github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

test deprecated siem versions in some cy tests

Browse source
This commit is contained in:
Gergő Ábrahám 2025-06-18 16:01:20 +02:00
parent 88d0605b7b
commit 4b4f49ea3d
3 changed files with 347 additions and 258 deletions
Download patch file Download diff file Expand all files Collapse all files

16
x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts
View file

@ -20,3 +20,19 @@ export const KIBANA_KNOWN_DEFAULT_ACCOUNTS = {
system_indices_superuser: 'system_indices_superuser', system_indices_superuser: 'system_indices_superuser',
admin: 'admin', admin: 'admin',
} as const; } as const;
/**
* Siem feature versions to test.
*
* When a new `siem` version is implemented, please update the list below.
*/
export const SIEM_VERSIONS = [
// deprecated siem versions
'siem',
'siemV2',
// actual version, should equal to SECURITY_FEATURE_ID
'siemV3',
] as const;
export type SiemVersion = (typeof SIEM_VERSIONS)[number];

296
x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts
View file

@ -5,7 +5,6 @@
* 2.0. * 2.0.
*/ */
import { getRoleWithArtifactReadPrivilege } from '../../fixtures/role_with_artifact_read_privilege';
import { login, ROLE } from '../../tasks/login'; import { login, ROLE } from '../../tasks/login';
import { loadPage } from '../../tasks/common'; import { loadPage } from '../../tasks/common';
@ -18,26 +17,59 @@ import {
import { performUserActions } from '../../tasks/perform_user_actions'; import { performUserActions } from '../../tasks/perform_user_actions';
import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts'; import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
import type { ReturnTypeFromChainable } from '../../types'; import type { ReturnTypeFromChainable } from '../../types';
import { SIEM_VERSIONS, type SiemVersion } from '../../common/constants';
import { SECURITY_FEATURE_ID } from '../../../../../common';
import { getT1Analyst } from '../../../../../scripts/endpoint/common/roles_users';
const loginWithWriteAccess = (url: string) => { const loginWithArtifactAccess = (
login(ROLE.endpoint_policy_manager); siemVersion: SiemVersion,
loadPage(url); privilegePrefix: string,
}; access: 'none' | 'read' | 'all'
) => {
const loginWithReadAccess = (privilegePrefix: string, url: string) => { const base = getT1Analyst();
const roleWithArtifactReadPrivilege = getRoleWithArtifactReadPrivilege(privilegePrefix);
login.withCustomRole({ name: 'roleWithArtifactReadPrivilege', ...roleWithArtifactReadPrivilege }); const customRole: typeof base = {
loadPage(url); ...base,
}; kibana: [
{
const loginWithoutAccess = (url: string) => { ...base.kibana[0],
login(ROLE.t1_analyst); feature: {
loadPage(url); [siemVersion]: [
// siemVX: read
'read',
// none/read/all for selected artifact
...(access !== 'none' ? [`${privilegePrefix}${access}`] : []),
],
},
},
],
};
login.withCustomRole({ name: 'customRole', ...customRole });
}; };
/**
* Notes:
* ESS:
* - testing NONE, READ, WRITE privileges with custom roles
* - also, all SIEM feature versions are tested to check backward compatibility
*
* Serverless: a subset of tests.
* - only NONE and WRITE privileges are tested with predefined roles
* - and only the latest SIEM feature (SECURITY_FEATURE_ID)
*
* Possible improvement: use custom roles on serverless to test the same as on ESS.
