diff --git a/x-pack/plugins/reporting/common/constants.ts b/x-pack/plugins/reporting/common/constants.ts index c95c837c4959f..c9a763fae52fe 100644 --- a/x-pack/plugins/reporting/common/constants.ts +++ b/x-pack/plugins/reporting/common/constants.ts @@ -92,7 +92,6 @@ export const API_LIST_URL = `${API_BASE_URL}/jobs`; export const API_DIAGNOSE_URL = `${API_BASE_URL}/diagnose`; export const API_GET_ILM_POLICY_STATUS = `${API_BASE_URL}/ilm_policy_status`; -export const API_CREATE_ILM_POLICY_URL = `${API_BASE_URL}/ilm_policy`; export const API_MIGRATE_ILM_POLICY_URL = `${API_BASE_URL}/deprecations/migrate_ilm_policy`; export const ILM_POLICY_NAME = 'kibana-reporting'; diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts index a58612dd34ecf..fd49e2b237217 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts @@ -16,7 +16,9 @@ export default function ({ getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); const es = getService('es'); const supertest = getService('supertest'); + const supertestWithoutAuth = getService('supertestWithoutAuth'); const reportingAPI = getService('reportingAPI'); + const security = getService('security'); describe('ILM policy migration APIs', () => { before(async () => { @@ -111,5 +113,32 @@ export default function ({ getService }: FtrProviderContext) { expect(policy).to.eql(customLifecycle.policy); }); + + it('is not available to unauthorized users', async () => { + const UNAUTHZD_TEST_USERNAME = 'UNAUTHZD_TEST_USERNAME'; + const UNAUTHZD_TEST_USER_PASSWORD = 'UNAUTHZD_TEST_USER_PASSWORD'; + + await security.user.create(UNAUTHZD_TEST_USERNAME, { + password: UNAUTHZD_TEST_USER_PASSWORD, + roles: [], + full_name: 'an unauthzd user', + }); + + try { + await supertestWithoutAuth + .put(reportingAPI.routes.API_MIGRATE_ILM_POLICY_URL) + .auth(UNAUTHZD_TEST_USERNAME, UNAUTHZD_TEST_USER_PASSWORD) + .set('kbn-xsrf', 'xxx') + .expect(404); + + await supertestWithoutAuth + .get(reportingAPI.routes.API_GET_ILM_POLICY_STATUS) + .auth(UNAUTHZD_TEST_USERNAME, UNAUTHZD_TEST_USER_PASSWORD) + .set('kbn-xsrf', 'xxx') + .expect(404); + } finally { + await security.user.delete(UNAUTHZD_TEST_USERNAME); + } + }); }); } diff --git a/x-pack/test/reporting_api_integration/services/scenarios.ts b/x-pack/test/reporting_api_integration/services/scenarios.ts index f94bcd895da53..917ab3e978222 100644 --- a/x-pack/test/reporting_api_integration/services/scenarios.ts +++ b/x-pack/test/reporting_api_integration/services/scenarios.ts @@ -6,6 +6,10 @@ */ import rison, { RisonValue } from 'rison-node'; +import { + API_GET_ILM_POLICY_STATUS, + API_MIGRATE_ILM_POLICY_URL, +} from '../../../plugins/reporting/common/constants'; import { JobParamsCSV } from '../../../plugins/reporting/server/export_types/csv_searchsource/types'; import { JobParamsDownloadCSV } from '../../../plugins/reporting/server/export_types/csv_searchsource_immediate/types'; import { JobParamsPNG } from '../../../plugins/reporting/server/export_types/png/types'; @@ -167,7 +171,7 @@ export function createScenarios({ getService }: Pick { log.debug('ReportingAPI.checkIlmMigrationStatus'); const { body } = await supertest - .get('/api/reporting/ilm_policy_status') + .get(API_GET_ILM_POLICY_STATUS) .set('kbn-xsrf', 'xxx') .expect(200); return body.status; @@ -175,10 +179,7 @@ export function createScenarios({ getService }: Pick { log.debug('ReportingAPI.migrateReportingIndices'); - await supertest - .put('/api/reporting/deprecations/migrate_ilm_policy') - .set('kbn-xsrf', 'xxx') - .expect(200); + await supertest.put(API_MIGRATE_ILM_POLICY_URL).set('kbn-xsrf', 'xxx').expect(200); }; const makeAllReportingIndicesUnmanaged = async () => { @@ -201,6 +202,10 @@ export function createScenarios({ getService }: Pick