[8.x] [Data Usage] add functional tests for privileges (#199377) (#199849)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Data Usage] add functional tests for privileges
(#199377)](https://github.com/elastic/kibana/pull/199377)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Sandra
G","email":"neptunian@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-12T18:03:37Z","message":"[Data
Usage] add functional tests for privileges (#199377)\n\n##
Summary\r\n\r\nfunctional tests for data usage plugin privileges and
roles","sha":"0ab841f6d66d604a1028832cc62f21f01bd02390","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor"],"title":"[Data
Usage] add functional tests for
privileges","number":199377,"url":"https://github.com/elastic/kibana/pull/199377","mergeCommit":{"message":"[Data
Usage] add functional tests for privileges (#199377)\n\n##
Summary\r\n\r\nfunctional tests for data usage plugin privileges and
roles","sha":"0ab841f6d66d604a1028832cc62f21f01bd02390"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199377","number":199377,"mergeCommit":{"message":"[Data
Usage] add functional tests for privileges (#199377)\n\n##
Summary\r\n\r\nfunctional tests for data usage plugin privileges and
roles","sha":"0ab841f6d66d604a1028832cc62f21f01bd02390"}}]}] BACKPORT-->

Co-authored-by: Sandra G <neptunian@users.noreply.github.com>

x-pack/test_serverless/functional/page_objects/svl_common_page.ts

@@ -134,6 +134,21 @@ export function SvlCommonPageProvider({ getService, getPageObjects }: FtrProvide
       await this.loginWithRole('viewer');
     },
 
+    /**
+     *
+     * Login to Kibana using SAML authentication with Editor role (observability, security)
+     */
+    async loginAsEditor() {
+      await this.loginWithRole('editor');
+    },
+
+    /**
+     * Login to Kibana using SAML authentication with Developer role (search)
+     */
+    async loginAsDeveloper() {
+      await this.loginWithRole('developer');
+    },
+
     /**
      * Login to Kibana using SAML authentication with Editor/Developer role
      */

x-pack/test_serverless/functional/page_objects/svl_management_page.ts

@@ -64,6 +64,9 @@ export function SvlManagementPageProvider({ getService }: FtrProviderContext) {
     async assertDataUsageManagementCardExists() {
       await testSubjects.existOrFail('app-card-data_usage');
     },
+    async assertDataUsageManagementCardDoesNotExist() {
+      await testSubjects.missingOrFail('app-card-data_usage');
+    },
     async clickDataUsageManagementCard() {
       await testSubjects.click('app-card-data_usage');
     },

x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts

@@ -10,5 +10,6 @@ import { FtrProviderContext } from '../../../ftr_provider_context';
 export default ({ loadTestFile }: FtrProviderContext) => {
   describe('Data Usage', function () {
     loadTestFile(require.resolve('./main'));
+    loadTestFile(require.resolve('./privileges'));
   });
 };

x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts

@@ -0,0 +1,105 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../ftr_provider_context';
+
+export default ({ getPageObjects, getService }: FtrProviderContext) => {
+  const pageObjects = getPageObjects(['svlCommonPage', 'svlManagementPage', 'common']);
+  const testSubjects = getService('testSubjects');
+  const samlAuth = getService('samlAuth');
+  const retry = getService('retry');
+  const dataUsageAppUrl = 'management/data/data_usage';
+
+  const navigateAndVerify = async (expectedVisible: boolean) => {
+    await pageObjects.common.navigateToApp('management');
+    await retry.waitFor('page to be visible', async () =>
+      testSubjects.exists('cards-navigation-page')
+    );
+
+    if (expectedVisible) {
+      await pageObjects.svlManagementPage.assertDataUsageManagementCardExists();
+      await pageObjects.common.navigateToApp(dataUsageAppUrl);
+      await testSubjects.exists('DataUsagePage');
+    } else {
+      await pageObjects.svlManagementPage.assertDataUsageManagementCardDoesNotExist();
+      await pageObjects.common.navigateToApp(dataUsageAppUrl);
+      await testSubjects.missingOrFail('DataUsagePage');
+    }
+  };
+
+  describe('privileges', function () {
+    // plugin needs to be enabled in serverless
+    this.tags(['skipMKI']);
+
+    it('renders for the admin role', async () => {
+      await pageObjects.svlCommonPage.loginAsAdmin();
+      await navigateAndVerify(true);
+    });
+
+    it('does not render for viewer', async () => {
+      await pageObjects.svlCommonPage.loginAsViewer();
+      await navigateAndVerify(false);
+    });
+    describe('with editor role', function () {
+      // editor role does not exist in search solution
+      this.tags(['skipSvlSearch']);
+      it('does not render for default (editor) role', async () => {
+        await pageObjects.svlCommonPage.loginAsEditor();
+        await navigateAndVerify(false);
+      });
+    });
+    describe('with developer role', function () {
+      // developer role only exists in ecs solution
+      this.tags(['skipSvlOblt', 'skipSvlSec']);
+      it('renders for developer role', async () => {
+        await pageObjects.svlCommonPage.loginAsDeveloper();
+        await navigateAndVerify(true);
+      });
+    });
+    describe('with custom role', function () {
+      // custom roles aren't available in observability yet
+      this.tags(['skipSvlOblt']);
+      afterEach(async () => {
+        await samlAuth.deleteCustomRole();
+      });
+      it('renders with a custom role that has the monitor cluster privilege', async () => {
+        await samlAuth.setCustomRole({
+          elasticsearch: {
+            cluster: ['monitor'],
+            indices: [{ names: ['*'], privileges: ['all'] }],
+          },
+          kibana: [
+            {
+              base: ['all'],
+              feature: {},
+              spaces: ['*'],
+            },
+          ],
+        });
+        await pageObjects.svlCommonPage.loginWithCustomRole();
+        await navigateAndVerify(true);
+      });
+
+      it('does not render with a custom role that does not have the monitor cluster privilege', async () => {
+        await samlAuth.setCustomRole({
+          elasticsearch: {
+            indices: [{ names: ['*'], privileges: ['all'] }],
+          },
+          kibana: [
+            {
+              base: ['all'],
+              feature: {},
+              spaces: ['*'],
+            },
+          ],
+        });
+        await pageObjects.svlCommonPage.loginWithCustomRole();
+        await navigateAndVerify(false);
+      });
+    });
+  });
+};