Allow getting system actions with a flag

elastic · Jul 20, 2023 · 8b24cc6 · 8b24cc6
1 parent 8f84dee
commit 8b24cc6
Show file tree

Hide file tree

Showing 2 changed files with 174 additions and 8 deletions.
diff --git a/x-pack/plugins/actions/server/actions_client.test.ts b/x-pack/plugins/actions/server/actions_client.test.ts
@@ -1164,7 +1164,7 @@ describe('get()', () => {
     expect(unsecuredSavedObjectsClient.get).not.toHaveBeenCalled();
   });
 
-  it('throws when getting a system action', async () => {
+  it('throws when getting a system action by default', async () => {
     actionsClient = new ActionsClient({
       logger,
       actionTypeRegistry,
@@ -1198,6 +1198,48 @@ describe('get()', () => {
       actionsClient.get({ id: 'system-connector-.cases' })
     ).rejects.toThrowErrorMatchingInlineSnapshot(`"Connector system-connector-.cases not found"`);
   });
+
+  it('does not throw when getting a system action if throwIfSystemAction=false', async () => {
+    actionsClient = new ActionsClient({
+      logger,
+      actionTypeRegistry,
+      unsecuredSavedObjectsClient,
+      scopedClusterClient,
+      kibanaIndices,
+      actionExecutor,
+      executionEnqueuer,
+      ephemeralExecutionEnqueuer,
+      bulkExecutionEnqueuer,
+      request,
+      authorization: authorization as unknown as ActionsAuthorization,
+      inMemoryConnectors: [
+        {
+          id: 'system-connector-.cases',
+          actionTypeId: '.cases',
+          name: 'System action: .cases',
+          config: {},
+          secrets: {},
+          isDeprecated: false,
+          isMissingSecrets: false,
+          isPreconfigured: false,
+          isSystemAction: true,
+        },
+      ],
+      connectorTokenClient: connectorTokenClientMock.create(),
+      getEventLogClient,
+    });
+
+    expect(
+      await actionsClient.get({ id: 'system-connector-.cases', throwIfSystemAction: false })
+    ).toEqual({
+      actionTypeId: '.cases',
+      id: 'system-connector-.cases',
+      isDeprecated: false,
+      isPreconfigured: false,
+      isSystemAction: true,
+      name: 'System action: .cases',
+    });
+  });
 });
 
 describe('getAll()', () => {
@@ -1794,7 +1836,7 @@ describe('getBulk()', () => {
     ]);
   });
 
