github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Cloud Security][Serverless] Serverless API FTR Test Update on Roles (#186488)

Browse source 
## Summary

We no longer uses with Operator role when doing serverless FTR,
This commit is contained in:
Rickyanto Ang 2024-06-20 08:44:56 -07:00 committed by GitHub
parent 02bc5cff27
commit 592aafcaba
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 417 additions and 221 deletions
Download patch file Download diff file Expand all files Collapse all files

100
x-pack/test/api_integration/apis/cloud_security_posture/helper.ts
View file

@ -13,6 +13,12 @@ import type { IndexDetails } from '@kbn/cloud-security-posture-plugin/common/typ
import { CLOUD_SECURITY_PLUGIN_VERSION } from '@kbn/cloud-security-posture-plugin/common/constants';
import { SecurityService } from '../../../../../test/common/services/security/security';
export interface RoleCredentials {
apiKey: { id: string; name: string };
apiKeyHeader: { Authorization: string };
cookieHeader: { Cookie: string };
}
export const deleteIndex = (es: Client, indexToBeDeleted: string[]) => {
Promise.all([
...indexToBeDeleted.map((indexes) =>
@ -50,7 +56,9 @@ export async function createPackagePolicy(
input: string,
deployment: string,
posture: string,
packageName: string = 'cloud_security_posture-1'
packageName: string = 'cloud_security_posture-1',
roleAuthc?: RoleCredentials,
internalRequestHeader?: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string }
) {
const version = CLOUD_SECURITY_PLUGIN_VERSION;
const title = 'Security Posture Management';
@ -72,35 +80,67 @@ export async function createPackagePolicy(
const inputs = posture === 'vuln_mgmt' ? { ...inputTemplate, streams } : { ...inputTemplate };
const { body: postPackageResponse } = await supertest
.post(`/api/fleet/package_policies`)
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set('kbn-xsrf', 'xxxx')
.send({
force: true,
name: packageName,
description: '',
namespace: 'default',
policy_id: agentPolicyId,
enabled: true,
inputs: [inputs],
package: {
name: 'cloud_security_posture',
title,
version,
},
vars: {
deployment: {
value: deployment,
type: 'text',
},
posture: {
value: posture,
type: 'text',
},
},
})
.expect(200);
const { body: postPackageResponse } =
roleAuthc && internalRequestHeader
? await supertest
.post(`/api/fleet/package_policies`)
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
force: true,
name: packageName,
description: '',
namespace: 'default',
policy_id: agentPolicyId,
enabled: true,
inputs: [inputs],
package: {
name: 'cloud_security_posture',
title,
version,
},
vars: {
deployment: {
value: deployment,
type: 'text',
},
posture: {
value: posture,
type: 'text',
},
},
})
.expect(200)
: await supertest
.post(`/api/fleet/package_policies`)
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set('kbn-xsrf', 'xxxx')
.send({
force: true,
name: packageName,
description: '',
namespace: 'default',
policy_id: agentPolicyId,
enabled: true,
inputs: [inputs],
package: {
name: 'cloud_security_posture',
title,
version,
},
vars: {
deployment: {
value: deployment,
type: 'text',
},
posture: {
value: posture,
type: 'text',
},
},
})
.expect(200);
return postPackageResponse.item;
}

