Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to disable the edition of configuration through API endpoints and UI #6607

Merged
merged 13 commits into from
May 3, 2024
Merged

Add ability to disable the edition of configuration through API endpoints and UI #6607

merged 13 commits into from
May 3, 2024

Conversation

Desvelao
Copy link
Member

@Desvelao Desvelao commented Apr 19, 2024
edited
Loading

Description

This pull request add the ability to enable or disable the edition of configuration through API endpoints and UI.

Changes

  • Add new setting configuration.ui_api_editable to manage if the configuration settings can be edited from API endpoints and UI.
    • Disable API endpoints related to update the configuration
    • Hide Configuration
    • Hide Remember server address button on deploy new agent guide
    • Hide Settings button on Statistics app
  • Add API controllers decorator related to update the settings and protect the related routes
  • Create compose utility to compose decorators of API endpoints
  • Change the sign of routeDecoratorProtectedAdministrator
  • Add tests related to the API endpoint controllers decorators
  • Remove repeated message when there is an error updating the configuration from App Settings
  • Refactor Settings components
    • Remove unused code
    • Minor enhancements
  • Remove pluginAppName prop of About component. This is managed by the component now.
  • Fix race condition of current app ID and the render of views

Issues Resolved

#6557

Evidence

image
image
image

Test

ability-configuration-editable

Legend:
⚫: none
🟢: pass
🟡: warning
🔴: fail
⚪: not applicable

UI

Test Chrome Firefox Safari
With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should be visible. Update the configuration should work.
With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should not be visible.

Details

⚫ With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should be visible. Update the configuration should work.

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

⚫ With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should not be visible.

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

Check List

  • All tests pass
    • yarn test:jest
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@Desvelao
feat(configuration): add ability to disable the edition of configurat…
b6b1837 
…ion from API endpoints

- Add ability to disable the edition of configuration from API endpoints
 - Add plugin setting to manage this ability
 - Add route controlle decorator
 - Protect the related API route controllers to updating the configuration
- Changed the sign of routeDecoratorProtectedAdministrator
 - Adapted its usage on the API endpoints
- Create compose utility to compose functions
- Add test related to API controllers decorators
- Add test about PUT /utils/configuration related to API endpoint
  protection
@Desvelao Desvelao self-assigned this Apr 19, 2024
@Desvelao Desvelao linked an issue Apr 19, 2024 that may be closed by this pull request
Disable settings with wazuh.yml configuration #6557
Closed
6 tasks
@Desvelao Desvelao marked this pull request as ready for review April 24, 2024 08:58
@JuanGarriuz JuanGarriuz self-requested a review April 26, 2024 07:57
@JuanGarriuz
Copy link
Member

Test

ability-configuration-editable

Legend:
⚫: none
🟢: pass
🟡: warning
🔴: fail
⚪: not applicable

UI

Test Chrome Firefox Safari
With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should be visible. Update the configuration should work. 🟢 🟢
With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should not be visible. 🟢 🟢

Details

🟢 With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should be visible. Update the configuration should work.

Chrome - 🟢

image

Firefox - 🟢

image

Safari - ⚫

🟢 With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should not be visible.

Chrome - 🟢

image

Firefox - 🟢

image

Safari - ⚫

JuanGarriuz
JuanGarriuz previously approved these changes Apr 26, 2024
View reviewed changes
Copy link
Member

@JuanGarriuz JuanGarriuz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!!

@Desvelao
feat(configuration): hide Settings button on Statistics application d…
c97bd92 
…epending on if the configuration can editable through UI
@lucianogorza lucianogorza self-requested a review April 30, 2024 14:32
@lucianogorza
Copy link
Contributor

lucianogorza commented Apr 30, 2024
edited
Loading

UI

Test Chrome Firefox Safari
With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should be visible. Update the configuration should work. 🟢
With configuration.ui_api_editable setting disabled, go to App Settings and the Configuration tab should not be visible. 🟢

Details

🟢 With configuration.ui_api_editable setting enabled, go to App Settings and the Configuration tab should be visible. Update the configuration should work.

