[ska] relocate 'shared/lib/security' helpers to 'osquery/cypress' dir (#225438)

## Summary

This PR removes `kbn/test-suites-serverless` as kbn reference for
osquery/cypress test-helper module in order to fix circular dependency I
faced in https://github.com/elastic/kibana/pull/225377

Since the main consumer of that `shared/lib/security` code is
`osquery/cypress` test module, I believe it is a resonable change in
order to unblock us relocating tests from `x-pack/test` dir.

.github/CODEOWNERS

@@ -2653,7 +2653,6 @@ x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defen
 /x-pack/solutions/security/plugins/security_solution/scripts/endpoint/ @elastic/security-defend-workflows
 /x-pack/test/security_solution_endpoint/ @elastic/security-defend-workflows
 /x-pack/test/security_solution_api_integration/test_suites/edr_workflows/ @elastic/security-defend-workflows
-/x-pack/test_serverless/shared/lib/security/kibana_roles/ @elastic/security-defend-workflows
 /x-pack/solutions/security/plugins/security_solution_serverless/public/upselling/sections/endpoint_management @elastic/security-defend-workflows
 /x-pack/solutions/security/plugins/security_solution_serverless/public/upselling/pages/endpoint_management @elastic/security-defend-workflows
 /x-pack/solutions/security/plugins/security_solution_serverless/server/endpoint @elastic/security-defend-workflows

x-pack/platform/plugins/shared/osquery/cypress/cypress_base.config.ts

@@ -9,8 +9,8 @@ import { merge } from 'lodash';
 import path from 'path';
 import { load as loadYaml } from 'js-yaml';
 import { readFileSync } from 'fs';
-import type { YamlRoleDefinitions } from '@kbn/test-suites-serverless/shared/lib';
 import { samlAuthentication } from '@kbn/cypress-test-helper/src/auth/saml_auth';
+import type { YamlRoleDefinitions } from './lib';
 import { setupUserDataLoader } from './support/setup_data_loader_tasks';
 import { getFailedSpecVideos } from './support/filter_videos';
 

x-pack/platform/plugins/shared/osquery/cypress/lib/kibana_roles/kibana_roles.ts

@@ -9,7 +9,7 @@ import { load as loadYaml } from 'js-yaml';
 import { readFileSync } from 'fs';
 import * as path from 'path';
 import { cloneDeep, merge } from 'lodash';
-import { FeaturesPrivileges, Role, RoleIndexPrivilege } from '@kbn/security-plugin/common';
+import type { FeaturesPrivileges, Role, RoleIndexPrivilege } from '@kbn/security-plugin/common';
 import { ServerlessRoleName } from '../types';
 
 const ROLES_YAML_FILE_PATH = path.join(__dirname, 'project_controller_security_roles.yml');
@@ -49,6 +49,7 @@ export const getServerlessSecurityKibanaRoleDefinitions = (
         `Un-expected role [${roleName}] found in YAML file [${ROLES_YAML_FILE_PATH}]`
       );
     }
+
     const mapApplicationToKibanaFeaturePrivileges = (
       application: IApplication
     ): FeaturesPrivileges => {

x-pack/platform/plugins/shared/osquery/cypress/lib/kibana_roles/role_loader.ts

@@ -7,16 +7,13 @@
 
 /* eslint-disable max-classes-per-file */
 
-import { KbnClient } from '@kbn/test';
-import { Role } from '@kbn/security-plugin/common';
-import { ToolingLog } from '@kbn/tooling-log';
+import type { KbnClient } from '@kbn/test';
+import type { Role } from '@kbn/security-plugin/common';
+import type { ToolingLog } from '@kbn/tooling-log';
 import { inspect } from 'util';
-import { AxiosError } from 'axios';
-import {
-  getServerlessSecurityKibanaRoleDefinitions,
-  ServerlessSecurityRoles,
-  YamlRoleDefinitions,
-} from './kibana_roles';
+import type { AxiosError } from 'axios';
+import type { ServerlessSecurityRoles, YamlRoleDefinitions } from './kibana_roles';
+import { getServerlessSecurityKibanaRoleDefinitions } from './kibana_roles';
 import { STANDARD_HTTP_HEADERS } from '../default_http_headers';
 
 const ignoreHttp409Error = (error: AxiosError) => {
@@ -55,11 +52,13 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
         `Unknown role: [${String(name)}]. Valid values are: [${Object.keys(this.roles).join(', ')}]`
       );
     }
+
     const roleName = role.name;
     const roleNames = [roleName];
     if (additionalRoleName) {
       roleNames.push(additionalRoleName);
     }
+
     await this.createRole(role);
     await this.createUser(roleName, 'changeme', roleNames);
 