89
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v1.ts
View file

@ -6,17 +6,17 @@
*/
import expect from '@kbn/expect';
import type { GetBenchmarkResponse } from '@kbn/cloud-security-posture-plugin/common/types/latest';
import {
ELASTIC_HTTP_VERSION_HEADER,
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import { FtrProviderContext } from '../../../../ftr_provider_context';
import { createPackagePolicy } from '../../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
import { RoleCredentials } from '../../../../../shared/services';
export default function ({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const supertestWithoutAuth = getService('supertestWithoutAuth');
const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
describe('GET /internal/cloud_security_posture/benchmark', function () {
// security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
@ -26,14 +26,26 @@ export default function ({ getService }: FtrProviderContext) {
let agentPolicyId2: string;
let agentPolicyId3: string;
let agentPolicyId4: string;
let roleAuthc: RoleCredentials;
let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
before(async () => {
roleAuthc = await svlUserManager.createApiKeyForRole('admin');
internalRequestHeader = svlCommonApi.getInternalRequestHeader();
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(roleAuthc);
});
beforeEach(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
const { body: agentPolicyResponse } = await supertest
const { body: agentPolicyResponse } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy',
namespace: 'default',
@ -41,9 +53,10 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId = agentPolicyResponse.item.id;
const { body: agentPolicyResponse2 } = await supertest
const { body: agentPolicyResponse2 } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy 2',
namespace: 'default',
@ -51,9 +64,10 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId2 = agentPolicyResponse2.item.id;
const { body: agentPolicyResponse3 } = await supertest
const { body: agentPolicyResponse3 } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy 3',
namespace: 'default',
@ -61,9 +75,10 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId3 = agentPolicyResponse3.item.id;
const { body: agentPolicyResponse4 } = await supertest
const { body: agentPolicyResponse4 } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy 4',
namespace: 'default',
@ -72,43 +87,51 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId4 = agentPolicyResponse4.item.id;
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'cspm',
'cloudbeat/cis_aws',
'aws',
'cspm',
'CSPM-1'
'CSPM-1',
roleAuthc,
internalRequestHeader
);
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId2,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm',
'KSPM-1'
'KSPM-1',
roleAuthc,
internalRequestHeader
);
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId3,
'vuln_mgmt',
'cloudbeat/vuln_mgmt_aws',
'aws',
'vuln_mgmt',
'CNVM-1'
'CNVM-1',
roleAuthc,
internalRequestHeader
);
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId4,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm',
'KSPM-2'
'KSPM-2',
roleAuthc,
internalRequestHeader
);
});
@ -118,44 +141,44 @@ export default function ({ getService }: FtrProviderContext) {
});
it(`Should return non-empty array filled with Rules if user has CSP integrations`, async () => {
const { body: res }: { body: GetBenchmarkResponse } = await supertest
const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/benchmarks`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.items.length).equal(3);
});
it(`Should return array size 2 when we set per page to be only 2 (total element is still 3)`, async () => {
const { body: res }: { body: GetBenchmarkResponse } = await supertest
const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/benchmarks?per_page=2`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.items.length).equal(2);
});
it(`Should return array size 2 when we set per page to be only 2 (total element is still 3)`, async () => {
const { body: res }: { body: GetBenchmarkResponse } = await supertest
const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/benchmarks?per_page=2&page=2`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.items.length).equal(1);
});
it(`Should return empty array when we set page to be above the last page number`, async () => {
const { body: res }: { body: GetBenchmarkResponse } = await supertest
const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/benchmarks?per_page=2&page=3`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.items.length).equal(0);

71
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark/v2.ts
View file

@ -6,17 +6,17 @@
*/
import expect from '@kbn/expect';
import type { GetBenchmarkResponse } from '@kbn/cloud-security-posture-plugin/common/types/latest';
import {
ELASTIC_HTTP_VERSION_HEADER,
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import { FtrProviderContext } from '../../../../ftr_provider_context';
import { createPackagePolicy } from '../../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
import { RoleCredentials } from '../../../../../shared/services';
export default function ({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
const supertestWithoutAuth = getService('supertestWithoutAuth');
describe('GET /internal/cloud_security_posture/benchmark', function () {
// security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
@ -26,14 +26,26 @@ export default function ({ getService }: FtrProviderContext) {
let agentPolicyId2: string;
let agentPolicyId3: string;
let agentPolicyId4: string;
let roleAuthc: RoleCredentials;
let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
before(async () => {
roleAuthc = await svlUserManager.createApiKeyForRole('admin');
internalRequestHeader = svlCommonApi.getInternalRequestHeader();
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(roleAuthc);
});
beforeEach(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
const { body: agentPolicyResponse } = await supertest
const { body: agentPolicyResponse } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy',
namespace: 'default',
@ -41,9 +53,10 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId = agentPolicyResponse.item.id;
const { body: agentPolicyResponse2 } = await supertest
const { body: agentPolicyResponse2 } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy 2',
namespace: 'default',
@ -51,9 +64,10 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId2 = agentPolicyResponse2.item.id;
const { body: agentPolicyResponse3 } = await supertest
const { body: agentPolicyResponse3 } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy 3',
namespace: 'default',
@ -61,9 +75,10 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId3 = agentPolicyResponse3.item.id;
const { body: agentPolicyResponse4 } = await supertest
const { body: agentPolicyResponse4 } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy 4',
namespace: 'default',
@ -72,43 +87,51 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId4 = agentPolicyResponse4.item.id;
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'cspm',
'cloudbeat/cis_aws',
'aws',
'cspm',
'CSPM-1'
'CSPM-1',
roleAuthc,
internalRequestHeader
);
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId2,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm',
'KSPM-1'
'KSPM-1',
roleAuthc,
internalRequestHeader
);
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId3,
'vuln_mgmt',
'cloudbeat/vuln_mgmt_aws',
'aws',
'vuln_mgmt',
'CNVM-1'
'CNVM-1',
roleAuthc,
internalRequestHeader
);
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId4,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm',
'KSPM-2'
'KSPM-2',
roleAuthc,
internalRequestHeader
);
});
@ -118,11 +141,11 @@ export default function ({ getService }: FtrProviderContext) {
});
it(`Should return all benchmarks if user has CSP integrations`, async () => {
const { body: res }: { body: GetBenchmarkResponse } = await supertest
const { body: res }: { body: GetBenchmarkResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/benchmarks`)
.set(ELASTIC_HTTP_VERSION_HEADER, '2')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.items.length).equal(5);

