[QA] Encryption Rotation tests via Email Connectors (#82659)

2025-04-24 09:48:58 -04:00 · 2020-11-10 16:14:26 -07:00 · 2020-11-10 16:14:26 -07:00 · 3979418fc7
commit 3979418fc7
parent e078e905c6
4 changed files with 133 additions and 46 deletions
--- a/x-pack/test/stack_functional_integration/apps/alerts/alerts_encryption_keys.js
+++ b/x-pack/test/stack_functional_integration/apps/alerts/alerts_encryption_keys.js
@ -0,0 +1,75 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import expect from '@kbn/expect';
+
+const ARCHIVE = 'email_connectors_with_encryption_rotation';
+
+export default ({ getPageObjects, getService }) => {
+  const esArchiver = getService('esArchiver');
+  const testSubjects = getService('testSubjects');
+  const pageObjects = getPageObjects(['common', 'triggersActionsUI']);
+  const find = getService('find');
+  const retry = getService('retry');
+
+  const address = (name) => (emails) => emails.split(',').find((x) => x.includes(name));
+  const toWayne = address('wayne');
+
+  describe('encryption key rotation with', function () {
+    before(async () => {
+      esArchiver.load(ARCHIVE);
+    });
+    beforeEach(async () => {
+      await pageObjects.common.navigateToApp('triggersConnectors');
+    });
+    after(async () => {
+      esArchiver.unload(ARCHIVE);
+    });
+
+    describe(`email connectors`, () => {
+      describe(`without the key used to create it`, () => {
+        it('should show a failure callout', async () => {
+          const connectorName = 'should_fail';
+          await testConnector(connectorName);
+          await retry.try(async () => {
+            const executionFailureResultCallout = await testSubjects.find('executionFailureResult');
+            expect(await executionFailureResultCallout.getVisibleText()).to.match(
+              /Internal Server Error/
+            );
+          });
+          expect(true).to.be(true);
+        });
+      });
+      describe(`with a decryption only key`, () => {
+        it('should show a success callout', async () => {
+          const connectorName = 'decrypt_only';
+          await testConnector(connectorName);
+          await retry.try(async () => {
+            await testSubjects.find('executionSuccessfulResult');
+          });
+        });
+      });
+      describe(`with the current key`, () => {
+        it('should show a success callout', async () => {
+          const connectorName = 'current_key';
+          await testConnector(connectorName);
+          await retry.try(async () => {
+            await testSubjects.find('executionSuccessfulResult');
+          });
+        });
+      });
+    });
+  });
+
+  async function testConnector(name) {
+    await pageObjects.triggersActionsUI.searchConnectors(name);
+    await testSubjects.click('runConnector');
+    await testSubjects.setValue('comboBoxInput', toWayne(process.env.REPORTING_TEST_EMAILS));
+    await testSubjects.setValue('subjectInput', name);
+    await testSubjects.setValue('messageTextArea', name);
+    await find.clickByCssSelector('[data-test-subj="executeActionButton"]:not(disabled)');
+  }
+};
--- a/x-pack/test/stack_functional_integration/apps/alerts/index.js
+++ b/x-pack/test/stack_functional_integration/apps/alerts/index.js
@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export default ({ loadTestFile }) => {
+  describe('Encryption Rotation', function () {
+    loadTestFile(require.resolve('./alerts_encryption_keys'));
+  });
+};
--- a/x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js
+++ b/x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js
@ -9,42 +9,46 @@ import buildState from './build_state';
 import { ToolingLog, REPO_ROOT } from '@kbn/dev-utils';
 import chalk from 'chalk';
 import { esTestConfig, kbnTestConfig } from '@kbn/test';
+import { TriggersActionsPageProvider } from '../../functional_with_es_ssl/page_objects/triggers_actions_ui_page';

-const reportName = 'Stack Functional Integration Tests';
-const testsFolder = '../apps';
 const log = new ToolingLog({
  level: 'info',
  writeTo: process.stdout,
 });
-log.info(`REPO_ROOT = ${REPO_ROOT}`);
-log.info(`WORKSPACE in config file ${process.env.WORKSPACE}`);
-
 const INTEGRATION_TEST_ROOT = process.env.WORKSPACE || resolve(REPO_ROOT, '../integration-test');
-log.info(`INTEGRATION_TEST_ROOT = ${INTEGRATION_TEST_ROOT}`);
-
 const stateFilePath = resolve(INTEGRATION_TEST_ROOT, 'qa/envvars.sh');
-log.info(`stateFilePath = ${stateFilePath}`);

+const testsFolder = '../apps';
 const prepend = (testFile) => require.resolve(`${testsFolder}/${testFile}`);

 export default async ({ readConfigFile }) => {
-  const defaultConfigs = await readConfigFile(require.resolve('../../functional/config'));
+  const xpackFunctionalConfig = await readConfigFile(require.resolve('../../functional/config'));
  const { tests, ...provisionedConfigs } = buildState(resolve(__dirname, stateFilePath));
  process.env.stack_functional_integration = true;
+  logAll(log);