Chrome - 🟢

image

Firefox - ⚫

Safari - ⚫

🟢 With configuration.ui_api_editable setting disabled, go to App Settings and the Configuration tab should not be visible.

Chrome - 🟢

image

Firefox - ⚫

Safari - ⚫

API

Test Chrome Firefox Safari
With configuration.ui_api_editable setting enabled, execute PUT to change configuration. The response code must be 200. 🟢
With configuration.ui_api_editable setting disabled, execute PUT to change configuration. The response code must be 403. 🟢

Details

🟢 With configuration.ui_api_editable setting enabled, execute PUT to change configuration. The response code must be 200. 
curl 'https://localhost:5601/utils/configuration' \
  -X 'PUT' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Accept-Language: es-419,es;q=0.9,en;q=0.8' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Cookie: _ga=GA1.1.641859077.1706885155; ory_kratos_continuity=MTcxMjgzNzgyOXxEWDhFQVFMX2dBQUJFQUVRQUFCZl80QUFBUVp6ZEhKcGJtY01Jd0FoYjNKNVgydHlZWFJ2YzE5dmFXUmpYMkYxZEdoZlkyOWtaVjl6WlhOemFXOXVCbk4wY21sdVp3d21BQ1E1WVRKaFpUQTNPQzA1TkRGbExUUXlOakF0WVRReU5TMDJPR05tTXpRek1tSmpabVU9fDCdJRPXDeO0s9gEYe4_rj6iezVW3a5H24Zw28HcDhJj; wz-user=admin; _ga_6VZ9BPWNDM=GS1.1.1713801138.55.0.1713801138.0.0.0; wz-api=manager; wz-token=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzE0NDkzMzI1LCJleHAiOjE3MTQ0OTQyMjUsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoid2hpdGUifQ.ANE6QbxqfYZb72m7adOuZg7XukGf5WetrTloeD3Qx0dmij_CfKSR6DkKpGYG1tf1eAJ8EsTbDh92iKdNyb_-A1pvAXxBNd6kbi2wWWKQZry2YIRGtHn0elGkuZpQFGN-oioAaVNJI8IBm6EaTTtD0pUaz3Spo14FFVmsj88aH0yW5p5O; security_authentication=Fe26.2**9dc52d8a8e454c9d8b3839ff64b5addc3576c15b7cf651d242b2a147d35b95df*nTg6jBxP2qltzTNEKuFO9Q*wYwzR3GjY1vNMzxQZtx4JO5IdpBsF0rXJJdvsIrRuR4VDUBdTUkGu74sA-_d2ckUZt5BuwVSprPt0kDIKpNoFXkG4yEY_4GMq4KcYNX-TFADV7JoeGQEs96Bi8vHrQ1i_OGc_jtSeQGuRCto1S6kiP_LSPcZF1_O-fYifxiBGcBx--UNIVVgPkKu6866Q2pNFNqJxqy7bxXO4ctipmlPfQ**081408d24ddd5319448c0419d60dca2c5d7b78b4aac63abf105759e4fba45084*an3q6NF8NHs9WbKk0Hoc5StyJL93Lbvu8mflKjAtPyA' \
  -H 'Origin: https://localhost:5601' \
  -H 'Pragma: no-cache' \
  -H 'Referer: https://localhost:5601/app/app-settings' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36' \
  -H 'osd-xsrf: kibana' \
  -H 'sec-ch-ua: "Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --data-raw '{"hideManagerAlerts":true}' \
  --insecure
{"data":{"requiresRunningHealthCheck":false,"requiresReloadingBrowserTab":true,"requiresRestartingPluginPlatform":false,"updatedConfiguration":{"hideManagerAlerts":true}}}l
🟢 With configuration.ui_api_editable setting disabled, execute PUT to change configuration. The response code must be 403. 
curl 'https://localhost:5601/utils/configuration'   -X 'PUT'   -H 'Accept: application/json, text/plain, */*'   -H 'Accept-Language: es-419,es;q=0.9,en;q=0.8'   -H 'Cache-Control: no-cache'   -H 'Connection: keep-alive'   -H 'Content-Type: application/json'   -H 'Cookie: _ga=GA1.1.641859077.1706885155; ory_kratos_continuity=MTcxMjgzNzgyOXxEWDhFQVFMX2dBQUJFQUVRQUFCZl80QUFBUVp6ZEhKcGJtY01Jd0FoYjNKNVgydHlZWFJ2YzE5dmFXUmpYMkYxZEdoZlkyOWtaVjl6WlhOemFXOXVCbk4wY21sdVp3d21BQ1E1WVRKaFpUQTNPQzA1TkRGbExUUXlOakF0WVRReU5TMDJPR05tTXpRek1tSmpabVU9fDCdJRPXDeO0s9gEYe4_rj6iezVW3a5H24Zw28HcDhJj; wz-user=admin; _ga_6VZ9BPWNDM=GS1.1.1713801138.55.0.1713801138.0.0.0; wz-api=manager; wz-token=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzE0NDkzMzI1LCJleHAiOjE3MTQ0OTQyMjUsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoid2hpdGUifQ.ANE6QbxqfYZb72m7adOuZg7XukGf5WetrTloeD3Qx0dmij_CfKSR6DkKpGYG1tf1eAJ8EsTbDh92iKdNyb_-A1pvAXxBNd6kbi2wWWKQZry2YIRGtHn0elGkuZpQFGN-oioAaVNJI8IBm6EaTTtD0pUaz3Spo14FFVmsj88aH0yW5p5O; security_authentication=Fe26.2**9dc52d8a8e454c9d8b3839ff64b5addc3576c15b7cf651d242b2a147d35b95df*nTg6jBxP2qltzTNEKuFO9Q*wYwzR3GjY1vNMzxQZtx4JO5IdpBsF0rXJJdvsIrRuR4VDUBdTUkGu74sA-_d2ckUZt5BuwVSprPt0kDIKpNoFXkG4yEY_4GMq4KcYNX-TFADV7JoeGQEs96Bi8vHrQ1i_OGc_jtSeQGuRCto1S6kiP_LSPcZF1_O-fYifxiBGcBx--UNIVVgPkKu6866Q2pNFNqJxqy7bxXO4ctipmlPfQ**081408d24ddd5319448c0419d60dca2c5d7b78b4aac63abf105759e4fba45084*an3q6NF8NHs9WbKk0Hoc5StyJL93Lbvu8mflKjAtPyA'   -H 'Origin: https://localhost:5601'   -H 'Pragma: no-cache'   -H 'Referer: https://localhost:5601/app/app-settings'   -H 'Sec-Fetch-Dest: empty'   -H 'Sec-Fetch-Mode: cors'   -H 'Sec-Fetch-Site: same-origin'   -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36'   -H 'osd-xsrf: kibana'   -H 'sec-ch-ua: "Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"'   -H 'sec-ch-ua-mobile: ?0'   -H 'sec-ch-ua-platform: "Windows"'   --data-raw '{"hideManagerAlerts":true}'   --insecure
{"statusCode":403,"error":"Forbidden","message":"The ability to edit the configuration from API is disabled. This can be enabled using configuration.ui_api_editable setting from the configuration file. Contact with an administrator."}

lucianogorza
lucianogorza approved these changes Apr 30, 2024
View reviewed changes
Copy link
Contributor

@lucianogorza lucianogorza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Desvelao Desvelao requested a review from JuanGarriuz May 3, 2024 07:15
@Desvelao Desvelao merged commit 179f05b into 4.9.0 May 3, 2024
1 check passed
@Desvelao Desvelao deleted the feat/6557-disable-ability-edit-configuration branch May 3, 2024 07:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JuanGarriuz JuanGarriuz JuanGarriuz approved these changes

@lucianogorza lucianogorza lucianogorza approved these changes

Assignees

@Desvelao Desvelao

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Disable settings with wazuh.yml configuration
3 participants
@Desvelao @JuanGarriuz @lucianogorza