action,
|
|
}
|
|
);
|
|
});
|
|
});
|