[Monitoring] Handle setup mode if security is disabled (#53306) (#58772)

* Handle setup mode if security is disabled * Rename so the test actually runs, and fix/add tests * Use es.js api instead of transport.request * Revert "Use es.js api instead of transport.request" This reverts commit ae0e48f. * Explicitly handle security not enabled Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
elastic · Feb 28, 2020 · 535114d · 535114d
1 parent 0479d0d
commit 535114d
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 25 deletions.
diff --git a/...lection/__test__/get_collection_status.js → ...on/__test__/get_collection_status.test.js b/...lection/__test__/get_collection_status.js → ...on/__test__/get_collection_status.test.js
@@ -6,11 +6,11 @@
 
 import expect from '@kbn/expect';
 import sinon from 'sinon';
-import { getCollectionStatus } from '../';
+import { getCollectionStatus } from '..';
 import { getIndexPatterns } from '../../../cluster/get_index_patterns';
 
 const liveClusterUuid = 'a12';
-const mockReq = (searchResult = {}) => {
+const mockReq = (searchResult = {}, securityEnabled = true, userHasPermissions = true) => {
   return {
     server: {
       newPlatform: {
@@ -40,6 +40,14 @@ const mockReq = (searchResult = {}) => {
         },
       },
       plugins: {
+        xpack_main: {
+          info: {
+            isAvailable: () => true,
+            feature: () => ({
+              isEnabled: () => securityEnabled,
+            }),
+          },
+        },
         elasticsearch: {
           getCluster() {
             return {
@@ -51,6 +59,13 @@ const mockReq = (searchResult = {}) => {
                 ) {
                   return Promise.resolve({ cluster_uuid: liveClusterUuid });
                 }
+                if (
+                  type === 'transport.request' &&
+                  params &&
+                  params.path === '/_security/user/_has_privileges'
+                ) {
+                  return Promise.resolve({ has_all_requested: userHasPermissions });
+                }
                 if (type === 'transport.request' && params && params.path === '/_nodes') {
                   return Promise.resolve({ nodes: {} });
                 }
@@ -218,24 +233,24 @@ describe('getCollectionStatus', () => {
   });
 
   it('should detect products based on other indices', async () => {
-    const req = mockReq(
-      {},
-      {
-        responses: [
-          { hits: { total: { value: 1 } } },
-          { hits: { total: { value: 1 } } },
-          { hits: { total: { value: 1 } } },
-          { hits: { total: { value: 1 } } },
-          { hits: { total: { value: 1 } } },
-        ],
-      }
-    );
-
+    const req = mockReq({ hits: { total: { value: 1 } } });
     const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
 
     expect(result.kibana.detected.doesExist).to.be(true);
     expect(result.elasticsearch.detected.doesExist).to.be(true);
     expect(result.beats.detected.mightExist).to.be(true);
     expect(result.logstash.detected.mightExist).to.be(true);
   });
+
+  it('should work properly when security is disabled', async () => {
+    const req = mockReq({ hits: { total: { value: 1 } } }, false);
+    const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
+    expect(result.kibana.detected.doesExist).to.be(true);
+  });
+
+  it('should not work if the user does not have the necessary permissions', async () => {
+    const req = mockReq({ hits: { total: { value: 1 } } }, true, false);
+    const result = await getCollectionStatus(req, getIndexPatterns(req.server), liveClusterUuid);
+    expect(result._meta.hasPermissions).to.be(false);
+  });
 });
diff --git a/x-pack/legacy/plugins/monitoring/server/lib/setup/collection/get_collection_status.js b/x-pack/legacy/plugins/monitoring/server/lib/setup/collection/get_collection_status.js
@@ -226,16 +226,25 @@ function isBeatFromAPM(bucket) {
 }
 
 async function hasNecessaryPermissions(req) {
-  const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('data');
-  const response = await callWithRequest(req, 'transport.request', {
-    method: 'POST',
-    path: '/_security/user/_has_privileges',
-    body: {
-      cluster: ['monitor'],
-    },
-  });
-  // If there is some problem, assume they do not have access
-  return get(response, 'has_all_requested', false);
+  try {
+    const { callWithRequest } = req.server.plugins.elasticsearch.getCluster('data');
+    const response = await callWithRequest(req, 'transport.request', {
+      method: 'POST',
+      path: '/_security/user/_has_privileges',
+      body: {
+        cluster: ['monitor'],
+      },
+    });
+    // If there is some problem, assume they do not have access
+    return get(response, 'has_all_requested', false);
+  } catch (err) {
+    if (
+      err.message === 'no handler found for uri [/_security/user/_has_privileges] and method [POST]'
+    ) {
+      return true;
+    }
+    return false;
+  }
 }
 
 /**