Squashed commit of the following:

commit 23515b1 Author: kobelb <brandon.kobel@elastic.co> Date: Mon Sep 10 06:57:58 2018 -0400 Adding more users to the spaces tests commit 4bbde73 Author: kobelb <brandon.kobel@elastic.co> Date: Mon Sep 10 06:09:35 2018 -0400 Adding not space aware get tests commit 5d11bef Author: kobelb <brandon.kobel@elastic.co> Date: Sat Sep 8 14:06:20 2018 -0400 Adding not space aware test to find commit f9383fd Author: kobelb <brandon.kobel@elastic.co> Date: Sat Sep 8 13:49:04 2018 -0400 Adding bulk create tests and testing non space aware type with bulkGet commit 5388b5a Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 16:18:04 2018 -0400 Adding bulk create test commit 0674263 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 15:58:21 2018 -0400 Ignoring some modules commit 6b011d3 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 15:55:58 2018 -0400 Making the users match for saved objects security and spaces commit de2f994 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 14:18:53 2018 -0400 Making the space suites define their own test expectations commit 5407866 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 13:15:46 2018 -0400 Removing redundant spaces folder commit 9913923 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 13:14:45 2018 -0400 Removing unneeded objects from the esarchive commit bc602b1 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 13:08:12 2018 -0400 Moving some tests around commit 7fec308 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 12:38:23 2018 -0400 Deleting rbac_api_integration tests, they've been migrated elsewhere commit 29c018e Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 10:01:16 2018 -0400 Importing SuperTest where needed commit 38d2e74 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 08:44:53 2018 -0400 Removing the "saved_objects" folder commit 70eada4 Merge: 1b2708f 9023431 Author: Brandon Kobel <brandon.kobel@gmail.com> Date: Fri Sep 7 10:04:03 2018 -0400 Merge pull request #4 from legrego/spaces-api-tests Initial round of spaces api testing commit 9023431 Merge: 6410f72 1b2708f Author: Larry Gregory <larry.gregory@elastic.co> Date: Fri Sep 7 09:37:57 2018 -0400 Merge remote-tracking branch 'kobelb/spaces/securing-api-tests' into spaces-api-tests commit 1b2708f Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 08:17:25 2018 -0400 Even more typescript commit 369a429 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 08:08:28 2018 -0400 Typescriptifying Get commit f53f2ab Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 08:01:48 2018 -0400 Typescriptifying Find commit f707e03 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 07:55:10 2018 -0400 Typescriptifying Create commit 485d983 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 07:31:54 2018 -0400 Changing the namespace agnostic type name commit 71c2122 Author: kobelb <brandon.kobel@elastic.co> Date: Fri Sep 7 07:25:15 2018 -0400 Adding update tests commit f60e953 Author: kobelb <brandon.kobel@elastic.co> Date: Thu Sep 6 15:53:34 2018 -0400 Delete tests commit 94682e5 Author: kobelb <brandon.kobel@elastic.co> Date: Thu Sep 6 12:07:39 2018 -0400 Adding get security and spaces tests commit 481943f Author: kobelb <brandon.kobel@elastic.co> Date: Thu Sep 6 11:58:42 2018 -0400 Generalizing bulk get commit 14d9058 Merge: 6627127 fc5f7fa Author: Brandon Kobel <brandon.kobel@gmail.com> Date: Thu Sep 6 10:46:07 2018 -0400 Merge pull request #3 from legrego/remove-privs-api Remove privs api and hardcoded privs list commit 6410f72 Author: Larry Gregory <larry.gregory@elastic.co> Date: Thu Sep 6 09:35:30 2018 -0400 add missing superagent type commit 4afacc0 Author: Larry Gregory <larry.gregory@elastic.co> Date: Wed Sep 5 20:19:15 2018 -0400 initial round of spaces api testing commit 6627127 Author: kobelb <brandon.kobel@elastic.co> Date: Wed Sep 5 17:29:37 2018 -0400 Adding GET test suite commit 68a5537 Author: kobelb <brandon.kobel@elastic.co> Date: Wed Sep 5 13:32:49 2018 -0400 Copying find to security and spaces commit fc5f7fa Author: Larry Gregory <larry.gregory@elastic.co> Date: Wed Sep 5 12:36:30 2018 -0400 move es privilege tests to api_integration commit 189fbe6 Author: kobelb <brandon.kobel@elastic.co> Date: Wed Sep 5 12:24:41 2018 -0400 Switching approach to dynamically enabling security commit c72200f Author: Larry Gregory <larry.gregory@elastic.co> Date: Wed Sep 5 11:57:26 2018 -0400 remove get privileges api commit 1607f80 Author: kobelb <brandon.kobel@elastic.co> Date: Wed Sep 5 11:47:19 2018 -0400 Dynamically supplying users so we reduce some duplication commit 9deec1b Author: kobelb <brandon.kobel@elastic.co> Date: Wed Sep 5 09:32:36 2018 -0400 Security and Spaces create tests commit a8232dd Author: kobelb <brandon.kobel@elastic.co> Date: Wed Sep 5 07:22:10 2018 -0400 Using a create "test suite" commit f07f668 Author: kobelb <brandon.kobel@elastic.co> Date: Wed Sep 5 05:54:46 2018 -0400 Using the spaces esArchive always now commit b2021ad Merge: d3babea 7b4575b Author: kobelb <brandon.kobel@elastic.co> Date: Wed Sep 5 05:43:48 2018 -0400 Merge branch 'spaces/securing' into spaces/securing-api-tests commit d3babea Author: kobelb <brandon.kobel@elastic.co> Date: Tue Sep 4 17:43:38 2018 -0400 Moving over the spaces only saved objects tests commit 94054a2 Author: kobelb <brandon.kobel@elastic.co> Date: Tue Sep 4 17:26:43 2018 -0400 Copying over the security only saved object api tests
kobelb · Sep 10, 2018 · d9699f9 · d9699f9
1 parent 14a1d96
commit d9699f9
Show file tree

