Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure to instantiate elasticsearchClient.asSecondaryAuthUser with fake request #192004

Closed
klacabane opened this issue Sep 3, 2024 · 1 comment · Fixed by #192394
Closed

Failure to instantiate elasticsearchClient.asSecondaryAuthUser with fake request #192004

klacabane opened this issue Sep 3, 2024 · 1 comment · Fixed by #192394
Labels
bug Fixes for quality problems that affect the customer experience core services Issues related to enabling features across Kibana to leverage core services across domains Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc

Comments

@klacabane
Copy link
Contributor

Calling client.asSecondaryAuthUser from a client scoped to a fake request returns the following error:
Error: asSecondaryAuthUser called from a client scoped to a request without 'authorization' header.

The issue appears to be in this ternary that extracts auth headers from the request. When provided a fake request, isRealRequest(request) will return true triggering the wrong branch, leading to empty headers while request.headers are set.

How to reproduce:

const fakeRequest = getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey });
const esClient = server.core.elasticsearch.client.asScoped(fakeRequest).asSecondaryAuthUser;
@klacabane klacabane added bug Fixes for quality problems that affect the customer experience core services Issues related to enabling features across Kibana to leverage core services across domains Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc labels Sep 3, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-core (Team:Core)

This was referenced Sep 3, 2024
Merged
Merged
klacabane added a commit that referenced this issue Sep 13, 2024
@klacabane
[eem] add entity definition state (#191933)
2f1d0cd 
~blocked by #192004

This change adds an `includeState: boolean` option to methods querying
entity definitions. When true this adds an `EntityDefinitionState`
object containing all the definition components and their state
(installed or not) and stats. Since this may only be used internally (eg
builtin definition installation process) and for troubleshooting,
`includeState` is false by default

#### Testing
- install a definition
- call `GET
kbn:/internal/entities/definition/<definition-id>?includeState=true`
- check and validate the definition `state` block
- manually remove transform/pipeline/template components
- check and validate the definition `state` block
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Sep 24, 2024
@klacabane
[core] get headers from fakeRequest in secondary user client (elastic…
86564cf 
…#192394)

## Summary

Closes elastic#192004

Calling `client.asSecondaryAuthUser` from a client scoped to a fake
request instantiated with `getKibanaFakeRequest` returns the following
error:
`Error: asSecondaryAuthUser called from a client scoped to a request
without 'authorization' header.`.

This is because we use the same branch when dealing with a real or fake
request and expect the headers to be cached. There are existing tests to
verify a fake request works but these requests are raw objects not
created through `getKibanaFakeRequest`

### Testing
This snippet does not throw
```
const fakeRequest = getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey });
const esClient = server.core.elasticsearch.client.asScoped(fakeRequest).asSecondaryAuthUser;
```

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit 0987f70)
kibanamachine referenced this issue Sep 24, 2024
@kibanamachine @klacabane
[8.x] [core] get headers from fakeRequest in secondary user client (#…
022813b 
…192394) (#193815)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[core] get headers from fakeRequest in secondary user client
(#192394)](#192394)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kevin
Lacabane","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-13T02:32:13Z","message":"[core]
get headers from fakeRequest in secondary user client (#192394)\n\n##
Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/192004\r\n\r\nCalling
`client.asSecondaryAuthUser` from a client scoped to a fake\r\nrequest
instantiated with `getKibanaFakeRequest` returns the
following\r\nerror:\r\n`Error: asSecondaryAuthUser called from a client
scoped to a request\r\nwithout 'authorization' header.`.\r\n\r\nThis is
because we use the same branch when dealing with a real or
fake\r\nrequest and expect the headers to be cached. There are existing
tests to\r\nverify a fake request works but these requests are raw
objects not\r\ncreated through `getKibanaFakeRequest`\r\n\r\n###
Testing\r\nThis snippet does not throw\r\n```\r\nconst fakeRequest =
getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey
});\r\nconst esClient =
server.core.elasticsearch.client.asScoped(fakeRequest).asSecondaryAuthUser;\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"0987f70112aeeef0ffa9b670d86a5b5f82d60454","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor"],"title":"[core]
get headers from fakeRequest in secondary user
client","number":192394,"url":"https://github.com/elastic/kibana/pull/192394","mergeCommit":{"message":"[core]
get headers from fakeRequest in secondary user client (#192394)\n\n##
Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/192004\r\n\r\nCalling
`client.asSecondaryAuthUser` from a client scoped to a fake\r\nrequest
instantiated with `getKibanaFakeRequest` returns the
following\r\nerror:\r\n`Error: asSecondaryAuthUser called from a client
scoped to a request\r\nwithout 'authorization' header.`.\r\n\r\nThis is
because we use the same branch when dealing with a real or
fake\r\nrequest and expect the headers to be cached. There are existing
tests to\r\nverify a fake request works but these requests are raw
objects not\r\ncreated through `getKibanaFakeRequest`\r\n\r\n###
Testing\r\nThis snippet does not throw\r\n```\r\nconst fakeRequest =
getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey
});\r\nconst esClient =
server.core.elasticsearch.client.asScoped(fakeRequest).asSecondaryAuthUser;\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"0987f70112aeeef0ffa9b670d86a5b5f82d60454"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192394","number":192394,"mergeCommit":{"message":"[core]
get headers from fakeRequest in secondary user client (#192394)\n\n##
Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/192004\r\n\r\nCalling
`client.asSecondaryAuthUser` from a client scoped to a fake\r\nrequest
instantiated with `getKibanaFakeRequest` returns the
following\r\nerror:\r\n`Error: asSecondaryAuthUser called from a client
scoped to a request\r\nwithout 'authorization' header.`.\r\n\r\nThis is
because we use the same branch when dealing with a real or
fake\r\nrequest and expect the headers to be cached. There are existing
tests to\r\nverify a fake request works but these requests are raw
objects not\r\ncreated through `getKibanaFakeRequest`\r\n\r\n###
Testing\r\nThis snippet does not throw\r\n```\r\nconst fakeRequest =
getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey
});\r\nconst esClient =
server.core.elasticsearch.client.asScoped(fakeRequest).asSecondaryAuthUser;\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"0987f70112aeeef0ffa9b670d86a5b5f82d60454"}}]}]
BACKPORT-->

