github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solutions] Fixes and unskips tests (#94391)

Browse source 
## Summary

Fixes and unskips tests. Also makes the tests less picky. Although I enjoy seeing the changes on ES promotions of error messages in case we see something really bad happening, it's too manual of a process to fix and puts too much of a burden on operations to skip the error messages. 

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
This commit is contained in:
Frank Hassanabad 2021-03-15 12:15:59 -06:00 committed by GitHub
parent cd56c1341a
commit 85c0a34893
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

45
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_index.ts
View file

@ -21,8 +21,7 @@ export default ({ getService }: FtrProviderContext) => {
const supertest = getService('supertest');
const supertestWithoutAuth = getService('supertestWithoutAuth');
// FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/94367
describe.skip('create_index', () => {
describe('create_index', () => {
afterEach(async () => {
await deleteSignalsIndex(supertest);
});
@ -90,11 +89,8 @@ export default ({ getService }: FtrProviderContext) => {
.auth(role, 'changeme')
.send()
.expect(403);
expect(body).to.eql({
message:
'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [t1_analyst], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]',
status_code: 403,
});
expect(body.message).to.match(/^security_exception/);
expect(body.status_code).to.eql(403);
});
it('should be able to read the index name and status as not being outdated', async () => {
@ -140,11 +136,8 @@ export default ({ getService }: FtrProviderContext) => {
.auth(role, 'changeme')
.send()
.expect(403);
expect(body).to.eql({
message:
'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [t2_analyst], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]',
status_code: 403,
});
expect(body.message).to.match(/^security_exception/);
expect(body.status_code).to.eql(403);
});
it('should be able to read the index name and status as not being outdated', async () => {
@ -240,11 +233,8 @@ export default ({ getService }: FtrProviderContext) => {
.auth(role, 'changeme')
.send()
.expect(403);
expect(body).to.eql({
message:
'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [soc_manager], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]',
status_code: 403,
});
expect(body.message).to.match(/^security_exception/);
expect(body.status_code).to.eql(403);
});
it('should be able to read the index name and status as not being outdated', async () => {
@ -290,11 +280,8 @@ export default ({ getService }: FtrProviderContext) => {
.auth(role, 'changeme')
.send()
.expect(403);
expect(body).to.eql({
message:
'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [hunter], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]',
status_code: 403,
});
expect(body.message).to.match(/^security_exception/);
expect(body.status_code).to.eql(403);
});
it('should be able to read the index name and status as not being outdated', async () => {
@ -390,11 +377,8 @@ export default ({ getService }: FtrProviderContext) => {
.auth(role, 'changeme')
.send()
.expect(403);
expect(body).to.eql({
message:
'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [reader], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]',
status_code: 403,
});
expect(body.message).to.match(/^security_exception/);
expect(body.status_code).to.eql(403);
});
it('should be able to read the index name and status as being outdated.', async () => {
@ -440,11 +424,8 @@ export default ({ getService }: FtrProviderContext) => {
.auth(role, 'changeme')
.send()
.expect(403);
expect(body).to.eql({
message:
'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [rule_author], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]',
status_code: 403,
});
expect(body.message).to.match(/^security_exception/);
expect(body.status_code).to.eql(403);
});
it('should be able to read the index name and status as being outdated.', async () => {

10
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/delete_signals_migrations.ts
View file

@ -35,8 +35,7 @@ export default ({ getService }: FtrProviderContext): void => {
const supertest = getService('supertest');
const supertestWithoutAuth = getService('supertestWithoutAuth');
// FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/94367
describe.skip('deleting signals migrations', () => {
describe('deleting signals migrations', () => {
let outdatedSignalsIndexName: string;
let createdMigration: CreateResponse;
let finalizedMigration: FinalizeResponse;
@ -129,11 +128,8 @@ export default ({ getService }: FtrProviderContext): void => {
const deletedMigration = body.migrations[0];
expect(deletedMigration.id).to.eql(createdMigration.migration_id);
expect(deletedMigration.error).to.eql({
message:
'security_exception: action [indices:admin/settings/update] is unauthorized for user [t1_analyst] on indices [], this action is granted by the index privileges [manage,all]',
status_code: 403,
});
expect(deletedMigration.error.message).to.match(/^security_exception/);
expect(deletedMigration.error.status_code).to.eql(403);
});
});
};

15
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/finalize_signals_migrations.ts
View file

@ -47,8 +47,7 @@ export default ({ getService }: FtrProviderContext): void => {
const supertest = getService('supertest');
const supertestWithoutAuth = getService('supertestWithoutAuth');
// FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/94367
describe.skip('Finalizing signals migrations', () => {
describe('Finalizing signals migrations', () => {
let legacySignalsIndexName: string;
let outdatedSignalsIndexName: string;
let createdMigrations: CreateResponse[];
@ -245,16 +244,14 @@ export default ({ getService }: FtrProviderContext): void => {
.auth(ROLES.t1_analyst, 'changeme')
.expect(200);
const finalizeResponse: FinalizeResponse = body.migrations[0];
const finalizeResponse: FinalizeResponse & {
error: { message: string; status_code: number };
} = body.migrations[0];
expect(finalizeResponse.id).to.eql(createdMigration.migration_id);
expect(finalizeResponse.completed).not.to.eql(true);
expect(finalizeResponse.error).to.eql({
message:
'security_exception: action [cluster:monitor/task/get] is unauthorized for user [t1_analyst], this action is granted by the cluster privileges [monitor,manage,all]',
status_code: 403,
});
expect(finalizeResponse.error.message).to.match(/^security_exception/);
expect(finalizeResponse.error.status_code).to.eql(403);
await deleteUserAndRole(getService, ROLES.t1_analyst);
});
});