github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

Adding bulk get privs and tests (#138740)

Browse source 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Jonathan Buttner 2022-08-15 16:25:53 -04:00 committed by GitHub
parent 4990478dea
commit 8601f35e74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 176 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
x-pack/plugins/cases/server/features.ts
View file

@ -38,7 +38,7 @@ export const getCasesKibanaFeature = (): KibanaFeatureConfig => {
cases: [APP_ID],
privileges: {
all: {
api: ['casesSuggestUserProfiles'],
api: ['casesSuggestUserProfiles', 'bulkGetUserProfiles'],
cases: {
create: [APP_ID],
read: [APP_ID],
@ -55,6 +55,7 @@ export const getCasesKibanaFeature = (): KibanaFeatureConfig => {
ui: capabilities.all,
},
read: {
api: ['bulkGetUserProfiles'],
cases: {
read: [APP_ID],
},

3
x-pack/plugins/observability/server/plugin.ts
View file

@ -55,7 +55,7 @@ export class ObservabilityPlugin implements Plugin<ObservabilityPluginSetup> {
cases: [observabilityFeatureId],
privileges: {
all: {
api: ['casesSuggestUserProfiles'],
api: ['casesSuggestUserProfiles', 'bulkGetUserProfiles'],
app: [casesFeatureId, 'kibana'],
catalogue: [observabilityFeatureId],
cases: {
@ -71,6 +71,7 @@ export class ObservabilityPlugin implements Plugin<ObservabilityPluginSetup> {
ui: casesCapabilities.all,
},
read: {
api: ['bulkGetUserProfiles'],
app: [casesFeatureId, 'kibana'],
catalogue: [observabilityFeatureId],
cases: {

3
x-pack/plugins/security_solution/server/features.ts
View file

@ -29,7 +29,7 @@ export const getCasesKibanaFeature = (): KibanaFeatureConfig => {
cases: [APP_ID],
privileges: {
all: {
api: ['casesSuggestUserProfiles'],
api: ['casesSuggestUserProfiles', 'bulkGetUserProfiles'],
app: [CASES_FEATURE_ID, 'kibana'],
catalogue: [APP_ID],
cases: {
@ -45,6 +45,7 @@ export const getCasesKibanaFeature = (): KibanaFeatureConfig => {
ui: casesCapabilities.all,
},
read: {
api: ['bulkGetUserProfiles'],
app: [CASES_FEATURE_ID, 'kibana'],
catalogue: [APP_ID],
cases: {

101
x-pack/test/api_integration/apis/cases/bulk_get_user_profiles.ts Normal file
View file

@ -0,0 +1,101 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { APP_ID as CASES_APP_ID } from '@kbn/cases-plugin/common/constants';
import { APP_ID as SECURITY_SOLUTION_APP_ID } from '@kbn/security-solution-plugin/common/constants';
import { observabilityFeatureId as OBSERVABILITY_APP_ID } from '@kbn/observability-plugin/common';
import { FtrProviderContext } from '../../ftr_provider_context';
import {
deleteAllCaseItems,
suggestUserProfiles,
} from '../../../cases_api_integration/common/lib/utils';
import { bulkGetUserProfiles } from '../../../cases_api_integration/common/lib/user_profiles';
import {
casesAllUser,
casesReadUser,
obsCasesAllUser,
obsCasesReadUser,
secAllCasesNoneUser,
secAllUser,
secReadCasesReadUser,
} from './common/users';
export default ({ getService }: FtrProviderContext): void => {
describe('bulk_get_user_profiles', () => {
const es = getService('es');
const supertestWithoutAuth = getService('supertestWithoutAuth');
afterEach(async () => {
await deleteAllCaseItems(es);
});
for (const { user, owner } of [
{ user: secAllUser, owner: SECURITY_SOLUTION_APP_ID },
{ user: casesAllUser, owner: CASES_APP_ID },
{ user: obsCasesAllUser, owner: OBSERVABILITY_APP_ID },
]) {
it(`User ${
user.username
} with roles(s) ${user.roles.join()} can bulk get valid user profiles`, async () => {
const suggestedProfiles = await suggestUserProfiles({
supertest: supertestWithoutAuth,
req: { name: user.username, owners: [owner], size: 1 },
auth: { user, space: null },
});
const profiles = await bulkGetUserProfiles({
supertest: supertestWithoutAuth,
req: {
uids: suggestedProfiles.map((suggestedProfile) => suggestedProfile.uid),
dataPath: 'avatar',
},
auth: { user, space: null },
});
expect(profiles.length).to.be(1);
expect(profiles[0].user.username).to.eql(user.username);
});
}
for (const { user } of [
{ user: secReadCasesReadUser },
{ user: casesReadUser },
{ user: obsCasesReadUser },
]) {
it(`User ${
user.username
} with roles(s) ${user.roles.join()} can bulk get user profiles`, async () => {
await bulkGetUserProfiles({
supertest: supertestWithoutAuth,
req: {
uids: ['1'],
dataPath: 'avatar',
},
auth: { user, space: null },
});
});
}
for (const { user } of [{ user: secAllCasesNoneUser }]) {
it(`User ${
user.username
} with roles(s) ${user.roles.join()} cannot bulk get user profiles because they lack the bulkGetUserProfiles privilege`, async () => {
await bulkGetUserProfiles({
supertest: supertestWithoutAuth,
req: {
uids: ['1'],
dataPath: 'avatar',
},
auth: { user, space: null },
expectedHttpCode: 403,
});
});
}
});
};