Hide file tree

Showing 132 changed files with 9,861 additions and 5,369 deletions.
diff --git a/packages/kbn-test/src/functional_tests/lib/run_elasticsearch.js b/packages/kbn-test/src/functional_tests/lib/run_elasticsearch.js
@@ -25,12 +25,15 @@ import { setupUsers, DEFAULT_SUPERUSER_PASS } from './auth';
 
 export async function runElasticsearch({ config, options }) {
   const { log, esFrom } = options;
-  const isOss = config.get('esTestCluster.license') === 'oss';
+  const license = config.get('esTestCluster.license');
+  const isTrialLicense = config.get('esTestCluster.license') === 'trial';
 
   const cluster = createEsTestCluster({
     port: config.get('servers.elasticsearch.port'),
-    password: !isOss ? DEFAULT_SUPERUSER_PASS : config.get('servers.elasticsearch.password'),
-    license: config.get('esTestCluster.license'),
+    password: isTrialLicense
+      ? DEFAULT_SUPERUSER_PASS
+      : config.get('servers.elasticsearch.password'),
+    license,
     log,
     basePath: resolve(KIBANA_ROOT, '.es'),
     esFrom: esFrom || config.get('esTestCluster.from'),
@@ -40,7 +43,7 @@ export async function runElasticsearch({ config, options }) {
 
   await cluster.start(esArgs);
 
-  if (!isOss) {
+  if (isTrialLicense) {
     await setupUsers(log, config);
   }
 

diff --git a/test/api_integration/apis/saved_objects/bulk_create.js b/test/api_integration/apis/saved_objects/bulk_create.js
@@ -0,0 +1,121 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import expect from 'expect.js';
+
+export default function ({ getService }) {
+  const supertest = getService('supertest');
+  const es = getService('es');
+  const esArchiver = getService('esArchiver');
+
+  const BULK_REQUESTS = [
+    {
+      type: 'visualization',
+      id: 'dd7caf20-9efd-11e7-acb3-3dab96693fab',
+      attributes: {
+        title: 'An existing visualization'
+      }
+    },
+    {
+      type: 'dashboard',
+      id: 'a01b2f57-fcfd-4864-b735-09e28f0d815e',
+      attributes: {
+        title: 'A great new dashboard'
+      }
+    },
+  ];
+
+  describe('_bulk_create', () => {
+    describe('with kibana index', () => {
+      before(() => esArchiver.load('saved_objects/basic'));
+      after(() => esArchiver.unload('saved_objects/basic'));
+
+      it('should return 200 with individual responses', async () => (
+        await supertest
+          .post(`/api/saved_objects/_bulk_create`)
+          .send(BULK_REQUESTS)
+          .expect(200)
+          .then(resp => {
+            expect(resp.body).to.eql({
+              saved_objects: [
+                {
+                  type: 'visualization',
+                  id: 'dd7caf20-9efd-11e7-acb3-3dab96693fab',
+                  error: {
+                    'message': 'version conflict, document already exists',
+                    'statusCode': 409
+                  }
+                },
+                {
+                  type: 'dashboard',
+                  id: 'a01b2f57-fcfd-4864-b735-09e28f0d815e',
+                  updated_at: resp.body.saved_objects[1].updated_at,
+                  version: 1,
+                  attributes: {
+                    title: 'A great new dashboard'
+                  }
+                },
+              ]
+            });
+          })
+      ));
+    });
+
+    describe('without kibana index', () => {
+      before(async () => (
+        // just in case the kibana server has recreated it
+        await es.indices.delete({
+          index: '.kibana',
+          ignore: [404],
+        })
+      ));
+
+      it('should return 200 with individual responses', async () => (
+        await supertest
+          .post('/api/saved_objects/_bulk_create')
+          .send(BULK_REQUESTS)
+          .expect(200)
+          .then(resp => {
+            expect(resp.body).to.eql({
+              saved_objects: [
+                {
+                  type: 'visualization',
+                  id: 'dd7caf20-9efd-11e7-acb3-3dab96693fab',
+                  updated_at: resp.body.saved_objects[0].updated_at,
+                  version: 1,
+                  attributes: {
+                    title: 'An existing visualization'
+                  }
+                },
+                {
+                  type: 'dashboard',
+                  id: 'a01b2f57-fcfd-4864-b735-09e28f0d815e',
+                  updated_at: resp.body.saved_objects[1].updated_at,
+                  version: 1,
+                  attributes: {
+                    title: 'A great new dashboard'
+                  }
+                },
+              ]
+            });
+          })
+      ));
+    });
+  });
+}
diff --git a/test/api_integration/apis/saved_objects/index.js b/test/api_integration/apis/saved_objects/index.js
@@ -19,6 +19,7 @@
 
