[SIEM Remove GraphiQL (#48135)

* remove GraphIql in production * fix api intergation on CI
elastic · Oct 16, 2019 · 2335902 · 2335902
1 parent 1e3f143
commit 2335902
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 14 deletions.
diff --git a/x-pack/legacy/plugins/siem/server/lib/framework/kibana_framework_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/framework/kibana_framework_adapter.ts
@@ -5,6 +5,7 @@
  */
 
 import { GenericParams } from 'elasticsearch';
+import { EnvironmentMode } from 'kibana/public';
 import { GraphQLSchema } from 'graphql';
 import { Legacy } from 'kibana';
 
@@ -28,9 +29,11 @@ interface CallWithRequestParams extends GenericParams {
 
 export class KibanaBackendFrameworkAdapter implements FrameworkAdapter {
   public version: string;
+  public envMode: EnvironmentMode;
 
   constructor(private server: Legacy.Server) {
     this.version = server.config().get('pkg.version');
+    this.envMode = server.newPlatform.env.mode;
   }
 
   public async callWithRequest(
@@ -90,19 +93,21 @@ export class KibanaBackendFrameworkAdapter implements FrameworkAdapter {
       plugin: graphqlHapi,
     });
 
-    this.server.register<HapiGraphiQLPluginOptions>({
-      options: {
-        graphiqlOptions: {
-          endpointURL: routePath,
-          passHeader: `'kbn-version': '${this.version}'`,
-        },
-        path: `${routePath}/graphiql`,
-        route: {
-          tags: ['access:siem'],
+    if (!this.envMode.prod) {
+      this.server.register<HapiGraphiQLPluginOptions>({
+        options: {
+          graphiqlOptions: {
+            endpointURL: routePath,
+            passHeader: `'kbn-version': '${this.version}'`,
+          },
+          path: `${routePath}/graphiql`,
+          route: {
+            tags: ['access:siem'],
+          },
         },
-      },
-      plugin: graphiqlHapi,
-    });
+        plugin: graphiqlHapi,
+      });
+    }
   }
 
   public getIndexPatternsService(

diff --git a/x-pack/test/api_integration/apis/siem/feature_controls.ts b/x-pack/test/api_integration/apis/siem/feature_controls.ts
@@ -20,6 +20,7 @@ const introspectionQuery = gql`
 `;
 
 export default function({ getService }: FtrProviderContext) {
+  const config = getService('config');
   const supertest = getService('supertestWithoutAuth');
   const security: SecurityService = getService('security');
   const spaces: SpacesService = getService('spaces');
@@ -82,6 +83,11 @@ export default function({ getService }: FtrProviderContext) {
   };
 
   describe('feature controls', () => {
+    let isProd = false;
+    before(() => {
+      const kbnConfig = config.get('servers.kibana');
+      isProd = kbnConfig.hostname === 'localhost' && kbnConfig.port === 5620 ? false : true;
+    });
     it(`APIs can't be accessed by user with no privileges`, async () => {
       const username = 'logstash_read';
       const roleName = 'logstash_read';
@@ -130,7 +136,11 @@ export default function({ getService }: FtrProviderContext) {
         expectGraphQLResponse(graphQLResult);
 
         const graphQLIResult = await executeGraphIQLRequest(username, password);
-        expectGraphIQLResponse(graphQLIResult);
+        if (!isProd) {
+          expectGraphIQLResponse(graphQLIResult);
+        } else {
+          expectGraphIQL404(graphQLIResult);
+        }
       } finally {
         await security.role.delete(roleName);
         await security.user.delete(username);
@@ -225,7 +235,11 @@ export default function({ getService }: FtrProviderContext) {
         expectGraphQLResponse(graphQLResult);
 
         const graphQLIResult = await executeGraphIQLRequest(username, password, space1Id);
-        expectGraphIQLResponse(graphQLIResult);
+        if (!isProd) {
+          expectGraphIQLResponse(graphQLIResult);
+        } else {
+          expectGraphIQL404(graphQLIResult);
+        }
       });
 
       it(`user_1 can't access APIs in space_2`, async () => {