From 2335902ffa89a722e58493f9dbf149c3c1e47858 Mon Sep 17 00:00:00 2001 From: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> Date: Wed, 16 Oct 2019 17:52:30 -0400 Subject: [PATCH] [SIEM Remove GraphiQL (#48135) * remove GraphIql in production * fix api intergation on CI --- .../lib/framework/kibana_framework_adapter.ts | 29 +++++++++++-------- .../apis/siem/feature_controls.ts | 18 ++++++++++-- 2 files changed, 33 insertions(+), 14 deletions(-) diff --git a/x-pack/legacy/plugins/siem/server/lib/framework/kibana_framework_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/framework/kibana_framework_adapter.ts index 6616087d0ea66..ea6607325bef7 100644 --- a/x-pack/legacy/plugins/siem/server/lib/framework/kibana_framework_adapter.ts +++ b/x-pack/legacy/plugins/siem/server/lib/framework/kibana_framework_adapter.ts @@ -5,6 +5,7 @@ */ import { GenericParams } from 'elasticsearch'; +import { EnvironmentMode } from 'kibana/public'; import { GraphQLSchema } from 'graphql'; import { Legacy } from 'kibana'; @@ -28,9 +29,11 @@ interface CallWithRequestParams extends GenericParams { export class KibanaBackendFrameworkAdapter implements FrameworkAdapter { public version: string; + public envMode: EnvironmentMode; constructor(private server: Legacy.Server) { this.version = server.config().get('pkg.version'); + this.envMode = server.newPlatform.env.mode; } public async callWithRequest( @@ -90,19 +93,21 @@ export class KibanaBackendFrameworkAdapter implements FrameworkAdapter { plugin: graphqlHapi, }); - this.server.register({ - options: { - graphiqlOptions: { - endpointURL: routePath, - passHeader: `'kbn-version': '${this.version}'`, - }, - path: `${routePath}/graphiql`, - route: { - tags: ['access:siem'], + if (!this.envMode.prod) { + this.server.register({ + options: { + graphiqlOptions: { + endpointURL: routePath, + passHeader: `'kbn-version': '${this.version}'`, + }, + path: `${routePath}/graphiql`, + route: { + tags: ['access:siem'], + }, }, - }, - plugin: graphiqlHapi, - }); + plugin: graphiqlHapi, + }); + } } public getIndexPatternsService( diff --git a/x-pack/test/api_integration/apis/siem/feature_controls.ts b/x-pack/test/api_integration/apis/siem/feature_controls.ts index 836c35386b332..9bb36810021af 100644 --- a/x-pack/test/api_integration/apis/siem/feature_controls.ts +++ b/x-pack/test/api_integration/apis/siem/feature_controls.ts @@ -20,6 +20,7 @@ const introspectionQuery = gql` `; export default function({ getService }: FtrProviderContext) { + const config = getService('config'); const supertest = getService('supertestWithoutAuth'); const security: SecurityService = getService('security'); const spaces: SpacesService = getService('spaces'); @@ -82,6 +83,11 @@ export default function({ getService }: FtrProviderContext) { }; describe('feature controls', () => { + let isProd = false; + before(() => { + const kbnConfig = config.get('servers.kibana'); + isProd = kbnConfig.hostname === 'localhost' && kbnConfig.port === 5620 ? false : true; + }); it(`APIs can't be accessed by user with no privileges`, async () => { const username = 'logstash_read'; const roleName = 'logstash_read'; @@ -130,7 +136,11 @@ export default function({ getService }: FtrProviderContext) { expectGraphQLResponse(graphQLResult); const graphQLIResult = await executeGraphIQLRequest(username, password); - expectGraphIQLResponse(graphQLIResult); + if (!isProd) { + expectGraphIQLResponse(graphQLIResult); + } else { + expectGraphIQL404(graphQLIResult); + } } finally { await security.role.delete(roleName); await security.user.delete(username); @@ -225,7 +235,11 @@ export default function({ getService }: FtrProviderContext) { expectGraphQLResponse(graphQLResult); const graphQLIResult = await executeGraphIQLRequest(username, password, space1Id); - expectGraphIQLResponse(graphQLIResult); + if (!isProd) { + expectGraphIQLResponse(graphQLIResult); + } else { + expectGraphIQL404(graphQLIResult); + } }); it(`user_1 can't access APIs in space_2`, async () => {