github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

test deprecated siem versions in some cy tests

Browse source
This commit is contained in:
Gergő Ábrahám 2025-06-18 16:01:20 +02:00
parent 88d0605b7b
commit 4b4f49ea3d
3 changed files with 347 additions and 258 deletions
Download patch file Download diff file Expand all files Collapse all files

16
x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts
View file

@ -20,3 +20,19 @@ export const KIBANA_KNOWN_DEFAULT_ACCOUNTS = {
system_indices_superuser: 'system_indices_superuser',
admin: 'admin',
} as const;
/**
* Siem feature versions to test.
*
* When a new `siem` version is implemented, please update the list below.
*/
export const SIEM_VERSIONS = [
// deprecated siem versions
'siem',
'siemV2',
// actual version, should equal to SECURITY_FEATURE_ID
'siemV3',
] as const;
export type SiemVersion = (typeof SIEM_VERSIONS)[number];

126
x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts
View file

@ -5,7 +5,6 @@
* 2.0.
*/
import { getRoleWithArtifactReadPrivilege } from '../../fixtures/role_with_artifact_read_privilege';
import { login, ROLE } from '../../tasks/login';
import { loadPage } from '../../tasks/common';
@ -18,26 +17,59 @@ import {
import { performUserActions } from '../../tasks/perform_user_actions';
import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
import type { ReturnTypeFromChainable } from '../../types';
import { SIEM_VERSIONS, type SiemVersion } from '../../common/constants';
import { SECURITY_FEATURE_ID } from '../../../../../common';
import { getT1Analyst } from '../../../../../scripts/endpoint/common/roles_users';
const loginWithWriteAccess = (url: string) => {
login(ROLE.endpoint_policy_manager);
loadPage(url);
const loginWithArtifactAccess = (
siemVersion: SiemVersion,
privilegePrefix: string,
access: 'none' | 'read' | 'all'
) => {
const base = getT1Analyst();
const customRole: typeof base = {
...base,
kibana: [
{
...base.kibana[0],
feature: {
[siemVersion]: [
// siemVX: read
'read',
// none/read/all for selected artifact
...(access !== 'none' ? [`${privilegePrefix}${access}`] : []),
],
},
},
],
};
const loginWithReadAccess = (privilegePrefix: string, url: string) => {
const roleWithArtifactReadPrivilege = getRoleWithArtifactReadPrivilege(privilegePrefix);
login.withCustomRole({ name: 'roleWithArtifactReadPrivilege', ...roleWithArtifactReadPrivilege });
loadPage(url);
};
const loginWithoutAccess = (url: string) => {
login(ROLE.t1_analyst);
loadPage(url);
login.withCustomRole({ name: 'customRole', ...customRole });
};
/**
* Notes:
* ESS:
* - testing NONE, READ, WRITE privileges with custom roles
* - also, all SIEM feature versions are tested to check backward compatibility
*
* Serverless: a subset of tests.
* - only NONE and WRITE privileges are tested with predefined roles
* - and only the latest SIEM feature (SECURITY_FEATURE_ID)
*
* Possible improvement: use custom roles on serverless to test the same as on ESS.
*/
describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }, () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts> | undefined;
const isServerless = Cypress.env('IS_SERVERLESS');
const siemVersionsToTest = isServerless ? [SECURITY_FEATURE_ID] : SIEM_VERSIONS;
let loginWithoutAccess: () => void;
let loginWithReadAccess: () => void;
let loginWithWriteAccess: () => void;
before(() => {
indexEndpointHosts().then((indexEndpoints) => {
endpointData = indexEndpoints;
@ -55,11 +87,41 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
endpointData = undefined;
});
for (const siemVersion of siemVersionsToTest) {
describe(siemVersion, () => {
for (const testData of getArtifactsListTestsData()) {
describe(`When on the ${testData.title} entries list`, () => {
beforeEach(() => {
const { privilegePrefix } = testData;
loginWithWriteAccess = () => {
if (isServerless) {
login(ROLE.endpoint_policy_manager);
} else {
loginWithArtifactAccess(siemVersion, privilegePrefix, 'all');
}
};
loginWithReadAccess = () => {
expect(isServerless, 'Testing read access is implemented only on ESS').to.equal(
false
);
loginWithArtifactAccess(siemVersion, privilegePrefix, 'read');
};
loginWithoutAccess = () => {
if (isServerless) {
login(ROLE.t1_analyst);
} else {
loginWithArtifactAccess(siemVersion, privilegePrefix, 'none');
}
};
});
describe('given there are no artifacts yet', () => {
it(`no access - should show no privileges callout`, () => {
loginWithoutAccess(`/app/security/administration/${testData.urlPath}`);
loginWithoutAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj('noPrivilegesPage').should('exist');
cy.getByTestSubj('empty-page-feature-action').should('exist');
cy.getByTestSubj(testData.emptyState).should('not.exist');
@ -71,23 +133,23 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
loginWithReadAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj(testData.emptyState).should('exist');
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
}
);
it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
loginWithWriteAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj(testData.emptyState).should('exist');
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('exist');
});
it(`write - should create new ${testData.title} entry`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
loginWithWriteAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
// Opens add flyout
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).click();
@ -117,16 +179,16 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
loginWithReadAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should(
'not.exist'
);
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should(
'not.exist'
);
}
);
@ -135,17 +197,16 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
loginWithReadAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
}
);
it(`write - should be able to update an existing ${testData.title} entry`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
loginWithWriteAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
// Opens edit flyout
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).click();
@ -164,7 +225,8 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
});
it(`write - should be able to delete the existing ${testData.title} entry`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
loginWithWriteAccess();
loadPage(`/app/security/administration/${testData.urlPath}`);
// Remove it
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).click();
@ -178,3 +240,5 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
});
}
});
}
});

