Skip to content

Commit

Permalink
[8.8] Fix unable to create roles under Stack Management (#156381) (#1…
Browse files Browse the repository at this point in the history 
…56440)

# Backport

This will backport the following commits from `main` to `8.8`:
- [Fix unable to create roles under Stack Management
(#156381)](#156381)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Thom
Heymann","email":"190132+thomheymann@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-05-02T19:46:37Z","message":"Fix
unable to create roles under Stack Management (#156381)\n\nResolves
#156249\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"de0498decb0992a6b20a4158aeae0d3bd39278b3","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport","Team:Security","v8.8.0","v8.9.0"],"number":156381,"url":"https://github.com/elastic/kibana/pull/156381","mergeCommit":{"message":"Fix
unable to create roles under Stack Management (#156381)\n\nResolves
#156249\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"de0498decb0992a6b20a4158aeae0d3bd39278b3"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/156381","number":156381,"mergeCommit":{"message":"Fix
unable to create roles under Stack Management (#156381)\n\nResolves
#156249\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"de0498decb0992a6b20a4158aeae0d3bd39278b3"}}]}]
BACKPORT-->

Co-authored-by: Thom Heymann <190132+thomheymann@users.noreply.github.com>
  • Loading branch information
@kibanamachine @thomheymann
kibanamachine and thomheymann authored May 2, 2023
1 parent 9075d8b commit 29af54c
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 11 deletions.
43 changes: 43 additions & 0 deletions x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,49 @@ describe('Put payload schema', () => {
}
`);
});

test('passes through remote_indices when specified', () => {
expect(
getPutPayloadSchema(() => basePrivilegeNamesMap).validate({
elasticsearch: {
remote_indices: [
{
clusters: ['remote_cluster'],
names: ['remote_index'],
privileges: ['all'],
},
],
},
})
).toMatchInlineSnapshot(`
Object {
"elasticsearch": Object {
"remote_indices": Array [
Object {
"clusters": Array [
"remote_cluster",
],
"names": Array [
"remote_index",
],
"privileges": Array [
"all",
],
},
],
},
}
`);
});

// This is important for backwards compatibility
test('does not set default value for remote_indices when not specified', () => {
expect(getPutPayloadSchema(() => basePrivilegeNamesMap).validate({})).toMatchInlineSnapshot(`
Object {
"elasticsearch": Object {},
}
`);
});
});

describe('validateKibanaPrivileges', () => {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/security/server/routes/authorization/roles/model/put_payload.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ export const transformPutPayloadToElasticsearchRole = (
metadata: rolePayload.metadata,
cluster: elasticsearch.cluster || [],
indices: elasticsearch.indices || [],
remote_indices: elasticsearch.remote_indices || [],
remote_indices: elasticsearch.remote_indices,
run_as: elasticsearch.run_as || [],
applications: [
...transformPrivilegesToElasticsearchPrivileges(application, kibana),
Expand Down
43 changes: 33 additions & 10 deletions x-pack/plugins/security/server/routes/authorization/roles/put.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,7 +325,7 @@ describe('PUT role', () => {
body: {
cluster: [],
indices: [],
remote_indices: [],
remote_indices: undefined,
run_as: [],
applications: [],
},
Expand Down Expand Up @@ -359,7 +359,7 @@ describe('PUT role', () => {
body: {
cluster: [],
indices: [],
remote_indices: [],
remote_indices: undefined,
run_as: [],
applications: [
{
Expand Down Expand Up @@ -402,7 +402,7 @@ describe('PUT role', () => {
body: {
cluster: [],
indices: [],
remote_indices: [],
remote_indices: undefined,
run_as: [],
applications: [
{
Expand Down Expand Up @@ -443,7 +443,7 @@ describe('PUT role', () => {
body: {
cluster: [],
indices: [],
remote_indices: [],
remote_indices: undefined,
run_as: [],
applications: [
{
Expand Down Expand Up @@ -480,6 +480,18 @@ describe('PUT role', () => {
query: `{ "match": { "title": "foo" } }`,
},
],
remote_indices: [
{
field_security: {
grant: ['test-field-security-grant-1', 'test-field-security-grant-2'],
except: ['test-field-security-except-1', 'test-field-security-except-2'],
},
clusters: ['test-cluster-name-1', 'test-cluster-name-2'],
names: ['test-index-name-1', 'test-index-name-2'],
privileges: ['test-index-privilege-1', 'test-index-privilege-2'],
query: `{ "match": { "title": "foo" } }`,
},
],
run_as: ['test-run-as-1', 'test-run-as-2'],
},
kibana: [
Expand Down Expand Up @@ -539,7 +551,18 @@ describe('PUT role', () => {
query: `{ "match": { "title": "foo" } }`,
},
],
remote_indices: [],
remote_indices: [
{
field_security: {
grant: ['test-field-security-grant-1', 'test-field-security-grant-2'],
except: ['test-field-security-except-1', 'test-field-security-except-2'],
},
clusters: ['test-cluster-name-1', 'test-cluster-name-2'],
names: ['test-index-name-1', 'test-index-name-2'],
privileges: ['test-index-privilege-1', 'test-index-privilege-2'],
query: `{ "match": { "title": "foo" } }`,
},
],
metadata: { foo: 'test-metadata' },
run_as: ['test-run-as-1', 'test-run-as-2'],
},
Expand Down Expand Up @@ -661,7 +684,7 @@ describe('PUT role', () => {
query: `{ "match": { "title": "foo" } }`,
},
],
remote_indices: [],
remote_indices: undefined,
metadata: { foo: 'test-metadata' },
run_as: ['test-run-as-1', 'test-run-as-2'],
},
Expand Down Expand Up @@ -765,7 +788,7 @@ describe('PUT role', () => {
privileges: ['test-index-privilege-1', 'test-index-privilege-2'],
},
],
remote_indices: [],
remote_indices: undefined,
metadata: { foo: 'test-metadata' },
run_as: ['test-run-as-1', 'test-run-as-2'],
},
Expand Down Expand Up @@ -803,7 +826,7 @@ describe('PUT role', () => {
body: {
cluster: [],
indices: [],
remote_indices: [],
remote_indices: undefined,
run_as: [],
applications: [
{
Expand Down Expand Up @@ -848,7 +871,7 @@ describe('PUT role', () => {
body: {
cluster: [],
indices: [],
remote_indices: [],
remote_indices: undefined,
run_as: [],
applications: [
{
Expand Down Expand Up @@ -893,7 +916,7 @@ describe('PUT role', () => {
body: {
cluster: [],
indices: [],
remote_indices: [],
remote_indices: undefined,
run_as: [],
applications: [
{
Expand Down

0 comments on commit 29af54c

Please sign in to comment.