From a013fb9578ae3ebfdf18650780a0a95b6c091b06 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Tue, 15 May 2018 12:46:32 -0700 Subject: [PATCH 01/16] [Beats Management] APIs: Create enrollment tokens (#19018) * WIP checkin * Register API routes * Fixing typo in index name * Adding TODOs * Removing commented out license checking code that isn't yet implemented * Remove unnecessary async/await * Don't return until indices have been refreshed * Add API integration test * Converting to Jest test * Fixing API for default case + adding test for it * Fixing copy pasta typos * Adding TODO * Fixing variable name * Using a single index * Adding expiration date field * Adding test for expiration date field * Ignore non-existent index * Fixing logic in test * Creating constant for default enrollment tokens TTL value * Updating test --- .../call_with_request_factory.js | 19 +++ .../lib/call_with_request_factory/index.js | 7 ++ .../apis/beats/create_enrollment_token.js | 109 ++++++++++++++++++ 3 files changed, 135 insertions(+) create mode 100644 x-pack/plugins/beats/server/lib/call_with_request_factory/call_with_request_factory.js create mode 100644 x-pack/plugins/beats/server/lib/call_with_request_factory/index.js create mode 100644 x-pack/test/api_integration/apis/beats/create_enrollment_token.js diff --git a/x-pack/plugins/beats/server/lib/call_with_request_factory/call_with_request_factory.js b/x-pack/plugins/beats/server/lib/call_with_request_factory/call_with_request_factory.js new file mode 100644 index 0000000000000..0c4f909d12f61 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/call_with_request_factory/call_with_request_factory.js @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { once } from 'lodash'; + +const callWithRequest = once((server) => { + const config = server.config().get('elasticsearch'); + const cluster = server.plugins.elasticsearch.createCluster('beats', config); + return cluster.callWithRequest; +}); + +export const callWithRequestFactory = (server, request) => { + return (...args) => { + return callWithRequest(server)(request, ...args); + }; +}; diff --git a/x-pack/plugins/beats/server/lib/call_with_request_factory/index.js b/x-pack/plugins/beats/server/lib/call_with_request_factory/index.js new file mode 100644 index 0000000000000..787814d87dff9 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/call_with_request_factory/index.js @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { callWithRequestFactory } from './call_with_request_factory'; diff --git a/x-pack/test/api_integration/apis/beats/create_enrollment_token.js b/x-pack/test/api_integration/apis/beats/create_enrollment_token.js new file mode 100644 index 0000000000000..6b446c7bf40e1 --- /dev/null +++ b/x-pack/test/api_integration/apis/beats/create_enrollment_token.js @@ -0,0 +1,109 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import moment from 'moment'; + +export default function ({ getService }) { + const supertest = getService('supertest'); + const chance = getService('chance'); + const es = getService('es'); + + const ES_INDEX_NAME = '.management-beats'; + const ES_TYPE_NAME = '_doc'; + + describe('create_enrollment_token', () => { + const cleanup = () => { + return es.indices.delete({ + index: ES_INDEX_NAME, + ignore: [ 404 ] + }); + }; + + beforeEach(cleanup); + afterEach(cleanup); + + it('should create one token by default', async () => { + const { body: apiResponse } = await supertest + .post( + '/api/beats/enrollment_tokens' + ) + .set('kbn-xsrf', 'xxx') + .send() + .expect(200); + + const tokensFromApi = apiResponse.tokens; + + const esResponse = await es.search({ + index: ES_INDEX_NAME, + type: ES_TYPE_NAME, + q: 'type:enrollment_token' + }); + + const tokensInEs = esResponse.hits.hits + .map(hit => hit._source.enrollment_token.token); + + expect(tokensFromApi.length).to.eql(1); + expect(tokensFromApi).to.eql(tokensInEs); + }); + + it('should create the specified number of tokens', async () => { + const numTokens = chance.integer({ min: 1, max: 2000 }); + + const { body: apiResponse } = await supertest + .post( + '/api/beats/enrollment_tokens' + ) + .set('kbn-xsrf', 'xxx') + .send({ + num_tokens: numTokens + }) + .expect(200); + + const tokensFromApi = apiResponse.tokens; + + const esResponse = await es.search({ + index: ES_INDEX_NAME, + type: ES_TYPE_NAME, + q: 'type:enrollment_token', + size: numTokens + }); + + const tokensInEs = esResponse.hits.hits + .map(hit => hit._source.enrollment_token.token); + + expect(tokensFromApi.length).to.eql(numTokens); + expect(tokensFromApi).to.eql(tokensInEs); + }); + + it('should set token expiration to 10 minutes from now by default', async () => { + await supertest + .post( + '/api/beats/enrollment_tokens' + ) + .set('kbn-xsrf', 'xxx') + .send() + .expect(200); + + const esResponse = await es.search({ + index: ES_INDEX_NAME, + type: ES_TYPE_NAME, + q: 'type:enrollment_token' + }); + + const tokenInEs = esResponse.hits.hits[0]._source.enrollment_token; + + // We do a fuzzy check to see if the token expires between 9 and 10 minutes + // from now because a bit of time has elapsed been the creation of the + // tokens and this check. + const tokenExpiresOn = moment(tokenInEs.expires_on).valueOf(); + const tenMinutesFromNow = moment().add('10', 'minutes').valueOf(); + const almostTenMinutesFromNow = moment(tenMinutesFromNow).subtract('2', 'seconds').valueOf(); + expect(tokenExpiresOn).to.be.lessThan(tenMinutesFromNow); + expect(tokenExpiresOn).to.be.greaterThan(almostTenMinutesFromNow); + }); + }); +} From 52f20a1dfe37cd3d4899aa115231d4c8f5ffa0c0 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Fri, 11 May 2018 06:42:46 -0700 Subject: [PATCH 02/16] WIP checkin --- .../check_license/__tests__/check_license.js | 180 ++++++++++++++++++ .../server/lib/check_license/check_license.js | 69 +++++++ .../beats/server/lib/check_license/index.js | 7 + .../__tests__/wrap_custom_error.js | 21 ++ .../error_wrappers/__tests__/wrap_es_error.js | 41 ++++ .../__tests__/wrap_unknown_error.js | 19 ++ .../lib/error_wrappers/wrap_custom_error.js | 18 ++ .../lib/error_wrappers/wrap_unknown_error.js | 17 ++ .../__tests__/license_pre_routing_factory.js | 72 +++++++ .../lib/license_pre_routing_factory/index.js | 7 + .../license_pre_routing_factory.js | 28 +++ .../lib/register_license_checker/index.js | 7 + .../register_license_checker.js | 21 ++ .../api/register_disenroll_beats_route.js | 0 .../routes/api/register_enroll_beats_route.js | 0 15 files changed, 507 insertions(+) create mode 100644 x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js create mode 100644 x-pack/plugins/beats/server/lib/check_license/check_license.js create mode 100644 x-pack/plugins/beats/server/lib/check_license/index.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js create mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js create mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js create mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js create mode 100644 x-pack/plugins/beats/server/lib/register_license_checker/index.js create mode 100644 x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js create mode 100644 x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js create mode 100644 x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js diff --git a/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js b/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js new file mode 100644 index 0000000000000..449ff3a60b9e7 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js @@ -0,0 +1,180 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { set } from 'lodash'; +import { checkLicense } from '../check_license'; + +describe('check_license', function () { + + let mockLicenseInfo; + beforeEach(() => mockLicenseInfo = {}); + + describe('license information is undefined', () => { + beforeEach(() => mockLicenseInfo = undefined); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + + describe('license information is not available', () => { + beforeEach(() => mockLicenseInfo.isAvailable = () => false); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + + describe('license information is available', () => { + beforeEach(() => { + mockLicenseInfo.isAvailable = () => true; + set(mockLicenseInfo, 'license.getType', () => 'basic'); + }); + + describe('& license is trial, standard, gold, platinum', () => { + beforeEach(() => { + set(mockLicenseInfo, 'license.isOneOf', () => true); + mockLicenseInfo.feature = () => ({ isEnabled: () => true }); // Security feature is enabled + }); + + describe('& license is active', () => { + beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => true)); + + it('should set isAvailable to true', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(true); + }); + + it ('should set enableLinks to true', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(true); + }); + + it ('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should not set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.be(undefined); + }); + }); + + describe('& license is expired', () => { + beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => false)); + + it('should set isAvailable to true', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(true); + }); + + it ('should set enableLinks to true', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(true); + }); + + it ('should set isReadOnly to true', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(true); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + }); + + describe('& license is basic', () => { + beforeEach(() => { + set(mockLicenseInfo, 'license.isOneOf', () => false); + mockLicenseInfo.feature = () => ({ isEnabled: () => true }); // Security feature is enabled + }); + + describe('& license is active', () => { + beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => true)); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it ('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it ('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + + describe('& license is expired', () => { + beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => false)); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it ('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it ('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + }); + + describe('& security is disabled', () => { + beforeEach(() => { + mockLicenseInfo.feature = () => ({ isEnabled: () => false }); // Security feature is disabled + set(mockLicenseInfo, 'license.isOneOf', () => true); + set(mockLicenseInfo, 'license.isActive', () => true); + }); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it ('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it ('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/check_license/check_license.js b/x-pack/plugins/beats/server/lib/check_license/check_license.js new file mode 100644 index 0000000000000..aa1704cc02730 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/check_license/check_license.js @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export function checkLicense(xpackLicenseInfo) { + // If, for some reason, we cannot get the license information + // from Elasticsearch, assume worst case and disable the Logstash pipeline UI + if (!xpackLicenseInfo || !xpackLicenseInfo.isAvailable()) { + return { + isAvailable: false, + enableLinks: false, + isReadOnly: false, + message: 'You cannot manage Logstash pipelines because license information is not available at this time.' + }; + } + + const VALID_LICENSE_MODES = [ + 'trial', + 'standard', + 'gold', + 'platinum' + ]; + + const isLicenseModeValid = xpackLicenseInfo.license.isOneOf(VALID_LICENSE_MODES); + const isLicenseActive = xpackLicenseInfo.license.isActive(); + const licenseType = xpackLicenseInfo.license.getType(); + const isSecurityEnabled = xpackLicenseInfo.feature('security').isEnabled(); + + // Security is not enabled in ES + if (!isSecurityEnabled) { + const message = 'Security must be enabled in order to use Logstash pipeline management features.' + + ' Please set xpack.security.enabled: true in your elasticsearch.yml.'; + return { + isAvailable: false, + enableLinks: false, + isReadOnly: false, + message + }; + } + + // License is not valid + if (!isLicenseModeValid) { + return { + isAvailable: false, + enableLinks: false, + isReadOnly: false, + message: `Your ${licenseType} license does not support Logstash pipeline management features. Please upgrade your license.` + }; + } + + // License is valid but not active, we go into a read-only mode. + if (!isLicenseActive) { + return { + isAvailable: true, + enableLinks: true, + isReadOnly: true, + message: `You cannot edit, create, or delete your Logstash pipelines because your ${licenseType} license has expired.