33
x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/endpoint_list/endpoints_rbac_mocked_data.cy.ts
View file

@ -13,19 +13,22 @@ import type { ReturnTypeFromChainable } from '../../types';
import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
import { login } from '../../tasks/login';
import { loadPage } from '../../tasks/common';
import { SIEM_VERSIONS, type SiemVersion } from '../../common/constants';
describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
describe('Endpoints page RBAC', { tags: ['@ess'] }, () => {
type Privilege = 'all' | 'read' | 'none';
const PRIVILEGES: Privilege[] = ['none', 'read', 'all'];
const loginWithCustomRole: (privileges: {
integrationsPrivilege?: Privilege;
fleetPrivilege?: Privilege;
endpointPolicyManagementPrivilege?: Privilege;
integrationsPrivilege: Privilege;
fleetPrivilege: Privilege;
endpointPolicyManagementPrivilege: Privilege;
siemVersion: SiemVersion;
}) => void = ({
integrationsPrivilege = 'none',
fleetPrivilege = 'none',
endpointPolicyManagementPrivilege = 'none',
integrationsPrivilege,
fleetPrivilege,
endpointPolicyManagementPrivilege,
siemVersion,
}) => {
const base = getT1Analyst();
@ -35,9 +38,8 @@ describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
{
...base.kibana[0],
feature: {
...base.kibana[0].feature,
[SECURITY_FEATURE_ID]: [
...base.kibana[0].feature[SECURITY_FEATURE_ID],
[siemVersion]: [
'all',
`endpoint_list_all`,
`policy_management_${endpointPolicyManagementPrivilege}`,
],
@ -51,10 +53,12 @@ describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
login.withCustomRole({ name: 'customRole', ...customRole });
};
beforeEach(() => {
login();
it('latest siem version should be in version list', () => {
expect(SIEM_VERSIONS.at(-1)).to.equal(SECURITY_FEATURE_ID);
});
for (const siemVersion of SIEM_VERSIONS) {
describe(siemVersion, () => {
describe('neither Defend policy nor hosts are present', () => {
for (const endpointPolicyManagementPrivilege of PRIVILEGES) {
describe(`endpoint policy management privilege is ${endpointPolicyManagementPrivilege}`, () => {
@ -70,6 +74,7 @@ describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
endpointPolicyManagementPrivilege,
fleetPrivilege,
integrationsPrivilege,
siemVersion,
});
loadPage(APP_ENDPOINTS_PATH);
@ -122,6 +127,7 @@ describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
endpointPolicyManagementPrivilege,
fleetPrivilege,
integrationsPrivilege,
siemVersion,
});
loadPage(APP_ENDPOINTS_PATH);
@ -180,6 +186,7 @@ describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
endpointPolicyManagementPrivilege,
fleetPrivilege,
integrationsPrivilege,
siemVersion,
});
loadPage(APP_ENDPOINTS_PATH);
@ -199,3 +206,5 @@ describe('Endpoints RBAC', { tags: ['@ess'] }, () => {
}
});
});
}
});