50
x-pack/test/api_integration/apis/cases/common/roles.ts
View file

@ -310,6 +310,30 @@ export const casesAll: Role = {
},
};
export const casesRead: Role = {
name: 'cases_read_role',
privileges: {
elasticsearch: {
indices: [
{
names: ['*'],
privileges: ['all'],
},
],
},
kibana: [
{
feature: {
generalCases: ['read'],
actions: ['all'],
actionsSimulators: ['all'],
},
spaces: ['*'],
},
],
},
};
/**
* Roles for Cases in Observability
*/
@ -386,6 +410,30 @@ export const obsCasesAll: Role = {
},
};
export const obsCasesRead: Role = {
name: 'obs_cases_read_role',
privileges: {
elasticsearch: {
indices: [
{
names: ['*'],
privileges: ['all'],
},
],
},
kibana: [
{
feature: {
observabilityCases: ['read'],
actions: ['all'],
actionsSimulators: ['all'],
},
spaces: ['*'],
},
],
},
};
export const roles = [
secAllCasesOnlyDelete,
secAllCasesNoDelete,
@ -399,7 +447,9 @@ export const roles = [
casesOnlyDelete,
casesNoDelete,
casesAll,
casesRead,
obsCasesOnlyDelete,
obsCasesNoDelete,
obsCasesAll,
obsCasesRead,
];

16
x-pack/test/api_integration/apis/cases/common/users.ts
View file

@ -16,9 +16,11 @@ import {
casesAll,
casesNoDelete,
casesOnlyDelete,
casesRead,
obsCasesAll,
obsCasesNoDelete,
obsCasesOnlyDelete,
obsCasesRead,
secAll,
secAllCasesNoDelete,
secAllCasesNone,
@ -110,6 +112,12 @@ export const casesAllUser: User = {
roles: [casesAll.name],
};
export const casesReadUser: User = {
username: 'cases_read_user',
password: 'password',
roles: [casesRead.name],
};
/**
* Users for Cases in Observability
*/
@ -132,6 +140,12 @@ export const obsCasesAllUser: User = {
roles: [obsCasesAll.name],
};
export const obsCasesReadUser: User = {
username: 'obs_cases_read_user',
password: 'password',
roles: [obsCasesRead.name],
};
export const users = [
secAllCasesOnlyDeleteUser,
secAllCasesNoDeleteUser,
@ -145,7 +159,9 @@ export const users = [
casesOnlyDeleteUser,
casesNoDeleteUser,
casesAllUser,
casesReadUser,
obsCasesOnlyDeleteUser,
obsCasesNoDeleteUser,
obsCasesAllUser,
obsCasesReadUser,
];

1
x-pack/test/api_integration/apis/cases/index.ts
View file

@ -33,5 +33,6 @@ export default function ({ loadTestFile, getService }: FtrProviderContext) {
loadTestFile(require.resolve('./privileges'));
loadTestFile(require.resolve('./suggest_user_profiles'));
loadTestFile(require.resolve('./bulk_get_user_profiles'));
});
}

3
x-pack/test/cases_api_integration/common/fixtures/plugins/security_solution/server/plugin.ts
View file

@ -39,7 +39,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu
cases: ['securitySolutionFixture'],
privileges: {
all: {
api: ['casesSuggestUserProfiles'],
api: ['casesSuggestUserProfiles', 'bulkGetUserProfiles'],
app: ['kibana'],
cases: {
create: ['securitySolutionFixture'],
@ -54,6 +54,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu
ui: [],
},
read: {
api: ['bulkGetUserProfiles'],
app: ['kibana'],
cases: {
read: ['securitySolutionFixture'],