 export default function ({ loadTestFile }) {
   describe('saved_objects', () => {
+    loadTestFile(require.resolve('./bulk_create'));
     loadTestFile(require.resolve('./bulk_get'));
     loadTestFile(require.resolve('./create'));
     loadTestFile(require.resolve('./delete'));

diff --git a/x-pack/package.json b/x-pack/package.json
@@ -27,8 +27,11 @@
     "@kbn/es": "link:../packages/kbn-es",
     "@kbn/plugin-helpers": "link:../packages/kbn-plugin-helpers",
     "@kbn/test": "link:../packages/kbn-test",
-    "@types/jest": "^22.2.3",
+    "@types/expect.js": "^0.3.29",
+    "@types/jest": "^23.3.1",
+    "@types/mocha": "^5.2.5",
     "@types/pngjs": "^3.3.1",
+    "@types/supertest": "^2.0.5",
     "abab": "^1.0.4",
     "ansicolors": "0.3.2",
     "aws-sdk": "2.2.33",

diff --git a/x-pack/plugins/security/common/model/kibana_privilege.ts b/x-pack/plugins/security/common/model/kibana_privilege.ts
@@ -5,3 +5,5 @@
  */
 
 export type KibanaPrivilege = 'none' | 'read' | 'all';
+
+export const KibanaAppPrivileges: KibanaPrivilege[] = ['read', 'all'];
diff --git a/x-pack/plugins/security/index.js b/x-pack/plugins/security/index.js
@@ -16,7 +16,6 @@ import { validateConfig } from './server/lib/validate_config';
 import { authenticateFactory } from './server/lib/auth_redirect';
 import { checkLicense } from './server/lib/check_license';
 import { initAuthenticator } from './server/lib/authentication/authenticator';
-import { initPrivilegesApi } from './server/routes/api/v1/privileges';
 import { SecurityAuditLogger } from './server/lib/audit_logger';
 import { AuditLogger } from '../../server/lib/audit_logger';
 import { createAuthorizationService, registerPrivilegesWithCluster } from './server/lib/authorization';
@@ -161,7 +160,6 @@ export const security = (kibana) => new kibana.Plugin({
     initUsersApi(server);
     initPublicRolesApi(server);
     initIndicesApi(server);
-    initPrivilegesApi(server);
     initLoginView(server, xpackMainPlugin);
     initLogoutView(server);
 

diff --git a/x-pack/plugins/security/public/views/management/edit_role/components/edit_role_page.tsx b/x-pack/plugins/security/public/views/management/edit_role/components/edit_role_page.tsx
@@ -24,7 +24,7 @@ import React, { ChangeEvent, Component, HTMLProps } from 'react';
 import { toastNotifications } from 'ui/notify';
 import { Space } from '../../../../../../spaces/common/model/space';
 import { IndexPrivilege } from '../../../../../common/model/index_privilege';
-import { KibanaApplicationPrivilege } from '../../../../../common/model/kibana_application_privilege';
+import { KibanaPrivilege } from '../../../../../common/model/kibana_privilege';
 import { Role } from '../../../../../common/model/role';
 import { isReservedRole } from '../../../../lib/role';
 import { deleteRole, saveRole } from '../../../../objects';
@@ -42,7 +42,7 @@ interface Props {
   rbacEnabled: boolean;
   allowDocumentLevelSecurity: boolean;
   allowFieldLevelSecurity: boolean;
-  kibanaAppPrivileges: KibanaApplicationPrivilege[];
+  kibanaAppPrivileges: KibanaPrivilege[];
   notifier: any;
   spaces?: Space[];
   spacesEnabled: boolean;