110
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts
View file

@ -5,10 +5,7 @@
* 2.0.
*/
import expect from '@kbn/expect';
import {
ELASTIC_HTTP_VERSION_HEADER,
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import type {
CspBenchmarkRule,
FindCspBenchmarkRuleResponse,
@ -16,11 +13,14 @@ import type {
import { FtrProviderContext } from '../../../ftr_provider_context';
import { createPackagePolicy } from '../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
import { RoleCredentials } from '../../../../shared/services';
export default function ({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const supertestWithoutAuth = getService('supertestWithoutAuth');
const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
// find csp benchmark rule tests
describe('GET internal/cloud_security_posture/rules/_find', function () {
@ -28,14 +28,26 @@ export default function ({ getService }: FtrProviderContext) {
this.tags(['failsOnMKI']);
let agentPolicyId: string;
let roleAuthc: RoleCredentials;
let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
before(async () => {
roleAuthc = await svlUserManager.createApiKeyForRole('admin');
internalRequestHeader = svlCommonApi.getInternalRequestHeader();
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(roleAuthc);
});
beforeEach(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
const { body: agentPolicyResponse } = await supertest
const { body: agentPolicyResponse } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy',
namespace: 'default',
@ -51,19 +63,22 @@ export default function ({ getService }: FtrProviderContext) {
it(`Should return 500 error code when not provide package policy id or benchmark id`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-1',
roleAuthc,
internalRequestHeader
);
const { body }: { body: { message: string } } = await supertest
const { body }: { body: { message: string } } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/rules/_find`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(500);
expect(body.message).to.eql(
@ -74,19 +89,22 @@ export default function ({ getService }: FtrProviderContext) {
it(`Should return 500 error code when provide both package policy id and benchmark id`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-2',
roleAuthc,
internalRequestHeader
);
const { body }: { body: { message: string } } = await supertest
const { body }: { body: { message: string } } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/rules/_find`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.query({
packagePolicyId: 'your-package-policy-id',
benchmarkId: 'cis_aws',
@ -100,11 +118,11 @@ export default function ({ getService }: FtrProviderContext) {
});
it(`Should return 404 status code when the package policy ID does not exist`, async () => {
const { body }: { body: { statusCode: number; error: string } } = await supertest
const { body }: { body: { statusCode: number; error: string } } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/rules/_find`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.query({
packagePolicyId: 'non-existing-packagePolicy-id',
})
@ -122,19 +140,22 @@ export default function ({ getService }: FtrProviderContext) {
it(`Should return 200 status code and filter rules by benchmarkId`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-3',
roleAuthc,
internalRequestHeader
);
const { body }: { body: FindCspBenchmarkRuleResponse } = await supertest
const { body }: { body: FindCspBenchmarkRuleResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/rules/_find`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.query({
benchmarkId: 'cis_k8s',
})
@ -154,19 +175,22 @@ export default function ({ getService }: FtrProviderContext) {
it(`Should return 200 status code, and only requested fields in the response`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-4',
roleAuthc,
internalRequestHeader
);
const { body }: { body: FindCspBenchmarkRuleResponse } = await supertest
const { body }: { body: FindCspBenchmarkRuleResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/rules/_find`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.query({
benchmarkId: 'cis_k8s',
fields: ['metadata.name', 'metadata.section', 'metadata.id'],
@ -188,19 +212,22 @@ export default function ({ getService }: FtrProviderContext) {
it(`Should return 200 status code, items sorted by metadata.section field`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-5',
roleAuthc,
internalRequestHeader
);
const { body }: { body: FindCspBenchmarkRuleResponse } = await supertest
const { body }: { body: FindCspBenchmarkRuleResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/rules/_find`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.query({
benchmarkId: 'cis_k8s',
sortField: 'metadata.section',
@ -223,19 +250,22 @@ export default function ({ getService }: FtrProviderContext) {
const perPage = 10;
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-6',
roleAuthc,
internalRequestHeader
);
const { body }: { body: FindCspBenchmarkRuleResponse } = await supertest
const { body }: { body: FindCspBenchmarkRuleResponse } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/rules/_find`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set('kbn-xsrf', 'xxxx')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.query({
benchmarkId: 'cis_k8s',
perPage,

