Fixing "conflicts" after merging master

elastic · Jun 5, 2018 · 1231c70 · 1231c70
1 parent 74b8486
commit 1231c70
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 62 deletions.
diff --git a/x-pack/plugins/security/index.js b/x-pack/plugins/security/index.js
@@ -17,14 +17,13 @@ import { authenticateFactory } from './server/lib/auth_redirect';
 import { checkLicense } from './server/lib/check_license';
 import { initAuthenticator } from './server/lib/authentication/authenticator';
 import { mirrorStatusAndInitialize } from './server/lib/mirror_status_and_initialize';
-import { secureSavedObjectsClientWrapper } from './server/lib/saved_objects_client/saved_objects_client_wrapper';
-import { secureSavedObjectsClientOptionsBuilder } from './server/lib/saved_objects_client/secure_options_builder';
 import { registerPrivilegesWithCluster } from './server/lib/privileges';
 import { createDefaultRoles } from './server/lib/authorization/create_default_roles';
 import { initPrivilegesApi } from './server/routes/api/v1/privileges';
 import { hasPrivilegesWithServer } from './server/lib/authorization/has_privileges';
 import { SecurityAuditLogger } from './server/lib/audit_logger';
 import { AuditLogger } from '../../server/lib/audit_logger';
+import { SecureSavedObjectsClient } from './server/lib/saved_objects_client/secure_saved_objects_client';
 
 export const security = (kibana) => new kibana.Plugin({
   id: 'security',
@@ -103,7 +102,8 @@ export const security = (kibana) => new kibana.Plugin({
       await createDefaultRoles(server);
     });
 
-    server.expose('auditLogger', new SecurityAuditLogger(server.config(), new AuditLogger(server, 'security')));
+    const auditLogger = new SecurityAuditLogger(server.config(), new AuditLogger(server, 'security'));
+    server.expose('auditLogger', auditLogger);
 
     // Register a function that is called whenever the xpack info changes,
     // to re-compute the license check results for this plugin
@@ -120,11 +120,33 @@ export const security = (kibana) => new kibana.Plugin({
 
     if (config.get('xpack.security.rbac.enabled')) {
       const hasPrivilegesWithRequest = hasPrivilegesWithServer(server);
-      const savedObjectsClientProvider = server.getSavedObjectsClientProvider();
-      savedObjectsClientProvider.addClientOptionBuilder(options =>
-        secureSavedObjectsClientOptionsBuilder(server, hasPrivilegesWithRequest, options)
-      );
-      savedObjectsClientProvider.addClientWrapper(secureSavedObjectsClientWrapper);
+      const { savedObjects } = server;
+
+      savedObjects.setScopedSavedObjectsClientFactory(({
+        request,
+        index,
+        mappings,
+        onBeforeWrite
+      }) => {
+        const hasPrivileges = hasPrivilegesWithRequest(request);
+
+        const adminCluster = server.plugins.elasticsearch.getCluster('admin');
+        const { callWithInternalUser } = adminCluster;
+
+        const repository = new savedObjects.SavedObjectsRepository({
+          index,
+          mappings,
+          onBeforeWrite,
+          callCluster: callWithInternalUser
+        });
+
+        return new SecureSavedObjectsClient({
+          repository,
+          errors: savedObjects.SavedObjectsClient.errors,
+          hasPrivileges,
+          auditLogger,
+        });
+      });
     }
 
     getUserProvider(server);

diff --git a/x-pack/plugins/security/server/lib/saved_objects_client/saved_objects_client_wrapper.js b/x-pack/plugins/security/server/lib/saved_objects_client/saved_objects_client_wrapper.js
diff --git a/x-pack/plugins/security/server/lib/saved_objects_client/secure_options_builder.js b/x-pack/plugins/security/server/lib/saved_objects_client/secure_options_builder.js
diff --git a/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client.js b/x-pack/plugins/security/server/lib/saved_objects_client/secure_saved_objects_client.js
@@ -9,16 +9,15 @@ import { get, uniq } from 'lodash';
 export class SecureSavedObjectsClient {
   constructor(options) {
     const {
-      request,
-      hasPrivilegesWithRequest,
-      baseClient,
+      errors,
+      repository,
+      hasPrivileges,
       auditLogger,
     } = options;
 
-    this.errors = baseClient.errors;
-
-    this._client = baseClient;
-    this._hasPrivileges = hasPrivilegesWithRequest(request);
+    this.errors = errors;
+    this._repository = repository;
+    this._hasPrivileges = hasPrivileges;
     this._auditLogger = auditLogger;
   }
 
@@ -29,7 +28,7 @@ export class SecureSavedObjectsClient {
       options,
     });
 
-    return await this._client.create(type, attributes, options);
+    return await this._repository.create(type, attributes, options);
   }
 
   async bulkCreate(objects, options = {}) {
@@ -39,7 +38,7 @@ export class SecureSavedObjectsClient {
       options,
     });
 
-    return await this._client.bulkCreate(objects, options);
+    return await this._repository.bulkCreate(objects, options);
   }
 
   async delete(type, id) {
@@ -48,15 +47,15 @@ export class SecureSavedObjectsClient {
       id,
     });
 
-    return await this._client.delete(type, id);
+    return await this._repository.delete(type, id);
   }
 
   async find(options = {}) {
     await this._performAuthorizationCheck(options.type, 'find', {
       options,
     });
 
-    return await this._client.find(options);
+    return await this._repository.find(options);
   }
 
   async bulkGet(objects = []) {
@@ -65,7 +64,7 @@ export class SecureSavedObjectsClient {
       objects,
     });
 
-    return await this._client.bulkGet(objects);
+    return await this._repository.bulkGet(objects);
   }
 
   async get(type, id) {
@@ -74,7 +73,7 @@ export class SecureSavedObjectsClient {
       id,
     });
 
-    return await this._client.get(type, id);
+    return await this._repository.get(type, id);
   }
 
   async update(type, id, attributes, options = {}) {
@@ -85,7 +84,7 @@ export class SecureSavedObjectsClient {
       options,
     });
 
-    return await this._client.update(type, id, attributes, options);
+    return await this._repository.update(type, id, attributes, options);
   }
 
   async _performAuthorizationCheck(typeOrTypes, action, args) {
@@ -97,15 +96,15 @@ export class SecureSavedObjectsClient {
       result = await this._hasPrivileges(actions);
     } catch(error) {
       const { reason } = get(error, 'body.error', {});
-      throw this._client.errors.decorateGeneralError(error, reason);
+      throw this.errors.decorateGeneralError(error, reason);
     }
 
     if (result.success) {
       this._auditLogger.savedObjectsAuthorizationSuccess(result.username, action, types, args);
     } else {
       this._auditLogger.savedObjectsAuthorizationFailure(result.username, action, types, result.missing, args);
       const msg = `Unable to ${action} ${types.sort().join(',')}, missing ${result.missing.sort().join(',')}`;
-      throw this._client.errors.decorateForbiddenError(new Error(msg));
+      throw this.errors.decorateForbiddenError(new Error(msg));
     }
   }
 }