diff --git a/package.json b/package.json index ab1cb90c900ac8..1febfc2380b7ad 100644 --- a/package.json +++ b/package.json @@ -160,7 +160,6 @@ "apollo-server-core": "^1.3.6", "apollo-server-errors": "^2.0.2", "apollo-server-hapi": "^1.3.6", - "apollo-server-module-graphiql": "^1.3.4", "archiver": "^3.1.1", "axios": "^0.19.2", "bluebird": "3.5.5", diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts index 433ee4a5f99fa6..b680b19f318137 100644 --- a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts +++ b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts @@ -23,10 +23,9 @@ import { EndpointAppContext } from '../../endpoint/types'; export function compose( core: CoreSetup, plugins: SetupPlugins, - isProductionMode: boolean, endpointContext: EndpointAppContext ): AppBackendLibs { - const framework = new KibanaBackendFrameworkAdapter(core, plugins, isProductionMode); + const framework = new KibanaBackendFrameworkAdapter(core, plugins); const sources = new Sources(new ConfigurationSourcesAdapter()); const sourceStatus = new SourceStatus(new ElasticsearchSourceStatusAdapter(framework)); diff --git a/x-pack/plugins/security_solution/server/lib/framework/kibana_framework_adapter.ts b/x-pack/plugins/security_solution/server/lib/framework/kibana_framework_adapter.ts index e36fb1144e93fc..8327af846d1ac1 100644 --- a/x-pack/plugins/security_solution/server/lib/framework/kibana_framework_adapter.ts +++ b/x-pack/plugins/security_solution/server/lib/framework/kibana_framework_adapter.ts @@ -4,7 +4,6 @@ * you may not use this file except in compliance with the Elastic License. */ -import * as GraphiQL from 'apollo-server-module-graphiql'; import { GraphQLSchema } from 'graphql'; import { runHttpQuery } from 'apollo-server-core'; import { schema as configSchema } from '@kbn/config-schema'; @@ -31,7 +30,7 @@ export class KibanaBackendFrameworkAdapter implements FrameworkAdapter { private router: IRouter; private security: SetupPlugins['security']; - constructor(core: CoreSetup, plugins: SetupPlugins, private isProductionMode: boolean) { + constructor(core: CoreSetup, plugins: SetupPlugins) { this.router = core.http.createRouter(); this.security = plugins.security; } @@ -90,35 +89,6 @@ export class KibanaBackendFrameworkAdapter implements FrameworkAdapter { } } ); - - if (!this.isProductionMode) { - this.router.get( - { - path: `${routePath}/graphiql`, - validate: false, - options: { - tags: ['access:securitySolution'], - }, - }, - async (context, request, response) => { - const graphiqlString = await GraphiQL.resolveGraphiQLString( - request.query, - { - endpointURL: routePath, - passHeader: "'kbn-xsrf': 'graphiql'", - }, - request - ); - - return response.ok({ - body: graphiqlString, - headers: { - 'content-type': 'text/html', - }, - }); - } - ); - } } private async getCurrentUserInfo(request: KibanaRequest): Promise { diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts index d963b3b093d818..088af40a84ae09 100644 --- a/x-pack/plugins/security_solution/server/plugin.ts +++ b/x-pack/plugins/security_solution/server/plugin.ts @@ -290,7 +290,7 @@ export class Plugin implements IPlugin { diff --git a/x-pack/test/api_integration/apis/security_solution/feature_controls.ts b/x-pack/test/api_integration/apis/security_solution/feature_controls.ts index 0137a90ce98170..9377c255f2d19a 100644 --- a/x-pack/test/api_integration/apis/security_solution/feature_controls.ts +++ b/x-pack/test/api_integration/apis/security_solution/feature_controls.ts @@ -19,8 +19,6 @@ const introspectionQuery = gql` `; export default function ({ getService }: FtrProviderContext) { - const config = getService('config'); - const supertest = getService('supertestWithoutAuth'); const security = getService('security'); const spaces = getService('spaces'); const clientFactory = getService('securitySolutionGraphQLClientFactory'); @@ -38,18 +36,6 @@ export default function ({ getService }: FtrProviderContext) { expect(result.response.data).to.be.an('object'); }; - const expectGraphIQL404 = (result: any) => { - expect(result.error).to.be(undefined); - expect(result.response).not.to.be(undefined); - expect(result.response).to.have.property('statusCode', 404); - }; - - const expectGraphIQLResponse = (result: any) => { - expect(result.error).to.be(undefined); - expect(result.response).not.to.be(undefined); - expect(result.response).to.have.property('statusCode', 200); - }; - const executeGraphQLQuery = async (username: string, password: string, spaceId?: string) => { const queryOptions = { query: introspectionQuery, @@ -71,23 +57,7 @@ export default function ({ getService }: FtrProviderContext) { }; }; - const executeGraphIQLRequest = async (username: string, password: string, spaceId?: string) => { - const basePath = spaceId ? `/s/${spaceId}` : ''; - - return supertest - .get(`${basePath}/api/security_solution/graphql/graphiql`) - .auth(username, password) - .then((response: any) => ({ error: undefined, response })) - .catch((error: any) => ({ error, response: undefined })); - }; - describe('feature controls', () => { - let isProdOrCi = false; - before(() => { - const kbnConfig = config.get('servers.kibana'); - isProdOrCi = - !!process.env.CI || !(kbnConfig.hostname === 'localhost' && kbnConfig.port === 5620); - }); it(`APIs can't be accessed by user with no privileges`, async () => { const username = 'logstash_read'; const roleName = 'logstash_read'; @@ -103,9 +73,6 @@ export default function ({ getService }: FtrProviderContext) { const graphQLResult = await executeGraphQLQuery(username, password); expectGraphQL403(graphQLResult); - - const graphQLIResult = await executeGraphIQLRequest(username, password); - expectGraphIQL404(graphQLIResult); } finally { await security.role.delete(roleName); await security.user.delete(username); @@ -134,13 +101,6 @@ export default function ({ getService }: FtrProviderContext) { const graphQLResult = await executeGraphQLQuery(username, password); expectGraphQLResponse(graphQLResult); - - const graphQLIResult = await executeGraphIQLRequest(username, password); - if (!isProdOrCi) { - expectGraphIQLResponse(graphQLIResult); - } else { - expectGraphIQL404(graphQLIResult); - } } finally { await security.role.delete(roleName); await security.user.delete(username); @@ -172,9 +132,6 @@ export default function ({ getService }: FtrProviderContext) { const graphQLResult = await executeGraphQLQuery(username, password); expectGraphQL403(graphQLResult); - - const graphQLIResult = await executeGraphIQLRequest(username, password); - expectGraphIQL404(graphQLIResult); } finally { await security.role.delete(roleName); await security.user.delete(username); @@ -233,21 +190,11 @@ export default function ({ getService }: FtrProviderContext) { it('user_1 can access APIs in space_1', async () => { const graphQLResult = await executeGraphQLQuery(username, password, space1Id); expectGraphQLResponse(graphQLResult); - - const graphQLIResult = await executeGraphIQLRequest(username, password, space1Id); - if (!isProdOrCi) { - expectGraphIQLResponse(graphQLIResult); - } else { - expectGraphIQL404(graphQLIResult); - } }); it(`user_1 can't access APIs in space_2`, async () => { const graphQLResult = await executeGraphQLQuery(username, password, space2Id); expectGraphQL403(graphQLResult); - - const graphQLIResult = await executeGraphIQLRequest(username, password, space2Id); - expectGraphIQL404(graphQLIResult); }); }); });