*/
describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }, () => { describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }, () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts> | undefined; let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts> | undefined;
const isServerless = Cypress.env('IS_SERVERLESS');
const siemVersionsToTest = isServerless ? [SECURITY_FEATURE_ID] : SIEM_VERSIONS;
let loginWithoutAccess: () => void;
let loginWithReadAccess: () => void;
let loginWithWriteAccess: () => void;
before(() => { before(() => {
indexEndpointHosts().then((indexEndpoints) => { indexEndpointHosts().then((indexEndpoints) => {
endpointData = indexEndpoints; endpointData = indexEndpoints;
@ -55,126 +87,158 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
endpointData = undefined; endpointData = undefined;
}); });
for (const testData of getArtifactsListTestsData()) { for (const siemVersion of siemVersionsToTest) {
describe(`When on the ${testData.title} entries list`, () => { describe(siemVersion, () => {
describe('given there are no artifacts yet', () => { for (const testData of getArtifactsListTestsData()) {
it(`no access - should show no privileges callout`, () => { describe(`When on the ${testData.title} entries list`, () => {
loginWithoutAccess(`/app/security/administration/${testData.urlPath}`); beforeEach(() => {
cy.getByTestSubj('noPrivilegesPage').should('exist'); const { privilegePrefix } = testData;
cy.getByTestSubj('empty-page-feature-action').should('exist');
cy.getByTestSubj(testData.emptyState).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
});
it( loginWithWriteAccess = () => {
`read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`, if (isServerless) {
// there is no such role in Serverless environment that only reads artifacts login(ROLE.endpoint_policy_manager);
{ tags: ['@skipInServerless'] }, } else {
() => { loginWithArtifactAccess(siemVersion, privilegePrefix, 'all');
loginWithReadAccess( }
testData.privilegePrefix, };
`/app/security/administration/${testData.urlPath}`
loginWithReadAccess = () => {
expect(isServerless, 'Testing read access is implemented only on ESS').to.equal(
false
);
loginWithArtifactAccess(siemVersion, privilegePrefix, 'read');
};
loginWithoutAccess = () => {
if (isServerless) {
login(ROLE.t1_analyst);
} else {
loginWithArtifactAccess(siemVersion, privilegePrefix, 'none');
}
};
});
describe('given there are no artifacts yet', () => {
it(`no access - should show no privileges callout`, () => {
loginWithoutAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj('noPrivilegesPage').should('exist');
cy.getByTestSubj('empty-page-feature-action').should('exist');
cy.getByTestSubj(testData.emptyState).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
});
it(
`read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`,
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithReadAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj(testData.emptyState).should('exist');
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
}
); );
cy.getByTestSubj(testData.emptyState).should('exist');
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
}
);
it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => { it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`); loginWithWriteAccess();
cy.getByTestSubj(testData.emptyState).should('exist'); loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('exist'); cy.getByTestSubj(testData.emptyState).should('exist');
}); cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('exist');
});
it(`write - should create new ${testData.title} entry`, () => { it(`write - should create new ${testData.title} entry`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`); loginWithWriteAccess();
// Opens add flyout loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).click(); // Opens add flyout
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).click();
performUserActions(testData.create.formActions); performUserActions(testData.create.formActions);
// Submit create artifact form // Submit create artifact form
cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click(); cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
// Check new artifact is in the list // Check new artifact is in the list
for (const checkResult of testData.create.checkResults) { for (const checkResult of testData.create.checkResults) {
cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value); cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
} }
// Title is shown after adding an item // Title is shown after adding an item
cy.getByTestSubj('header-page-title').contains(testData.title); cy.getByTestSubj('header-page-title').contains(testData.title);
}); });
}); });
describe('given there is an existing artifact', () => { describe('given there is an existing artifact', () => {
