-
Notifications
You must be signed in to change notification settings - Fork 8.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed bug where list index privileges was returned twice instead of l…
…ist item index (#75256) ## Summary Fixes a bug where the list privileges was returning the `.list` privileges twice instead of returning it once and returning the `.items` privileges second with the call. No UI has to change as the way it was written was dynamic to grab the first key found. This also adds the functional tests to `x-pack/scripts/functional_tests.js` which was not there originally so the end to tend tests should actually run on the CI machine where it was not running on CI before. Adds the functional tests to the code owners file as well. Ensure that you go to the test results page from the Jenkins build: <img width="901" alt="Screen Shot 2020-08-18 at 1 13 18 AM" src="https://user-images.githubusercontent.com/1151048/90482180-13f7c800-e0f0-11ea-92f2-b30a8fffe84e.png"> And ensure you see the tests under: ``` X-Pack Lists Integration Tests ``` Then click through it and ensure they are shown as running and passing ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- Loading branch information
1 parent
7ac929b
commit 02fcbaa
Showing
6 changed files
with
270 additions
and
1 deletion.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
181 changes: 181 additions & 0 deletions
181
x-pack/plugins/lists/server/routes/read_privileges_route.mock.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,181 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
interface Cluster { | ||
monitor_ml: boolean; | ||
manage_ccr: boolean; | ||
manage_index_templates: boolean; | ||
monitor_watcher: boolean; | ||
monitor_transform: boolean; | ||
read_ilm: boolean; | ||
manage_security: boolean; | ||
manage_own_api_key: boolean; | ||
manage_saml: boolean; | ||
all: boolean; | ||
manage_ilm: boolean; | ||
manage_ingest_pipelines: boolean; | ||
read_ccr: boolean; | ||
manage_rollup: boolean; | ||
monitor: boolean; | ||
manage_watcher: boolean; | ||
manage: boolean; | ||
manage_transform: boolean; | ||
manage_api_key: boolean; | ||
manage_token: boolean; | ||
manage_ml: boolean; | ||
manage_pipeline: boolean; | ||
monitor_rollup: boolean; | ||
transport_client: boolean; | ||
create_snapshot: boolean; | ||
} | ||
|
||
interface Index { | ||
[indexName: string]: { | ||
all: boolean; | ||
manage_ilm: boolean; | ||
read: boolean; | ||
create_index: boolean; | ||
read_cross_cluster: boolean; | ||
index: boolean; | ||
monitor: boolean; | ||
delete: boolean; | ||
manage: boolean; | ||
delete_index: boolean; | ||
create_doc: boolean; | ||
view_index_metadata: boolean; | ||
create: boolean; | ||
manage_follow_index: boolean; | ||
manage_leader_index: boolean; | ||
write: boolean; | ||
}; | ||
} | ||
|
||
interface IndexPrivilege { | ||
application: {}; | ||
cluster: Cluster; | ||
has_all_requested: boolean; | ||
index: Index; | ||
username: string; | ||
} | ||
|
||
export interface Privilege { | ||
listItems: IndexPrivilege; | ||
lists: IndexPrivilege; | ||
is_authenticated: boolean; | ||
} | ||
|
||
export const getReadPrivilegeMock = ( | ||
listIndex: string = '.lists-default', | ||
listItemsIndex: string = '.items-default', | ||
username = 'elastic', | ||
booleanValues: boolean = true | ||
): Privilege => ({ | ||
is_authenticated: true, | ||
listItems: { | ||
application: {}, | ||
cluster: { | ||
all: booleanValues, | ||
create_snapshot: booleanValues, | ||
manage: booleanValues, | ||
manage_api_key: booleanValues, | ||
manage_ccr: booleanValues, | ||
manage_ilm: booleanValues, | ||
manage_index_templates: booleanValues, | ||
manage_ingest_pipelines: booleanValues, | ||
manage_ml: booleanValues, | ||
manage_own_api_key: false, | ||
manage_pipeline: booleanValues, | ||
manage_rollup: booleanValues, | ||
manage_saml: booleanValues, | ||
manage_security: booleanValues, | ||
manage_token: booleanValues, | ||
manage_transform: booleanValues, | ||
manage_watcher: booleanValues, | ||
monitor: booleanValues, | ||
monitor_ml: booleanValues, | ||
monitor_rollup: booleanValues, | ||
monitor_transform: booleanValues, | ||
monitor_watcher: booleanValues, | ||
read_ccr: booleanValues, | ||
read_ilm: booleanValues, | ||
transport_client: booleanValues, | ||
}, | ||
has_all_requested: false, | ||
index: { | ||
[listItemsIndex]: { | ||
all: booleanValues, | ||
create: booleanValues, | ||
create_doc: booleanValues, | ||
create_index: booleanValues, | ||
delete: booleanValues, | ||
delete_index: booleanValues, | ||
index: booleanValues, | ||
manage: booleanValues, | ||