65
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts
View file

@ -5,10 +5,7 @@
* 2.0.
*/
import expect from '@kbn/expect';
import {
ELASTIC_HTTP_VERSION_HEADER,
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import type { CspSetupStatus } from '@kbn/cloud-security-posture-plugin/common/types_old';
import {
FINDINGS_INDEX_DEFAULT_NS,
@ -26,6 +23,7 @@ import {
findingsMockData,
vulnerabilityMockData,
} from '../../../../../../test/api_integration/apis/cloud_security_posture/mock_data'; // eslint-disable-line @kbn/imports/no_boundary_crossing
import { RoleCredentials } from '../../../../../shared/services';
const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
@ -36,25 +34,39 @@ const INDEX_ARRAY = [
export default function (providerContext: FtrProviderContext) {
const { getService } = providerContext;
const supertest = getService('supertest');
const es = getService('es');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const supertestWithoutAuth = getService('supertestWithoutAuth');
const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
describe('GET /internal/cloud_security_posture/status', function () {
// security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
this.tags(['failsOnMKI']);
let agentPolicyId: string;
let roleAuthc: RoleCredentials;
let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
before(async () => {
roleAuthc = await svlUserManager.createApiKeyForRole('admin');
internalRequestHeader = svlCommonApi.getInternalRequestHeader();
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(roleAuthc);
});
describe('STATUS = INDEXED TEST', () => {
beforeEach(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
const { body: agentPolicyResponse } = await supertest
const { body: agentPolicyResponse } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy',
namespace: 'default',
@ -75,19 +87,22 @@ export default function (providerContext: FtrProviderContext) {
it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.kspm.status).to.eql(
@ -98,19 +113,22 @@ export default function (providerContext: FtrProviderContext) {
it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'cspm',
'cloudbeat/cis_aws',
'aws',
'cspm'
'cspm',
'CSPM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.cspm.status).to.eql(
@ -121,19 +139,22 @@ export default function (providerContext: FtrProviderContext) {
it(`Return vuln status indexed when logs-cloud_security_posture.vulnerabilities_latest-default contains new documents`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'vuln_mgmt',
'cloudbeat/vuln_mgmt_aws',
'aws',
'vuln_mgmt'
'vuln_mgmt',
'CNVM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.vuln_mgmt.status).to.eql(

