[Alerting] Alerting authorization should always exempt alerts consu…

…mer (#108220) * Reverting changes to genericize exempt consumer id * Adding unit test for find auth filter when user has no privileges
elastic · Aug 11, 2021 · d07f0e6 · d07f0e6
1 parent c0baf83
commit d07f0e6
Show file tree

Hide file tree

Showing 6 changed files with 87 additions and 302 deletions.
diff --git a/x-pack/plugins/alerting/server/alerting_authorization_client_factory.test.ts b/x-pack/plugins/alerting/server/alerting_authorization_client_factory.test.ts
@@ -75,35 +75,6 @@ test('creates an alerting authorization client with proper constructor arguments
     auditLogger: expect.any(AlertingAuthorizationAuditLogger),
     getSpace: expect.any(Function),
     getSpaceId: expect.any(Function),
-    exemptConsumerIds: [],
-  });
-
-  expect(AlertingAuthorizationAuditLogger).toHaveBeenCalled();
-  expect(securityPluginSetup.audit.getLogger).toHaveBeenCalledWith(ALERTS_FEATURE_ID);
-});
-
-test('creates an alerting authorization client with proper constructor arguments when exemptConsumerIds are specified', async () => {
-  const factory = new AlertingAuthorizationClientFactory();
-  factory.initialize({
-    securityPluginSetup,
-    securityPluginStart,
-    ...alertingAuthorizationClientFactoryParams,
-  });
-  const request = KibanaRequest.from(fakeRequest);
-  const { AlertingAuthorizationAuditLogger } = jest.requireMock('./authorization/audit_logger');
-
-  factory.create(request, ['exemptConsumerA', 'exemptConsumerB']);
-
-  const { AlertingAuthorization } = jest.requireMock('./authorization/alerting_authorization');
-  expect(AlertingAuthorization).toHaveBeenCalledWith({
-    request,
-    authorization: securityPluginStart.authz,
-    ruleTypeRegistry: alertingAuthorizationClientFactoryParams.ruleTypeRegistry,
-    features: alertingAuthorizationClientFactoryParams.features,
-    auditLogger: expect.any(AlertingAuthorizationAuditLogger),
-    getSpace: expect.any(Function),
-    getSpaceId: expect.any(Function),
-    exemptConsumerIds: ['exemptConsumerA', 'exemptConsumerB'],
   });
 
   expect(AlertingAuthorizationAuditLogger).toHaveBeenCalled();
@@ -126,7 +97,6 @@ test('creates an alerting authorization client with proper constructor arguments
     auditLogger: expect.any(AlertingAuthorizationAuditLogger),
     getSpace: expect.any(Function),
     getSpaceId: expect.any(Function),
-    exemptConsumerIds: [],
   });
 
   expect(AlertingAuthorizationAuditLogger).toHaveBeenCalled();

diff --git a/x-pack/plugins/alerting/server/alerting_authorization_client_factory.ts b/x-pack/plugins/alerting/server/alerting_authorization_client_factory.ts
@@ -45,7 +45,7 @@ export class AlertingAuthorizationClientFactory {
     this.getSpaceId = options.getSpaceId;
   }
 
-  public create(request: KibanaRequest, exemptConsumerIds: string[] = []): AlertingAuthorization {
+  public create(request: KibanaRequest): AlertingAuthorization {
     const { securityPluginSetup, securityPluginStart, features } = this;
     return new AlertingAuthorization({
       authorization: securityPluginStart?.authz,
@@ -57,7 +57,6 @@ export class AlertingAuthorizationClientFactory {
       auditLogger: new AlertingAuthorizationAuditLogger(
         securityPluginSetup?.audit.getLogger(ALERTS_FEATURE_ID)
       ),
-      exemptConsumerIds,
     });
   }
 }