add license check

elastic · Aug 25, 2020 · 707ab34 · 707ab34
1 parent 0bfd19a
commit 707ab34
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 2 deletions.
diff --git a/x-pack/plugins/audit_trail/server/plugin.test.ts b/x-pack/plugins/audit_trail/server/plugin.test.ts
@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { BehaviorSubject } from 'rxjs';
 import { first } from 'rxjs/operators';
 import { AuditTrailPlugin } from './plugin';
 import { coreMock } from '../../../../src/core/server/mocks';
@@ -26,6 +27,18 @@ describe('AuditTrail plugin', () => {
       pluginInitContextMock = coreMock.createPluginInitializerContext();
       plugin = new AuditTrailPlugin(pluginInitContextMock);
       coreSetup = coreMock.createSetup();
+      deps.security.license.features$ = new BehaviorSubject({
+        showLogin: true,
+        allowLogin: true,
+        showLinks: true,
+        showRoleMappingsManagement: true,
+        allowAccessAgreement: true,
+        allowAuditLogging: true,
+        allowRoleDocumentLevelSecurity: true,
+        allowRoleFieldLevelSecurity: true,
+        allowRbac: true,
+        allowSubFeaturePrivileges: true,
+      });
     });
 
     afterEach(async () => {
@@ -39,6 +52,40 @@ describe('AuditTrail plugin', () => {
       expect(coreSetup.auditTrail.register).toHaveBeenCalledTimes(1);
     });
 
+    it('logs to audit trail if license allows', async () => {
+      pluginInitContextMock = coreMock.createPluginInitializerContext();
+      plugin = new AuditTrailPlugin(pluginInitContextMock);
+
+      const subscribeMock = jest.spyOn((plugin as any).event$, 'subscribe');
+
+      plugin.setup(coreSetup, deps);
+
+      expect(subscribeMock).toHaveBeenCalled();
+    });
+
+    it('does not log to audit trail if license does not allow', async () => {
+      pluginInitContextMock = coreMock.createPluginInitializerContext();
+      plugin = new AuditTrailPlugin(pluginInitContextMock);
+
+      const subscribeMock = jest.spyOn((plugin as any).event$, 'subscribe');
+
+      deps.security.license.features$ = new BehaviorSubject({
+        showLogin: true,
+        allowLogin: true,
+        showLinks: true,
+        showRoleMappingsManagement: true,
+        allowAccessAgreement: true,
+        allowAuditLogging: false,
+        allowRoleDocumentLevelSecurity: true,
+        allowRoleFieldLevelSecurity: true,
+        allowRbac: true,
+        allowSubFeaturePrivileges: true,
+      });
+
+      plugin.setup(coreSetup, deps);
+      expect(subscribeMock).not.toHaveBeenCalled();
+    });
+
     describe('logger', () => {
       it('registers a custom logger', async () => {
         pluginInitContextMock = coreMock.createPluginInitializerContext();

diff --git a/x-pack/plugins/audit_trail/server/plugin.ts b/x-pack/plugins/audit_trail/server/plugin.ts
@@ -4,7 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { Observable, Subject } from 'rxjs';
+import { Observable, Subject, Subscription } from 'rxjs';
 import { map } from 'rxjs/operators';
 import {
   AppenderConfigType,
@@ -50,7 +50,19 @@ export class AuditTrailPlugin implements Plugin {
       getSpaceId: deps.spaces?.spacesService.getSpaceId,
     };
 
-    this.event$.subscribe(({ message, ...other }) => this.logger.debug(message, other));
+    if (deps.security) {
+      let subscription: Subscription;
+      deps.security.license.features$.subscribe(({ allowAuditLogging }) => {
+        if (subscription && !subscription.closed) {
+          subscription.unsubscribe();
+        }
+        if (allowAuditLogging) {
+          subscription = this.event$
+            .asObservable()
+            .subscribe(({ message, ...other }) => this.logger.debug(message, other));
+        }
+      });
+    }
 
     core.auditTrail.register({
       asScoped: (request: KibanaRequest) => {