[WIP] Securing Spaces

packages/kbn-test/src/functional_tests/lib/run_elasticsearch.js

@@ -25,12 +25,15 @@ import { setupUsers, DEFAULT_SUPERUSER_PASS } from './auth';
 
 export async function runElasticsearch({ config, options }) {
   const { log, esFrom } = options;
-  const isOss = config.get('esTestCluster.license') === 'oss';
+  const license = config.get('esTestCluster.license');
+  const isTrialLicense = config.get('esTestCluster.license') === 'trial';
 
   const cluster = createEsTestCluster({
     port: config.get('servers.elasticsearch.port'),
-    password: !isOss ? DEFAULT_SUPERUSER_PASS : config.get('servers.elasticsearch.password'),
-    license: config.get('esTestCluster.license'),
+    password: isTrialLicense
+      ? DEFAULT_SUPERUSER_PASS
+      : config.get('servers.elasticsearch.password'),
+    license,
     log,
     basePath: resolve(KIBANA_ROOT, '.es'),
     esFrom: esFrom || config.get('esTestCluster.from'),
@@ -40,7 +43,7 @@ export async function runElasticsearch({ config, options }) {
 
   await cluster.start(esArgs);
 
-  if (!isOss) {
+  if (isTrialLicense) {
     await setupUsers(log, config);
   }
 

src/dev/typescript/projects.ts

@@ -26,6 +26,7 @@ import { Project } from './project';
 export const PROJECTS = [
   new Project(resolve(REPO_ROOT, 'tsconfig.json')),
   new Project(resolve(REPO_ROOT, 'x-pack/tsconfig.json')),
+  new Project(resolve(REPO_ROOT, 'x-pack/test/tsconfig.json'), 'x-pack/test'),
 
   // NOTE: using glob.sync rather than glob-all or globby
   // because it takes less than 10 ms, while the other modules

src/server/saved_objects/service/lib/__snapshots__/priority_collection.test.ts.snap

@@ -0,0 +1,3 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`1, 1 throws Error 1`] = `"Already have entry with this priority"`;

src/server/saved_objects/service/lib/priority_collection.test.ts

@@ -0,0 +1,57 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { PriorityCollection } from './priority_collection';
+
+test(`1, 2, 3`, () => {
+  const priorityCollection = new PriorityCollection();
+  priorityCollection.add(1, 1);
+  priorityCollection.add(2, 2);
+  priorityCollection.add(3, 3);
+  expect(priorityCollection.toPrioritizedArray()).toEqual([1, 2, 3]);
+});
+
+test(`3, 2, 1`, () => {
+  const priorityCollection = new PriorityCollection();
+  priorityCollection.add(3, 3);
+  priorityCollection.add(2, 2);
+  priorityCollection.add(1, 1);
+  expect(priorityCollection.toPrioritizedArray()).toEqual([1, 2, 3]);
+});
+
+test(`2, 3, 1`, () => {
+  const priorityCollection = new PriorityCollection();
+  priorityCollection.add(2, 2);
+  priorityCollection.add(3, 3);
+  priorityCollection.add(1, 1);
+  expect(priorityCollection.toPrioritizedArray()).toEqual([1, 2, 3]);
+});
+
+test(`Number.MAX_VALUE, NUMBER.MIN_VALUE, 1`, () => {
+  const priorityCollection = new PriorityCollection();
+  priorityCollection.add(Number.MAX_VALUE, 3);
+  priorityCollection.add(Number.MIN_VALUE, 1);
+  priorityCollection.add(1, 2);
+  expect(priorityCollection.toPrioritizedArray()).toEqual([1, 2, 3]);
+});
+
+test(`1, 1 throws Error`, () => {
+  const priorityCollection = new PriorityCollection();
+  priorityCollection.add(1, 1);
+  expect(() => priorityCollection.add(1, 1)).toThrowErrorMatchingSnapshot();
+});