` + }; + } + + // License is valid and active + return { + isAvailable: true, + enableLinks: true, + isReadOnly: false + }; +} diff --git a/x-pack/plugins/beats/server/lib/check_license/index.js b/x-pack/plugins/beats/server/lib/check_license/index.js new file mode 100644 index 0000000000000..f2c070fd44b6e --- /dev/null +++ b/x-pack/plugins/beats/server/lib/check_license/index.js @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { checkLicense } from './check_license'; diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js new file mode 100644 index 0000000000000..443744ccb0cc8 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { wrapCustomError } from '../wrap_custom_error'; + +describe('wrap_custom_error', () => { + describe('#wrapCustomError', () => { + it('should return a Boom object', () => { + const originalError = new Error('I am an error'); + const statusCode = 404; + const wrappedError = wrapCustomError(originalError, statusCode); + + expect(wrappedError.isBoom).to.be(true); + expect(wrappedError.output.statusCode).to.equal(statusCode); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js new file mode 100644 index 0000000000000..f1b956bdcc3bb --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { wrapEsError } from '../wrap_es_error'; + +describe('wrap_es_error', () => { + describe('#wrapEsError', () => { + + let originalError; + beforeEach(() => { + originalError = new Error('I am an error'); + originalError.statusCode = 404; + }); + + it('should return a Boom object', () => { + const wrappedError = wrapEsError(originalError); + + expect(wrappedError.isBoom).to.be(true); + }); + + it('should return the correct Boom object', () => { + const wrappedError = wrapEsError(originalError); + + expect(wrappedError.output.statusCode).to.be(originalError.statusCode); + expect(wrappedError.output.payload.message).to.be(originalError.message); + }); + + it('should return invalid permissions message for 403 errors', () => { + const securityError = new Error('I am an error'); + securityError.statusCode = 403; + const wrappedError = wrapEsError(securityError); + + expect(wrappedError.isBoom).to.be(true); + expect(wrappedError.message).to.be('Insufficient user permissions for managing Logstash pipelines'); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js new file mode 100644 index 0000000000000..6d6a336417bef --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { wrapUnknownError } from '../wrap_unknown_error'; + +describe('wrap_unknown_error', () => { + describe('#wrapUnknownError', () => { + it('should return a Boom object', () => { + const originalError = new Error('I am an error'); + const wrappedError = wrapUnknownError(originalError); + + expect(wrappedError.isBoom).to.be(true); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js new file mode 100644 index 0000000000000..890a366ac65c1 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import Boom from 'boom'; + +/** + * Wraps a custom error into a Boom error response and returns it + * + * @param err Object error + * @param statusCode Error status code + * @return Object Boom error response + */ +export function wrapCustomError(err, statusCode) { + return Boom.wrap(err, statusCode); +} diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js new file mode 100644 index 0000000000000..b0cdced7adbef --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import Boom from 'boom'; + +/** + * Wraps an unknown error into a Boom error response and returns it + * + * @param err Object Unknown error + * @return Object Boom error response + */ +export function wrapUnknownError(err) { + return Boom.wrap(err); +} diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js new file mode 100644 index 0000000000000..c543d79814dd3 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js @@ -0,0 +1,72 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { licensePreRoutingFactory } from '../license_pre_routing_factory'; + +describe('license_pre_routing_factory', () => { + describe('#logstashFeaturePreRoutingFactory', () => { + let mockServer; + let mockLicenseCheckResults; + + beforeEach(() => { + mockServer = { + plugins: { + xpack_main: { + info: { + feature: () => ({ + getLicenseCheckResults: () => mockLicenseCheckResults + }) + } + } + } + }; + }); + + it('only instantiates one instance per server', () => { + const firstInstance = licensePreRoutingFactory(mockServer); + const secondInstance = licensePreRoutingFactory(mockServer); + + expect(firstInstance).to.be(secondInstance); + }); + + describe('isAvailable is false', () => { + beforeEach(() => { + mockLicenseCheckResults = { + isAvailable: false + }; + }); + + it ('replies with 403', (done) => { + const licensePreRouting = licensePreRoutingFactory(mockServer); + const stubRequest = {}; + licensePreRouting(stubRequest, (response) => { + expect(response).to.be.an(Error); + expect(response.isBoom).to.be(true); + expect(response.output.statusCode).to.be(403); + done(); + }); + }); + }); + + describe('isAvailable is true', () => { + beforeEach(() => { + mockLicenseCheckResults = { + isAvailable: true + }; + }); + + it ('replies with nothing', (done) => { + const licensePreRouting = licensePreRoutingFactory(mockServer); + const stubRequest = {}; + licensePreRouting(stubRequest, (response) => { + expect(response).to.be(undefined); + done(); + }); + }); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js new file mode 100644 index 0000000000000..0743e443955f4 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { licensePreRoutingFactory } from './license_pre_routing_factory'; diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js new file mode 100644 index 0000000000000..4ae31f692bfd7 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { once } from 'lodash'; +import { wrapCustomError } from '../error_wrappers'; +import { PLUGIN } from '../../../common/constants'; + +export const licensePreRoutingFactory = once((server) => { + const xpackMainPlugin = server.plugins.xpack_main; + + // License checking and enable/disable logic + function licensePreRouting(request, reply) { + const licenseCheckResults = xpackMainPlugin.info.feature(PLUGIN.ID).getLicenseCheckResults(); + if (!licenseCheckResults.isAvailable) { + const error = new Error(licenseCheckResults.message); + const statusCode = 403; + const wrappedError = wrapCustomError(error, statusCode); + reply(wrappedError); + } else { + reply(); + } + } + + return licensePreRouting; +}); diff --git a/x-pack/plugins/beats/server/lib/register_license_checker/index.js b/x-pack/plugins/beats/server/lib/register_license_checker/index.js new file mode 100644 index 0000000000000..7b0f97c38d129 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/register_license_checker/index.js @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { registerLicenseChecker } from './register_license_checker'; diff --git a/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js b/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js new file mode 100644 index 0000000000000..8a17fb2eea497 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { mirrorPluginStatus } from '../../../../../server/lib/mirror_plugin_status'; +import { checkLicense } from '../check_license'; +import { PLUGIN } from '../../../common/constants'; + +export function registerLicenseChecker(server) { + const xpackMainPlugin = server.plugins.xpack_main; + const logstashPlugin = server.plugins.logstash; + + mirrorPluginStatus(xpackMainPlugin, logstashPlugin); + xpackMainPlugin.status.once('green', () => { + // Register a function that is called whenever the xpack info changes, + // to re-compute the license check results for this plugin + xpackMainPlugin.info.feature(PLUGIN.ID).registerLicenseCheckResultsGenerator(checkLicense); + }); +} diff --git a/x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js new file mode 100644 index 0000000000000..e69de29bb2d1d From bb2155e14a04725aa33ea72959e3f49b530dc5d0 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Sat, 12 May 2018 06:55:32 -0700 Subject: [PATCH 03/16] Add API integration test --- .../check_license/__tests__/check_license.js | 180 ------------------ .../server/lib/check_license/check_license.js | 69 ------- .../beats/server/lib/check_license/index.js | 7 - .../__tests__/wrap_custom_error.js | 21 -- .../__tests__/wrap_unknown_error.js | 19 -- .../lib/error_wrappers/wrap_custom_error.js | 18 -- .../lib/error_wrappers/wrap_unknown_error.js | 17 -- .../__tests__/license_pre_routing_factory.js | 72 ------- .../lib/license_pre_routing_factory/index.js | 7 - .../license_pre_routing_factory.js | 28 --- .../lib/register_license_checker/index.js | 7 - .../register_license_checker.js | 21 -- .../api/register_disenroll_beats_route.js | 0 .../routes/api/register_enroll_beats_route.js | 0 14 files changed, 466 deletions(-) delete mode 100644 x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js delete mode 100644 x-pack/plugins/beats/server/lib/check_license/check_license.js delete mode 100644 x-pack/plugins/beats/server/lib/check_license/index.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js delete mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js delete mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js delete mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js delete mode 100644 x-pack/plugins/beats/server/lib/register_license_checker/index.js delete mode 100644 x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js delete mode 100644 x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js delete mode 100644 x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js diff --git a/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js b/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js deleted file mode 100644 index 449ff3a60b9e7..0000000000000 --- a/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { set } from 'lodash'; -import { checkLicense } from '../check_license'; - -describe('check_license', function () { - - let mockLicenseInfo; - beforeEach(() => mockLicenseInfo = {}); - - describe('license information is undefined', () => { - beforeEach(() => mockLicenseInfo = undefined); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - - describe('license information is not available', () => { - beforeEach(() => mockLicenseInfo.isAvailable = () => false); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - - describe('license information is available', () => { - beforeEach(() => { - mockLicenseInfo.isAvailable = () => true; - set(mockLicenseInfo, 'license.getType', () => 'basic'); - }); - - describe('& license is trial, standard, gold, platinum', () => { - beforeEach(() => { - set(mockLicenseInfo, 'license.isOneOf', () => true); - mockLicenseInfo.feature = () => ({ isEnabled: () => true }); // Security feature is enabled - }); - - describe('& license is active', () => { - beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => true)); - - it('should set isAvailable to true', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(true); - }); - - it ('should set enableLinks to true', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(true); - }); - - it ('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should not set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.be(undefined); - }); - }); - - describe('& license is expired', () => { - beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => false)); - - it('should set isAvailable to true', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(true); - }); - - it ('should set enableLinks to true', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(true); - }); - - it ('should set isReadOnly to true', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(true); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - }); - - describe('& license is basic', () => { - beforeEach(() => { - set(mockLicenseInfo, 'license.isOneOf', () => false); - mockLicenseInfo.feature = () => ({ isEnabled: () => true }); // Security feature is enabled - }); - - describe('& license is active', () => { - beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => true)); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it ('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it ('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - - describe('& license is expired', () => { - beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => false)); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it ('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it ('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - }); - - describe('& security is disabled', () => { - beforeEach(() => { - mockLicenseInfo.feature = () => ({ isEnabled: () => false }); // Security feature is disabled - set(mockLicenseInfo, 'license.isOneOf', () => true); - set(mockLicenseInfo, 'license.isActive', () => true); - }); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it ('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it ('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/check_license/check_license.js b/x-pack/plugins/beats/server/lib/check_license/check_license.js deleted file mode 100644 index aa1704cc02730..0000000000000 --- a/x-pack/plugins/beats/server/lib/check_license/check_license.js +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export function checkLicense(xpackLicenseInfo) { - // If, for some reason, we cannot get the license information - // from Elasticsearch, assume worst case and disable the Logstash pipeline UI - if (!xpackLicenseInfo || !xpackLicenseInfo.isAvailable()) { - return { - isAvailable: false, - enableLinks: false, - isReadOnly: false, - message: 'You cannot manage Logstash pipelines because license information is not available at this time.' - }; - } - - const VALID_LICENSE_MODES = [ - 'trial', - 'standard', - 'gold', - 'platinum' - ]; - - const isLicenseModeValid = xpackLicenseInfo.license.isOneOf(VALID_LICENSE_MODES); - const isLicenseActive = xpackLicenseInfo.license.isActive(); - const licenseType = xpackLicenseInfo.license.getType(); - const isSecurityEnabled = xpackLicenseInfo.feature('security').isEnabled(); - - // Security is not enabled in ES - if (!isSecurityEnabled) { - const message = 'Security must be enabled in order to use Logstash pipeline management features.' - + ' Please set xpack.security.enabled: true in your elasticsearch.yml.'; - return { - isAvailable: false, - enableLinks: false, - isReadOnly: false, - message - }; - } - - // License is not valid - if (!isLicenseModeValid) { - return { - isAvailable: false, - enableLinks: false, - isReadOnly: false, - message: `Your ${licenseType} license does not support Logstash pipeline management features. Please upgrade your license.` - }; - } - - // License is valid but not active, we go into a read-only mode. - if (!isLicenseActive) { - return { - isAvailable: true, - enableLinks: true, - isReadOnly: true, - message: `You cannot edit, create, or delete your Logstash pipelines because your ${licenseType} license has expired.` - }; - } - - // License is valid and active - return { - isAvailable: true, - enableLinks: true, - isReadOnly: false - }; -} diff --git a/x-pack/plugins/beats/server/lib/check_license/index.js b/x-pack/plugins/beats/server/lib/check_license/index.js deleted file mode 100644 index f2c070fd44b6e..0000000000000 --- a/x-pack/plugins/beats/server/lib/check_license/index.js +++ /dev/null @@ -1,7 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { checkLicense } from './check_license'; diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js deleted file mode 100644 index 443744ccb0cc8..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { wrapCustomError } from '../wrap_custom_error'; - -describe('wrap_custom_error', () => { - describe('#wrapCustomError', () => { - it('should return a Boom object', () => { - const originalError = new Error('I am an error'); - const statusCode = 404; - const wrappedError = wrapCustomError(originalError, statusCode); - - expect(wrappedError.isBoom).to.be(true); - expect(wrappedError.output.statusCode).to.equal(statusCode); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js deleted file mode 100644 index 6d6a336417bef..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { wrapUnknownError } from '../wrap_unknown_error'; - -describe('wrap_unknown_error', () => { - describe('#wrapUnknownError', () => { - it('should return a Boom object', () => { - const originalError = new Error('I am an error'); - const wrappedError = wrapUnknownError(originalError); - - expect(wrappedError.isBoom).to.be(true); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js deleted file mode 100644 index 890a366ac65c1..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import Boom from 'boom'; - -/** - * Wraps a custom error into a Boom error response and returns it - * - * @param err Object error - * @param statusCode Error status code - * @return Object Boom error response - */ -export function wrapCustomError(err, statusCode) { - return Boom.wrap(err, statusCode); -} diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js deleted file mode 100644 index b0cdced7adbef..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import Boom from 'boom'; - -/** - * Wraps an unknown error into a Boom error response and returns it - * - * @param err Object Unknown error - * @return Object Boom error response - */ -export function wrapUnknownError(err) { - return Boom.wrap(err); -} diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js deleted file mode 100644 index c543d79814dd3..0000000000000 --- a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { licensePreRoutingFactory } from '../license_pre_routing_factory'; - -describe('license_pre_routing_factory', () => { - describe('#logstashFeaturePreRoutingFactory', () => { - let mockServer; - let mockLicenseCheckResults; - - beforeEach(() => { - mockServer = { - plugins: { - xpack_main: { - info: { - feature: () => ({ - getLicenseCheckResults: () => mockLicenseCheckResults - }) - } - } - } - }; - }); - - it('only instantiates one instance per server', () => { - const firstInstance = licensePreRoutingFactory(mockServer); - const secondInstance = licensePreRoutingFactory(mockServer); - - expect(firstInstance).to.be(secondInstance); - }); - - describe('isAvailable is false', () => { - beforeEach(() => { - mockLicenseCheckResults = { - isAvailable: false - }; - }); - - it ('replies with 403', (done) => { - const licensePreRouting = licensePreRoutingFactory(mockServer); - const stubRequest = {}; - licensePreRouting(stubRequest, (response) => { - expect(response).to.be.an(Error); - expect(response.isBoom).to.be(true); - expect(response.output.statusCode).to.be(403); - done(); - }); - }); - }); - - describe('isAvailable is true', () => { - beforeEach(() => { - mockLicenseCheckResults = { - isAvailable: true - }; - }); - - it ('replies with nothing', (done) => { - const licensePreRouting = licensePreRoutingFactory(mockServer); - const stubRequest = {}; - licensePreRouting(stubRequest, (response) => { - expect(response).to.be(undefined); - done(); - }); - }); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js deleted file mode 100644 index 0743e443955f4..0000000000000 --- a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js +++ /dev/null @@ -1,7 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { licensePreRoutingFactory } from './license_pre_routing_factory'; diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js deleted file mode 100644 index 4ae31f692bfd7..0000000000000 --- a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { once } from 'lodash'; -import { wrapCustomError } from '../error_wrappers'; -import { PLUGIN } from '../../../common/constants'; - -export const licensePreRoutingFactory = once((server) => { - const xpackMainPlugin = server.plugins.xpack_main; - - // License checking and enable/disable logic - function licensePreRouting(request, reply) { - const licenseCheckResults = xpackMainPlugin.info.feature(PLUGIN.ID).getLicenseCheckResults(); - if (!licenseCheckResults.isAvailable) { - const error = new Error(licenseCheckResults.message); - const statusCode = 403; - const wrappedError = wrapCustomError(error, statusCode); - reply(wrappedError); - } else { - reply(); - } - } - - return licensePreRouting; -}); diff --git a/x-pack/plugins/beats/server/lib/register_license_checker/index.js b/x-pack/plugins/beats/server/lib/register_license_checker/index.js deleted file mode 100644 index 7b0f97c38d129..0000000000000 --- a/x-pack/plugins/beats/server/lib/register_license_checker/index.js +++ /dev/null @@ -1,7 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { registerLicenseChecker } from './register_license_checker'; diff --git a/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js b/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js deleted file mode 100644 index 8a17fb2eea497..0000000000000 --- a/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { mirrorPluginStatus } from '../../../../../server/lib/mirror_plugin_status'; -import { checkLicense } from '../check_license'; -import { PLUGIN } from '../../../common/constants'; - -export function registerLicenseChecker(server) { - const xpackMainPlugin = server.plugins.xpack_main; - const logstashPlugin = server.plugins.logstash; - - mirrorPluginStatus(xpackMainPlugin, logstashPlugin); - xpackMainPlugin.status.once('green', () => { - // Register a function that is called whenever the xpack info changes, - // to re-compute the license check results for this plugin - xpackMainPlugin.info.feature(PLUGIN.ID).registerLicenseCheckResultsGenerator(checkLicense); - }); -} diff --git a/x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js deleted file mode 100644 index e69de29bb2d1d..0000000000000 diff --git a/x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js deleted file mode 100644 index e69de29bb2d1d..0000000000000 From e8d889488035a74ba10e926386415fb626eb5a41 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Sat, 12 May 2018 09:22:39 -0700 Subject: [PATCH 04/16] Converting to Jest test --- .../error_wrappers/__tests__/wrap_es_error.js | 41 ------------------- 1 file changed, 41 deletions(-) delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js deleted file mode 100644 index f1b956bdcc3bb..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { wrapEsError } from '../wrap_es_error'; - -describe('wrap_es_error', () => { - describe('#wrapEsError', () => { - - let originalError; - beforeEach(() => { - originalError = new Error('I am an error'); - originalError.statusCode = 404; - }); - - it('should return a Boom object', () => { - const wrappedError = wrapEsError(originalError); - - expect(wrappedError.isBoom).to.be(true); - }); - - it('should return the correct Boom object', () => { - const wrappedError = wrapEsError(originalError); - - expect(wrappedError.output.statusCode).to.be(originalError.statusCode); - expect(wrappedError.output.payload.message).to.be(originalError.message); - }); - - it('should return invalid permissions message for 403 errors', () => { - const securityError = new Error('I am an error'); - securityError.statusCode = 403; - const wrappedError = wrapEsError(securityError); - - expect(wrappedError.isBoom).to.be(true); - expect(wrappedError.message).to.be('Insufficient user permissions for managing Logstash pipelines'); - }); - }); -}); From ee3850b9e83a1427c8e87e5bee2f1c0a325a4a15 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Fri, 11 May 2018 06:42:46 -0700 Subject: [PATCH 05/16] WIP checkin --- .../check_license/__tests__/check_license.js | 180 ++++++++++++++++++ .../server/lib/check_license/check_license.js | 69 +++++++ .../beats/server/lib/check_license/index.js | 7 + .../__tests__/wrap_custom_error.js | 21 ++ .../error_wrappers/__tests__/wrap_es_error.js | 41 ++++ .../__tests__/wrap_unknown_error.js | 19 ++ .../lib/error_wrappers/wrap_custom_error.js | 18 ++ .../lib/error_wrappers/wrap_unknown_error.js | 17 ++ .../__tests__/license_pre_routing_factory.js | 72 +++++++ .../lib/license_pre_routing_factory/index.js | 7 + .../license_pre_routing_factory.js | 28 +++ .../lib/register_license_checker/index.js | 7 + .../register_license_checker.js | 21 ++ .../api/register_disenroll_beats_route.js | 0 .../routes/api/register_enroll_beats_route.js | 0 15 files changed, 507 insertions(+) create mode 100644 x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js create mode 100644 x-pack/plugins/beats/server/lib/check_license/check_license.js create mode 100644 x-pack/plugins/beats/server/lib/check_license/index.