beforeEach(() => { beforeEach(() => {
createArtifactList(testData.createRequestBody.list_id); createArtifactList(testData.createRequestBody.list_id);
createPerPolicyArtifact(testData.artifactName, testData.createRequestBody); createPerPolicyArtifact(testData.artifactName, testData.createRequestBody);
}); });
it( it(
`read - should not be able to update/delete an existing ${testData.title} entry`, `read - should not be able to update/delete an existing ${testData.title} entry`,
// there is no such role in Serverless environment that only reads artifacts // there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] }, { tags: ['@skipInServerless'] },
() => { () => {
loginWithReadAccess( loginWithReadAccess();
testData.privilegePrefix, loadPage(`/app/security/administration/${testData.urlPath}`);
`/app/security/administration/${testData.urlPath}` cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should(
'not.exist'
);
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should(
'not.exist'
);
}
); );
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should( it(
'not.exist' `read - should not be able to create a new ${testData.title} entry`,
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithReadAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
}
); );
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should('not.exist');
}
);
it( it(`write - should be able to update an existing ${testData.title} entry`, () => {
`read - should not be able to create a new ${testData.title} entry`, loginWithWriteAccess();
// there is no such role in Serverless environment that only reads artifacts loadPage(`/app/security/administration/${testData.urlPath}`);
{ tags: ['@skipInServerless'] }, // Opens edit flyout
() => { cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
loginWithReadAccess( cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).click();
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
}
);
it(`write - should be able to update an existing ${testData.title} entry`, () => { performUserActions(testData.update.formActions);
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
// Opens edit flyout
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).click();
performUserActions(testData.update.formActions); // Submit edit artifact form
cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
// Submit edit artifact form for (const checkResult of testData.update.checkResults) {
cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click(); cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
}
for (const checkResult of testData.update.checkResults) { // Title still shown after editing an item
cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value); cy.getByTestSubj('header-page-title').contains(testData.title);
} });
// Title still shown after editing an item it(`write - should be able to delete the existing ${testData.title} entry`, () => {
cy.getByTestSubj('header-page-title').contains(testData.title); loginWithWriteAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
// Remove it
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).click();
cy.getByTestSubj(`${testData.pagePrefix}-deleteModal-submitButton`).click();
// No card visible after removing it
cy.getByTestSubj(testData.delete.card).should('not.exist');
// Empty state is displayed after removing last item
cy.getByTestSubj(testData.emptyState).should('exist');
});
});
}); });
}
it(`write - should be able to delete the existing ${testData.title} entry`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
// Remove it
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).click();
cy.getByTestSubj(`${testData.pagePrefix}-deleteModal-submitButton`).click();
// No card visible after removing it
cy.getByTestSubj(testData.delete.card).should('not.exist');
// Empty state is displayed after removing last item
cy.getByTestSubj(testData.emptyState).should('exist');
});
});
}); });
} }
}); });

293
x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/endpoint_list/endpoints_rbac_mocked_data.cy.ts
View file

@ -13,19 +13,22 @@ import type { ReturnTypeFromChainable } from '../../types';
import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts'; import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
import { login } from '../../tasks/login'; import { login } from '../../tasks/login';
import { loadPage } from '../../tasks/common'; import { loadPage } from '../../tasks/common';
import { SIEM_VERSIONS, type SiemVersion } from '../../common/constants';
describe('Endpoints RBAC', { tags: ['@ess'] }, () => { describe('Endpoints page RBAC', { tags: ['@ess'] }, () => {
type Privilege = 'all' | 'read' | 'none'; type Privilege = 'all' | 'read' | 'none';
