[Security Solution] Preparing Cypress for SAML changes (#172140)

2025-04-24 01:38:56 -04:00 · 2023-11-29 20:26:14 +01:00 · 2023-11-29 20:26:14 +01:00 · 12a8e8b918
commit 12a8e8b918
parent 2a332bccf9
19 changed files with 33 additions and 77 deletions
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status.cy.ts
@ -247,7 +247,7 @@ describe.skip('Changing alert status', { tags: ['@ess', '@serverless'] }, () =>
      deleteAlertsAndRules();
      createRule(getNewRule());
      login(ROLES.reader);
-      visit(ALERTS_URL, { role: ROLES.reader });
+      visit(ALERTS_URL);
      waitForAlertsToPopulate();
    });
    it('should not allow users to change a single alert status', () => {
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alerts_detection_callouts_index_outdated.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alerts_detection_callouts_index_outdated.cy.ts
@ -25,7 +25,7 @@ import {

 const loadPageAsPlatformEngineerUser = (url: string) => {
  login(ROLES.soc_manager);
-  visit(url, { role: ROLES.soc_manager });
+  visit(url);
  waitForPageTitleToBeShown();
 };

--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/missing_privileges_callout.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/missing_privileges_callout.cy.ts
@ -25,13 +25,13 @@ import { ruleDetailsUrl } from '../../../urls/rule_details';

 const loadPageAsReadOnlyUser = (url: string) => {
  login(ROLES.t1_analyst);
-  visit(url, { role: ROLES.t1_analyst });
+  visit(url);
  waitForPageTitleToBeShown();
 };

 const loadPageAsPlatformEngineer = (url: string) => {
  login(ROLES.platform_engineer);
-  visit(url, { role: ROLES.platform_engineer });
+  visit(url);
  waitForPageTitleToBeShown();
 };

--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/authorization/all_rules_read_only.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/authorization/all_rules_read_only.cy.ts
@ -33,7 +33,7 @@ describe('All rules - read only', { tags: ['@ess', '@serverless', '@skipInServer

  beforeEach(() => {
    login(ROLES.t1_analyst);
-    visitRulesManagementTable(ROLES.t1_analyst);
+    visitRulesManagementTable();
    cy.get(RULE_NAME).should('have.text', getNewRule().name);
  });

--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/install_update_authorization.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/install_update_authorization.cy.ts
@ -57,12 +57,12 @@ const RULE_2 = createRuleAssetSavedObject({

 const loadPageAsReadOnlyUser = (url: string) => {
  login(ROLES.t1_analyst);
-  visit(url, { role: ROLES.t1_analyst });
+  visit(url);
 };

 const loginPageAsWriteAuthorizedUser = (url: string) => {
  login(ROLES.t3_analyst);
-  visit(url, { role: ROLES.t3_analyst });
+  visit(url);
 };

 describe(
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules_actions.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules_actions.cy.ts
@ -148,7 +148,7 @@ describe(
    context('Restricted action privileges', () => {
      it("User with no privileges can't add rule actions", () => {
        login(ROLES.hunter_no_actions);
-        visitRulesManagementTable(ROLES.hunter_no_actions);
+        visitRulesManagementTable();

        expectManagementTableRules([
          ruleNameToAssert,
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/sourcerer/sourcerer_permissions.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/sourcerer/sourcerer_permissions.cy.ts
@ -5,31 +5,24 @@
 * 2.0.
 */

-import { loginWithUser } from '../../../tasks/login';
-import { visitWithUser } from '../../../tasks/navigation';
+import { ROLES } from '@kbn/security-solution-plugin/common/test';

 import { hostsUrl } from '../../../urls/navigation';
 import { postDataView } from '../../../tasks/api_calls/common';
-import {
-  createUsersAndRoles,
-  secReadCasesAll,
-  secReadCasesAllUser,
-} from '../../../tasks/privileges';
 import { TOASTER } from '../../../screens/configure_cases';
+import { visit } from '../../../tasks/navigation';
+import { login } from '../../../tasks/login';

