[Security Solution] Cleanup graphiql (#82595)

elastic · Nov 25, 2020 · 4aa1683 · 4aa1683
1 parent 6cd4d84
commit 4aa1683
Show file tree

Hide file tree

Showing 5 changed files with 3 additions and 88 deletions.
diff --git a/package.json b/package.json
@@ -160,7 +160,6 @@
     "apollo-server-core": "^1.3.6",
     "apollo-server-errors": "^2.0.2",
     "apollo-server-hapi": "^1.3.6",
-    "apollo-server-module-graphiql": "^1.3.4",
     "archiver": "^3.1.1",
     "axios": "^0.19.2",
     "bluebird": "3.5.5",

diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts
@@ -23,10 +23,9 @@ import { EndpointAppContext } from '../../endpoint/types';
 export function compose(
   core: CoreSetup,
   plugins: SetupPlugins,
-  isProductionMode: boolean,
   endpointContext: EndpointAppContext
 ): AppBackendLibs {
-  const framework = new KibanaBackendFrameworkAdapter(core, plugins, isProductionMode);
+  const framework = new KibanaBackendFrameworkAdapter(core, plugins);
   const sources = new Sources(new ConfigurationSourcesAdapter());
   const sourceStatus = new SourceStatus(new ElasticsearchSourceStatusAdapter(framework));
 

diff --git a/x-pack/plugins/security_solution/server/lib/framework/kibana_framework_adapter.ts b/x-pack/plugins/security_solution/server/lib/framework/kibana_framework_adapter.ts
@@ -4,7 +4,6 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import * as GraphiQL from 'apollo-server-module-graphiql';
 import { GraphQLSchema } from 'graphql';
 import { runHttpQuery } from 'apollo-server-core';
 import { schema as configSchema } from '@kbn/config-schema';
@@ -31,7 +30,7 @@ export class KibanaBackendFrameworkAdapter implements FrameworkAdapter {
   private router: IRouter;
   private security: SetupPlugins['security'];
 
-  constructor(core: CoreSetup, plugins: SetupPlugins, private isProductionMode: boolean) {
+  constructor(core: CoreSetup, plugins: SetupPlugins) {
     this.router = core.http.createRouter();
     this.security = plugins.security;
   }
@@ -90,35 +89,6 @@ export class KibanaBackendFrameworkAdapter implements FrameworkAdapter {
         }
       }
     );
-
-    if (!this.isProductionMode) {
-      this.router.get(
-        {
-          path: `${routePath}/graphiql`,
-          validate: false,
-          options: {
-            tags: ['access:securitySolution'],
-          },
-        },
-        async (context, request, response) => {
-          const graphiqlString = await GraphiQL.resolveGraphiQLString(
-            request.query,
-            {
-              endpointURL: routePath,
-              passHeader: "'kbn-xsrf': 'graphiql'",
-            },
-            request
-          );
-
-          return response.ok({
-            body: graphiqlString,
-            headers: {
-              'content-type': 'text/html',
-            },
-          });
-        }
-      );
-    }
   }
 
   private async getCurrentUserInfo(request: KibanaRequest): Promise<AuthenticatedUser | null> {

diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
@@ -290,7 +290,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
       });
     }
 
-    const libs = compose(core, plugins, this.context.env.mode.prod, endpointContext);
+    const libs = compose(core, plugins, endpointContext);
     initServer(libs);
 
     core.getStartServices().then(([_, depsStart]) => {

diff --git a/x-pack/test/api_integration/apis/security_solution/feature_controls.ts b/x-pack/test/api_integration/apis/security_solution/feature_controls.ts
@@ -19,8 +19,6 @@ const introspectionQuery = gql`
 `;
 
 export default function ({ getService }: FtrProviderContext) {
-  const config = getService('config');
-  const supertest = getService('supertestWithoutAuth');
   const security = getService('security');
   const spaces = getService('spaces');
   const clientFactory = getService('securitySolutionGraphQLClientFactory');
@@ -38,18 +36,6 @@ export default function ({ getService }: FtrProviderContext) {
     expect(result.response.data).to.be.an('object');
   };
 
