diff --git a/x-pack/test/api_integration/apis/security/privileges.ts b/x-pack/test/api_integration/apis/security/privileges.ts index 81cffaac0728..4068b88cd30b 100644 --- a/x-pack/test/api_integration/apis/security/privileges.ts +++ b/x-pack/test/api_integration/apis/security/privileges.ts @@ -3,47 +3,71 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ - +import util from 'util'; +import { isEqual } from 'lodash'; import { FtrProviderContext } from '../../ftr_provider_context'; export default function({ getService }: FtrProviderContext) { const supertest = getService('supertest'); - // FLAKY: https://github.com/elastic/kibana/issues/58785 - describe.skip('Privileges', () => { + describe('Privileges', () => { describe('GET /api/security/privileges', () => { it('should return a privilege map with all known privileges, without actions', async () => { + // If you're adding a privilege to the following, that's great! + // If you're removing a privilege, this breaks backwards compatibility + // Roles are associated with these privileges, and we shouldn't be removing them in a minor version. + const expected = { + features: { + discover: ['all', 'read'], + visualize: ['all', 'read'], + dashboard: ['all', 'read'], + dev_tools: ['all', 'read'], + advancedSettings: ['all', 'read'], + indexPatterns: ['all', 'read'], + savedObjectsManagement: ['all', 'read'], + timelion: ['all', 'read'], + graph: ['all', 'read'], + maps: ['all', 'read'], + canvas: ['all', 'read'], + infrastructure: ['all', 'read'], + logs: ['all', 'read'], + uptime: ['all', 'read'], + apm: ['all', 'read'], + siem: ['all', 'read'], + endpoint: ['all', 'read'], + }, + global: ['all', 'read'], + space: ['all', 'read'], + reserved: ['ml', 'monitoring'], + }; + await supertest .get('/api/security/privileges') .set('kbn-xsrf', 'xxx') .send() - .expect(200, { - // If you're adding a privilege to the following, that's great! - // If you're removing a privilege, this breaks backwards compatibility - // Roles are associated with these privileges, and we shouldn't be removing them in a minor version. - features: { - discover: ['all', 'read'], - visualize: ['all', 'read'], - dashboard: ['all', 'read'], - dev_tools: ['all', 'read'], - advancedSettings: ['all', 'read'], - indexPatterns: ['all', 'read'], - savedObjectsManagement: ['all', 'read'], - timelion: ['all', 'read'], - graph: ['all', 'read'], - maps: ['all', 'read'], - canvas: ['all', 'read'], - infrastructure: ['all', 'read'], - logs: ['all', 'read'], - uptime: ['all', 'read'], - apm: ['all', 'read'], - siem: ['all', 'read'], - endpoint: ['all', 'read'], - }, - global: ['all', 'read'], - space: ['all', 'read'], - reserved: ['monitoring', 'ml'], - }); + .expect(200) + .expect((res: any) => { + // when comparing privileges, the order of the privileges doesn't matter. + // supertest uses assert.deepStrictEqual. + // expect.js doesn't help us here. + // and lodash's isEqual doesn't know how to compare Sets. + const success = isEqual(res.body, expected, (value, other, key) => { + if (Array.isArray(value) && Array.isArray(other)) { + return isEqual(value.sort(), other.sort()); + } + + // Lodash types aren't correct, `undefined` should be supported as a return value here and it + // has special meaning. + return undefined as any; + }); + + if (!success) { + throw new Error( + `Expected ${util.inspect(res.body)} to equal ${util.inspect(expected)}` + ); + } + }) + .expect(200); }); }); });