-
Notifications
You must be signed in to change notification settings - Fork 8.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Logging legacy fallback deprecation warning on login (#20493)
* Logging legacy fallback deprecation on login * Consolidation the privileges/authorization folder * Exposing rudimentary authorization service and fixing authenticate tests * Moving authorization services configuration to initAuthorization * Adding "actions" service exposed by the authorization * Fixing misspelling * Removing invalid and unused exports * Adding note about only adding privileges * Calling it initAuthorizationService * Throwing explicit validation error in actions.getSavedObjectAction * Deep freezing authorization service * Adding deepFreeze tests * Checking privileges in one call and cleaning up tests
- Loading branch information
Showing
30 changed files
with
988 additions
and
578 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
x-pack/plugins/security/server/lib/authorization/__snapshots__/actions.test.js.snap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
// Jest Snapshot v1, https://goo.gl/fbAQLP | ||
|
||
exports[`#getSavedObjectAction() action of "" throws error 1`] = `"action is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() action of {} throws error 1`] = `"action is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() action of 1 throws error 1`] = `"action is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() action of null throws error 1`] = `"action is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() action of true throws error 1`] = `"action is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() action of undefined throws error 1`] = `"action is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() type of "" throws error 1`] = `"type is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() type of {} throws error 1`] = `"type is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() type of 1 throws error 1`] = `"type is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() type of null throws error 1`] = `"type is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() type of true throws error 1`] = `"type is required and must be a string"`; | ||
|
||
exports[`#getSavedObjectAction() type of undefined throws error 1`] = `"type is required and must be a string"`; |
4 changes: 3 additions & 1 deletion
4
x-pack/plugins/security/server/lib/authorization/__snapshots__/check_privileges.test.js.snap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
// Jest Snapshot v1, https://goo.gl/fbAQLP | ||
|
||
exports[`throws error if missing version privilege and has login privilege 1`] = `"Multiple versions of Kibana are running against the same Elasticsearch cluster, unable to authorize user."`; | ||
exports[`with index privileges throws error if missing version privilege and has login privilege 1`] = `[Error: Multiple versions of Kibana are running against the same Elasticsearch cluster, unable to authorize user.]`; | ||
|
||
exports[`with no index privileges throws error if missing version privilege and has login privilege 1`] = `[Error: Multiple versions of Kibana are running against the same Elasticsearch cluster, unable to authorize user.]`; |
7 changes: 7 additions & 0 deletions
7
x-pack/plugins/security/server/lib/authorization/__snapshots__/init.test.js.snap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
// Jest Snapshot v1, https://goo.gl/fbAQLP | ||
|
||
exports[`deep freezes exposed service 1`] = `"Cannot delete property 'checkPrivilegesWithRequest' of #<Object>"`; | ||
exports[`deep freezes exposed service 2`] = `"Cannot add property foo, object is not extensible"`; | ||
exports[`deep freezes exposed service 3`] = `"Cannot assign to read only property 'login' of object '#<Object>'"`; |
26 changes: 26 additions & 0 deletions
26
x-pack/plugins/security/server/lib/authorization/actions.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
import { isString } from 'lodash'; | ||
|
||
export function actionsFactory(config) { | ||
const kibanaVersion = config.get('pkg.version'); | ||
|
||
return { | ||
getSavedObjectAction(type, action) { | ||
if (!type || !isString(type)) { | ||
throw new Error('type is required and must be a string'); | ||
} | ||
|
||
if (!action || !isString(action)) { | ||
throw new Error('action is required and must be a string'); | ||
} | ||
|
||
return `action:saved_objects/${type}/${action}`; | ||
}, | ||
login: `action:login`, | ||
version: `version:${kibanaVersion}`, | ||
}; | ||
} |
69 changes: 69 additions & 0 deletions
69
x-pack/plugins/security/server/lib/authorization/actions.test.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { actionsFactory } from './actions'; | ||
|
||
const createMockConfig = (settings = {}) => { | ||
const mockConfig = { | ||
get: jest.fn() | ||
}; | ||
|
||
mockConfig.get.mockImplementation(key => settings[key]); | ||
|
||
return mockConfig; | ||
}; | ||
|
||
describe('#login', () => { | ||
test('returns action:login', () => { | ||
const mockConfig = createMockConfig(); | ||
|
||
const actions = actionsFactory(mockConfig); | ||
|
||
expect(actions.login).toEqual('action:login'); | ||
}); | ||
}); | ||
|
||
describe('#version', () => { | ||
test(`returns version:\${config.get('pkg.version')}`, () => { | ||
const version = 'mock-version'; | ||
const mockConfig = createMockConfig({ 'pkg.version': version }); | ||
|
||
const actions = actionsFactory(mockConfig); | ||
|
||
expect(actions.version).toEqual(`version:${version}`); | ||
}); | ||
}); | ||
|
||
describe('#getSavedObjectAction()', () => { | ||
test('uses type and action to build action', () => { | ||
const mockConfig = createMockConfig(); | ||
const actions = actionsFactory(mockConfig); | ||
const type = 'saved-object-type'; | ||
const action = 'saved-object-action'; | ||
|
||
const result = actions.getSavedObjectAction(type, action); | ||
|
||
expect(result).toEqual(`action:saved_objects/${type}/${action}`); | ||
}); | ||
|
||
[null, undefined, '', 1, true, {}].forEach(type => { | ||
test(`type of ${JSON.stringify(type)} throws error`, () => { | ||
const mockConfig = createMockConfig(); | ||
const actions = actionsFactory(mockConfig); | ||
|
||
expect(() => actions.getSavedObjectAction(type, 'saved-object-action')).toThrowErrorMatchingSnapshot(); | ||
}); | ||
}); | ||
|
||
[null, undefined, '', 1, true, {}].forEach(action => { | ||
test(`action of ${JSON.stringify(action)} throws error`, () => { | ||
const mockConfig = createMockConfig(); | ||
const actions = actionsFactory(mockConfig); | ||
|
||
expect(() => actions.getSavedObjectAction('saved-object-type', action)).toThrowErrorMatchingSnapshot(); | ||
}); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.