Skip to content

Commit

Permalink
[EPM] restrict package install endpoint from installing/updating to o…
Browse files Browse the repository at this point in the history
…ld packages (#64932) (#64971)

* restrict installing or updating to out-of-date package

* throw bad requests in remove handler

* remove accidental commit

* remove space
  • Loading branch information
neptunian authored May 1, 2020
1 parent 55a2d67 commit 0152c5e
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 4 deletions.
12 changes: 12 additions & 0 deletions x-pack/plugins/ingest_manager/server/routes/epm/handlers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,12 @@ export const installPackageHandler: RequestHandler<TypeOf<
};
return response.ok({ body });
} catch (e) {
if (e.isBoom) {
return response.customError({
statusCode: e.output.statusCode,
body: { message: e.output.payload.message },
});
}
return response.customError({
statusCode: 500,
body: { message: e.message },
Expand All @@ -157,6 +163,12 @@ export const deletePackageHandler: RequestHandler<TypeOf<
};
return response.ok({ body });
} catch (e) {
if (e.isBoom) {
return response.customError({
statusCode: e.output.statusCode,
body: { message: e.output.payload.message },
});
}
return response.customError({
statusCode: 500,
body: { message: e.message },
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
*/

import { SavedObject, SavedObjectsClientContract } from 'src/core/server';
import Boom from 'boom';
import { PACKAGES_SAVED_OBJECT_TYPE } from '../../../constants';
import {
AssetReference,
Expand Down Expand Up @@ -93,11 +94,18 @@ export async function installPackage(options: {
const { savedObjectsClient, pkgkey, callCluster } = options;
// TODO: change epm API to /packageName/version so we don't need to do this
const [pkgName, pkgVersion] = pkgkey.split('-');

// see if some version of this package is already installed
// TODO: calls to getInstallationObject, Registry.fetchInfo, and Registry.fetchFindLatestPackge
// and be replaced by getPackageInfo after adjusting for it to not group/use archive assets
const installedPkg = await getInstallationObject({ savedObjectsClient, pkgName });
const reinstall = pkgVersion === installedPkg?.attributes.version;

const registryPackageInfo = await Registry.fetchInfo(pkgName, pkgVersion);
const latestPackage = await Registry.fetchFindLatestPackage(pkgName);

if (pkgVersion < latestPackage.version)
throw Boom.badRequest('Cannot install or update to an out-of-date package');

const reinstall = pkgVersion === installedPkg?.attributes.version;
const { internal = false, removable = true } = registryPackageInfo;

// delete the previous version's installation's SO kibana assets before installing new ones
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
*/

import { SavedObjectsClientContract } from 'src/core/server';
import Boom from 'boom';
import { PACKAGES_SAVED_OBJECT_TYPE } from '../../../constants';
import { AssetReference, AssetType, ElasticsearchAssetType } from '../../../types';
import { CallESAsCurrentUser } from '../../../types';
Expand All @@ -20,9 +21,9 @@ export async function removeInstallation(options: {
// TODO: the epm api should change to /name/version so we don't need to do this
const [pkgName] = pkgkey.split('-');
const installation = await getInstallation({ savedObjectsClient, pkgName });
if (!installation) throw new Error('integration does not exist');
if (!installation) throw Boom.badRequest(`${pkgName} is not installed`);
if (installation.removable === false)
throw new Error(`The ${pkgName} integration is installed by default and cannot be removed`);
throw Boom.badRequest(`${pkgName} is installed by default and cannot be removed`);
const installedObjects = installation.installed || [];

// Delete the manager saved object with references to the asset objects
Expand Down

0 comments on commit 0152c5e

Please sign in to comment.