-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Ingest node pipelines] Privileges (#63850)
* Create privileges check for ingest pipelines app Also moved the public side logic for checking and rendering privilege related messages to es_ui_shared/public following the new __packages_do_not_import__ convention. * Add , * Fix import paths * Address PR feedback Fix i18n strings (remove reference to snapshot and restore) and fix copy referencing snapshot and restore - all copy-pasta errors. Also remove unused field from missing privileges object. * Fix issue from resolving merge conflicts * Add missing app privilege * Use non-deprecated privilige name
- Loading branch information
1 parent
34cb91a
commit eba5305
Showing
8 changed files
with
186 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
62 changes: 62 additions & 0 deletions
62
x-pack/plugins/ingest_pipelines/server/routes/api/privileges.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
import { RouteDependencies } from '../../types'; | ||
import { API_BASE_PATH, APP_CLUSTER_REQUIRED_PRIVILEGES } from '../../../common/constants'; | ||
import { Privileges } from '../../../../../../src/plugins/es_ui_shared/public'; | ||
|
||
const extractMissingPrivileges = (privilegesObject: { [key: string]: boolean } = {}): string[] => | ||
Object.keys(privilegesObject).reduce((privileges: string[], privilegeName: string): string[] => { | ||
if (!privilegesObject[privilegeName]) { | ||
privileges.push(privilegeName); | ||
} | ||
return privileges; | ||
}, []); | ||
|
||
export const registerPrivilegesRoute = ({ license, router }: RouteDependencies) => { | ||
router.get( | ||
{ | ||
path: `${API_BASE_PATH}/privileges`, | ||
validate: false, | ||
}, | ||
license.guardApiRoute(async (ctx, req, res) => { | ||
const { | ||
core: { | ||
elasticsearch: { dataClient }, | ||
}, | ||
} = ctx; | ||
|
||
const privilegesResult: Privileges = { | ||
hasAllPrivileges: true, | ||
missingPrivileges: { | ||
cluster: [], | ||
}, | ||
}; | ||
|
||
try { | ||
const { has_all_requested: hasAllPrivileges, cluster } = await dataClient.callAsCurrentUser( | ||
'transport.request', | ||
{ | ||
path: '/_security/user/_has_privileges', | ||
method: 'POST', | ||
body: { | ||
cluster: APP_CLUSTER_REQUIRED_PRIVILEGES, | ||
}, | ||
} | ||
); | ||
|
||
if (!hasAllPrivileges) { | ||
privilegesResult.missingPrivileges.cluster = extractMissingPrivileges(cluster); | ||
} | ||
|
||
privilegesResult.hasAllPrivileges = hasAllPrivileges; | ||
|
||
return res.ok({ body: privilegesResult }); | ||
} catch (e) { | ||
return res.internalError(e); | ||
} | ||
}) | ||
); | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters