[ES 9.0] Remove body workaround (@elastic/kibana-security) (#217222)

afharo · web-flow · commit 1bd3385d5d59 · 2025-04-07T22:34:25.000+02:00
## Summary Follow up to #213375: The latest version of the ES client fixed the issue elastic/elasticsearch-js#2584. We should be able to remove all usages of `// @ts-expect-error elasticsearch@9.0.0 https://github.com/elastic/elasticsearch-js/issues/2584`. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
diff --git a/x-pack/platform/plugins/shared/security/server/authentication/api_keys/api_keys.test.ts b/x-pack/platform/plugins/shared/security/server/authentication/api_keys/api_keys.test.ts
@@ -483,16 +483,14 @@ describe('API Keys', () => {
       });
       expect(mockValidateKibanaPrivileges).not.toHaveBeenCalled(); // this is only called if kibana_role_descriptors is defined
       expect(mockClusterClient.asInternalUser.security.grantApiKey).toHaveBeenCalledWith({
-        body: {
-          api_key: {
-            name: 'test_api_key',
-            role_descriptors: { foo: true },
-            expiration: '1d',
-          },
-          grant_type: 'password',
-          username: 'foo',
-          password: 'bar',
+        api_key: {
+          name: 'test_api_key',
+          role_descriptors: { foo: true },
+          expiration: '1d',
         },
+        grant_type: 'password',
+        username: 'foo',
+        password: 'bar',
       });
     });
 
@@ -522,15 +520,13 @@ describe('API Keys', () => {
       });
       expect(mockValidateKibanaPrivileges).not.toHaveBeenCalled(); // this is only called if kibana_role_descriptors is defined
       expect(mockClusterClient.asInternalUser.security.grantApiKey).toHaveBeenCalledWith({
-        body: {
-          api_key: {
-            name: 'test_api_key',
-            role_descriptors: roleDescriptors,
-            expiration: '1d',
-          },
-          grant_type: 'access_token',
-          access_token: 'foo-access-token',
+        api_key: {
+          name: 'test_api_key',
+          role_descriptors: roleDescriptors,
+          expiration: '1d',
         },
+        grant_type: 'access_token',
+        access_token: 'foo-access-token',
       });
     });
 
@@ -563,18 +559,16 @@ describe('API Keys', () => {
       });
       expect(mockValidateKibanaPrivileges).not.toHaveBeenCalled(); // this is only called if kibana_role_descriptors is defined
       expect(mockClusterClient.asInternalUser.security.grantApiKey).toHaveBeenCalledWith({
-        body: {
-          api_key: {
-            name: 'test_api_key',
-            role_descriptors: { foo: true },
-            expiration: '1d',
-          },
-          grant_type: 'access_token',
-          access_token: 'foo-access-token',
-          client_authentication: {
-            scheme: 'SharedSecret',
-            value: 'secret',
-          },
+        api_key: {
+          name: 'test_api_key',
+          role_descriptors: { foo: true },
+          expiration: '1d',
+        },
+        grant_type: 'access_token',
+        access_token: 'foo-access-token',
+        client_authentication: {
+          scheme: 'SharedSecret',
+          value: 'secret',
         },
       });
     });
@@ -857,29 +851,27 @@ describe('API Keys', () => {
         name: 'key-name',
       });
       expect(mockClusterClient.asInternalUser.security.grantApiKey).toHaveBeenCalledWith({
-        body: {
-          api_key: {
-            name: 'key-name',
-            role_descriptors: {
-              synthetics_writer: {
-                applications: [
-                  {
-                    application: 'kibana-.kibana',
-                    privileges: ['feature_uptime.all'],
-                    resources: ['*'],
-                  },
-                ],
-                cluster: ['manage'],
-                indices: [],
-                run_as: [],
-              },
+        api_key: {
+          name: 'key-name',
+          role_descriptors: {
+            synthetics_writer: {
+              applications: [
+                {
+                  application: 'kibana-.kibana',
+                  privileges: ['feature_uptime.all'],
+                  resources: ['*'],
+                },
+              ],
+              cluster: ['manage'],
+              indices: [],
+              run_as: [],
             },
-            expiration: '1d',
           },
-          grant_type: 'password',
-          password: 'bar',
-          username: 'foo',
+          expiration: '1d',
         },
+        grant_type: 'password',
+        password: 'bar',
+        username: 'foo',
       });
     });
 
diff --git a/x-pack/platform/plugins/shared/security/server/authentication/api_keys/api_keys.ts b/x-pack/platform/plugins/shared/security/server/authentication/api_keys/api_keys.ts
@@ -290,8 +290,7 @@ export class APIKeys implements APIKeysType {
     // User needs `manage_api_key` or `grant_api_key` privilege to use this API
     let result: GrantAPIKeyResult;
     try {
-      // @ts-expect-error elasticsearch@9.0.0 https://github.com/elastic/elasticsearch-js/issues/2584 (client_authentication)
-      result = await this.clusterClient.asInternalUser.security.grantApiKey({ body: params });
+      result = await this.clusterClient.asInternalUser.security.grantApiKey(params);
       this.logger.debug('API key was granted successfully');
     } catch (e) {
       this.logger.error(`Failed to grant API key: ${e.message}`);
diff --git a/x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts b/x-pack/platform/plugins/shared/security/server/session_management/session_index.test.ts
@@ -340,7 +340,7 @@ describe('Session index', () => {
       expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledTimes(1);
       expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledWith({
         index: aliasName,
-        body: getSessionIndexSettings({ indexName, aliasName }).mappings,
+        ...getSessionIndexSettings({ indexName, aliasName }).mappings,
       });
     });
 
@@ -367,7 +367,7 @@ describe('Session index', () => {
       expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledTimes(1);
       expect(mockElasticsearchClient.indices.putMapping).toHaveBeenCalledWith({
         index: aliasName,
-        body: getSessionIndexSettings({ indexName, aliasName }).mappings,
+        ...getSessionIndexSettings({ indexName, aliasName }).mappings,
       });
     });
 
diff --git a/x-pack/platform/plugins/shared/security/server/session_management/session_index.ts b/x-pack/platform/plugins/shared/security/server/session_management/session_index.ts
@@ -761,8 +761,7 @@ export class SessionIndex {
       try {
         await this.options.elasticsearchClient.indices.putMapping({
           index: this.aliasName,
-          // @ts-expect-error elasticsearch@9.0.0 https://github.com/elastic/elasticsearch-js/issues/2584
-          body: sessionIndexSettings.mappings,
+          ...sessionIndexSettings.mappings,
         });
         this.options.logger.debug('Successfully updated session index mappings.');
       } catch (err) {