const PRIVILEGES: Privilege[] = ['none', 'read', 'all']; const PRIVILEGES: Privilege[] = ['none', 'read', 'all'];
const loginWithCustomRole: (privileges: { const loginWithCustomRole: (privileges: {
integrationsPrivilege?: Privilege; integrationsPrivilege: Privilege;
fleetPrivilege?: Privilege; fleetPrivilege: Privilege;
endpointPolicyManagementPrivilege?: Privilege; endpointPolicyManagementPrivilege: Privilege;
siemVersion: SiemVersion;
}) => void = ({ }) => void = ({
integrationsPrivilege = 'none', integrationsPrivilege,
fleetPrivilege = 'none', fleetPrivilege,
endpointPolicyManagementPrivilege = 'none', endpointPolicyManagementPrivilege,
siemVersion,
}) => { }) => {
const base = getT1Analyst(); const base = getT1Analyst();
@ -35,9 +38,8 @@ describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
{ {
...base.kibana[0], ...base.kibana[0],
feature: { feature: {
...base.kibana[0].feature, [siemVersion]: [
[SECURITY_FEATURE_ID]: [ 'all',
...base.kibana[0].feature[SECURITY_FEATURE_ID],
`endpoint_list_all`, `endpoint_list_all`,
`policy_management_${endpointPolicyManagementPrivilege}`, `policy_management_${endpointPolicyManagementPrivilege}`,
], ],
@ -51,151 +53,158 @@ describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
login.withCustomRole({ name: 'customRole', ...customRole }); login.withCustomRole({ name: 'customRole', ...customRole });
}; };
beforeEach(() => { it('latest siem version should be in version list', () => {
login(); expect(SIEM_VERSIONS.at(-1)).to.equal(SECURITY_FEATURE_ID);
}); });
describe('neither Defend policy nor hosts are present', () => { for (const siemVersion of SIEM_VERSIONS) {
for (const endpointPolicyManagementPrivilege of PRIVILEGES) { describe(siemVersion, () => {
describe(`endpoint policy management privilege is ${endpointPolicyManagementPrivilege}`, () => { describe('neither Defend policy nor hosts are present', () => {
for (const fleetPrivilege of PRIVILEGES) { for (const endpointPolicyManagementPrivilege of PRIVILEGES) {
for (const integrationsPrivilege of PRIVILEGES) { describe(`endpoint policy management privilege is ${endpointPolicyManagementPrivilege}`, () => {
const shouldAllowOnboarding = for (const fleetPrivilege of PRIVILEGES) {
fleetPrivilege === 'all' && integrationsPrivilege === 'all'; for (const integrationsPrivilege of PRIVILEGES) {
const shouldAllowOnboarding =
fleetPrivilege === 'all' && integrationsPrivilege === 'all';
it(`should show onboarding screen ${ it(`should show onboarding screen ${
shouldAllowOnboarding ? 'with' : 'without' shouldAllowOnboarding ? 'with' : 'without'
} 'Add Elastic Defend' button with fleet:${fleetPrivilege} and integrations:${integrationsPrivilege}`, () => { } 'Add Elastic Defend' button with fleet:${fleetPrivilege} and integrations:${integrationsPrivilege}`, () => {
loginWithCustomRole({ loginWithCustomRole({
endpointPolicyManagementPrivilege, endpointPolicyManagementPrivilege,
fleetPrivilege, fleetPrivilege,
integrationsPrivilege, integrationsPrivilege,
}); siemVersion,
});
loadPage(APP_ENDPOINTS_PATH); loadPage(APP_ENDPOINTS_PATH);
cy.getByTestSubj('policyOnboardingInstructions').should('exist'); cy.getByTestSubj('policyOnboardingInstructions').should('exist');
if (shouldAllowOnboarding) { if (shouldAllowOnboarding) {
cy.getByTestSubj('onboardingStartButton').should('exist'); cy.getByTestSubj('onboardingStartButton').should('exist');
} else { } else {
cy.getByTestSubj('onboardingStartButton').should('not.exist'); cy.getByTestSubj('onboardingStartButton').should('not.exist');
}
});
} }
}); }
} });
} }
}); });
}
});
describe('Defend policy is present, but no hosts', () => { describe('Defend policy is present, but no hosts', () => {
let loadedPolicyData: IndexedFleetEndpointPolicyResponse; let loadedPolicyData: IndexedFleetEndpointPolicyResponse;
before(() => { before(() => {
cy.task( cy.task(
'indexFleetEndpointPolicy', 'indexFleetEndpointPolicy',
{ policyName: 'tests-serverless' }, { policyName: 'tests-serverless' },
{ timeout: 5 * 60 * 1000 } { timeout: 5 * 60 * 1000 }
).then((res) => { ).then((res) => {
const response = res as IndexedFleetEndpointPolicyResponse; const response = res as IndexedFleetEndpointPolicyResponse;
loadedPolicyData = response; loadedPolicyData = response;
}); });
});
after(() => {
if (loadedPolicyData) {
cy.task('deleteIndexedFleetEndpointPolicies', loadedPolicyData);
}
});
for (const endpointPolicyManagementPrivilege of PRIVILEGES) {
describe(`endpoint policy management privilege is ${endpointPolicyManagementPrivilege}`, () => {
for (const fleetPrivilege of PRIVILEGES) {
for (const integrationsPrivilege of PRIVILEGES) {
const shouldShowOnboardingSteps =
(fleetPrivilege === 'all' && integrationsPrivilege === 'read') ||
(fleetPrivilege === 'all' && integrationsPrivilege === 'all');
it(`should ${
shouldShowOnboardingSteps ? '' : ' NOT '