diff --git a/...rity/public/views/management/edit_role/components/privileges/kibana/kibana_privileges.tsx b/...rity/public/views/management/edit_role/components/privileges/kibana/kibana_privileges.tsx
@@ -6,7 +6,7 @@
 
 import React, { Component } from 'react';
 import { Space } from '../../../../../../../../spaces/common/model/space';
-import { KibanaApplicationPrivilege } from '../../../../../../../common/model/kibana_application_privilege';
+import { KibanaPrivilege } from '../../../../../../../common/model/kibana_privilege';
 import { Role } from '../../../../../../../common/model/role';
 import { RoleValidator } from '../../../lib/validate_role';
 import { CollapsiblePanel } from '../../collapsible_panel';
@@ -18,7 +18,7 @@ interface Props {
   spacesEnabled: boolean;
   spaces?: Space[];
   editable: boolean;
-  kibanaAppPrivileges: KibanaApplicationPrivilege[];
+  kibanaAppPrivileges: KibanaPrivilege[];
   onChange: (role: Role) => void;
   validator: RoleValidator;
 }

diff --git a/...ic/views/management/edit_role/components/privileges/kibana/simple_privilege_form.test.tsx b/...ic/views/management/edit_role/components/privileges/kibana/simple_privilege_form.test.tsx
@@ -24,14 +24,7 @@ const buildProps = (customProps?: any) => {
       },
     },
     editable: true,
-    kibanaAppPrivileges: [
-      {
-        name: 'all',
-      },
-      {
-        name: 'read',
-      },
-    ],
+    kibanaAppPrivileges: ['all', 'read'],
     onChange: jest.fn(),
     ...customProps,
   };

diff --git a/.../public/views/management/edit_role/components/privileges/kibana/simple_privilege_form.tsx b/.../public/views/management/edit_role/components/privileges/kibana/simple_privilege_form.tsx
@@ -10,7 +10,6 @@ import {
   EuiFormRow,
 } from '@elastic/eui';
 import React, { Component, Fragment } from 'react';
-import { KibanaApplicationPrivilege } from '../../../../../../../common/model/kibana_application_privilege';
 import { KibanaPrivilege } from '../../../../../../../common/model/kibana_privilege';
 import { Role } from '../../../../../../../common/model/role';
 import { isReservedRole } from '../../../../../../lib/role';
@@ -19,7 +18,7 @@ import { copyRole } from '../../../lib/copy_role';
 import { PrivilegeSelector } from './privilege_selector';
 
 interface Props {
-  kibanaAppPrivileges: KibanaApplicationPrivilege[];
+  kibanaAppPrivileges: KibanaPrivilege[];
   role: Role;
   onChange: (role: Role) => void;
   editable: boolean;
@@ -30,7 +29,6 @@ export class SimplePrivilegeForm extends Component<Props, {}> {
     const { kibanaAppPrivileges, role } = this.props;
 
     const assignedPrivileges = role.kibana;
-    const availablePrivileges = kibanaAppPrivileges.map(privilege => privilege.name);
 
     const kibanaPrivilege: KibanaPrivilege =
       assignedPrivileges.global.length > 0
@@ -45,7 +43,7 @@ export class SimplePrivilegeForm extends Component<Props, {}> {
           <EuiFormRow hasEmptyLabelSpace>
             <PrivilegeSelector
               data-test-subj={'kibanaPrivilege'}
-              availablePrivileges={availablePrivileges}
+              availablePrivileges={kibanaAppPrivileges}
               value={kibanaPrivilege}
               disabled={isReservedRole(role)}
               allowNone={true}

diff --git a/...ews/management/edit_role/components/privileges/kibana/space_aware_privilege_form.test.tsx b/...ews/management/edit_role/components/privileges/kibana/space_aware_privilege_form.test.tsx
@@ -38,14 +38,7 @@ const buildProps = (customProps: any = {}) => {
       },
     ],
     editable: true,
-    kibanaAppPrivileges: [
-      {
-        name: 'all',
-      },
-      {
-        name: 'read',
-      },
-    ],
+    kibanaAppPrivileges: ['all', 'read'],
     onChange: jest.fn(),
     validator: new RoleValidator(),
     ...customProps,