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js create mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js create mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js create mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js create mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js create mode 100644 x-pack/plugins/beats/server/lib/register_license_checker/index.js create mode 100644 x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js create mode 100644 x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js create mode 100644 x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js diff --git a/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js b/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js new file mode 100644 index 0000000000000..449ff3a60b9e7 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js @@ -0,0 +1,180 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { set } from 'lodash'; +import { checkLicense } from '../check_license'; + +describe('check_license', function () { + + let mockLicenseInfo; + beforeEach(() => mockLicenseInfo = {}); + + describe('license information is undefined', () => { + beforeEach(() => mockLicenseInfo = undefined); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + + describe('license information is not available', () => { + beforeEach(() => mockLicenseInfo.isAvailable = () => false); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + + describe('license information is available', () => { + beforeEach(() => { + mockLicenseInfo.isAvailable = () => true; + set(mockLicenseInfo, 'license.getType', () => 'basic'); + }); + + describe('& license is trial, standard, gold, platinum', () => { + beforeEach(() => { + set(mockLicenseInfo, 'license.isOneOf', () => true); + mockLicenseInfo.feature = () => ({ isEnabled: () => true }); // Security feature is enabled + }); + + describe('& license is active', () => { + beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => true)); + + it('should set isAvailable to true', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(true); + }); + + it ('should set enableLinks to true', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(true); + }); + + it ('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should not set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.be(undefined); + }); + }); + + describe('& license is expired', () => { + beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => false)); + + it('should set isAvailable to true', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(true); + }); + + it ('should set enableLinks to true', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(true); + }); + + it ('should set isReadOnly to true', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(true); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + }); + + describe('& license is basic', () => { + beforeEach(() => { + set(mockLicenseInfo, 'license.isOneOf', () => false); + mockLicenseInfo.feature = () => ({ isEnabled: () => true }); // Security feature is enabled + }); + + describe('& license is active', () => { + beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => true)); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it ('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it ('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + + describe('& license is expired', () => { + beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => false)); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it ('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it ('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + }); + + describe('& security is disabled', () => { + beforeEach(() => { + mockLicenseInfo.feature = () => ({ isEnabled: () => false }); // Security feature is disabled + set(mockLicenseInfo, 'license.isOneOf', () => true); + set(mockLicenseInfo, 'license.isActive', () => true); + }); + + it('should set isAvailable to false', () => { + expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); + }); + + it ('should set enableLinks to false', () => { + expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); + }); + + it ('should set isReadOnly to false', () => { + expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); + }); + + it('should set a message', () => { + expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); + }); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/check_license/check_license.js b/x-pack/plugins/beats/server/lib/check_license/check_license.js new file mode 100644 index 0000000000000..aa1704cc02730 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/check_license/check_license.js @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export function checkLicense(xpackLicenseInfo) { + // If, for some reason, we cannot get the license information + // from Elasticsearch, assume worst case and disable the Logstash pipeline UI + if (!xpackLicenseInfo || !xpackLicenseInfo.isAvailable()) { + return { + isAvailable: false, + enableLinks: false, + isReadOnly: false, + message: 'You cannot manage Logstash pipelines because license information is not available at this time.' + }; + } + + const VALID_LICENSE_MODES = [ + 'trial', + 'standard', + 'gold', + 'platinum' + ]; + + const isLicenseModeValid = xpackLicenseInfo.license.isOneOf(VALID_LICENSE_MODES); + const isLicenseActive = xpackLicenseInfo.license.isActive(); + const licenseType = xpackLicenseInfo.license.getType(); + const isSecurityEnabled = xpackLicenseInfo.feature('security').isEnabled(); + + // Security is not enabled in ES + if (!isSecurityEnabled) { + const message = 'Security must be enabled in order to use Logstash pipeline management features.' + + ' Please set xpack.security.enabled: true in your elasticsearch.yml.'; + return { + isAvailable: false, + enableLinks: false, + isReadOnly: false, + message + }; + } + + // License is not valid + if (!isLicenseModeValid) { + return { + isAvailable: false, + enableLinks: false, + isReadOnly: false, + message: `Your ${licenseType} license does not support Logstash pipeline management features. Please upgrade your license.` + }; + } + + // License is valid but not active, we go into a read-only mode. + if (!isLicenseActive) { + return { + isAvailable: true, + enableLinks: true, + isReadOnly: true, + message: `You cannot edit, create, or delete your Logstash pipelines because your ${licenseType} license has expired.` + }; + } + + // License is valid and active + return { + isAvailable: true, + enableLinks: true, + isReadOnly: false + }; +} diff --git a/x-pack/plugins/beats/server/lib/check_license/index.js b/x-pack/plugins/beats/server/lib/check_license/index.js new file mode 100644 index 0000000000000..f2c070fd44b6e --- /dev/null +++ b/x-pack/plugins/beats/server/lib/check_license/index.js @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { checkLicense } from './check_license'; diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js new file mode 100644 index 0000000000000..443744ccb0cc8 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { wrapCustomError } from '../wrap_custom_error'; + +describe('wrap_custom_error', () => { + describe('#wrapCustomError', () => { + it('should return a Boom object', () => { + const originalError = new Error('I am an error'); + const statusCode = 404; + const wrappedError = wrapCustomError(originalError, statusCode); + + expect(wrappedError.isBoom).to.be(true); + expect(wrappedError.output.statusCode).to.equal(statusCode); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js new file mode 100644 index 0000000000000..f1b956bdcc3bb --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { wrapEsError } from '../wrap_es_error'; + +describe('wrap_es_error', () => { + describe('#wrapEsError', () => { + + let originalError; + beforeEach(() => { + originalError = new Error('I am an error'); + originalError.statusCode = 404; + }); + + it('should return a Boom object', () => { + const wrappedError = wrapEsError(originalError); + + expect(wrappedError.isBoom).to.be(true); + }); + + it('should return the correct Boom object', () => { + const wrappedError = wrapEsError(originalError); + + expect(wrappedError.output.statusCode).to.be(originalError.statusCode); + expect(wrappedError.output.payload.message).to.be(originalError.message); + }); + + it('should return invalid permissions message for 403 errors', () => { + const securityError = new Error('I am an error'); + securityError.statusCode = 403; + const wrappedError = wrapEsError(securityError); + + expect(wrappedError.isBoom).to.be(true); + expect(wrappedError.message).to.be('Insufficient user permissions for managing Logstash pipelines'); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js new file mode 100644 index 0000000000000..6d6a336417bef --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { wrapUnknownError } from '../wrap_unknown_error'; + +describe('wrap_unknown_error', () => { + describe('#wrapUnknownError', () => { + it('should return a Boom object', () => { + const originalError = new Error('I am an error'); + const wrappedError = wrapUnknownError(originalError); + + expect(wrappedError.isBoom).to.be(true); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js new file mode 100644 index 0000000000000..890a366ac65c1 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import Boom from 'boom'; + +/** + * Wraps a custom error into a Boom error response and returns it + * + * @param err Object error + * @param statusCode Error status code + * @return Object Boom error response + */ +export function wrapCustomError(err, statusCode) { + return Boom.wrap(err, statusCode); +} diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js new file mode 100644 index 0000000000000..b0cdced7adbef --- /dev/null +++ b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import Boom from 'boom'; + +/** + * Wraps an unknown error into a Boom error response and returns it + * + * @param err Object Unknown error + * @return Object Boom error response + */ +export function wrapUnknownError(err) { + return Boom.wrap(err); +} diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js new file mode 100644 index 0000000000000..c543d79814dd3 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js @@ -0,0 +1,72 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; +import { licensePreRoutingFactory } from '../license_pre_routing_factory'; + +describe('license_pre_routing_factory', () => { + describe('#logstashFeaturePreRoutingFactory', () => { + let mockServer; + let mockLicenseCheckResults; + + beforeEach(() => { + mockServer = { + plugins: { + xpack_main: { + info: { + feature: () => ({ + getLicenseCheckResults: () => mockLicenseCheckResults + }) + } + } + } + }; + }); + + it('only instantiates one instance per server', () => { + const firstInstance = licensePreRoutingFactory(mockServer); + const secondInstance = licensePreRoutingFactory(mockServer); + + expect(firstInstance).to.be(secondInstance); + }); + + describe('isAvailable is false', () => { + beforeEach(() => { + mockLicenseCheckResults = { + isAvailable: false + }; + }); + + it ('replies with 403', (done) => { + const licensePreRouting = licensePreRoutingFactory(mockServer); + const stubRequest = {}; + licensePreRouting(stubRequest, (response) => { + expect(response).to.be.an(Error); + expect(response.isBoom).to.be(true); + expect(response.output.statusCode).to.be(403); + done(); + }); + }); + }); + + describe('isAvailable is true', () => { + beforeEach(() => { + mockLicenseCheckResults = { + isAvailable: true + }; + }); + + it ('replies with nothing', (done) => { + const licensePreRouting = licensePreRoutingFactory(mockServer); + const stubRequest = {}; + licensePreRouting(stubRequest, (response) => { + expect(response).to.be(undefined); + done(); + }); + }); + }); + }); +}); diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js new file mode 100644 index 0000000000000..0743e443955f4 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { licensePreRoutingFactory } from './license_pre_routing_factory'; diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js new file mode 100644 index 0000000000000..4ae31f692bfd7 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { once } from 'lodash'; +import { wrapCustomError } from '../error_wrappers'; +import { PLUGIN } from '../../../common/constants'; + +export const licensePreRoutingFactory = once((server) => { + const xpackMainPlugin = server.plugins.xpack_main; + + // License checking and enable/disable logic + function licensePreRouting(request, reply) { + const licenseCheckResults = xpackMainPlugin.info.feature(PLUGIN.ID).getLicenseCheckResults(); + if (!licenseCheckResults.isAvailable) { + const error = new Error(licenseCheckResults.message); + const statusCode = 403; + const wrappedError = wrapCustomError(error, statusCode); + reply(wrappedError); + } else { + reply(); + } + } + + return licensePreRouting; +}); diff --git a/x-pack/plugins/beats/server/lib/register_license_checker/index.js b/x-pack/plugins/beats/server/lib/register_license_checker/index.js new file mode 100644 index 0000000000000..7b0f97c38d129 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/register_license_checker/index.js @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { registerLicenseChecker } from './register_license_checker'; diff --git a/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js b/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js new file mode 100644 index 0000000000000..8a17fb2eea497 --- /dev/null +++ b/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { mirrorPluginStatus } from '../../../../../server/lib/mirror_plugin_status'; +import { checkLicense } from '../check_license'; +import { PLUGIN } from '../../../common/constants'; + +export function registerLicenseChecker(server) { + const xpackMainPlugin = server.plugins.xpack_main; + const logstashPlugin = server.plugins.logstash; + + mirrorPluginStatus(xpackMainPlugin, logstashPlugin); + xpackMainPlugin.status.once('green', () => { + // Register a function that is called whenever the xpack info changes, + // to re-compute the license check results for this plugin + xpackMainPlugin.info.feature(PLUGIN.ID).registerLicenseCheckResultsGenerator(checkLicense); + }); +} diff --git a/x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js new file mode 100644 index 0000000000000..e69de29bb2d1d From e9bb40d08ed644eb084be810595aa46cc5303edc Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Sat, 12 May 2018 12:33:56 -0700 Subject: [PATCH 06/16] Fixing API for default case + adding test for it --- .../apis/beats/create_enrollment_tokens.js | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js b/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js index 86b80323773b4..953508ebfadb3 100644 --- a/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js +++ b/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js @@ -41,6 +41,30 @@ export default function ({ getService }) { expect(tokensFromApi).to.eql(tokensInEs); }); + it('should create one token by default', async () => { + const { body: apiResponse } = await supertest + .post( + '/api/beats/enrollment_tokens' + ) + .set('kbn-xsrf', 'xxx') + .send() + .expect(200); + + const tokensFromApi = apiResponse.tokens; + + const esResponse = await es.search({ + index: ES_ADMIN_INDEX_NAME, + type: ES_TYPE_NAME, + q: 'type:enrollment_token' + }); + + const tokensInEs = esResponse.hits.hits + .map(hit => hit._source.enrollment_token.token); + + expect(tokensFromApi.length).to.eql(1); + expect(tokensFromApi).to.eql(tokensInEs); + }); + it('should create the specified number of tokens', async () => { const numTokens = chance.integer({ min: 1, max: 2000 }); From 8e902061cc617c6f19fc5457bbb49ecea14125b5 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Mon, 14 May 2018 13:02:53 -0700 Subject: [PATCH 07/16] Using a single index --- .../test/api_integration/apis/beats/create_enrollment_tokens.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js b/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js index 953508ebfadb3..129b6b405571c 100644 --- a/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js +++ b/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js @@ -53,7 +53,7 @@ export default function ({ getService }) { const tokensFromApi = apiResponse.tokens; const esResponse = await es.search({ - index: ES_ADMIN_INDEX_NAME, + index: ES_INDEX_NAME, type: ES_TYPE_NAME, q: 'type:enrollment_token' }); From 06c686d04138fed97c749b90476dcb724e066e2e Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Tue, 15 May 2018 11:57:43 -0700 Subject: [PATCH 08/16] Implementing GET /api/beats/agents API --- .../call_with_request_factory.js | 19 -- .../lib/call_with_request_factory/index.js | 7 - .../check_license/__tests__/check_license.js | 180 ------------------ .../server/lib/check_license/check_license.js | 69 ------- .../beats/server/lib/check_license/index.js | 7 - .../__tests__/wrap_custom_error.js | 21 -- .../error_wrappers/__tests__/wrap_es_error.js | 41 ---- .../__tests__/wrap_unknown_error.js | 19 -- .../lib/error_wrappers/wrap_custom_error.js | 18 -- .../lib/error_wrappers/wrap_unknown_error.js | 17 -- .../__tests__/license_pre_routing_factory.js | 72 ------- .../lib/license_pre_routing_factory/index.js | 7 - .../license_pre_routing_factory.js | 28 --- .../lib/register_license_checker/index.js | 7 - .../register_license_checker.js | 21 -- .../api/register_disenroll_beats_route.js | 0 .../routes/api/register_enroll_beats_route.js | 0 17 files changed, 533 deletions(-) delete mode 100644 x-pack/plugins/beats/server/lib/call_with_request_factory/call_with_request_factory.js delete mode 100644 x-pack/plugins/beats/server/lib/call_with_request_factory/index.js delete mode 100644 x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js delete mode 100644 x-pack/plugins/beats/server/lib/check_license/check_license.js delete mode 100644 x-pack/plugins/beats/server/lib/check_license/index.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js delete mode 100644 x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js delete mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js delete mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js delete mode 100644 x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js delete mode 100644 x-pack/plugins/beats/server/lib/register_license_checker/index.js delete mode 100644 x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js delete mode 100644 x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js delete mode 100644 x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js diff --git a/x-pack/plugins/beats/server/lib/call_with_request_factory/call_with_request_factory.js b/x-pack/plugins/beats/server/lib/call_with_request_factory/call_with_request_factory.js deleted file mode 100644 index 0c4f909d12f61..0000000000000 --- a/x-pack/plugins/beats/server/lib/call_with_request_factory/call_with_request_factory.js +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { once } from 'lodash'; - -const callWithRequest = once((server) => { - const config = server.config().get('elasticsearch'); - const cluster = server.plugins.elasticsearch.createCluster('beats', config); - return cluster.callWithRequest; -}); - -export const callWithRequestFactory = (server, request) => { - return (...args) => { - return callWithRequest(server)(request, ...args); - }; -}; diff --git a/x-pack/plugins/beats/server/lib/call_with_request_factory/index.js b/x-pack/plugins/beats/server/lib/call_with_request_factory/index.js deleted file mode 100644 index 787814d87dff9..0000000000000 --- a/x-pack/plugins/beats/server/lib/call_with_request_factory/index.js +++ /dev/null @@ -1,7 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { callWithRequestFactory } from './call_with_request_factory'; diff --git a/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js b/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js deleted file mode 100644 index 449ff3a60b9e7..0000000000000 --- a/x-pack/plugins/beats/server/lib/check_license/__tests__/check_license.js +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { set } from 'lodash'; -import { checkLicense } from '../check_license'; - -describe('check_license', function () { - - let mockLicenseInfo; - beforeEach(() => mockLicenseInfo = {}); - - describe('license information is undefined', () => { - beforeEach(() => mockLicenseInfo = undefined); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - - describe('license information is not available', () => { - beforeEach(() => mockLicenseInfo.isAvailable = () => false); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - - describe('license information is available', () => { - beforeEach(() => { - mockLicenseInfo.isAvailable = () => true; - set(mockLicenseInfo, 'license.getType', () => 'basic'); - }); - - describe('& license is trial, standard, gold, platinum', () => { - beforeEach(() => { - set(mockLicenseInfo, 'license.isOneOf', () => true); - mockLicenseInfo.feature = () => ({ isEnabled: () => true }); // Security feature is enabled - }); - - describe('& license is active', () => { - beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => true)); - - it('should set isAvailable to true', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(true); - }); - - it ('should set enableLinks to true', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(true); - }); - - it ('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should not set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.be(undefined); - }); - }); - - describe('& license is expired', () => { - beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => false)); - - it('should set isAvailable to true', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(true); - }); - - it ('should set enableLinks to true', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(true); - }); - - it ('should set isReadOnly to true', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(true); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - }); - - describe('& license is basic', () => { - beforeEach(() => { - set(mockLicenseInfo, 'license.isOneOf', () => false); - mockLicenseInfo.feature = () => ({ isEnabled: () => true }); // Security feature is enabled - }); - - describe('& license is active', () => { - beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => true)); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it ('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it ('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - - describe('& license is expired', () => { - beforeEach(() => set(mockLicenseInfo, 'license.isActive', () => false)); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it ('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it ('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - }); - - describe('& security is disabled', () => { - beforeEach(() => { - mockLicenseInfo.feature = () => ({ isEnabled: () => false }); // Security feature is disabled - set(mockLicenseInfo, 'license.isOneOf', () => true); - set(mockLicenseInfo, 'license.isActive', () => true); - }); - - it('should set isAvailable to false', () => { - expect(checkLicense(mockLicenseInfo).isAvailable).to.be(false); - }); - - it ('should set enableLinks to false', () => { - expect(checkLicense(mockLicenseInfo).enableLinks).to.be(false); - }); - - it ('should set isReadOnly to false', () => { - expect(checkLicense(mockLicenseInfo).isReadOnly).to.be(false); - }); - - it('should set a message', () => { - expect(checkLicense(mockLicenseInfo).message).to.not.be(undefined); - }); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/check_license/check_license.js b/x-pack/plugins/beats/server/lib/check_license/check_license.js deleted file mode 100644 index aa1704cc02730..0000000000000 --- a/x-pack/plugins/beats/server/lib/check_license/check_license.js +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export function checkLicense(xpackLicenseInfo) { - // If, for some reason, we cannot get the license information - // from Elasticsearch, assume worst case and disable the Logstash pipeline UI - if (!xpackLicenseInfo || !xpackLicenseInfo.isAvailable()) { - return { - isAvailable: false, - enableLinks: false, - isReadOnly: false, - message: 'You cannot manage Logstash pipelines because license information is not available at this time.' - }; - } - - const VALID_LICENSE_MODES = [ - 'trial', - 'standard', - 'gold', - 'platinum' - ]; - - const isLicenseModeValid = xpackLicenseInfo.license.isOneOf(VALID_LICENSE_MODES); - const isLicenseActive = xpackLicenseInfo.license.isActive(); - const licenseType = xpackLicenseInfo.license.getType(); - const isSecurityEnabled = xpackLicenseInfo.feature('security').isEnabled(); - - // Security is not enabled in ES - if (!isSecurityEnabled) { - const message = 'Security must be enabled in order to use Logstash pipeline management features.' - + ' Please set xpack.security.enabled: true in your elasticsearch.yml.'; - return { - isAvailable: false, - enableLinks: false, - isReadOnly: false, - message - }; - } - - // License is not valid - if (!isLicenseModeValid) { - return { - isAvailable: false, - enableLinks: false, - isReadOnly: false, - message: `Your ${licenseType} license does not support Logstash pipeline management features. Please upgrade your license.` - }; - } - - // License is valid but not active, we go into a read-only mode. - if (!isLicenseActive) { - return { - isAvailable: true, - enableLinks: true, - isReadOnly: true, - message: `You cannot edit, create, or delete your Logstash pipelines because your ${licenseType} license has expired.` - }; - } - - // License is valid and active - return { - isAvailable: true, - enableLinks: true, - isReadOnly: false - }; -} diff --git a/x-pack/plugins/beats/server/lib/check_license/index.js b/x-pack/plugins/beats/server/lib/check_license/index.js deleted file mode 100644 index f2c070fd44b6e..0000000000000 --- a/x-pack/plugins/beats/server/lib/check_license/index.js +++ /dev/null @@ -1,7 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { checkLicense } from './check_license'; diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js deleted file mode 100644 index 443744ccb0cc8..