-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add deprecation warning when inline scripting is disabled (#111865)
* initial implementation * extract isScriptingDisabled to own file * add unit tests for scripting deprecation * add unit tests
- Loading branch information
1 parent
33cfc41
commit 200efca
Showing
11 changed files
with
406 additions
and
13 deletions.
There are no files selected for viewing
18 changes: 18 additions & 0 deletions
18
src/core/server/elasticsearch/deprecations/deprecation_provider.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import type { RegisterDeprecationsConfig } from '../../deprecations'; | ||
import { getScriptingDisabledDeprecations } from './scripting_disabled_deprecation'; | ||
|
||
export const getElasticsearchDeprecationsProvider = (): RegisterDeprecationsConfig => { | ||
return { | ||
getDeprecations: async (context) => { | ||
return [...(await getScriptingDisabledDeprecations({ esClient: context.esClient }))]; | ||
}, | ||
}; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
export { getElasticsearchDeprecationsProvider } from './deprecation_provider'; |
99 changes: 99 additions & 0 deletions
99
src/core/server/elasticsearch/deprecations/is_scripting_disabled.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import { estypes } from '@elastic/elasticsearch'; | ||
import { elasticsearchServiceMock } from '../../elasticsearch/elasticsearch_service.mock'; | ||
import { isInlineScriptingDisabled } from './is_scripting_disabled'; | ||
|
||
describe('isInlineScriptingDisabled', () => { | ||
let client: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>; | ||
|
||
beforeEach(() => { | ||
client = elasticsearchServiceMock.createElasticsearchClient(); | ||
}); | ||
|
||
const mockSettingsValue = (settings: estypes.ClusterGetSettingsResponse) => { | ||
client.cluster.getSettings.mockReturnValue( | ||
elasticsearchServiceMock.createSuccessTransportRequestPromise(settings) | ||
); | ||
}; | ||
|
||
it('returns `false` if all settings are empty', async () => { | ||
mockSettingsValue({ | ||
transient: {}, | ||
persistent: {}, | ||
defaults: {}, | ||
}); | ||
|
||
expect(await isInlineScriptingDisabled({ client })).toEqual(false); | ||
}); | ||
|
||
it('returns `false` if `defaults.script.allowed_types` is `inline`', async () => { | ||
mockSettingsValue({ | ||
transient: {}, | ||
persistent: {}, | ||
defaults: { | ||
'script.allowed_types': ['inline'], | ||
}, | ||
}); | ||
|
||
expect(await isInlineScriptingDisabled({ client })).toEqual(false); | ||
}); | ||
|
||
it('returns `true` if `defaults.script.allowed_types` is `none`', async () => { | ||
mockSettingsValue({ | ||
transient: {}, | ||
persistent: {}, | ||
defaults: { | ||
'script.allowed_types': ['none'], | ||
}, | ||
}); | ||
|
||
expect(await isInlineScriptingDisabled({ client })).toEqual(true); | ||
}); | ||
|
||
it('returns `true` if `defaults.script.allowed_types` is `stored`', async () => { | ||
mockSettingsValue({ | ||
transient: {}, | ||
persistent: {}, | ||
defaults: { | ||
'script.allowed_types': ['stored'], | ||
}, | ||
}); | ||
|
||
expect(await isInlineScriptingDisabled({ client })).toEqual(true); | ||
}); | ||
|
||
it('respect the persistent->defaults priority', async () => { | ||
mockSettingsValue({ | ||
transient: {}, | ||
persistent: { | ||
'script.allowed_types': ['inline'], | ||
}, | ||
defaults: { | ||
'script.allowed_types': ['stored'], | ||
}, | ||
}); | ||
|
||
expect(await isInlineScriptingDisabled({ client })).toEqual(false); | ||
}); | ||
|
||
it('respect the transient->persistent priority', async () => { | ||
mockSettingsValue({ | ||
transient: { | ||
'script.allowed_types': ['stored'], | ||
}, | ||
persistent: { | ||
'script.allowed_types': ['inline'], | ||
}, | ||
defaults: {}, | ||
}); | ||
|
||
expect(await isInlineScriptingDisabled({ client })).toEqual(true); | ||
}); | ||
}); |
34 changes: 34 additions & 0 deletions
34
src/core/server/elasticsearch/deprecations/is_scripting_disabled.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import { ElasticsearchClient } from '../../elasticsearch'; | ||
|
||
const scriptAllowedTypesKey = 'script.allowed_types'; | ||
|
||
export const isInlineScriptingDisabled = async ({ | ||
client, | ||
}: { | ||
client: ElasticsearchClient; | ||
}): Promise<boolean> => { | ||
const { body: settings } = await client.cluster.getSettings({ | ||
include_defaults: true, | ||
flat_settings: true, | ||
}); | ||
|
||