diff --git a/...ic/views/management/edit_role/components/privileges/kibana/space_aware_privilege_form.tsx b/...ic/views/management/edit_role/components/privileges/kibana/space_aware_privilege_form.tsx
@@ -17,7 +17,6 @@ import {
 } from '@elastic/eui';
 import React, { Component, Fragment } from 'react';
 import { Space } from '../../../../../../../../spaces/common/model/space';
-import { KibanaApplicationPrivilege } from '../../../../../../../common/model/kibana_application_privilege';
 import { KibanaPrivilege } from '../../../../../../../common/model/kibana_privilege';
 import { Role } from '../../../../../../../common/model/role';
 import { isReservedRole } from '../../../../../../lib/role';
@@ -32,7 +31,7 @@ import { PrivilegeSpaceForm } from './privilege_space_form';
 import { PrivilegeSpaceTable } from './privilege_space_table';
 
 interface Props {
-  kibanaAppPrivileges: KibanaApplicationPrivilege[];
+  kibanaAppPrivileges: KibanaPrivilege[];
   role: Role;
   spaces: Space[];
   onChange: (role: Role) => void;
@@ -74,7 +73,6 @@ export class SpaceAwarePrivilegeForm extends Component<Props, State> {
     const { kibanaAppPrivileges, role } = this.props;
 
     const assignedPrivileges = role.kibana;
-    const availablePrivileges = kibanaAppPrivileges.map(privilege => privilege.name);
 
     const basePrivilege =
       assignedPrivileges.global.length > 0 ? assignedPrivileges.global[0] : NO_PRIVILEGE_VALUE;
@@ -101,7 +99,7 @@ export class SpaceAwarePrivilegeForm extends Component<Props, State> {
           <EuiFormRow hasEmptyLabelSpace helpText={helptext}>
             <PrivilegeSelector
               data-test-subj={'kibanaMinimumPrivilege'}
-              availablePrivileges={availablePrivileges}
+              availablePrivileges={kibanaAppPrivileges}
               value={basePrivilege}
               disabled={isReservedRole(role)}
               allowNone={true}
@@ -112,7 +110,7 @@ export class SpaceAwarePrivilegeForm extends Component<Props, State> {
 
         <EuiSpacer />
 
-        {this.renderSpacePrivileges(basePrivilege, availablePrivileges)}
+        {this.renderSpacePrivileges(basePrivilege, kibanaAppPrivileges)}
       </Fragment>
     );
   }

diff --git a/x-pack/plugins/security/public/views/management/edit_role/index.js b/x-pack/plugins/security/public/views/management/edit_role/index.js
@@ -27,6 +27,7 @@ import { EditRolePage } from './components';
 
 import React from 'react';
 import { render, unmountComponentAtNode } from 'react-dom';
+import { KibanaAppPrivileges } from '../../../../common/model/kibana_privilege';
 
 routes.when(`${EDIT_ROLES_PATH}/:name?`, {
   template,
@@ -120,16 +121,13 @@ routes.when(`${EDIT_ROLES_PATH}/:name?`, {
       spaces,
     } = $route.current.locals;
 
-    // todo: don't hard-code this...
-    const kibanaApplicationPrivilege = [{ name: 'all' }, { name: 'read' } ];
-
     $scope.$$postDigest(() => {
       const domNode = document.getElementById('editRoleReactRoot');
 
       render(<EditRolePage
         runAsUsers={users}
         role={role}
-        kibanaAppPrivileges={kibanaApplicationPrivilege}
+        kibanaAppPrivileges={KibanaAppPrivileges}
         indexPatterns={indexPatterns}
         rbacEnabled={true}
         rbacApplication={rbacApplication}

diff --git a/x-pack/plugins/security/server/lib/authorization/check_privileges.js b/x-pack/plugins/security/server/lib/authorization/check_privileges.js
@@ -21,6 +21,7 @@ export function checkPrivilegesWithRequestFactory(actions, application, shieldCl
     const checkPrivilegesAtResources = async (resources, privilegeOrPrivileges) => {
       const privileges = Array.isArray(privilegeOrPrivileges) ? privilegeOrPrivileges : [privilegeOrPrivileges];
       const allApplicationPrivileges = uniq([actions.version, actions.login, ...privileges]);
+
       const hasPrivilegesResponse = await callWithRequest(request, 'shield.hasPrivileges', {
         body: {
           applications: [{

diff --git a/x-pack/plugins/security/server/routes/api/v1/privileges.js b/x-pack/plugins/security/server/routes/api/v1/privileges.js