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_custom_error.js +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { wrapCustomError } from '../wrap_custom_error'; - -describe('wrap_custom_error', () => { - describe('#wrapCustomError', () => { - it('should return a Boom object', () => { - const originalError = new Error('I am an error'); - const statusCode = 404; - const wrappedError = wrapCustomError(originalError, statusCode); - - expect(wrappedError.isBoom).to.be(true); - expect(wrappedError.output.statusCode).to.equal(statusCode); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js deleted file mode 100644 index f1b956bdcc3bb..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_es_error.js +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { wrapEsError } from '../wrap_es_error'; - -describe('wrap_es_error', () => { - describe('#wrapEsError', () => { - - let originalError; - beforeEach(() => { - originalError = new Error('I am an error'); - originalError.statusCode = 404; - }); - - it('should return a Boom object', () => { - const wrappedError = wrapEsError(originalError); - - expect(wrappedError.isBoom).to.be(true); - }); - - it('should return the correct Boom object', () => { - const wrappedError = wrapEsError(originalError); - - expect(wrappedError.output.statusCode).to.be(originalError.statusCode); - expect(wrappedError.output.payload.message).to.be(originalError.message); - }); - - it('should return invalid permissions message for 403 errors', () => { - const securityError = new Error('I am an error'); - securityError.statusCode = 403; - const wrappedError = wrapEsError(securityError); - - expect(wrappedError.isBoom).to.be(true); - expect(wrappedError.message).to.be('Insufficient user permissions for managing Logstash pipelines'); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js deleted file mode 100644 index 6d6a336417bef..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/__tests__/wrap_unknown_error.js +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { wrapUnknownError } from '../wrap_unknown_error'; - -describe('wrap_unknown_error', () => { - describe('#wrapUnknownError', () => { - it('should return a Boom object', () => { - const originalError = new Error('I am an error'); - const wrappedError = wrapUnknownError(originalError); - - expect(wrappedError.isBoom).to.be(true); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js deleted file mode 100644 index 890a366ac65c1..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_custom_error.js +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import Boom from 'boom'; - -/** - * Wraps a custom error into a Boom error response and returns it - * - * @param err Object error - * @param statusCode Error status code - * @return Object Boom error response - */ -export function wrapCustomError(err, statusCode) { - return Boom.wrap(err, statusCode); -} diff --git a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js b/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js deleted file mode 100644 index b0cdced7adbef..0000000000000 --- a/x-pack/plugins/beats/server/lib/error_wrappers/wrap_unknown_error.js +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import Boom from 'boom'; - -/** - * Wraps an unknown error into a Boom error response and returns it - * - * @param err Object Unknown error - * @return Object Boom error response - */ -export function wrapUnknownError(err) { - return Boom.wrap(err); -} diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js deleted file mode 100644 index c543d79814dd3..0000000000000 --- a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/__tests__/license_pre_routing_factory.js +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import { licensePreRoutingFactory } from '../license_pre_routing_factory'; - -describe('license_pre_routing_factory', () => { - describe('#logstashFeaturePreRoutingFactory', () => { - let mockServer; - let mockLicenseCheckResults; - - beforeEach(() => { - mockServer = { - plugins: { - xpack_main: { - info: { - feature: () => ({ - getLicenseCheckResults: () => mockLicenseCheckResults - }) - } - } - } - }; - }); - - it('only instantiates one instance per server', () => { - const firstInstance = licensePreRoutingFactory(mockServer); - const secondInstance = licensePreRoutingFactory(mockServer); - - expect(firstInstance).to.be(secondInstance); - }); - - describe('isAvailable is false', () => { - beforeEach(() => { - mockLicenseCheckResults = { - isAvailable: false - }; - }); - - it ('replies with 403', (done) => { - const licensePreRouting = licensePreRoutingFactory(mockServer); - const stubRequest = {}; - licensePreRouting(stubRequest, (response) => { - expect(response).to.be.an(Error); - expect(response.isBoom).to.be(true); - expect(response.output.statusCode).to.be(403); - done(); - }); - }); - }); - - describe('isAvailable is true', () => { - beforeEach(() => { - mockLicenseCheckResults = { - isAvailable: true - }; - }); - - it ('replies with nothing', (done) => { - const licensePreRouting = licensePreRoutingFactory(mockServer); - const stubRequest = {}; - licensePreRouting(stubRequest, (response) => { - expect(response).to.be(undefined); - done(); - }); - }); - }); - }); -}); diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js deleted file mode 100644 index 0743e443955f4..0000000000000 --- a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/index.js +++ /dev/null @@ -1,7 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { licensePreRoutingFactory } from './license_pre_routing_factory'; diff --git a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js b/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js deleted file mode 100644 index 4ae31f692bfd7..0000000000000 --- a/x-pack/plugins/beats/server/lib/license_pre_routing_factory/license_pre_routing_factory.js +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { once } from 'lodash'; -import { wrapCustomError } from '../error_wrappers'; -import { PLUGIN } from '../../../common/constants'; - -export const licensePreRoutingFactory = once((server) => { - const xpackMainPlugin = server.plugins.xpack_main; - - // License checking and enable/disable logic - function licensePreRouting(request, reply) { - const licenseCheckResults = xpackMainPlugin.info.feature(PLUGIN.ID).getLicenseCheckResults(); - if (!licenseCheckResults.isAvailable) { - const error = new Error(licenseCheckResults.message); - const statusCode = 403; - const wrappedError = wrapCustomError(error, statusCode); - reply(wrappedError); - } else { - reply(); - } - } - - return licensePreRouting; -}); diff --git a/x-pack/plugins/beats/server/lib/register_license_checker/index.js b/x-pack/plugins/beats/server/lib/register_license_checker/index.js deleted file mode 100644 index 7b0f97c38d129..0000000000000 --- a/x-pack/plugins/beats/server/lib/register_license_checker/index.js +++ /dev/null @@ -1,7 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { registerLicenseChecker } from './register_license_checker'; diff --git a/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js b/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js deleted file mode 100644 index 8a17fb2eea497..0000000000000 --- a/x-pack/plugins/beats/server/lib/register_license_checker/register_license_checker.js +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { mirrorPluginStatus } from '../../../../../server/lib/mirror_plugin_status'; -import { checkLicense } from '../check_license'; -import { PLUGIN } from '../../../common/constants'; - -export function registerLicenseChecker(server) { - const xpackMainPlugin = server.plugins.xpack_main; - const logstashPlugin = server.plugins.logstash; - - mirrorPluginStatus(xpackMainPlugin, logstashPlugin); - xpackMainPlugin.status.once('green', () => { - // Register a function that is called whenever the xpack info changes, - // to re-compute the license check results for this plugin - xpackMainPlugin.info.feature(PLUGIN.ID).registerLicenseCheckResultsGenerator(checkLicense); - }); -} diff --git a/x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_disenroll_beats_route.js deleted file mode 100644 index e69de29bb2d1d..0000000000000 diff --git a/x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_enroll_beats_route.js deleted file mode 100644 index e69de29bb2d1d..0000000000000 From 5aac44fe53955fc61408ff88289acee95587e0dd Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 16 May 2018 09:23:24 -0700 Subject: [PATCH 09/16] Updating mapping --- .../apis/beats/create_enrollment_tokens.js | 24 ------------------- 1 file changed, 24 deletions(-) diff --git a/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js b/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js index 129b6b405571c..86b80323773b4 100644 --- a/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js +++ b/x-pack/test/api_integration/apis/beats/create_enrollment_tokens.js @@ -41,30 +41,6 @@ export default function ({ getService }) { expect(tokensFromApi).to.eql(tokensInEs); }); - it('should create one token by default', async () => { - const { body: apiResponse } = await supertest - .post( - '/api/beats/enrollment_tokens' - ) - .set('kbn-xsrf', 'xxx') - .send() - .expect(200); - - const tokensFromApi = apiResponse.tokens; - - const esResponse = await es.search({ - index: ES_INDEX_NAME, - type: ES_TYPE_NAME, - q: 'type:enrollment_token' - }); - - const tokensInEs = esResponse.hits.hits - .map(hit => hit._source.enrollment_token.token); - - expect(tokensFromApi.length).to.eql(1); - expect(tokensFromApi).to.eql(tokensInEs); - }); - it('should create the specified number of tokens', async () => { const numTokens = chance.integer({ min: 1, max: 2000 }); From 130178bb14026695e4e2cfd44dc4d0b9b15b413f Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Tue, 15 May 2018 18:36:17 -0700 Subject: [PATCH 10/16] Creating POST /api/beats/agents/verify API --- .../api/register_verify_beats_routes.js | 132 ++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js diff --git a/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js b/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js new file mode 100644 index 0000000000000..c57c35859aba9 --- /dev/null +++ b/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js @@ -0,0 +1,132 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import Joi from 'joi'; +import moment from 'moment'; +import { + get, + flatten +} from 'lodash'; +import { INDEX_NAMES } from '../../../common/constants'; +import { callWithRequestFactory } from '../../lib/client'; +import { wrapEsError } from '../../lib/error_wrappers'; + +async function getBeats(callWithRequest, beatIds) { + const ids = beatIds.map(beatId => `beat:${beatId}`); + const params = { + index: INDEX_NAMES.BEATS, + type: '_doc', + body: { ids }, + _sourceInclude: [ 'beat.id', 'beat.verified_on' ] + }; + + const response = await callWithRequest('mget', params); + return get(response, 'docs', []); +} + +async function verifyBeats(callWithRequest, beatIds) { + if (!Array.isArray(beatIds) || (beatIds.length === 0)) { + return []; + } + + const verifiedOn = moment().toJSON(); + const body = flatten(beatIds.map(beatId => [ + { update: { _id: `beat:${beatId}` } }, + { doc: { beat: { verified_on: verifiedOn } } } + ])); + + const params = { + index: INDEX_NAMES.BEATS, + type: '_doc', + body, + refresh: 'wait_for' + }; + + const response = await callWithRequest('bulk', params); + return get(response, 'items', []); +} + +// TODO: add license check pre-hook +// TODO: write to Kibana audit log file +export function registerVerifyBeatsRoute(server) { + server.route({ + method: 'POST', + path: '/api/beats/agents/verify', + config: { + validate: { + payload: Joi.object({ + beats: Joi.array({ + id: Joi.string().required() + }).min(1) + }).required() + } + }, + handler: async (request, reply) => { + const callWithRequest = callWithRequestFactory(server, request); + + const beats = [...request.payload.beats]; + const beatIds = beats.map(beat => beat.id); + + let nonExistentBeatIds; + let alreadyVerifiedBeatIds; + let verifiedBeatIds; + + try { + const beatsFromEs = await getBeats(callWithRequest, beatIds); + + // TODO: extract into helper function + nonExistentBeatIds = beatsFromEs.reduce((beatIdsSoFar, beatFromEs, idx) => { + if (!beatFromEs.found) { + beatIdsSoFar.push(beatIds[idx]); + } + return beatIdsSoFar; + }, []); + + alreadyVerifiedBeatIds = beatsFromEs + .filter(beat => beat.found) + .filter(beat => beat._source.beat.hasOwnProperty('verified_on')) + .map(beat => beat._source.beat.id); + + const beatIdsToVerify = beatsFromEs + .filter(beat => beat.found) + .filter(beat => !beat._source.beat.hasOwnProperty('verified_on')) + .map(beat => beat._source.beat.id); + + const verifications = await verifyBeats(callWithRequest, beatIdsToVerify); + + // TODO: extract into helper function + verifiedBeatIds = verifications.reduce((beatIdsSoFar, verification, idx) => { + if (verification.update.status === 200) { + beatIdsSoFar.push(beatIdsToVerify[idx]); + } + return beatIdsSoFar; + }, []); + + } catch (err) { + return reply(wrapEsError(err)); + } + + beats.forEach(beat => { + if (nonExistentBeatIds.includes(beat.id)) { + beat.status = 404; + beat.result = 'not found'; + } else if (alreadyVerifiedBeatIds.includes(beat.id)) { + beat.status = 200; + beat.result = 'already verified'; + } else if (verifiedBeatIds.includes(beat.id)) { + beat.status = 200; + beat.result = 'verified'; + } else { + beat.status = 400; + beat.result = 'not verified'; + } + }); + + const response = { beats }; + reply(response); + } + }); +} From b7d279b90b36906bac553c852fe2cecdba8a6809 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 16 May 2018 05:21:38 -0700 Subject: [PATCH 11/16] Refactoring: extracting out helper functions --- .../api/register_verify_beats_routes.js | 65 +++++++++++-------- 1 file changed, 38 insertions(+), 27 deletions(-) diff --git a/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js b/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js index c57c35859aba9..6aaa61b07c5f8 100644 --- a/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js +++ b/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js @@ -49,6 +49,38 @@ async function verifyBeats(callWithRequest, beatIds) { return get(response, 'items', []); } +function determineNonExistentBeatIds(beatsFromEs, beatIdsFromRequest) { + return beatsFromEs.reduce((nonExistentBeatIds, beatFromEs, idx) => { + if (!beatFromEs.found) { + nonExistentBeatIds.push(beatIdsFromRequest[idx]); + } + return nonExistentBeatIds; + }, []); +} + +function determineAlreadyVerifiedBeatIds(beatsFromEs) { + return beatsFromEs + .filter(beat => beat.found) + .filter(beat => beat._source.beat.hasOwnProperty('verified_on')) + .map(beat => beat._source.beat.id); +} + +function determineToBeVerifiedBeatIds(beatsFromEs) { + return beatsFromEs + .filter(beat => beat.found) + .filter(beat => !beat._source.beat.hasOwnProperty('verified_on')) + .map(beat => beat._source.beat.id); +} + +function determineVerifiedBeatIds(verifications, toBeVerifiedBeatIds) { + return verifications.reduce((verifiedBeatIds, verification, idx) => { + if (verification.update.status === 200) { + verifiedBeatIds.push(toBeVerifiedBeatIds[idx]); + } + return verifiedBeatIds; + }, []); +} + // TODO: add license check pre-hook // TODO: write to Kibana audit log file export function registerVerifyBeatsRoute(server) { @@ -77,33 +109,12 @@ export function registerVerifyBeatsRoute(server) { try { const beatsFromEs = await getBeats(callWithRequest, beatIds); - // TODO: extract into helper function - nonExistentBeatIds = beatsFromEs.reduce((beatIdsSoFar, beatFromEs, idx) => { - if (!beatFromEs.found) { - beatIdsSoFar.push(beatIds[idx]); - } - return beatIdsSoFar; - }, []); - - alreadyVerifiedBeatIds = beatsFromEs - .filter(beat => beat.found) - .filter(beat => beat._source.beat.hasOwnProperty('verified_on')) - .map(beat => beat._source.beat.id); - - const beatIdsToVerify = beatsFromEs - .filter(beat => beat.found) - .filter(beat => !beat._source.beat.hasOwnProperty('verified_on')) - .map(beat => beat._source.beat.id); - - const verifications = await verifyBeats(callWithRequest, beatIdsToVerify); - - // TODO: extract into helper function - verifiedBeatIds = verifications.reduce((beatIdsSoFar, verification, idx) => { - if (verification.update.status === 200) { - beatIdsSoFar.push(beatIdsToVerify[idx]); - } - return beatIdsSoFar; - }, []); + nonExistentBeatIds = determineNonExistentBeatIds(beatsFromEs, beatIds); + alreadyVerifiedBeatIds = determineAlreadyVerifiedBeatIds(beatsFromEs); + const toBeVerifiedBeatIds = determineToBeVerifiedBeatIds(beatsFromEs); + + const verifications = await verifyBeats(callWithRequest, toBeVerifiedBeatIds); + verifiedBeatIds = determineVerifiedBeatIds(verifications, toBeVerifiedBeatIds); } catch (err) { return reply(wrapEsError(err)); From efe1f0754d2c33c7f6405aa29c7a228e9cc2e309 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 16 May 2018 05:59:12 -0700 Subject: [PATCH 12/16] Expanding TODO note so I won't forget :) --- .../beats/server/routes/api/register_enroll_beat_route.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/beats/server/routes/api/register_enroll_beat_route.js b/x-pack/plugins/beats/server/routes/api/register_enroll_beat_route.js index bad28c0ab9be5..27913d119153d 100644 --- a/x-pack/plugins/beats/server/routes/api/register_enroll_beat_route.js +++ b/x-pack/plugins/beats/server/routes/api/register_enroll_beat_route.js @@ -61,7 +61,7 @@ function persistBeat(callWithInternalUser, beat) { } // TODO: add license check pre-hook -// TODO: write to Kibana audit log file +// TODO: write to Kibana audit log file (include who did the verification as well) export function registerEnrollBeatRoute(server) { server.route({ method: 'POST', From 1081c525a30f95c213479ae6aae24800a162730c Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 16 May 2018 06:38:31 -0700 Subject: [PATCH 13/16] Fixing file name --- .../routes/api/register_verify_beats_route.js | 16 +- .../api/register_verify_beats_routes.js | 143 ------------------ 2 files changed, 8 insertions(+), 151 deletions(-) delete mode 100644 x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js diff --git a/x-pack/plugins/beats/server/routes/api/register_verify_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_verify_beats_route.js index b2113029224a5..6aaa61b07c5f8 100644 --- a/x-pack/plugins/beats/server/routes/api/register_verify_beats_route.js +++ b/x-pack/plugins/beats/server/routes/api/register_verify_beats_route.js @@ -49,7 +49,7 @@ async function verifyBeats(callWithRequest, beatIds) { return get(response, 'items', []); } -function findNonExistentBeatIds(beatsFromEs, beatIdsFromRequest) { +function determineNonExistentBeatIds(beatsFromEs, beatIdsFromRequest) { return beatsFromEs.reduce((nonExistentBeatIds, beatFromEs, idx) => { if (!beatFromEs.found) { nonExistentBeatIds.push(beatIdsFromRequest[idx]); @@ -58,21 +58,21 @@ function findNonExistentBeatIds(beatsFromEs, beatIdsFromRequest) { }, []); } -function findAlreadyVerifiedBeatIds(beatsFromEs) { +function determineAlreadyVerifiedBeatIds(beatsFromEs) { return beatsFromEs .filter(beat => beat.found) .filter(beat => beat._source.beat.hasOwnProperty('verified_on')) .map(beat => beat._source.beat.id); } -function findToBeVerifiedBeatIds(beatsFromEs) { +function determineToBeVerifiedBeatIds(beatsFromEs) { return beatsFromEs .filter(beat => beat.found) .filter(beat => !beat._source.beat.hasOwnProperty('verified_on')) .map(beat => beat._source.beat.id); } -function findVerifiedBeatIds(verifications, toBeVerifiedBeatIds) { +function determineVerifiedBeatIds(verifications, toBeVerifiedBeatIds) { return verifications.reduce((verifiedBeatIds, verification, idx) => { if (verification.update.status === 200) { verifiedBeatIds.push(toBeVerifiedBeatIds[idx]); @@ -109,12 +109,12 @@ export function registerVerifyBeatsRoute(server) { try { const beatsFromEs = await getBeats(callWithRequest, beatIds); - nonExistentBeatIds = findNonExistentBeatIds(beatsFromEs, beatIds); - alreadyVerifiedBeatIds = findAlreadyVerifiedBeatIds(beatsFromEs); - const toBeVerifiedBeatIds = findToBeVerifiedBeatIds(beatsFromEs); + nonExistentBeatIds = determineNonExistentBeatIds(beatsFromEs, beatIds); + alreadyVerifiedBeatIds = determineAlreadyVerifiedBeatIds(beatsFromEs); + const toBeVerifiedBeatIds = determineToBeVerifiedBeatIds(beatsFromEs); const verifications = await verifyBeats(callWithRequest, toBeVerifiedBeatIds); - verifiedBeatIds = findVerifiedBeatIds(verifications, toBeVerifiedBeatIds); + verifiedBeatIds = determineVerifiedBeatIds(verifications, toBeVerifiedBeatIds); } catch (err) { return reply(wrapEsError(err)); diff --git a/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js b/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js deleted file mode 100644 index 6aaa61b07c5f8..0000000000000 --- a/x-pack/plugins/beats/server/routes/api/register_verify_beats_routes.js +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import Joi from 'joi'; -import moment from 'moment'; -import { - get, - flatten -} from 'lodash'; -import { INDEX_NAMES } from '../../../common/constants'; -import { callWithRequestFactory } from '../../lib/client'; -import { wrapEsError } from '../../lib/error_wrappers'; - -async function getBeats(callWithRequest, beatIds) { - const ids = beatIds.map(beatId => `beat:${beatId}`); - const params = { - index: INDEX_NAMES.BEATS, - type: '_doc', - body: { ids }, - _sourceInclude: [ 'beat.id', 'beat.verified_on' ] - }; - - const response = await callWithRequest('mget', params); - return get(response, 'docs', []); -} - -async function verifyBeats(callWithRequest, beatIds) { - if (!Array.isArray(beatIds) || (beatIds.length === 0)) { - return []; - } - - const verifiedOn = moment().toJSON(); - const body = flatten(beatIds.map(beatId => [ - { update: { _id: `beat:${beatId}` } }, - { doc: { beat: { verified_on: verifiedOn } } } - ])); - - const params = { - index: INDEX_NAMES.BEATS, - type: '_doc', - body, - refresh: 'wait_for' - }; - - const response = await callWithRequest('bulk', params); - return get(response, 'items', []); -} - -function determineNonExistentBeatIds(beatsFromEs, beatIdsFromRequest) { - return beatsFromEs.reduce((nonExistentBeatIds, beatFromEs, idx) => { - if (!beatFromEs.found) { - nonExistentBeatIds.push(beatIdsFromRequest[idx]); - } - return nonExistentBeatIds; - }, []); -} - -function determineAlreadyVerifiedBeatIds(beatsFromEs) { - return beatsFromEs - .filter(beat => beat.found) - .filter(beat => beat._source.beat.hasOwnProperty('verified_on')) - .map(beat => beat._source.beat.id); -} - -function determineToBeVerifiedBeatIds(beatsFromEs) { - return beatsFromEs - .filter(beat => beat.found) - .filter(beat => !beat._source.beat.hasOwnProperty('verified_on')) - .map(beat => beat._source.beat.id); -} - -function determineVerifiedBeatIds(verifications, toBeVerifiedBeatIds) { - return verifications.reduce((verifiedBeatIds, verification, idx) => { - if (verification.update.status === 200) { - verifiedBeatIds.push(toBeVerifiedBeatIds[idx]); - } - return verifiedBeatIds; - }, []); -} - -// TODO: add license check pre-hook -// TODO: write to Kibana audit log file -export function registerVerifyBeatsRoute(server) { - server.route({ - method: 'POST', - path: '/api/beats/agents/verify', - config: { - validate: { - payload: Joi.object({ - beats: Joi.array({ - id: Joi.string().required() - }).min(1) - }).required() - } - }, - handler: async (request, reply) => { - const callWithRequest = callWithRequestFactory(server, request); - - const beats = [...request.payload.beats]; - const beatIds = beats.map(beat => beat.id); - - let nonExistentBeatIds; - let alreadyVerifiedBeatIds; - let verifiedBeatIds; - - try { - const beatsFromEs = await getBeats(callWithRequest, beatIds); - - nonExistentBeatIds = determineNonExistentBeatIds(beatsFromEs, beatIds); - alreadyVerifiedBeatIds = determineAlreadyVerifiedBeatIds(beatsFromEs); - const toBeVerifiedBeatIds = determineToBeVerifiedBeatIds(beatsFromEs); - - const verifications = await verifyBeats(callWithRequest, toBeVerifiedBeatIds); - verifiedBeatIds = determineVerifiedBeatIds(verifications, toBeVerifiedBeatIds); - - } catch (err) { - return reply(wrapEsError(err)); - } - - beats.forEach(beat => { - if (nonExistentBeatIds.includes(beat.id)) { - beat.status = 404; - beat.result = 'not found'; - } else if (alreadyVerifiedBeatIds.includes(beat.id)) { - beat.status = 200; - beat.result = 'already verified'; - } else if (verifiedBeatIds.includes(beat.id)) { - beat.status = 200; - beat.result = 'verified'; - } else { - beat.status = 400; - beat.result = 'not verified'; - } - }); - - const response = { beats }; - reply(response); - } - }); -} From ff9d22bda16de9f63289b8bd58c802698d90a0cb Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Wed, 16 May 2018 13:02:48 -0700 Subject: [PATCH 14/16] Fixing minor typo in TODO comment --- .../beats/server/routes/api/register_enroll_beat_route.