github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Create the ftrSoApis FTR plugin (#149188)

Browse source 
## Summary

Fix https://github.com/elastic/kibana/issues/148412

More and more SO types will not be accessible from the HTTP APIs (either
`hidden:true` or `hiddenFromHTTPApis: true`).

However, the FTR SO client (`KbnClientSavedObjects`) still needs to be
able to access and manipulate all SO types.

This PR introduces a `ftrSoApis` plugin that is loaded for all FTR
suites. This plugin exposes SO APIs that are used by the FTR client
instead of the public SO HTTP APIs. These APIs are configured to know
about all types, even hidden ones.

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Pierre Gayvallet 2023-01-26 09:47:29 +01:00 committed by GitHub
parent 49ff27e2ff
commit cd9a53f284
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
36 changed files with 1657 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.buildkite/ftr_configs.yml
View file

@ -159,6 +159,7 @@ enabled:
- x-pack/test/examples/config.ts
- x-pack/test/fleet_api_integration/config.ts
- x-pack/test/fleet_functional/config.ts
- x-pack/test/ftr_apis/security_and_spaces/config.ts
- x-pack/test/functional_basic/config.ts
- x-pack/test/functional_cors/config.ts
- x-pack/test/functional_embedded/config.ts

4
docs/developer/plugin-list.asciidoc
View file

@ -184,6 +184,10 @@ for use in their own application.
|Minimal interface for admins to manage files in Kibana.
|{kib-repo}blob/{branch}/src/plugins/ftr_apis/README.md[ftrApis]
|This plugin exposes a set of APIs used internally during functional tests by the FTR.
|{kib-repo}blob/{branch}/src/plugins/guided_onboarding/README.md[guidedOnboarding]
|This plugin contains the code for the Guided Onboarding project. Guided onboarding consists of guides for Solutions (Enterprise Search, Observability, Security) that can be completed as a checklist of steps. The guides help users to ingest their data and to navigate to the correct Solutions pages.

28
packages/kbn-test/src/kbn_client/kbn_client_saved_objects.ts
View file

@ -7,7 +7,6 @@
*/
import { inspect } from 'util';
import * as Rx from 'rxjs';
import { mergeMap } from 'rxjs/operators';
import { isAxiosResponseError } from '@kbn/dev-utils';
@ -90,6 +89,11 @@ async function concurrently<T>(maxConcurrency: number, arr: T[], fn: (item: T) =
}
}
/**
* SO client for FTR.
*
* @remarks: Leverage the `ftrApis` plugin under the hood.
*/
export class KbnClientSavedObjects {
constructor(private readonly log: ToolingLog, private readonly requester: KbnClientRequester) {}
@ -117,8 +121,8 @@ export class KbnClientSavedObjects {
const { data } = await this.requester.request<SavedObjectResponse<Attributes>>({
description: 'get saved object',
path: options.space
? uriencode`/s/${options.space}/api/saved_objects/${options.type}/${options.id}`
: uriencode`/api/saved_objects/${options.type}/${options.id}`,
? uriencode`/s/${options.space}/internal/ftr/kbn_client_so/${options.type}/${options.id}`
: uriencode`/internal/ftr/kbn_client_so/${options.type}/${options.id}`,
method: 'GET',
});
return data;
@ -133,8 +137,8 @@ export class KbnClientSavedObjects {
const { data } = await this.requester.request<SavedObjectResponse<Attributes>>({
description: 'update saved object',
path: options.id
? uriencode`/api/saved_objects/${options.type}/${options.id}`
: uriencode`/api/saved_objects/${options.type}`,
? uriencode`/internal/ftr/kbn_client_so/${options.type}/${options.id}`
: uriencode`/internal/ftr/kbn_client_so/${options.type}`,
query: {
overwrite: options.overwrite,
},
@ -156,7 +160,7 @@ export class KbnClientSavedObjects {
const { data } = await this.requester.request<SavedObjectResponse<Attributes>>({
description: 'update saved object',
path: uriencode`/api/saved_objects/${options.type}/${options.id}`,
path: uriencode`/internal/ftr/kbn_client_so/${options.type}/${options.id}`,
query: {
overwrite: options.overwrite,
},
@ -179,8 +183,8 @@ export class KbnClientSavedObjects {
const { data } = await this.requester.request({
description: 'delete saved object',
path: options.space
? uriencode`/s/${options.space}/api/saved_objects/${options.type}/${options.id}`
: uriencode`/api/saved_objects/${options.type}/${options.id}`,
? uriencode`/s/${options.space}/internal/ftr/kbn_client_so/${options.type}/${options.id}`
: uriencode`/internal/ftr/kbn_client_so/${options.type}/${options.id}`,
method: 'DELETE',
});
@ -196,8 +200,8 @@ export class KbnClientSavedObjects {
const resp = await this.requester.request<FindApiResponse>({
method: 'GET',
path: options.space
? uriencode`/s/${options.space}/api/saved_objects/_find`
: '/api/saved_objects/_find',
? uriencode`/s/${options.space}/internal/ftr/kbn_client_so/_find`
: `/internal/ftr/kbn_client_so/_find`,
query: {
per_page: 1000,
type: options.types,
@ -270,8 +274,8 @@ export class KbnClientSavedObjects {
await this.requester.request({
method: 'DELETE',
path: options.space
? uriencode`/s/${options.space}/api/saved_objects/${obj.type}/${obj.id}?force=true`
: uriencode`/api/saved_objects/${obj.type}/${obj.id}?force=true`,
? uriencode`/s/${options.space}/internal/ftr/kbn_client_so/${obj.type}/${obj.id}`
: uriencode`/internal/ftr/kbn_client_so/${obj.type}/${obj.id}`,
});
deleted++;
} catch (error) {