manage_follow_index: booleanValues, | ||
manage_ilm: booleanValues, | ||
manage_leader_index: booleanValues, | ||
monitor: booleanValues, | ||
read: booleanValues, | ||
read_cross_cluster: booleanValues, | ||
view_index_metadata: booleanValues, | ||
write: booleanValues, | ||
}, | ||
}, | ||
username, | ||
}, | ||
lists: { | ||
application: {}, | ||
cluster: { | ||
all: booleanValues, | ||
create_snapshot: booleanValues, | ||
manage: booleanValues, | ||
manage_api_key: booleanValues, | ||
manage_ccr: booleanValues, | ||
manage_ilm: booleanValues, | ||
manage_index_templates: booleanValues, | ||
manage_ingest_pipelines: booleanValues, | ||
manage_ml: booleanValues, | ||
manage_own_api_key: false, | ||
manage_pipeline: booleanValues, | ||
manage_rollup: booleanValues, | ||
manage_saml: booleanValues, | ||
manage_security: booleanValues, | ||
manage_token: booleanValues, | ||
manage_transform: booleanValues, | ||
manage_watcher: booleanValues, | ||
monitor: booleanValues, | ||
monitor_ml: booleanValues, | ||
monitor_rollup: booleanValues, | ||
monitor_transform: booleanValues, | ||
monitor_watcher: booleanValues, | ||
read_ccr: booleanValues, | ||
read_ilm: booleanValues, | ||
transport_client: booleanValues, | ||
}, | ||
has_all_requested: false, | ||
index: { | ||
[listIndex]: { | ||
all: booleanValues, | ||
create: booleanValues, | ||
create_doc: booleanValues, | ||
create_index: booleanValues, | ||
delete: booleanValues, | ||
delete_index: booleanValues, | ||
index: booleanValues, | ||
manage: booleanValues, | ||
manage_follow_index: booleanValues, | ||
manage_ilm: booleanValues, | ||
manage_leader_index: booleanValues, | ||
monitor: booleanValues, | ||
read: booleanValues, | ||
read_cross_cluster: booleanValues, | ||
view_index_metadata: booleanValues, | ||
write: booleanValues, | ||
}, | ||
}, | ||
username, | ||
}, | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
85 changes: 85 additions & 0 deletions
85
x-pack/test/lists_api_integration/security_and_spaces/tests/read_list_privileges.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import expect from '@kbn/expect'; | ||
|
||
import { getReadPrivilegeMock } from '../../../../plugins/lists/server/routes/read_privileges_route.mock'; | ||
import { FtrProviderContext } from '../../common/ftr_provider_context'; | ||
import { LIST_PRIVILEGES_URL } from '../../../../plugins/lists/common/constants'; | ||
|
||
// eslint-disable-next-line import/no-default-export | ||
export default ({ getService }: FtrProviderContext) => { | ||
const supertest = getService('supertest'); | ||
const security = getService('security'); | ||
const spacesService = getService('spaces'); | ||
const supertestWithoutAuth = getService('supertestWithoutAuth'); | ||
|
||
describe('read_list_privileges', () => { | ||
const space1Id = 'space_1'; | ||
|
||
const user1 = { | ||
username: 'user_1', | ||
roleName: 'user_1', | ||
password: 'user_1-password', | ||
}; | ||
|
||
beforeEach(async () => { | ||
await spacesService.create({ | ||
id: space1Id, | ||
name: space1Id, | ||
disabledFeatures: [], | ||
}); | ||
|
||
await security.role.create(user1.roleName, { | ||
kibana: [ | ||
{ | ||
feature: { | ||
dashboard: ['all'], | ||
siem: ['all', 'read'], | ||
}, | ||
spaces: [space1Id], | ||
}, | ||
], | ||
}); | ||
|
||
await security.user.create(user1.username, { | ||
password: user1.password, | ||
roles: [user1.roleName], | ||
}); | ||
}); | ||
|
||
afterEach(async () => { | ||
await spacesService.delete(space1Id); | ||
}); | ||
|
||
it('should return true for all privileges when its the system user of "elastic" in space of "default"', async () => { | ||
const { body } = await supertest.get(LIST_PRIVILEGES_URL).set('kbn-xsrf', 'true').expect(200); | ||
expect(body).to.eql(getReadPrivilegeMock()); | ||
}); | ||
|
||
it('should return true for all privileges when its the system user of "elastic" in space of "space_1"', async () => { | ||
const { body } = await supertest.get(LIST_PRIVILEGES_URL).set('kbn-xsrf', 'true').expect(200); | ||
expect(body).to.eql(getReadPrivilegeMock()); | ||
}); | ||
|
||
it('should return false for all privileges when its the system user of "user_1" in a space of "space_1"', async () => { | ||
const { body } = await supertestWithoutAuth | ||
.get(`/s/${space1Id}${LIST_PRIVILEGES_URL}`) | ||
.auth(user1.username, user1.password) | ||
.send() | ||
.expect(200); | ||
|
||
const privilege = getReadPrivilegeMock( | ||
`.lists-${space1Id}`, | ||
`.items-${space1Id}`, | ||
user1.username, | ||
false | ||
); | ||
|
||
expect(body).to.eql(privilege); | ||
}); | ||
}); | ||
}; |