[stats] fix error when requesting extended stats by unauth users (#16…

…0520) ## Summary Fix #160385 Use the internal client instead of the scoped one for the extended stats ES requests to avoid an error with unauthenticated users (when anonymous access is allowed) --------- Co-authored-by: Kibana Machine <[email protected]>
elastic · Jun 27, 2023 · 7fb8f6b · 7fb8f6b
1 parent 3d05f74
commit 7fb8f6b
Show file tree

Hide file tree

Showing 6 changed files with 85 additions and 5 deletions.
diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml
@@ -196,6 +196,7 @@ enabled:
   - x-pack/test/api_integration/apis/security/config.ts
   - x-pack/test/api_integration/apis/security_solution/config.ts
   - x-pack/test/api_integration/apis/spaces/config.ts
+  - x-pack/test/api_integration/apis/stats/config.ts
   - x-pack/test/api_integration/apis/status/config.ts
   - x-pack/test/api_integration/apis/synthetics/config.ts
   - x-pack/test/api_integration/apis/telemetry/config.ts

diff --git a/src/plugins/usage_collection/server/routes/stats/stats.ts b/src/plugins/usage_collection/server/routes/stats/stats.ts
@@ -72,13 +72,13 @@ export function registerStatsRoute({
       const isExtended = requestQuery.extended === '' || requestQuery.extended;
       const isLegacy = requestQuery.legacy === '' || requestQuery.legacy;
 
-      let extended;
+      let extended = {};
       if (isExtended) {
         const core = await context.core;
-        const { asCurrentUser } = core.elasticsearch.client;
+        const { asInternalUser } = core.elasticsearch.client;
         // as of https://github.com/elastic/kibana/pull/151082, usage will always be an empty object.
 
-        const clusterUuid = await getClusterUuid(asCurrentUser);
+        const clusterUuid = await getClusterUuid(asInternalUser);
         const extendedClusterUuid = isLegacy ? { clusterUuid } : { cluster_uuid: clusterUuid };
         extended = {
           usage: {},

diff --git a/x-pack/test/api_integration/apis/kibana/stats/stats.js b/x-pack/test/api_integration/apis/kibana/stats/stats.js
@@ -30,8 +30,9 @@ export default function ({ getService }) {
           expect(isUUID(body.kibana.uuid)).to.be.ok();
         });
 
-        it('should return 401 for extended', async () => {
-          await supertestNoAuth.get('/api/stats?extended').auth(null, null).expect(401);
+        it('should return 200 for extended', async () => {
+          const { body } = await supertestNoAuth.get('/api/stats').expect(200);
+          expect(isUUID(body.kibana.uuid)).to.be.ok();
         });
       });
 

diff --git a/x-pack/test/api_integration/apis/stats/config.ts b/x-pack/test/api_integration/apis/stats/config.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const baseIntegrationTestsConfig = await readConfigFile(require.resolve('../../config.ts'));
+
+  return {
+    ...baseIntegrationTestsConfig.getAll(),
+    kbnTestServer: {
+      ...baseIntegrationTestsConfig.get('kbnTestServer'),
+      serverArgs: [
+        ...baseIntegrationTestsConfig.get('kbnTestServer.serverArgs'),
+        '--status.allowAnonymous=true',
+      ],
+    },
+    testFiles: [require.resolve('.')],
+  };
+}
diff --git a/x-pack/test/api_integration/apis/stats/index.ts b/x-pack/test/api_integration/apis/stats/index.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('Stats API', () => {
+    loadTestFile(require.resolve('./stats'));
+  });
+}
diff --git a/x-pack/test/api_integration/apis/stats/stats.ts b/x-pack/test/api_integration/apis/stats/stats.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ getService }: FtrProviderContext) {
+  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+
+  describe('GET /api/stats', () => {
+    describe('When status.allowAnonymous is true', () => {
+      describe('when requesting extended stats', () => {
+        it('returns extended stats payload for authenticated requests', async () => {
+          const { body } = await supertest
+            .get('/api/stats?extended=true')
+            .set('kbn-xsrf', 'kibana')
+            .expect(200);
+
+          expect(body.cluster_uuid).to.be.a('string');
+          expect(body.usage).to.be.an('object');
+        });
+        it('returns extended stats payload for unauthenticated requests', async () => {
+          const { body } = await supertestWithoutAuth
+            .get('/api/stats?extended=true')
+            .set('kbn-xsrf', 'kibana')
+            .expect(200);
+
+          expect(body.cluster_uuid).to.be.a('string');
+          expect(body.usage).to.be.an('object');
+        });
+      });
+    });
+  });
+}