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/beats/server/routes/api/register_enroll_beat_route.js b/x-pack/plugins/beats/server/routes/api/register_enroll_beat_route.js index 27913d119153d..bad28c0ab9be5 100644 --- a/x-pack/plugins/beats/server/routes/api/register_enroll_beat_route.js +++ b/x-pack/plugins/beats/server/routes/api/register_enroll_beat_route.js @@ -61,7 +61,7 @@ function persistBeat(callWithInternalUser, beat) { } // TODO: add license check pre-hook -// TODO: write to Kibana audit log file (include who did the verification as well) +// TODO: write to Kibana audit log file export function registerEnrollBeatRoute(server) { server.route({ method: 'POST', From 82275503af0829cc77335f9522865ac0fb6fb429 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Thu, 17 May 2018 22:20:50 -0700 Subject: [PATCH 15/16] WIP checkin: GET /api/beats/agent/{beat ID}/configuration API --- .../plugins/beats/server/routes/api/index.js | 2 + .../register_get_beat_configuration_route.js | 91 +++++++++++++++++++ .../apis/beats/get_beat_configuration.js | 42 +++++++++ .../test/api_integration/apis/beats/index.js | 1 + 4 files changed, 136 insertions(+) create mode 100644 x-pack/plugins/beats/server/routes/api/register_get_beat_configuration_route.js create mode 100644 x-pack/test/api_integration/apis/beats/get_beat_configuration.js diff --git a/x-pack/plugins/beats/server/routes/api/index.js b/x-pack/plugins/beats/server/routes/api/index.js index 6ec0ad737352a..fde5a2e4c2646 100644 --- a/x-pack/plugins/beats/server/routes/api/index.js +++ b/x-pack/plugins/beats/server/routes/api/index.js @@ -12,6 +12,7 @@ import { registerUpdateBeatRoute } from './register_update_beat_route'; import { registerSetTagRoute } from './register_set_tag_route'; import { registerAssignTagsToBeatsRoute } from './register_assign_tags_to_beats_route'; import { registerRemoveTagsFromBeatsRoute } from './register_remove_tags_from_beats_route'; +import { registerGetBeatConfigurationRoute } from './register_get_beat_configuration_route'; export function registerApiRoutes(server) { registerCreateEnrollmentTokensRoute(server); @@ -22,4 +23,5 @@ export function registerApiRoutes(server) { registerSetTagRoute(server); registerAssignTagsToBeatsRoute(server); registerRemoveTagsFromBeatsRoute(server); + registerGetBeatConfigurationRoute(server); } diff --git a/x-pack/plugins/beats/server/routes/api/register_get_beat_configuration_route.js b/x-pack/plugins/beats/server/routes/api/register_get_beat_configuration_route.js new file mode 100644 index 0000000000000..9ac71cd8e5187 --- /dev/null +++ b/x-pack/plugins/beats/server/routes/api/register_get_beat_configuration_route.js @@ -0,0 +1,91 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import Joi from 'joi'; +import { get } from "lodash"; +import { INDEX_NAMES } from "../../../common/constants"; +import { callWithInternalUserFactory } from '../../lib/client'; +import { wrapEsError } from "../../lib/error_wrappers"; + +async function getBeat(callWithInternalUser, beatId) { + const params = { + index: INDEX_NAMES.BEATS, + type: '_doc', + id: `beat:${beatId}`, + ignore: [ 404 ] + }; + + const response = await callWithInternalUser('get', params); + if (!response.found) { + return null; + } + + return get(response, '_source.beat'); +} + +// TODO: add license check pre-hook +export function registerGetBeatConfigurationRoute(server) { + server.route({ + method: 'GET', + path: '/api/beats/agent/{beatId}/configuration', + config: { + validate: { + headers: Joi.object({ + 'kbn-beats-access-token': Joi.string().required() + }).options({ allowUnknown: true }) + }, + auth: false + }, + handler: async (request, reply) => { + const callWithInternalUser = callWithInternalUserFactory(server); + const beatId = request.params.beatId; + const accessToken = request.headers['kbn-beats-access-token']; + + // TODO: remove conditional and hardcoding + if (beatId !== 'foo') { // foo is used by the API integration tests + return reply({ + configuration_blocks: [ + { + type: "output", + data: "elasticsearch:\n hosts: [\"localhost:9200\"]\n username: \"...\"" + }, + { + type: "metricbeat.modules", + data: "module: memcached\nhosts: [\"localhost:11211\"]", + }, + { + type: "metricbeat.modules", + data: "module: munin\nhosts: [\"localhost:4949\"]\nnode.namespace: node", + } + ] + }); + } + + let beat; + try { + beat = await getBeat(callWithInternalUser, beatId); + } catch (err) { + return reply(wrapEsError(err)); + } + + if (beat === null) { + return reply({ message: 'Beat not found' }).code(404); + } + + const isAccessTokenValid = beat.access_token === accessToken; + if (!isAccessTokenValid) { + return reply({ message: 'Invalid access token' }).code(401); + } + + const isBeatVerified = beat.hasOwnProperty('verified_on'); + if (!isBeatVerified) { + return reply({ message: 'Beat has not been verified' }).code(400); + } + + reply({ configuration_blocks: beat.central_configuration_blocks }); + } + }); +} diff --git a/x-pack/test/api_integration/apis/beats/get_beat_configuration.js b/x-pack/test/api_integration/apis/beats/get_beat_configuration.js new file mode 100644 index 0000000000000..d912ebab0209c --- /dev/null +++ b/x-pack/test/api_integration/apis/beats/get_beat_configuration.js @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import expect from 'expect.js'; + +export default function ({ getService }) { + const supertest = getService('supertest'); + const esArchiver = getService('esArchiver'); + + describe('get_beat_configuration', () => { + const archive = 'beats/list'; + + beforeEach('load beats archive', () => esArchiver.load(archive)); + afterEach('unload beats archive', () => esArchiver.unload(archive)); + + it('should return merged configuration for the beat', async () => { + const { body: apiResponse } = await supertest + .get( + '/api/beats/agent/foo/configuration' + ) + .set('kbn-beats-access-token', '93c4a4dd08564c189a7ec4e4f046b975') + .expect(200); + + const configurationBlocks = apiResponse.configuration_blocks; + + expect(configurationBlocks).to.be.an(Array); + expect(configurationBlocks.length).to.be(3); + + expect(configurationBlocks[0].type).to.be('output'); + expect(configurationBlocks[0].data).to.be('elasticsearch:\n hosts: ["localhost:9200"]\n username: ...'); + + expect(configurationBlocks[1].type).to.be('metricbeat.modules'); + expect(configurationBlocks[1].data).to.be('module: memcached\nhosts: ["localhost:11211"]'); + + expect(configurationBlocks[2].type).to.be('metricbeat.modules'); + expect(configurationBlocks[2].data).to.be('module: munin\nhosts: ["localhost:4949"]\nnode.namespace: node'); + }); + }); +} \ No newline at end of file diff --git a/x-pack/test/api_integration/apis/beats/index.js b/x-pack/test/api_integration/apis/beats/index.js index f8956d3e498ba..c2d719c6e7c60 100644 --- a/x-pack/test/api_integration/apis/beats/index.js +++ b/x-pack/test/api_integration/apis/beats/index.js @@ -25,5 +25,6 @@ export default function ({ getService, loadTestFile }) { loadTestFile(require.resolve('./set_tag')); loadTestFile(require.resolve('./assign_tags_to_beats')); loadTestFile(require.resolve('./remove_tags_from_beats')); + loadTestFile(require.resolve('./get_beat_configuration')); }); } From ae6681400d5e104462599047be2cf64ec97fb806 Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Mon, 25 Jun 2018 12:09:45 -0700 Subject: [PATCH 16/16] Fixing changes messed up in rebase --- .../routes/api/register_verify_beats_route.js | 16 +-- .../apis/beats/create_enrollment_token.js | 109 ------------------ 2 files changed, 8 insertions(+), 117 deletions(-) delete mode 100644 x-pack/test/api_integration/apis/beats/create_enrollment_token.js diff --git a/x-pack/plugins/beats/server/routes/api/register_verify_beats_route.js b/x-pack/plugins/beats/server/routes/api/register_verify_beats_route.js index 6aaa61b07c5f8..b2113029224a5 100644 --- a/x-pack/plugins/beats/server/routes/api/register_verify_beats_route.js +++ b/x-pack/plugins/beats/server/routes/api/register_verify_beats_route.js @@ -49,7 +49,7 @@ async function verifyBeats(callWithRequest, beatIds) { return get(response, 'items', []); } -function determineNonExistentBeatIds(beatsFromEs, beatIdsFromRequest) { +function findNonExistentBeatIds(beatsFromEs, beatIdsFromRequest) { return beatsFromEs.reduce((nonExistentBeatIds, beatFromEs, idx) => { if (!beatFromEs.found) { nonExistentBeatIds.push(beatIdsFromRequest[idx]); @@ -58,21 +58,21 @@ function determineNonExistentBeatIds(beatsFromEs, beatIdsFromRequest) { }, []); } -function determineAlreadyVerifiedBeatIds(beatsFromEs) { +function findAlreadyVerifiedBeatIds(beatsFromEs) { return beatsFromEs .filter(beat => beat.found) .filter(beat => beat._source.beat.hasOwnProperty('verified_on')) .map(beat => beat._source.beat.id); } -function determineToBeVerifiedBeatIds(beatsFromEs) { +function findToBeVerifiedBeatIds(beatsFromEs) { return beatsFromEs .filter(beat => beat.found) .filter(beat => !beat._source.beat.hasOwnProperty('verified_on')) .map(beat => beat._source.beat.id); } -function determineVerifiedBeatIds(verifications, toBeVerifiedBeatIds) { +function findVerifiedBeatIds(verifications, toBeVerifiedBeatIds) { return verifications.reduce((verifiedBeatIds, verification, idx) => { if (verification.update.status === 200) { verifiedBeatIds.push(toBeVerifiedBeatIds[idx]); @@ -109,12 +109,12 @@ export function registerVerifyBeatsRoute(server) { try { const beatsFromEs = await getBeats(callWithRequest, beatIds); - nonExistentBeatIds = determineNonExistentBeatIds(beatsFromEs, beatIds); - alreadyVerifiedBeatIds = determineAlreadyVerifiedBeatIds(beatsFromEs); - const toBeVerifiedBeatIds = determineToBeVerifiedBeatIds(beatsFromEs); + nonExistentBeatIds = findNonExistentBeatIds(beatsFromEs, beatIds); + alreadyVerifiedBeatIds = findAlreadyVerifiedBeatIds(beatsFromEs); + const toBeVerifiedBeatIds = findToBeVerifiedBeatIds(beatsFromEs); const verifications = await verifyBeats(callWithRequest, toBeVerifiedBeatIds); - verifiedBeatIds = determineVerifiedBeatIds(verifications, toBeVerifiedBeatIds); + verifiedBeatIds = findVerifiedBeatIds(verifications, toBeVerifiedBeatIds); } catch (err) { return reply(wrapEsError(err)); diff --git a/x-pack/test/api_integration/apis/beats/create_enrollment_token.js b/x-pack/test/api_integration/apis/beats/create_enrollment_token.js deleted file mode 100644 index 6b446c7bf40e1..0000000000000 --- a/x-pack/test/api_integration/apis/beats/create_enrollment_token.js +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import expect from 'expect.js'; -import moment from 'moment'; - -export default function ({ getService }) { - const supertest = getService('supertest'); - const chance = getService('chance'); - const es = getService('es'); - - const ES_INDEX_NAME = '.management-beats'; - const ES_TYPE_NAME = '_doc'; - - describe('create_enrollment_token', () => { - const cleanup = () => { - return es.indices.delete({ - index: ES_INDEX_NAME, - ignore: [ 404 ] - }); - }; - - beforeEach(cleanup); - afterEach(cleanup); - - it('should create one token by default', async () => { - const { body: apiResponse } = await supertest - .post( - '/api/beats/enrollment_tokens' - ) - .set('kbn-xsrf', 'xxx') - .send() - .expect(200); - - const tokensFromApi = apiResponse.tokens; - - const esResponse = await es.search({ - index: ES_INDEX_NAME, - type: ES_TYPE_NAME, - q: 'type:enrollment_token' - }); - - const tokensInEs = esResponse.hits.hits - .map(hit => hit._source.enrollment_token.token); - - expect(tokensFromApi.length).to.eql(1); - expect(tokensFromApi).to.eql(tokensInEs); - }); - - it('should create the specified number of tokens', async () => { - const numTokens = chance.integer({ min: 1, max: 2000 }); - - const { body: apiResponse } = await supertest - .post( - '/api/beats/enrollment_tokens' - ) - .set('kbn-xsrf', 'xxx') - .send({ - num_tokens: numTokens - }) - .expect(200); - - const tokensFromApi = apiResponse.tokens; - - const esResponse = await es.search({ - index: ES_INDEX_NAME, - type: ES_TYPE_NAME, - q: 'type:enrollment_token', - size: numTokens - }); - - const tokensInEs = esResponse.hits.hits - .map(hit => hit._source.enrollment_token.token); - - expect(tokensFromApi.length).to.eql(numTokens); - expect(tokensFromApi).to.eql(tokensInEs); - }); - - it('should set token expiration to 10 minutes from now by default', async () => { - await supertest - .post( - '/api/beats/enrollment_tokens' - ) - .set('kbn-xsrf', 'xxx') - .send() - .expect(200); - - const esResponse = await es.search({ - index: ES_INDEX_NAME, - type: ES_TYPE_NAME, - q: 'type:enrollment_token' - }); - - const tokenInEs = esResponse.hits.hits[0]._source.enrollment_token; - - // We do a fuzzy check to see if the token expires between 9 and 10 minutes - // from now because a bit of time has elapsed been the creation of the - // tokens and this check. - const tokenExpiresOn = moment(tokenInEs.expires_on).valueOf(); - const tenMinutesFromNow = moment().add('10', 'minutes').valueOf(); - const almostTenMinutesFromNow = moment(tenMinutesFromNow).subtract('2', 'seconds').valueOf(); - expect(tokenExpiresOn).to.be.lessThan(tenMinutesFromNow); - expect(tokenExpiresOn).to.be.greaterThan(almostTenMinutesFromNow); - }); - }); -}