src/server/saved_objects/service/lib/priority_collection.ts

@@ -0,0 +1,47 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+interface PriorityCollectionEntry<T> {
+  priority: number;
+  value: T;
+}
+
+export class PriorityCollection<T> {
+  private readonly array: Array<PriorityCollectionEntry<T>> = [];
+
+  public add(priority: number, value: T) {
+    let i = 0;
+    while (i < this.array.length) {
+      const current = this.array[i];
+      if (priority === current.priority) {
+        throw new Error('Already have entry with this priority');
+      }
+
+      if (priority < current.priority) {
+        break;
+      }
+      ++i;
+    }
+    this.array.splice(i, 0, { priority, value });
+  }
+
+  public toPrioritizedArray(): T[] {
+    return this.array.map(entry => entry.value);
+  }
+}

src/server/saved_objects/service/lib/scoped_client_provider.js

@@ -16,30 +16,23 @@
  * specific language governing permissions and limitations
  * under the License.
  */
+import { PriorityCollection } from './priority_collection';
 
 /**
  * Provider for the Scoped Saved Object Client.
  */
 export class ScopedSavedObjectsClientProvider {
 
-  _wrapperFactories = [];
+  _wrapperFactories = new PriorityCollection();
 
   constructor({
     defaultClientFactory
   }) {
     this._originalClientFactory = this._clientFactory = defaultClientFactory;
   }
 
-  // the client wrapper factories are put at the front of the array, so that
-  // when we use `reduce` below they're invoked in LIFO order. This is so that
-  // if multiple plugins register their client wrapper factories, then we can use
-  // the plugin dependencies/optionalDependencies to implicitly control the order
-  // in which these are used. For example, if we have a plugin a that declares a
-  // dependency on plugin b, that means that plugin b's client wrapper would want
-  // to be able to run first when the SavedObjectClient methods are invoked to
-  // provide additional context to plugin a's client wrapper.
-  addClientWrapperFactory(wrapperFactory) {
-    this._wrapperFactories.unshift(wrapperFactory);
+  addClientWrapperFactory(priority, wrapperFactory) {
+    this._wrapperFactories.add(priority, wrapperFactory);
   }
 
   setClientFactory(customClientFactory) {
@@ -55,11 +48,13 @@ export class ScopedSavedObjectsClientProvider {
       request,
     });
 
-    return this._wrapperFactories.reduce((clientToWrap, wrapperFactory) => {
-      return wrapperFactory({
-        request,
-        client: clientToWrap,
-      });
-    }, client);
+    return this._wrapperFactories
+      .toPrioritizedArray()
+      .reduceRight((clientToWrap, wrapperFactory) => {
+        return wrapperFactory({
+          request,
+          client: clientToWrap,
+        });
+      }, client);
   }
 }

src/server/saved_objects/service/lib/scoped_client_provider.test.js

@@ -64,40 +64,20 @@ test(`throws error when more than one scoped saved objects client factory is set
   }).toThrowErrorMatchingSnapshot();
 });
 
-test(`invokes and uses instance from single added wrapper factory`, () => {
+test(`invokes and uses wrappers in specified order`, () => {
   const defaultClient = Symbol();
   const defaultClientFactoryMock = jest.fn().mockReturnValue(defaultClient);
   const clientProvider = new ScopedSavedObjectsClientProvider({
     defaultClientFactory: defaultClientFactoryMock
   });
-  const wrappedClient = Symbol();
-  const clientWrapperFactoryMock = jest.fn().mockReturnValue(wrappedClient);
-  const request = Symbol();
-
-  clientProvider.addClientWrapperFactory(clientWrapperFactoryMock);
-  const actualClient = clientProvider.getClient(request);
-
-  expect(actualClient).toBe(wrappedClient);
-  expect(clientWrapperFactoryMock).toHaveBeenCalledWith({
-    request,
-    client: defaultClient
-  });
-});
-
-test(`invokes and uses wrappers in LIFO order`, () => {
-  const defaultClient = Symbol();
-  const defaultClientFactoryMock = jest.fn().mockReturnValue(defaultClient);
-  const clientProvider = new ScopedSavedObjectsClientProvider({
-    defaultClientFactory: defaultClientFactoryMock
-  });
-  const firstWrappedClient = Symbol();
+  const firstWrappedClient = Symbol('first client');
   const firstClientWrapperFactoryMock = jest.fn().mockReturnValue(firstWrappedClient);
-  const secondWrapperClient = Symbol();
+  const secondWrapperClient = Symbol('second client');
   const secondClientWrapperFactoryMock = jest.fn().mockReturnValue(secondWrapperClient);
   const request = Symbol();
 
