github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Serverless][SecuritySolution][Endpoint] Update serverless tests for scan w.r.to. PLIs (#187376)

Browse source 
## Summary

As `scan` response action is categorized now with Endpoint complete PLI
include `scan` action in serverless tests using
`responseActionScanEnabled` feature flag.

### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
This commit is contained in:
Ash 2024-07-02 23:29:01 +02:00 committed by GitHub
parent 32e7bf9828
commit 43058ca97b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 56 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

1
packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml
View file

@ -289,6 +289,7 @@ t3_analyst:
- feature_siem.process_operations_all
- feature_siem.actions_log_management_all # Response actions history
- feature_siem.file_operations_all
- feature_siem.scan_operations_all
- feature_securitySolutionCases.all
- feature_securitySolutionAssistant.all
- feature_actions.read

19
x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/complete.cy.ts
View file

@ -16,7 +16,14 @@ describe(
{
tags: ['@serverless', '@skipInServerlessMKI'],
env: {
ftrConfig: { productTypes: [{ product_line: 'security', product_tier: 'complete' }] },
ftrConfig: {
productTypes: [{ product_line: 'security', product_tier: 'complete' }],
kbnServerArgs: [
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
'responseActionScanEnabled',
])}`,
],
},
},
},
() => {
@ -53,10 +60,9 @@ describe(
}
// No access to response actions (except `unisolate`)
// TODO: update tests when `scan` is included in PLIs
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES.filter(
(apiName) => apiName !== 'scan'
).filter((apiName) => apiName !== 'unisolate')) {
(apiName) => apiName !== 'unisolate'
)) {
it(`should not allow access to Response Action: ${actionName}`, () => {
ensureResponseActionAuthzAccess('none', actionName, username, password);
});
@ -79,10 +85,9 @@ describe(
});
// No access to response actions (except `unisolate`)
// TODO: update tests when `scan` is included in PLIs
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES.filter(
(apiName) => apiName !== 'scan'
).filter((apiName) => apiName !== 'unisolate')) {
(apiName) => apiName !== 'unisolate'
)) {
it(`should not allow access to Response Action: ${actionName}`, () => {
ensureResponseActionAuthzAccess('none', actionName, username, password);
});

15
x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/complete_with_endpoint.cy.ts
View file

@ -24,6 +24,11 @@ describe(
{ product_line: 'security', product_tier: 'complete' },
{ product_line: 'endpoint', product_tier: 'complete' },
],
kbnServerArgs: [
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
'responseActionScanEnabled',
])}`,
],
},
},
},
@ -47,10 +52,7 @@ describe(
});
}
// TODO: update tests when `scan` is included in PLIs
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES.filter(
(apiName) => apiName !== 'scan'
)) {
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES) {
it(`should allow access to Response Action: ${actionName}`, () => {
ensureResponseActionAuthzAccess('all', actionName, username, password);
});
@ -73,10 +75,7 @@ describe(
});
});
// TODO: update tests when `scan` is included in PLIs
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES.filter(
(apiName) => apiName !== 'scan'
)) {
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES) {
it(`should allow access to Response Action: ${actionName}`, () => {
ensureResponseActionAuthzAccess('all', actionName, username, password);
});

15
x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/essentials.cy.ts
View file

@ -18,6 +18,11 @@ describe(
env: {
ftrConfig: {
productTypes: [{ product_line: 'security', product_tier: 'essentials' }],
kbnServerArgs: [
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
'responseActionScanEnabled',
])}`,
],
},
},
},
@ -55,10 +60,9 @@ describe(
}
// No access to response actions (except `unisolate`)
// TODO: update tests when `scan` is included in PLIs
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES.filter(
(apiName) => apiName !== 'scan'
).filter((apiName) => apiName !== 'unisolate')) {
(apiName) => apiName !== 'unisolate'
)) {
it(`should not allow access to Response Action: ${actionName}`, () => {
ensureResponseActionAuthzAccess('none', actionName, username, password);
});
@ -81,10 +85,9 @@ describe(
});
// No access to response actions (except `unisolate`)
// TODO: update tests when `scan` is included in PLIs
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES.filter(
(apiName) => apiName !== 'scan'
).filter((apiName) => apiName !== 'unisolate')) {
(apiName) => apiName !== 'unisolate'
)) {
it(`should not allow access to Response Action: ${actionName}`, () => {
ensureResponseActionAuthzAccess('none', actionName, username, password);
});

15
x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/essentials_with_endpoint.cy.ts
View file