-const usersToCreate = [secReadCasesAllUser];
-const rolesToCreate = [secReadCasesAll];
 const dataViews = ['auditbeat-*,fakebeat-*', 'auditbeat-*,*beat*,siem-read*,.kibana*,fakebeat-*'];

-describe('Sourcerer permissions', { tags: ['@ess', '@skipInServerless'] }, () => {
+describe('Sourcerer permissions', { tags: ['@ess', '@brokenInServerless'] }, () => {
  before(() => {
    dataViews.forEach((dataView: string) => postDataView(dataView));
-    createUsersAndRoles(usersToCreate, rolesToCreate);
  });

-  it(`role(s) ${secReadCasesAllUser.roles.join()} shows error when user does not have permissions`, () => {
-    loginWithUser(secReadCasesAllUser);
-    visitWithUser(hostsUrl('allHosts'), secReadCasesAllUser);
+  it(`role Hunter No actions  shows error when user does not have permissions`, () => {
+    login(ROLES.hunter_no_actions);
+    visit(hostsUrl('allHosts'));
    cy.get(TOASTER).should('have.text', 'Write role required to generate data');
  });
 });
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/permissions.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/permissions.cy.ts
@ -16,7 +16,7 @@ describe('value list permissions', { tags: ['@ess', '@skipInServerless'] }, () =
  describe('user with restricted access role', () => {
    it('Does not allow a t1 analyst user to upload a value list', () => {
      login(ROLES.t1_analyst);
-      visit(RULES_MANAGEMENT_URL, { role: ROLES.t1_analyst });
+      visit(RULES_MANAGEMENT_URL);
      cy.get(VALUE_LISTS_MODAL_ACTIVATOR).should('have.attr', 'disabled');
    });
  });
--- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/entity_analytics_management_page_privileges_callout.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/entity_analytics_management_page_privileges_callout.ts
@ -18,7 +18,7 @@ import { ENTITY_ANALYTICS_MANAGEMENT_URL } from '../../urls/navigation';

 const loadPageAsUserWithNoPrivileges = () => {
  login(ROLES.no_risk_engine_privileges);
-  visit(ENTITY_ANALYTICS_MANAGEMENT_URL, { role: ROLES.no_risk_engine_privileges });
+  visit(ENTITY_ANALYTICS_MANAGEMENT_URL);
 };

 // this test suite doesn't run on serverless because it requires a custom role
--- a/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/read_only_view.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/read_only_view.cy.ts
@ -55,7 +55,7 @@ describe('Exceptions viewer read only', { tags: ['@ess'] }, () => {
    });

    login(ROLES.t1_analyst);
-    visitRulesManagementTable(ROLES.t1_analyst);
+    visitRulesManagementTable();
    goToRuleDetailsOf('Test exceptions rule');
    goToExceptionsTab();
  });
--- a/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/shared_exception_list_page/read_only.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/shared_exception_list_page/read_only.cy.ts
@ -32,7 +32,7 @@ describe('Shared exception lists - read only', { tags: ['@ess', '@skipInServerle
    createExceptionList(getExceptionList(), getExceptionList().list_id);

    login(ROLES.t1_analyst);
-    visit(EXCEPTIONS_URL, { role: ROLES.t1_analyst });
+    visit(EXCEPTIONS_URL);

    // Using cy.contains because we do not care about the exact text,
    // just checking number of lists shown
--- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/attach_alert_to_case.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/attach_alert_to_case.cy.ts
@ -20,7 +20,7 @@ import { LOADING_INDICATOR } from '../../../screens/security_header';

 const loadDetectionsPage = (role: SecurityRoleName) => {
  login(role);
-  visit(ALERTS_URL, { role });
+  visit(ALERTS_URL);
  waitForAlertsToPopulate();
 };

--- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/privileges.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/privileges.cy.ts
@ -18,7 +18,7 @@ import {
  filterStatusOpen,
 } from '../../../tasks/create_new_case';
 import { login, loginWithUser } from '../../../tasks/login';
-import { visitWithUser } from '../../../tasks/navigation';
+import { visit } from '../../../tasks/navigation';
 import {
  createUsersAndRoles,
  deleteUsersAndRoles,
@ -66,7 +66,7 @@ describe('Cases privileges', { tags: ['@ess'] }, () => {
  for (const user of [secAllUser, secReadCasesAllUser, secAllCasesNoDeleteUser]) {
    it(`User ${user.username} with role(s) ${user.roles.join()} can create a case`, () => {
      loginWithUser(user);
-      visitWithUser(CASES_URL, user);
+      visit(CASES_URL);
      goToCreateNewCase();
      fillCasesMandatoryfields(testCase);
      createCase();
@ -80,7 +80,7 @@ describe('Cases privileges', { tags: ['@ess'] }, () => {
  for (const user of [secAllCasesOnlyReadDeleteUser]) {
    it(`User ${user.username} with role(s) ${user.roles.join()} cannot create a case`, () => {
      loginWithUser(user);
-      visitWithUser(CASES_URL, user);
+      visit(CASES_URL);
      cy.get(ALL_CASES_CREATE_NEW_CASE_BTN).should('not.exist');
    });
  }
--- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts
@ -90,7 +90,7 @@ describe('Timelines', (): void => {
    context('Privileges: READ', { tags: '@ess' }, () => {
      beforeEach(() => {
        login(ROLES.t1_analyst);
-        visitWithTimeRange(OVERVIEW_URL, { role: ROLES.t1_analyst });
+        visitWithTimeRange(OVERVIEW_URL);
      });

      it('should not be able to create/update timeline ', () => {
--- a/x-pack/test/security_solution_cypress/cypress/tasks/edit_rule.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/edit_rule.ts
@ -5,13 +5,12 @@
 * 2.0.
 */

-import type { SecurityRoleName } from '@kbn/security-solution-plugin/common/test';
 import { BACK_TO_RULE_DETAILS, EDIT_SUBMIT_BUTTON } from '../screens/edit_rule';
 import { editRuleUrl } from '../urls/edit_rule';
 import { visit } from './navigation';

-export function visitEditRulePage(ruleId: string, role?: SecurityRoleName): void {
-  visit(editRuleUrl(ruleId), { role });
+export function visitEditRulePage(ruleId: string): void {
+  visit(editRuleUrl(ruleId));
 }

 export const saveEditedRule = () => {
--- a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts
@ -6,8 +6,6 @@
 */

 import * as yaml from 'js-yaml';
-import type { UrlObject } from 'url';
-import Url from 'url';
 import { LoginState } from '@kbn/security-plugin/common/login_state';
 import type { SecurityRoleName } from '@kbn/security-solution-plugin/common/test';
 import { KNOWN_SERVERLESS_ROLE_DEFINITIONS } from '@kbn/security-solution-plugin/common/test';
@ -65,29 +63,6 @@ export const loginWithUser = (user: User): void => {
  loginWithUsernameAndPassword(user.username, user.password);
 };

-/**
- * cy.visit will default to the baseUrl which uses the default kibana test user
- * This function will override that functionality in cy.visit by building the baseUrl
- * directly from the environment variables set up in x-pack/test/security_solution_cypress/runner.ts
- *
- * @param role string role/user to log in with
- * @param route string route to visit
- */
-export const getUrlWithRoute = (role: SecurityRoleName, route: string): string => {
-  const url = Cypress.config().baseUrl;
-  const kibana = new URL(String(url));
-  const theUrl = `${Url.format({
-    auth: `${role}:changeme`,
-    username: role,
-    password: 'changeme',
-    protocol: kibana.protocol.replace(':', ''),
-    hostname: kibana.hostname,
-    port: kibana.port,
-  } as UrlObject)}${route.startsWith('/') ? '' : '/'}${route}`;
-  cy.log(`origin: ${theUrl}`);
-  return theUrl;
-};
-
 /**
 * Builds a URL with basic auth using the passed in user.
 *
--- a/x-pack/test/security_solution_cypress/cypress/tasks/navigation.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/navigation.ts
@ -8,34 +8,24 @@
 import { encode } from '@kbn/rison';