65
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts
View file

@ -5,10 +5,7 @@
* 2.0.
*/
import expect from '@kbn/expect';
import {
ELASTIC_HTTP_VERSION_HEADER,
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import type { CspSetupStatus } from '@kbn/cloud-security-posture-plugin/common/types_old';
import {
FINDINGS_INDEX_DEFAULT_NS,
@ -26,6 +23,7 @@ import {
findingsMockData,
vulnerabilityMockData,
} from '../../../../../../test/api_integration/apis/cloud_security_posture/mock_data'; // eslint-disable-line @kbn/imports/no_boundary_crossing
import { RoleCredentials } from '../../../../../shared/services';
const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
@ -36,25 +34,39 @@ const INDEX_ARRAY = [
export default function (providerContext: FtrProviderContext) {
const { getService } = providerContext;
const supertest = getService('supertest');
const es = getService('es');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const supertestWithoutAuth = getService('supertestWithoutAuth');
const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
describe('GET /internal/cloud_security_posture/status', function () {
// security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
this.tags(['failsOnMKI']);
let agentPolicyId: string;
let roleAuthc: RoleCredentials;
let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
before(async () => {
roleAuthc = await svlUserManager.createApiKeyForRole('admin');
internalRequestHeader = svlCommonApi.getInternalRequestHeader();
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(roleAuthc);
});
describe('STATUS = INDEXING TEST', () => {
beforeEach(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
const { body: agentPolicyResponse } = await supertest
const { body: agentPolicyResponse } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy',
namespace: 'default',
@ -74,19 +86,22 @@ export default function (providerContext: FtrProviderContext) {
it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.kspm.status).to.eql(
@ -97,19 +112,22 @@ export default function (providerContext: FtrProviderContext) {
it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents `, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'cspm',
'cloudbeat/cis_aws',
'aws',
'cspm'
'cspm',
'CSPM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.cspm.status).to.eql(
@ -120,19 +138,22 @@ export default function (providerContext: FtrProviderContext) {
it(`Return vuln status indexing when logs-cloud_security_posture.vulnerabilities_latest-default doesn't contain vuln new documents, but has newly connected agents`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'vuln_mgmt',
'cloudbeat/vuln_mgmt_aws',
'aws',
'vuln_mgmt'
'vuln_mgmt',
'CNVM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.vuln_mgmt.status).to.eql(

65
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_not_deployed_not_installed.ts
View file

@ -6,33 +6,45 @@
*/
import expect from '@kbn/expect';
import type { CspSetupStatus } from '@kbn/cloud-security-posture-plugin/common/types_old';
import {
ELASTIC_HTTP_VERSION_HEADER,
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import { FtrProviderContext } from '../../../../ftr_provider_context';
import { createPackagePolicy } from '../../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
import { RoleCredentials } from '../../../../../shared/services';
export default function (providerContext: FtrProviderContext) {
const { getService } = providerContext;
const supertest = getService('supertest');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const supertestWithoutAuth = getService('supertestWithoutAuth');
const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
describe('GET /internal/cloud_security_posture/status', function () {
// security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all]
this.tags(['failsOnMKI']);
let agentPolicyId: string;
let roleAuthc: RoleCredentials;
let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
before(async () => {
roleAuthc = await svlUserManager.createApiKeyForRole('admin');
internalRequestHeader = svlCommonApi.getInternalRequestHeader();
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(roleAuthc);
});
describe('STATUS = NOT-DEPLOYED and STATUS = NOT-INSTALLED TEST', () => {
beforeEach(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
const { body: agentPolicyResponse } = await supertest
const { body: agentPolicyResponse } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy',
namespace: 'default',
@ -47,19 +59,22 @@ export default function (providerContext: FtrProviderContext) {
});
it(`Should return not-deployed when installed kspm, no findings on either indices and no healthy agents`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'kspm',
'cloudbeat/cis_k8s',
'vanilla',
'kspm'
'kspm',
'KSPM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.kspm.status).to.eql(
@ -86,19 +101,22 @@ export default function (providerContext: FtrProviderContext) {
it(`Should return not-deployed when installed cspm, no findings on either indices and no healthy agents`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'cspm',
'cloudbeat/cis_aws',
'aws',
'cspm'
'cspm',
'CSPM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.cspm.status).to.eql(
@ -125,19 +143,22 @@ export default function (providerContext: FtrProviderContext) {
it(`Should return not-deployed when installed cnvm, no findings on either indices and no healthy agents`, async () => {
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'vuln_mgmt',
'cloudbeat/vuln_mgmt_aws',
'aws',
'vuln_mgmt'
'vuln_mgmt',
'CNVM-1',
roleAuthc,
internalRequestHeader
);
const { body: res }: { body: CspSetupStatus } = await supertest
const { body: res }: { body: CspSetupStatus } = await supertestWithoutAuth
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.expect(200);
expect(res.cspm.status).to.eql(