@@ -88,6 +87,7 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
       .catch(this.logPromiseError)
       .then((response) => {
         this.logger.info(`Role [${roleName}] created/updated`, response?.data);
+
         return response;
       });
   }
@@ -120,6 +120,7 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
       .catch(this.logPromiseError)
       .then((response) => {
         this.logger.info(`User [${username}] created/updated`, response?.data);
+
         return response;
       });
   }

x-pack/platform/plugins/shared/osquery/cypress/support/e2e.ts

@@ -34,7 +34,7 @@ registerCypressGrep();
 import type { SecuritySolutionDescribeBlockFtrConfig } from '@kbn/cypress-test-helper/src/utils';
 import { login } from '@kbn/cypress-test-helper/src/auth/login';
 
-import type { LoadedRoleAndUser } from '@kbn/test-suites-serverless/shared/lib';
+import type { LoadedRoleAndUser } from '../lib';
 import type { ServerlessRoleName } from './roles';
 
 import { waitUntil } from '../tasks/wait_until';

x-pack/platform/plugins/shared/osquery/cypress/support/roles.ts

@@ -5,4 +5,4 @@
  * 2.0.
  */
 
-export { ServerlessRoleName } from '@kbn/test-suites-serverless/shared/lib/security/types';
+export { ServerlessRoleName } from '../lib/types';

x-pack/platform/plugins/shared/osquery/cypress/support/setup_data_loader_tasks.ts

@@ -6,11 +6,8 @@
  */
 
 import { createRuntimeServices } from '@kbn/cypress-test-helper/src/services/stack_services';
-import { SecurityRoleAndUserLoader } from '@kbn/test-suites-serverless/shared/lib';
-import type {
-  LoadedRoleAndUser,
-  YamlRoleDefinitions,
-} from '@kbn/test-suites-serverless/shared/lib';
+import { SecurityRoleAndUserLoader } from '../lib';
+import type { LoadedRoleAndUser, YamlRoleDefinitions } from '../lib';
 import type { LoadUserAndRoleCyTaskOptions } from './e2e';
 
 interface AdditionalDefinitions {

x-pack/platform/plugins/shared/osquery/cypress/tsconfig.json

@@ -5,11 +5,9 @@
     "./cypress.config.ts",
     "./serverless_cypress.config.ts",
     "./serverless_cypress_qa.config.ts",
-    "../../../../../test_serverless/shared/lib",
   ],
   "exclude": [
     "target/**/*",
-    "../../../../../test_serverless/shared/lib/security/default_http_headers.ts"
   ],
   "compilerOptions": {
     "outDir": "target/types",
@@ -20,10 +18,6 @@
     "resolveJsonModule": true,
   },
   "kbn_references": [
-    "@kbn/test-suites-serverless",
-    {
-      "path": "../../../../../test/security_solution_cypress/cypress/tsconfig.json"
-    },
     "@kbn/cypress-config",
     // cypress projects that are nested inside of other ts project use code
     // from the parent ts project in ways that can't be automatically deteceted
@@ -35,5 +29,8 @@
     "@kbn/fleet-plugin",
     "@kbn/cases-plugin",
     "@kbn/cypress-test-helper",
+    "@kbn/security-plugin",
+    "@kbn/test",
+    "@kbn/tooling-log",
   ]
 }

x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/cell_renderer.ts

@@ -6,7 +6,6 @@
  */
 
 import expect from '@kbn/expect';
-import { ServerlessRoleName } from '../../../../../../shared/lib';
 import { FtrProviderContext } from '../../../../../ftr_provider_context';
 import { getDiscoverESQLState } from './utils';
 import { SECURITY_SOLUTION_DATA_VIEW, SECURITY_SOLUTION_INDEX_PATTERN } from '../../../constants';
@@ -18,7 +17,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
   describe('cell renderer', () => {
     before(async () => {
-      await PageObjects.svlCommonPage.loginWithRole(ServerlessRoleName.PLATFORM_ENGINEER);
+      await PageObjects.svlCommonPage.loginWithRole('platform_engineer');
       await PageObjects.common.navigateToApp('security', {
         path: 'alerts',
       });