-  test('should throw an error if a system action is requested', async () => {
+  test('should throw an error if a system action is requested by default', async () => {
     unsecuredSavedObjectsClient.bulkGet.mockResolvedValueOnce({
       saved_objects: [
         {
@@ -1868,6 +1910,113 @@ describe('getBulk()', () => {
       actionsClient.getBulk(['1', 'testPreconfigured', 'system-connector-.cases'])
     ).rejects.toThrowErrorMatchingInlineSnapshot(`"Connector system-connector-.cases not found"`);
   });
+
+  test('should throw an error if a system action is requested', async () => {
+    unsecuredSavedObjectsClient.bulkGet.mockResolvedValueOnce({
+      saved_objects: [
+        {
+          id: '1',
+          type: 'action',
+          attributes: {
+            actionTypeId: 'test',
+            name: 'test',
+            config: {
+              foo: 'bar',
+            },
+            isMissingSecrets: false,
+          },
+          references: [],
+        },
+      ],
+    });
+    scopedClusterClient.asInternalUser.search.mockResponse(
+      // @ts-expect-error not full search response
+      {
+        aggregations: {
+          '1': { doc_count: 6 },
+          testPreconfigured: { doc_count: 2 },
+          'system-connector-.cases': { doc_count: 2 },
+        },
+      }
+    );
+
+    actionsClient = new ActionsClient({
+      logger,
+      actionTypeRegistry,
+      unsecuredSavedObjectsClient,
+      scopedClusterClient,
+      kibanaIndices,
+      actionExecutor,
+      executionEnqueuer,
+      ephemeralExecutionEnqueuer,
+      bulkExecutionEnqueuer,
+      request,
+      authorization: authorization as unknown as ActionsAuthorization,
+      inMemoryConnectors: [
+        {
+          id: 'testPreconfigured',
+          actionTypeId: '.slack',
+          secrets: {},
+          isPreconfigured: true,
+          isDeprecated: false,
+          isSystemAction: false,
+          name: 'test',
+          config: {
+            foo: 'bar',
+          },
+        },
+        {
+          id: 'system-connector-.cases',
+          actionTypeId: '.cases',
+          name: 'System action: .cases',
+          config: {},
+          secrets: {},
+          isDeprecated: false,
+          isMissingSecrets: false,
+          isPreconfigured: false,
+          isSystemAction: true,
+        },
+      ],
+      connectorTokenClient: connectorTokenClientMock.create(),
+      getEventLogClient,
+    });
+
+    expect(
+      await actionsClient.getBulk(['1', 'testPreconfigured', 'system-connector-.cases'], false)
+    ).toEqual([
+      {
+        actionTypeId: '.slack',
+        config: { foo: 'bar' },
+        id: 'testPreconfigured',
+        isDeprecated: false,
+        isPreconfigured: true,
+        isSystemAction: false,
+        name: 'test',
+        secrets: {},
+      },
+      {
+        actionTypeId: '.cases',
+        config: {},
+        id: 'system-connector-.cases',
+        isDeprecated: false,
+        isMissingSecrets: false,
+        isPreconfigured: false,
+        isSystemAction: true,
+        name: 'System action: .cases',
+        secrets: {},
+      },
+      {
+        actionTypeId: 'test',
+        config: { foo: 'bar' },
+        id: '1',
+        isDeprecated: false,
+        isMissingSecrets: false,
+        isPreconfigured: false,
+        isSystemAction: false,
+        name: 'test',
+      },
+    ]);
+  });
 });
 
 describe('getOAuthAccessToken()', () => {

diff --git a/x-pack/plugins/actions/server/actions_client.ts b/x-pack/plugins/actions/server/actions_client.ts
@@ -403,7 +403,13 @@ export class ActionsClient {
   /**
    * Get an action
    */
-  public async get({ id }: { id: string }): Promise<ActionResult> {
+  public async get({
+    id,
+    throwIfSystemAction = true,
+  }: {
+    id: string;
+    throwIfSystemAction?: boolean;
+  }): Promise<ActionResult> {
     try {
       await this.authorization.ensureAuthorized({ operation: 'get' });
     } catch (error) {
@@ -421,12 +427,18 @@ export class ActionsClient {
 
     /**
      * Getting system connector is not allowed
+     * if throwIfSystemAction is set to true.
+     * Default behavior is to throw
      */
-    if (foundInMemoryConnector !== undefined && foundInMemoryConnector.isSystemAction) {
+    if (
+      foundInMemoryConnector !== undefined &&
+      foundInMemoryConnector.isSystemAction &&
+      throwIfSystemAction
+    ) {
       throw Boom.notFound(`Connector ${id} not found`);
     }
 
-    if (foundInMemoryConnector !== undefined && foundInMemoryConnector.isPreconfigured) {
+    if (foundInMemoryConnector !== undefined) {
       this.auditLogger?.log(
         connectorAuditEvent({
           action: ConnectorAuditAction.GET,
@@ -522,7 +534,10 @@ export class ActionsClient {
   /**
    * Get bulk actions with in-memory list
    */
-  public async getBulk(ids: string[]): Promise<ActionResult[]> {
+  public async getBulk(
+    ids: string[],
+    throwIfSystemAction: boolean = true
+  ): Promise<ActionResult[]> {
     try {
       await this.authorization.ensureAuthorized({ operation: 'get' });
     } catch (error) {
@@ -547,12 +562,14 @@ export class ActionsClient {
 
       /**
        * Getting system connector is not allowed
+       * if throwIfSystemAction is set to true.
+       * Default behavior is to throw
        */
-      if (action !== undefined && action.isSystemAction) {
+      if (action !== undefined && action.isSystemAction && throwIfSystemAction) {
         throw Boom.notFound(`Connector ${action.id} not found`);
       }
 
-      if (action !== undefined && action.isPreconfigured) {
+      if (action !== undefined) {
         actionResults.push(action);
       }
     }