// priority: transient -> persistent -> default | ||
const scriptAllowedTypes: string[] = | ||
settings.transient[scriptAllowedTypesKey] ?? | ||
settings.persistent[scriptAllowedTypesKey] ?? | ||
settings.defaults![scriptAllowedTypesKey] ?? | ||
[]; | ||
|
||
// when unspecified, the setting as a default `[]` value that means that both scriptings are allowed. | ||
const scriptAllowed = scriptAllowedTypes.length === 0 || scriptAllowedTypes.includes('inline'); | ||
|
||
return !scriptAllowed; | ||
}; |
12 changes: 12 additions & 0 deletions
12
src/core/server/elasticsearch/deprecations/scripting_disabled_deprecation.test.mocks.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
export const isInlineScriptingDisabledMock = jest.fn(); | ||
jest.doMock('./is_scripting_disabled', () => ({ | ||
isInlineScriptingDisabled: isInlineScriptingDisabledMock, | ||
})); |
63 changes: 63 additions & 0 deletions
63
src/core/server/elasticsearch/deprecations/scripting_disabled_deprecation.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import { isInlineScriptingDisabledMock } from './scripting_disabled_deprecation.test.mocks'; | ||
import { elasticsearchServiceMock } from '../../elasticsearch/elasticsearch_service.mock'; | ||
import { getScriptingDisabledDeprecations } from './scripting_disabled_deprecation'; | ||
|
||
describe('getScriptingDisabledDeprecations', () => { | ||
let esClient: ReturnType<typeof elasticsearchServiceMock.createScopedClusterClient>; | ||
|
||
beforeEach(() => { | ||
esClient = elasticsearchServiceMock.createScopedClusterClient(); | ||
}); | ||
|
||
afterEach(() => { | ||
isInlineScriptingDisabledMock.mockReset(); | ||
}); | ||
|
||
it('calls `isInlineScriptingDisabled` with the correct arguments', async () => { | ||
await getScriptingDisabledDeprecations({ | ||
esClient, | ||
}); | ||
|
||
expect(isInlineScriptingDisabledMock).toHaveBeenCalledTimes(1); | ||
expect(isInlineScriptingDisabledMock).toHaveBeenCalledWith({ | ||
client: esClient.asInternalUser, | ||
}); | ||
}); | ||
|
||
it('returns no deprecations if scripting is not disabled', async () => { | ||
isInlineScriptingDisabledMock.mockResolvedValue(false); | ||
|
||
const deprecations = await getScriptingDisabledDeprecations({ | ||
esClient, | ||
}); | ||
|
||
expect(deprecations).toHaveLength(0); | ||
}); | ||
|
||
it('returns a deprecation if scripting is disabled', async () => { | ||
isInlineScriptingDisabledMock.mockResolvedValue(true); | ||
|
||
const deprecations = await getScriptingDisabledDeprecations({ | ||
esClient, | ||
}); | ||
|
||
expect(deprecations).toHaveLength(1); | ||
expect(deprecations[0]).toEqual({ | ||
title: expect.any(String), | ||
message: expect.any(String), | ||
level: 'critical', | ||
requireRestart: false, | ||
correctiveActions: { | ||
manualSteps: expect.any(Array), | ||
}, | ||
}); | ||
}); | ||
}); |
44 changes: 44 additions & 0 deletions
44
src/core/server/elasticsearch/deprecations/scripting_disabled_deprecation.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import { i18n } from '@kbn/i18n'; | ||
import type { DeprecationsDetails } from '../../deprecations'; | ||
import { IScopedClusterClient } from '../../elasticsearch'; | ||
import { isInlineScriptingDisabled } from './is_scripting_disabled'; | ||
|
||
interface GetScriptingDisabledDeprecations { | ||
esClient: IScopedClusterClient; | ||
} | ||
|
||
export const getScriptingDisabledDeprecations = async ({ | ||
esClient, | ||
}: GetScriptingDisabledDeprecations): Promise<DeprecationsDetails[]> => { | ||
const deprecations: DeprecationsDetails[] = []; | ||
if (await isInlineScriptingDisabled({ client: esClient.asInternalUser })) { | ||
deprecations.push({ | ||
title: i18n.translate('core.elasticsearch.deprecations.scriptingDisabled.title', { | ||
defaultMessage: 'Inline scripting is disabled on elasticsearch', | ||
}), | ||
message: i18n.translate('core.elasticsearch.deprecations.scriptingDisabled.message', { | ||
defaultMessage: | ||
'Starting in 8.0, Kibana will require inline scripting to be enabled,' + | ||
'and will fail to start otherwise.', | ||
}), | ||
level: 'critical', | ||
requireRestart: false, | ||
correctiveActions: { | ||
manualSteps: [ | ||
i18n.translate('core.elasticsearch.deprecations.scriptingDisabled.manualSteps.1', { | ||
defaultMessage: 'Set `script.allowed_types=inline` in your elasticsearch config ', | ||
}), | ||
], | ||
}, | ||
}); | ||
} | ||
return deprecations; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.