 import { NEW_FEATURES_TOUR_STORAGE_KEYS } from '@kbn/security-solution-plugin/common/constants';
-import type { SecurityRoleName } from '@kbn/security-solution-plugin/common/test';
 import { GET_STARTED_URL, hostDetailsUrl, userDetailsUrl } from '../urls/navigation';
-import { constructUrlWithUser, getUrlWithRoute, User } from './login';

 export const visit = (
  url: string,
  options?: {
    visitOptions?: Partial<Cypress.VisitOptions>;
-    role?: SecurityRoleName;
  }
 ) => {
-  cy.visit(options?.role ? getUrlWithRoute(options.role, url) : url, {
+  cy.visit(url, {
    onBeforeLoad: disableNewFeaturesTours,
    ...options?.visitOptions,
  });
 };

-export const visitWithUser = (url: string, user: User) => {
-  cy.visit(constructUrlWithUser(user, url), {
-    onBeforeLoad: disableNewFeaturesTours,
-  });
-};
-
 export const visitWithTimeRange = (
  url: string,
  options?: {
    visitOptions?: Partial<Cypress.VisitOptions>;
-    role?: SecurityRoleName;
  }
 ) => {
  const timerangeConfig = {
@ -57,7 +47,7 @@ export const visitWithTimeRange = (
    },
  });

-  cy.visit(options?.role ? getUrlWithRoute(options.role, url) : url, {
+  cy.visit(url, {
    ...options,
    qs: {
      ...options?.visitOptions?.qs,
@ -74,9 +64,9 @@ export const visitWithTimeRange = (
  });
 };

-export const visitTimeline = (timelineId: string, role?: SecurityRoleName) => {
+export const visitTimeline = (timelineId: string) => {
  const route = `/app/security/timelines?timeline=(id:'${timelineId}',isOpen:!t)`;
-  cy.visit(role ? getUrlWithRoute(role, route) : route, {
+  cy.visit(route, {
    onBeforeLoad: disableNewFeaturesTours,
  });
 };
--- a/x-pack/test/security_solution_cypress/cypress/tasks/rule_details.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/rule_details.ts
@ -51,7 +51,7 @@ interface VisitRuleDetailsPageOptions {
 }

 export function visitRuleDetailsPage(ruleId: string, options?: VisitRuleDetailsPageOptions): void {
-  visit(ruleDetailsUrl(ruleId, options?.tab), { role: options?.role });
+  visit(ruleDetailsUrl(ruleId, options?.tab));
 }

 export const enablesRule = () => {
--- a/x-pack/test/security_solution_cypress/cypress/tasks/rules_management.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/rules_management.ts
@ -5,15 +5,14 @@
 * 2.0.
 */

-import type { SecurityRoleName } from '@kbn/security-solution-plugin/common/test';
 import { LAST_BREADCRUMB, RULE_MANAGEMENT_PAGE_BREADCRUMB } from '../screens/breadcrumbs';
 import { RULES_MANAGEMENT_URL } from '../urls/rules_management';
 import { resetRulesTableState } from './common';
 import { visit } from './navigation';

-export function visitRulesManagementTable(role?: SecurityRoleName): void {
+export function visitRulesManagementTable(): void {
  resetRulesTableState(); // Clear persistent rules filter data before page loading
-  visit(RULES_MANAGEMENT_URL, { role });
+  visit(RULES_MANAGEMENT_URL);
 }

 export function openRuleManagementPageViaBreadcrumbs(): void {