x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/default_state.ts

@@ -6,7 +6,6 @@
  */
 
 import expect from '@kbn/expect';
-import { ServerlessRoleName } from '../../../../../../shared/lib';
 import { FtrProviderContext } from '../../../../../ftr_provider_context';
 import { getDiscoverESQLState } from './utils';
 import { SECURITY_SOLUTION_DATA_VIEW } from '../../../constants';
@@ -30,7 +29,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
   describe('default State', () => {
     before(async () => {
-      await PageObjects.svlCommonPage.loginWithRole(ServerlessRoleName.PLATFORM_ENGINEER);
+      await PageObjects.svlCommonPage.loginWithRole('platform_engineer');
       // creates security data view if it does not exist
       await PageObjects.common.navigateToApp('security', {
         path: 'alerts',

x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/row_indicator.ts

@@ -6,7 +6,6 @@
  */
 
 import expect from '@kbn/expect';
-import { ServerlessRoleName } from '../../../../../../shared/lib';
 import { FtrProviderContext } from '../../../../../ftr_provider_context';
 import { SECURITY_SOLUTION_DATA_VIEW } from '../../../constants';
 import { getDiscoverESQLState } from './utils';
@@ -24,7 +23,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     describe('row indicators', () => {
       describe('alerts and events', () => {
         before(async () => {
-          await PageObjects.svlCommonPage.loginWithRole(ServerlessRoleName.PLATFORM_ENGINEER);
+          await PageObjects.svlCommonPage.loginWithRole('platform_engineer');
           await PageObjects.common.navigateToApp('security', {
             path: 'alerts',
           });

x-pack/test_serverless/functional/test_suites/security/ml/anomaly_detection_jobs_list.ts

@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { ServerlessRoleName } from '../../../../shared/lib/security/types';
+
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
@@ -19,7 +19,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     // Error: Failed to delete all indices with pattern [.ml-*]
     this.tags(['failsOnMKI']);
     before(async () => {
-      await PageObjects.svlCommonPage.loginWithRole(ServerlessRoleName.PLATFORM_ENGINEER);
+      await PageObjects.svlCommonPage.loginWithRole('platform_engineer');
       // Load logstash* data and create dataview for logstash*, logstash-2015.09.22
       await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/logstash_functional');
       await kibanaServer.importExport.load(

x-pack/test_serverless/functional/test_suites/security/ml/data_frame_analytics_jobs_list.ts

@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { ServerlessRoleName } from '../../../../shared/lib/security/types';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
@@ -18,7 +17,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     // Error: Failed to delete all indices with pattern [.ml-*]
     this.tags(['failsOnMKI']);
     before(async () => {
-      await PageObjects.svlCommonPage.loginWithRole(ServerlessRoleName.PLATFORM_ENGINEER);
+      await PageObjects.svlCommonPage.loginWithRole('platform_engineer');
 
       await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/ihp_outlier');
       await ml.testResources.createDataViewIfNeeded('ft_ihp_outlier', '@timestamp');

x-pack/test_serverless/functional/test_suites/security/ml/search_bar_features.ts

@@ -5,7 +5,6 @@
  * 2.0.
  */
 import expect from '@kbn/expect';
-import { ServerlessRoleName } from '../../../../shared/lib';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
@@ -37,7 +36,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
   describe('Search bar features', () => {
     before(async () => {
-      await PageObjects.svlCommonPage.loginWithRole(ServerlessRoleName.PLATFORM_ENGINEER);
+      await PageObjects.svlCommonPage.loginWithRole('platform_engineer');
     });
 
     describe('list features', () => {

x-pack/test_serverless/functional/test_suites/security/ml/trained_models_list.ts

@@ -5,7 +5,6 @@
  * 2.0.
  */
 import { SUPPORTED_TRAINED_MODELS } from '@kbn/test-suites-xpack/functional/services/ml/api';
-import { ServerlessRoleName } from '../../../../shared/lib';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
@@ -17,7 +16,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     const tinyElser = SUPPORTED_TRAINED_MODELS.TINY_ELSER;
 
     before(async () => {
-      await PageObjects.svlCommonPage.loginWithRole(ServerlessRoleName.PLATFORM_ENGINEER);
+      await PageObjects.svlCommonPage.loginWithRole('platform_engineer');
       await ml.api.importTrainedModel(tinyElser.name, tinyElser.name);
       // Make sure the .ml-stats index is created in advance, see https://github.com/elastic/elasticsearch/issues/65846
       await ml.api.assureMlStatsIndexExists();

x-pack/test_serverless/shared/lib/index.ts

@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-export * from './security';
 export * from './object_remover';
 export * from './space_path_prefix';
 export * from './cases';