Co-authored-by: Kevin Lacabane <[email protected]>
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Sep 24, 2024
@klacabane
[eem] add entity definition state (elastic#191933)
0f5fa88 
~blocked by elastic#192004

This change adds an `includeState: boolean` option to methods querying
entity definitions. When true this adds an `EntityDefinitionState`
object containing all the definition components and their state
(installed or not) and stats. Since this may only be used internally (eg
builtin definition installation process) and for troubleshooting,
`includeState` is false by default

#### Testing
- install a definition
- call `GET
kbn:/internal/entities/definition/<definition-id>?includeState=true`
- check and validate the definition `state` block
- manually remove transform/pipeline/template components
- check and validate the definition `state` block

(cherry picked from commit 2f1d0cd)
kibanamachine referenced this issue Sep 24, 2024
@kibanamachine @klacabane
[8.x] [eem] add entity definition state (#191933) (#193824)
0fa8eb3 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[eem] add entity definition state
(#191933)](#191933)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kevin
Lacabane","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-13T07:53:50Z","message":"[eem]
add entity definition state (#191933)\n\n~blocked by
https://github.com/elastic/kibana/issues/192004~\r\n\r\nThis change adds
an `includeState: boolean` option to methods querying\r\nentity
definitions. When true this adds an `EntityDefinitionState`\r\nobject
containing all the definition components and their state\r\n(installed
or not) and stats. Since this may only be used internally (eg\r\nbuiltin
definition installation process) and for
troubleshooting,\r\n`includeState` is false by default\r\n\r\n####
Testing\r\n- install a definition\r\n- call
`GET\r\nkbn:/internal/entities/definition/<definition-id>?includeState=true`\r\n-
check and validate the definition `state` block\r\n- manually remove
transform/pipeline/template components\r\n- check and validate the
definition `state`
block","sha":"2f1d0cd9b37a08bd91fc8ae8d6442cc93097f99c","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Feature:EEM","team:obs-entities"],"title":"[eem]
add entity definition
state","number":191933,"url":"https://github.com/elastic/kibana/pull/191933","mergeCommit":{"message":"[eem]
add entity definition state (#191933)\n\n~blocked by
https://github.com/elastic/kibana/issues/192004~\r\n\r\nThis change adds
an `includeState: boolean` option to methods querying\r\nentity
definitions. When true this adds an `EntityDefinitionState`\r\nobject
containing all the definition components and their state\r\n(installed
or not) and stats. Since this may only be used internally (eg\r\nbuiltin
definition installation process) and for
troubleshooting,\r\n`includeState` is false by default\r\n\r\n####
Testing\r\n- install a definition\r\n- call
`GET\r\nkbn:/internal/entities/definition/<definition-id>?includeState=true`\r\n-
check and validate the definition `state` block\r\n- manually remove
transform/pipeline/template components\r\n- check and validate the
definition `state`
block","sha":"2f1d0cd9b37a08bd91fc8ae8d6442cc93097f99c"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191933","number":191933,"mergeCommit":{"message":"[eem]
add entity definition state (#191933)\n\n~blocked by
https://github.com/elastic/kibana/issues/192004~\r\n\r\nThis change adds
an `includeState: boolean` option to methods querying\r\nentity
definitions. When true this adds an `EntityDefinitionState`\r\nobject
containing all the definition components and their state\r\n(installed
or not) and stats. Since this may only be used internally (eg\r\nbuiltin
definition installation process) and for
troubleshooting,\r\n`includeState` is false by default\r\n\r\n####
Testing\r\n- install a definition\r\n- call
`GET\r\nkbn:/internal/entities/definition/<definition-id>?includeState=true`\r\n-
check and validate the definition `state` block\r\n- manually remove
transform/pipeline/template components\r\n- check and validate the
definition `state`
block","sha":"2f1d0cd9b37a08bd91fc8ae8d6442cc93097f99c"}}]}] BACKPORT-->

Co-authored-by: Kevin Lacabane <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience core services Issues related to enabling features across Kibana to leverage core services across domains Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[core] get headers from fakeRequest in secondary user client klacabane/kibana
2 participants
@klacabane @elasticmachine