@ -24,6 +24,11 @@ describe(
{ product_line: 'security', product_tier: 'essentials' },
{ product_line: 'endpoint', product_tier: 'essentials' },
],
kbnServerArgs: [
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
'responseActionScanEnabled',
])}`,
],
},
},
},
@ -62,10 +67,9 @@ describe(
});
}
// TODO: update tests when `scan` is included in PLIs
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES.filter(
(apiName) => apiName !== 'scan'
).filter((apiName) => apiName !== 'unisolate')) {
(apiName) => apiName !== 'unisolate'
)) {
it(`should not allow access to Response Action: ${actionName}`, () => {
ensureResponseActionAuthzAccess('none', actionName, username, password);
});
@ -92,10 +96,9 @@ describe(
});
});
// TODO: update tests when `scan` is included in PLIs
for (const actionName of RESPONSE_ACTION_API_COMMANDS_NAMES.filter(
(apiName) => apiName !== 'scan'
).filter((apiName) => apiName !== 'unisolate')) {
(apiName) => apiName !== 'unisolate'
)) {
it(`should not allow access to Response Action: ${actionName}`, () => {
ensureResponseActionAuthzAccess('none', actionName, username, password);
});

8
x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/roles/complete_with_endpoint_roles.cy.ts
View file

@ -40,6 +40,11 @@ describe(
{ product_line: 'security', product_tier: 'complete' },
{ product_line: 'endpoint', product_tier: 'complete' },
],
kbnServerArgs: [
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
'responseActionScanEnabled',
])}`,
],
},
},
},
@ -118,7 +123,8 @@ describe(
'kill-process',
'suspend-process',
'get-file',
'upload'
'upload',
'scan'
);
const deniedResponseActions = pick(consoleHelpPanelResponseActionsTestSubj, 'execute');

6
x-pack/plugins/security_solution/public/management/cypress/screens/responder.ts
View file

@ -14,9 +14,8 @@ const TEST_SUBJ = Object.freeze({
actionLogFlyout: 'responderActionLogFlyout',
});
// TODO: 8.15 Include `scan` in return type when responseActionsScanEnabled when `scan` is categorized in PLIs
export const getConsoleHelpPanelResponseActionTestSubj = (): Record<
Exclude<ConsoleResponseActionCommands, 'scan'>,
ConsoleResponseActionCommands,
string
> => {
return {
@ -28,8 +27,7 @@ export const getConsoleHelpPanelResponseActionTestSubj = (): Record<
'get-file': 'endpointResponseActionsConsole-commandList-Responseactions-get-file',
execute: 'endpointResponseActionsConsole-commandList-Responseactions-execute',
upload: 'endpointResponseActionsConsole-commandList-Responseactions-upload',
// TODO: 8.15 Include `scan` in return type when responseActionsScanEnabled when `scan` is categorized in PLIs
// scan: 'endpointResponseActionsConsole-commandList-Responseactions-scan',
scan: 'endpointResponseActionsConsole-commandList-Responseactions-scan',
};
};

6
x-pack/plugins/security_solution/public/management/cypress/tasks/response_actions.ts
View file

@ -16,6 +16,7 @@ import {
GET_PROCESSES_ROUTE,
ISOLATE_HOST_ROUTE_V2,
KILL_PROCESS_ROUTE,
SCAN_ROUTE,
SUSPEND_PROCESS_ROUTE,
UNISOLATE_HOST_ROUTE_V2,
UPLOAD_ROUTE,
@ -243,6 +244,11 @@ export const ensureResponseActionAuthzAccess = (
}
break;
case 'scan':
url = SCAN_ROUTE;
Object.assign(apiPayload, { parameters: { path: 'scan/two' } });
break;
default:
throw new Error(`Response action [${responseAction}] has no API payload defined`);
}

1
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml
View file

@ -311,6 +311,7 @@ t3_analyst:
- feature_siem.process_operations_all
- feature_siem.actions_log_management_all # Response actions history
- feature_siem.file_operations_all
- feature_siem.scan_operations_all
- feature_securitySolutionCases.all
- feature_securitySolutionAssistant.all
- feature_actions.read

1
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/t3_analyst.ts
View file

@ -31,6 +31,7 @@ export const getT3Analyst: () => Omit<Role, 'name'> = () => {
'process_operations_all',
'actions_log_management_all',
'file_operations_all',
'scan_operations_all',
],
},
},

1
x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml
View file

@ -292,6 +292,7 @@ t3_analyst:
- feature_siem.process_operations_all
- feature_siem.actions_log_management_all # Response actions history
- feature_siem.file_operations_all
- feature_siem.scan_operations_all
- feature_securitySolutionCases.all
- feature_securitySolutionAssistant.all
- feature_actions.read