73
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts
View file

@ -6,37 +6,48 @@
*/
import expect from '@kbn/expect';
import {
ELASTIC_HTTP_VERSION_HEADER,
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import type { Agent as SuperTestAgent } from 'supertest';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import type { FtrProviderContext } from '../../../ftr_provider_context';
import {
data as telemetryMockData,
MockTelemetryFindings,
} from '../../../../../test/cloud_security_posture_api/telemetry/data'; // eslint-disable-line @kbn/imports/no_boundary_crossing
import { createPackagePolicy } from '../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
import { RoleCredentials } from '../../../../shared/services';
const FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default';
export default function ({ getService }: FtrProviderContext) {
const retry = getService('retry');
const es = getService('es');
const supertest = getService('supertest');
const log = getService('log');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const supertestWithoutAuth = getService('supertestWithoutAuth');
const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
let roleAuthc: RoleCredentials;
let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string };
/**
* required before indexing findings
*/
const waitForPluginInitialized = (): Promise<void> =>
const waitForPluginInitialized = (
supertestWithoutAuthParam: SuperTestAgent,
internalRequestHeaderParam: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string },
roleAuthcParam: RoleCredentials
): Promise<void> =>
retry.try(async () => {
log.debug('Check CSP plugin is initialized');
const response = await supertest
roleAuthc = await svlUserManager.createApiKeyForRole('admin');
internalRequestHeader = svlCommonApi.getInternalRequestHeader();
const response = await supertestWithoutAuthParam
.get('/internal/cloud_security_posture/status?check=init')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
.set(internalRequestHeaderParam)
.set(roleAuthcParam.apiKeyHeader)
.expect(200);
expect(response.body).to.eql({ isPluginInitialized: true });
log.debug('CSP plugin is initialized');
@ -68,12 +79,15 @@ export default function ({ getService }: FtrProviderContext) {
let agentPolicyId: string;
before(async () => {
roleAuthc = await svlUserManager.createApiKeyForRole('admin');
internalRequestHeader = svlCommonApi.getInternalRequestHeader();
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
const { body: agentPolicyResponse } = await supertest
const { body: agentPolicyResponse } = await supertestWithoutAuth
.post(`/api/fleet/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
name: 'Test policy',
namespace: 'default',
@ -82,18 +96,21 @@ export default function ({ getService }: FtrProviderContext) {
agentPolicyId = agentPolicyResponse.item.id;
await createPackagePolicy(
supertest,
supertestWithoutAuth,
agentPolicyId,
'cspm',
'cloudbeat/cis_aws',
'aws',
'cspm',
'CSPM-1'
'CSPM-1',
roleAuthc,
internalRequestHeader
);
await waitForPluginInitialized();
await waitForPluginInitialized(supertestWithoutAuth, internalRequestHeader, roleAuthc);
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(roleAuthc);
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
});
@ -107,11 +124,11 @@ export default function ({ getService }: FtrProviderContext) {
const {
body: [{ stats: apiResponse }],
} = await supertest
} = await supertestWithoutAuth
.post(`/internal/telemetry/clusters/_stats`)
.set(ELASTIC_HTTP_VERSION_HEADER, '2')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set('kbn-xsrf', 'xxxx')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
unencrypted: true,
refreshCache: true,
@ -161,11 +178,11 @@ export default function ({ getService }: FtrProviderContext) {
const {
body: [{ stats: apiResponse }],
} = await supertest
} = await supertestWithoutAuth
.post(`/internal/telemetry/clusters/_stats`)
.set('kbn-xsrf', 'xxxx')
.set(ELASTIC_HTTP_VERSION_HEADER, '2')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
unencrypted: true,
refreshCache: true,
@ -208,11 +225,11 @@ export default function ({ getService }: FtrProviderContext) {
const {
body: [{ stats: apiResponse }],
} = await supertest
} = await supertestWithoutAuth
.post(`/internal/telemetry/clusters/_stats`)
.set('kbn-xsrf', 'xxxx')
.set(ELASTIC_HTTP_VERSION_HEADER, '2')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
unencrypted: true,
refreshCache: true,
@ -286,11 +303,11 @@ export default function ({ getService }: FtrProviderContext) {
const {
body: [{ stats: apiResponse }],
} = await supertest
} = await supertestWithoutAuth
.post(`/internal/telemetry/clusters/_stats`)
.set('kbn-xsrf', 'xxxx')
.set(ELASTIC_HTTP_VERSION_HEADER, '2')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
unencrypted: true,
refreshCache: true,
@ -342,11 +359,11 @@ export default function ({ getService }: FtrProviderContext) {
const {
body: [{ stats: apiResponse }],
} = await supertest
} = await supertestWithoutAuth
.post(`/internal/telemetry/clusters/_stats`)
.set('kbn-xsrf', 'xxxx')
.set(ELASTIC_HTTP_VERSION_HEADER, '2')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set(internalRequestHeader)
.set(roleAuthc.apiKeyHeader)
.send({
unencrypted: true,
refreshCache: true,