} show onboarding steps with fleet:${fleetPrivilege} and integrations:${integrationsPrivilege}`, () => {
loginWithCustomRole({
endpointPolicyManagementPrivilege,
fleetPrivilege,
integrationsPrivilege,
});
loadPage(APP_ENDPOINTS_PATH);
if (shouldShowOnboardingSteps) {
cy.getByTestSubj('emptyHostsTable').should('exist');
cy.getByTestSubj('onboardingSteps').should('exist');
} else {
// without correct privileges, fall back to empty policy table note showing that Fleet privilege is required
cy.getByTestSubj('emptyPolicyTable').should('exist');
cy.getByTestSubj('onboardingStartButton').should('not.exist');
}
});
}
}
});
}
});
describe('some hosts are enrolled', () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;
before(() => {
indexEndpointHosts({ count: 1 }).then((indexEndpoints) => {
endpointData = indexEndpoints;
});
});
after(() => {
if (endpointData) {
endpointData.cleanup();
// @ts-expect-error ignore setting to undefined
endpointData = undefined;
}
});
beforeEach(() => {
// if there is a request towards this API, it should return 200
cy.intercept(PACKAGE_POLICY_API_ROUTES.BULK_GET_PATTERN, (req) => {
req.on('response', (res) => {
expect(res.statusCode).to.equal(200);
}); });
});
});
for (const endpointPolicyManagementPrivilege of PRIVILEGES) { after(() => {
describe(`endpoint policy management privilege is ${endpointPolicyManagementPrivilege}`, () => { if (loadedPolicyData) {
for (const fleetPrivilege of PRIVILEGES) { cy.task('deleteIndexedFleetEndpointPolicies', loadedPolicyData);
for (const integrationsPrivilege of PRIVILEGES) {
const shouldProvidePolicyLink = endpointPolicyManagementPrivilege !== 'none';
it(`should show Endpoint list ${
shouldProvidePolicyLink ? 'with' : 'without'
} link to Endpoint Policy with fleet:${fleetPrivilege} and integrations:${integrationsPrivilege}`, () => {
loginWithCustomRole({
endpointPolicyManagementPrivilege,
fleetPrivilege,
integrationsPrivilege,
});
loadPage(APP_ENDPOINTS_PATH);
cy.getByTestSubj('policyNameCellLink').should('exist');
cy.getByTestSubj('policyNameCellLink').within(() => {
if (shouldProvidePolicyLink) {
cy.get('a').should('have.attr', 'href');
} else {
cy.get('a').should('not.exist');
}
});
});
} }
});
for (const endpointPolicyManagementPrivilege of PRIVILEGES) {
describe(`endpoint policy management privilege is ${endpointPolicyManagementPrivilege}`, () => {
for (const fleetPrivilege of PRIVILEGES) {
for (const integrationsPrivilege of PRIVILEGES) {
const shouldShowOnboardingSteps =
(fleetPrivilege === 'all' && integrationsPrivilege === 'read') ||
(fleetPrivilege === 'all' && integrationsPrivilege === 'all');
it(`should ${
shouldShowOnboardingSteps ? '' : ' NOT '
} show onboarding steps with fleet:${fleetPrivilege} and integrations:${integrationsPrivilege}`, () => {
loginWithCustomRole({
endpointPolicyManagementPrivilege,
fleetPrivilege,
integrationsPrivilege,
siemVersion,
});
loadPage(APP_ENDPOINTS_PATH);
if (shouldShowOnboardingSteps) {
cy.getByTestSubj('emptyHostsTable').should('exist');
cy.getByTestSubj('onboardingSteps').should('exist');
} else {
// without correct privileges, fall back to empty policy table note showing that Fleet privilege is required
cy.getByTestSubj('emptyPolicyTable').should('exist');
cy.getByTestSubj('onboardingStartButton').should('not.exist');
}
});
}
}
});
} }
}); });
}
}); describe('some hosts are enrolled', () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;
before(() => {
indexEndpointHosts({ count: 1 }).then((indexEndpoints) => {
endpointData = indexEndpoints;
});
});
after(() => {
if (endpointData) {
endpointData.cleanup();
// @ts-expect-error ignore setting to undefined
endpointData = undefined;
}
});
beforeEach(() => {
// if there is a request towards this API, it should return 200
cy.intercept(PACKAGE_POLICY_API_ROUTES.BULK_GET_PATTERN, (req) => {
req.on('response', (res) => {
expect(res.statusCode).to.equal(200);
});
});
});
for (const endpointPolicyManagementPrivilege of PRIVILEGES) {
describe(`endpoint policy management privilege is ${endpointPolicyManagementPrivilege}`, () => {
for (const fleetPrivilege of PRIVILEGES) {
for (const integrationsPrivilege of PRIVILEGES) {
const shouldProvidePolicyLink = endpointPolicyManagementPrivilege !== 'none';
it(`should show Endpoint list ${
shouldProvidePolicyLink ? 'with' : 'without'
} link to Endpoint Policy with fleet:${fleetPrivilege} and integrations:${integrationsPrivilege}`, () => {
loginWithCustomRole({
endpointPolicyManagementPrivilege,
fleetPrivilege,
integrationsPrivilege,
siemVersion,
});
loadPage(APP_ENDPOINTS_PATH);
cy.getByTestSubj('policyNameCellLink').should('exist');
cy.getByTestSubj('policyNameCellLink').within(() => {
if (shouldProvidePolicyLink) {
cy.get('a').should('have.attr', 'href');
} else {
cy.get('a').should('not.exist');
}
});
});
}
}
});
}
});
});
}
}); });