-  const expectGraphIQL404 = (result: any) => {
-    expect(result.error).to.be(undefined);
-    expect(result.response).not.to.be(undefined);
-    expect(result.response).to.have.property('statusCode', 404);
-  };
-
-  const expectGraphIQLResponse = (result: any) => {
-    expect(result.error).to.be(undefined);
-    expect(result.response).not.to.be(undefined);
-    expect(result.response).to.have.property('statusCode', 200);
-  };
-
   const executeGraphQLQuery = async (username: string, password: string, spaceId?: string) => {
     const queryOptions = {
       query: introspectionQuery,
@@ -71,23 +57,7 @@ export default function ({ getService }: FtrProviderContext) {
     };
   };
 
-  const executeGraphIQLRequest = async (username: string, password: string, spaceId?: string) => {
-    const basePath = spaceId ? `/s/${spaceId}` : '';
-
-    return supertest
-      .get(`${basePath}/api/security_solution/graphql/graphiql`)
-      .auth(username, password)
-      .then((response: any) => ({ error: undefined, response }))
-      .catch((error: any) => ({ error, response: undefined }));
-  };
-
   describe('feature controls', () => {
-    let isProdOrCi = false;
-    before(() => {
-      const kbnConfig = config.get('servers.kibana');
-      isProdOrCi =
-        !!process.env.CI || !(kbnConfig.hostname === 'localhost' && kbnConfig.port === 5620);
-    });
     it(`APIs can't be accessed by user with no privileges`, async () => {
       const username = 'logstash_read';
       const roleName = 'logstash_read';
@@ -103,9 +73,6 @@ export default function ({ getService }: FtrProviderContext) {
 
         const graphQLResult = await executeGraphQLQuery(username, password);
         expectGraphQL403(graphQLResult);
-
-        const graphQLIResult = await executeGraphIQLRequest(username, password);
-        expectGraphIQL404(graphQLIResult);
       } finally {
         await security.role.delete(roleName);
         await security.user.delete(username);
@@ -134,13 +101,6 @@ export default function ({ getService }: FtrProviderContext) {
 
         const graphQLResult = await executeGraphQLQuery(username, password);
         expectGraphQLResponse(graphQLResult);
-
-        const graphQLIResult = await executeGraphIQLRequest(username, password);
-        if (!isProdOrCi) {
-          expectGraphIQLResponse(graphQLIResult);
-        } else {
-          expectGraphIQL404(graphQLIResult);
-        }
       } finally {
         await security.role.delete(roleName);
         await security.user.delete(username);
@@ -172,9 +132,6 @@ export default function ({ getService }: FtrProviderContext) {
 
         const graphQLResult = await executeGraphQLQuery(username, password);
         expectGraphQL403(graphQLResult);
-
-        const graphQLIResult = await executeGraphIQLRequest(username, password);
-        expectGraphIQL404(graphQLIResult);
       } finally {
         await security.role.delete(roleName);
         await security.user.delete(username);
@@ -233,21 +190,11 @@ export default function ({ getService }: FtrProviderContext) {
       it('user_1 can access APIs in space_1', async () => {
         const graphQLResult = await executeGraphQLQuery(username, password, space1Id);
         expectGraphQLResponse(graphQLResult);
-
-        const graphQLIResult = await executeGraphIQLRequest(username, password, space1Id);
-        if (!isProdOrCi) {
-          expectGraphIQLResponse(graphQLIResult);
-        } else {
-          expectGraphIQL404(graphQLIResult);
-        }
       });
 
       it(`user_1 can't access APIs in space_2`, async () => {
         const graphQLResult = await executeGraphQLQuery(username, password, space2Id);
         expectGraphQL403(graphQLResult);
-
-        const graphQLIResult = await executeGraphIQLRequest(username, password, space2Id);
-        expectGraphIQL404(graphQLIResult);
       });
     });
   });