-  const servers = {
-    kibana: kbnTestConfig.getUrlParts(),
-    elasticsearch: esTestConfig.getUrlParts(),
-  };
-  log.info(`servers data: ${JSON.stringify(servers)}`);
  const settings = {
-    ...defaultConfigs.getAll(),
-    junit: {
-      reportName: `${reportName} - ${provisionedConfigs.VM}`,
+    ...xpackFunctionalConfig.getAll(),
+    pageObjects: {
+      triggersActionsUI: TriggersActionsPageProvider,
+      ...xpackFunctionalConfig.get('pageObjects'),
+    },
+    apps: {
+      ...xpackFunctionalConfig.get('apps'),
+      triggersConnectors: {
+        pathname: '/app/management/insightsAndAlerting/triggersActions/connectors',
+      },
+    },
+    junit: {
+      reportName: `Stack Functional Integration Tests - ${provisionedConfigs.VM}`,
+    },
+    servers: servers(),
+    kbnTestServer: {
+      ...xpackFunctionalConfig.get('kbnTestServer'),
+      serverArgs: [...xpackFunctionalConfig.get('kbnTestServer.serverArgs')],
    },
-    servers,
    testFiles: tests.map(prepend).map(logTest),
-    // testFiles: ['monitoring'].map(prepend).map(logTest),
+    // testFiles: ['alerts'].map(prepend).map(logTest),
    // If we need to do things like disable animations, we can do it in configure_start_kibana.sh, in the provisioner...which lives in the integration-test private repo
    uiSettings: {},
    security: { disableTestUser: true },
@ -74,6 +78,19 @@ function highLight(testPath) {
  return testPath.replace(cleaned, colored);
 }
 function logTest(testPath) {
-  log.info(`Testing: '${highLight(truncate(testPath))}'`);
+  log.info(`### Testing: '${highLight(truncate(testPath))}'`);
  return testPath;
 }
+function logAll(log) {
+  log.info(`REPO_ROOT = ${REPO_ROOT}`);
+  log.info(`WORKSPACE in config file ${process.env.WORKSPACE}`);
+  log.info(`INTEGRATION_TEST_ROOT = ${INTEGRATION_TEST_ROOT}`);
+  log.info(`stateFilePath = ${stateFilePath}`);
+  log.info(`servers data: ${JSON.stringify(servers(), null, 2)}`);
+}
+function servers() {
+  return {
+    kibana: kbnTestConfig.getUrlParts(),
+    elasticsearch: esTestConfig.getUrlParts(),
+  };
+}
--- a/x-pack/test/stack_functional_integration/configs/tests_list.js
+++ b/x-pack/test/stack_functional_integration/configs/tests_list.js
@ -8,16 +8,11 @@
 export default (envObj) => {
  const xs = [];
  // one of these 2 needs to create the default index pattern
-  if (envObj.PRODUCTS.includes('logstash')) {
-    xs.push('management');
-  } else {
-    xs.push('sample_data');
-  }
+  if (envObj.PRODUCTS.includes('logstash')) xs.push('management');
+  else xs.push('sample_data');

  // get the opt in/out banner out of the way early
-  if (envObj.XPACK === 'YES') {
-    xs.push('telemetry');
-  }
+  if (envObj.XPACK === 'YES') xs.push('telemetry');

  if (envObj.BEATS.includes('metricbeat')) {
    xs.push('metricbeat/_metricbeat');
@ -26,27 +21,15 @@ export default (envObj) => {
      xs.push('metricbeat/_metricbeat_dashboard');
    }
  }
-  if (envObj.BEATS.includes('filebeat')) {
-    xs.push('filebeat');
-  }
-  if (envObj.BEATS.includes('packetbeat')) {
-    xs.push('packetbeat');
-  }
-  if (envObj.BEATS.includes('winlogbeat')) {
-    xs.push('winlogbeat');
-  }
-  if (envObj.BEATS.includes('heartbeat')) {
-    xs.push('heartbeat');
-  }
-  if (envObj.VM === 'ubuntu16_tar_ccs') {
-    xs.push('ccs');
-  }
+  if (envObj.BEATS.includes('filebeat')) xs.push('filebeat');
+  if (envObj.BEATS.includes('packetbeat')) xs.push('packetbeat');
+  if (envObj.BEATS.includes('winlogbeat')) xs.push('winlogbeat');
+  if (envObj.BEATS.includes('heartbeat')) xs.push('heartbeat');
+  if (envObj.VM === 'ubuntu16_tar_ccs') xs.push('ccs');

  // with latest elasticsearch Js client, we can only run these watcher tests
  // which use the watcher API on a config with x-pack but without TLS (no security)
-  if (envObj.VM === 'ubuntu16_tar') {
-    xs.push('reporting');
-  }
+  if (envObj.VM === 'ubuntu16_tar') xs.push('reporting');

  if (envObj.XPACK === 'YES' && ['TRIAL', 'GOLD', 'PLATINUM'].includes(envObj.LICENSE)) {
    // we can't test enabling monitoring on this config because we already enable it through cluster settings for both clusters.
@ -55,6 +38,7 @@ export default (envObj) => {
      xs.push('monitoring');
    }
    if (envObj.VM === 'centos7_rpm') {
+      xs.push('alerts');
      // monitoring is last because we switch to the elastic superuser here
      xs.push('monitoring/_monitoring_metricbeat');
    }