Fix privileges check when security is not enabled (#67308) (#67315)

elastic · May 26, 2020 · c0fcd81 · c0fcd81
1 parent e3d54d8
commit c0fcd81
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 21 deletions.
diff --git a/x-pack/plugins/ingest_pipelines/kibana.json b/x-pack/plugins/ingest_pipelines/kibana.json
@@ -3,15 +3,7 @@
   "version": "kibana",
   "server": true,
   "ui": true,
-  "requiredPlugins": [
-    "licensing",
-    "management"
-  ],
-  "optionalPlugins": [
-    "usageCollection"
-  ],
-  "configPath": [
-    "xpack",
-    "ingest_pipelines"
-  ]
+  "requiredPlugins": ["licensing", "management"],
+  "optionalPlugins": ["security", "usageCollection"],
+  "configPath": ["xpack", "ingest_pipelines"]
 }
diff --git a/x-pack/plugins/ingest_pipelines/server/plugin.ts b/x-pack/plugins/ingest_pipelines/server/plugin.ts
@@ -25,7 +25,7 @@ export class IngestPipelinesPlugin implements Plugin<void, void, any, any> {
     this.apiRoutes = new ApiRoutes();
   }
 
-  public setup({ http, elasticsearch }: CoreSetup, { licensing }: Dependencies) {
+  public setup({ http }: CoreSetup, { licensing, security }: Dependencies) {
     this.logger.debug('ingest_pipelines: setup');
 
     const router = http.createRouter();
@@ -47,6 +47,9 @@ export class IngestPipelinesPlugin implements Plugin<void, void, any, any> {
     this.apiRoutes.setup({
       router,
       license: this.license,
+      config: {
+        isSecurityEnabled: security !== undefined && security.license.isEnabled(),
+      },
       lib: {
         isEsError,
       },

diff --git a/x-pack/plugins/ingest_pipelines/server/routes/api/privileges.ts b/x-pack/plugins/ingest_pipelines/server/routes/api/privileges.ts
@@ -15,26 +15,31 @@ const extractMissingPrivileges = (privilegesObject: { [key: string]: boolean } =
     return privileges;
   }, []);
 
-export const registerPrivilegesRoute = ({ license, router }: RouteDependencies) => {
+export const registerPrivilegesRoute = ({ license, router, config }: RouteDependencies) => {
   router.get(
     {
       path: `${API_BASE_PATH}/privileges`,
       validate: false,
     },
     license.guardApiRoute(async (ctx, req, res) => {
-      const {
-        core: {
-          elasticsearch: { dataClient },
-        },
-      } = ctx;
-
       const privilegesResult: Privileges = {
         hasAllPrivileges: true,
         missingPrivileges: {
           cluster: [],
         },
       };
 
+      // Skip the privileges check if security is not enabled
+      if (!config.isSecurityEnabled) {
+        return res.ok({ body: privilegesResult });
+      }
+
+      const {
+        core: {
+          elasticsearch: { dataClient },
+        },
+      } = ctx;
+
       try {
         const { has_all_requested: hasAllPrivileges, cluster } = await dataClient.callAsCurrentUser(
           'transport.request',
@@ -55,7 +60,7 @@ export const registerPrivilegesRoute = ({ license, router }: RouteDependencies)
 
         return res.ok({ body: privilegesResult });
       } catch (e) {
-        return res.internalError(e);
+        return res.internalError({ body: e });
       }
     })
   );

diff --git a/x-pack/plugins/ingest_pipelines/server/types.ts b/x-pack/plugins/ingest_pipelines/server/types.ts
@@ -6,16 +6,21 @@
 
 import { IRouter } from 'src/core/server';
 import { LicensingPluginSetup } from '../../licensing/server';
+import { SecurityPluginSetup } from '../../security/server';
 import { License } from './services';
 import { isEsError } from './lib';
 
 export interface Dependencies {
+  security: SecurityPluginSetup;
   licensing: LicensingPluginSetup;
 }
 
 export interface RouteDependencies {
   router: IRouter;
   license: License;
+  config: {
+    isSecurityEnabled: boolean;
+  };
   lib: {
     isEsError: typeof isEsError;
   };

diff --git a/x-pack/plugins/snapshot_restore/server/plugin.ts b/x-pack/plugins/snapshot_restore/server/plugin.ts
@@ -92,7 +92,7 @@ export class SnapshotRestoreServerPlugin implements Plugin<void, void, any, any>
       router,
       license: this.license,
       config: {
-        isSecurityEnabled: security !== undefined,
+        isSecurityEnabled: security !== undefined && security.license.isEnabled(),
         isCloudEnabled: cloud !== undefined && cloud.isCloudEnabled,
         isSlmEnabled: pluginConfig.slm_ui.enabled,
       },