-  clientProvider.addClientWrapperFactory(firstClientWrapperFactoryMock);
-  clientProvider.addClientWrapperFactory(secondClientWrapperFactoryMock);
+  clientProvider.addClientWrapperFactory(1, secondClientWrapperFactoryMock);
+  clientProvider.addClientWrapperFactory(0, firstClientWrapperFactoryMock);
   const actualClient = clientProvider.getClient(request);
 
   expect(actualClient).toBe(firstWrappedClient);

test/api_integration/apis/saved_objects/bulk_create.js

@@ -0,0 +1,121 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import expect from 'expect.js';
+
+export default function ({ getService }) {
+  const supertest = getService('supertest');
+  const es = getService('es');
+  const esArchiver = getService('esArchiver');
+
+  const BULK_REQUESTS = [
+    {
+      type: 'visualization',
+      id: 'dd7caf20-9efd-11e7-acb3-3dab96693fab',
+      attributes: {
+        title: 'An existing visualization'
+      }
+    },
+    {
+      type: 'dashboard',
+      id: 'a01b2f57-fcfd-4864-b735-09e28f0d815e',
+      attributes: {
+        title: 'A great new dashboard'
+      }
+    },
+  ];
+
+  describe('_bulk_create', () => {
+    describe('with kibana index', () => {
+      before(() => esArchiver.load('saved_objects/basic'));
+      after(() => esArchiver.unload('saved_objects/basic'));
+
+      it('should return 200 with individual responses', async () => (
+        await supertest
+          .post(`/api/saved_objects/_bulk_create`)
+          .send(BULK_REQUESTS)
+          .expect(200)
+          .then(resp => {
+            expect(resp.body).to.eql({
+              saved_objects: [
+                {
+                  type: 'visualization',
+                  id: 'dd7caf20-9efd-11e7-acb3-3dab96693fab',
+                  error: {
+                    'message': 'version conflict, document already exists',
+                    'statusCode': 409
+                  }
+                },
+                {
+                  type: 'dashboard',
+                  id: 'a01b2f57-fcfd-4864-b735-09e28f0d815e',
+                  updated_at: resp.body.saved_objects[1].updated_at,
+                  version: 1,
+                  attributes: {
+                    title: 'A great new dashboard'
+                  }
+                },
+              ]
+            });
+          })
+      ));
+    });
+
+    describe('without kibana index', () => {
+      before(async () => (
+        // just in case the kibana server has recreated it
+        await es.indices.delete({
+          index: '.kibana',
+          ignore: [404],
+        })
+      ));
+
+      it('should return 200 with individual responses', async () => (
+        await supertest
+          .post('/api/saved_objects/_bulk_create')
+          .send(BULK_REQUESTS)
+          .expect(200)
+          .then(resp => {
+            expect(resp.body).to.eql({
+              saved_objects: [
+                {
+                  type: 'visualization',
+                  id: 'dd7caf20-9efd-11e7-acb3-3dab96693fab',
+                  updated_at: resp.body.saved_objects[0].updated_at,
+                  version: 1,
+                  attributes: {
+                    title: 'An existing visualization'
+                  }
+                },
+                {
+                  type: 'dashboard',
+                  id: 'a01b2f57-fcfd-4864-b735-09e28f0d815e',
+                  updated_at: resp.body.saved_objects[1].updated_at,
+                  version: 1,
+                  attributes: {
+                    title: 'A great new dashboard'
+                  }
+                },
+              ]
+            });
+          })
+      ));
+    });
+  });
+}

test/api_integration/apis/saved_objects/index.js

@@ -19,6 +19,7 @@
 
 export default function ({ loadTestFile }) {
   describe('saved_objects', () => {
+    loadTestFile(require.resolve('./bulk_create'));
     loadTestFile(require.resolve('./bulk_get'));
     loadTestFile(require.resolve('./create'));
     loadTestFile(require.resolve('./delete'));

tsconfig.json

@@ -46,6 +46,7 @@
 
     // Forbid unused local variables as the rule was deprecated by ts-lint
     "noUnusedLocals": true,
+
   },
   "include": [
     "src/**/*"