8
src/plugins/ftr_apis/README.md Normal file
View file

@ -0,0 +1,8 @@
# ftrApis plugin
This plugin exposes a set of APIs used internally during functional tests by the FTR.
The APIs currently exposed are:
1. APIs used by the `KbnClientSavedObjects` (SO service of the FTR)
**Remark: these APIs shouldn't be called directly for any reason**

16
src/plugins/ftr_apis/jest.config.js Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
module.exports = {
preset: '@kbn/test',
rootDir: '../../..',
roots: ['<rootDir>/src/plugins/ftr_apis'],
coverageDirectory: '<rootDir>/target/kibana-coverage/jest/src/plugins/ftr_apis',
coverageReporters: ['text', 'html'],
collectCoverageFrom: ['<rootDir>/src/plugins/ftr_apis/{common,public,server}/**/*.{js,ts,tsx}'],
};

11
src/plugins/ftr_apis/kibana.json Normal file
View file

@ -0,0 +1,11 @@
{
"id": "ftrApis",
"owner": {
"name": "Core",
"githubTeam": "kibana-core"
},
"version": "kibana",
"configPath": ["ftr_apis"],
"server": true,
"ui": false
}

20
src/plugins/ftr_apis/server/config.ts Normal file
View file

@ -0,0 +1,20 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { schema, type TypeOf } from '@kbn/config-schema';
import type { PluginConfigDescriptor } from '@kbn/core/server';
const configSchema = schema.object({
disableApis: schema.boolean({ defaultValue: false }),
});
export type ConfigType = TypeOf<typeof configSchema>;
export const config: PluginConfigDescriptor<ConfigType> = {
schema: configSchema,
};

16
src/plugins/ftr_apis/server/index.ts Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { PluginInitializerContext } from '@kbn/core/server';
import { FtrApisPlugin } from './plugin';
export function plugin(initializerContext: PluginInitializerContext) {
return new FtrApisPlugin(initializerContext);
}
export { config } from './config';

28
src/plugins/ftr_apis/server/plugin.ts Normal file
View file

@ -0,0 +1,28 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { CoreSetup, Plugin, PluginInitializerContext } from '@kbn/core/server';
import { registerRoutes } from './routes';
import type { ConfigType } from './config';
export class FtrApisPlugin implements Plugin {
private readonly config: ConfigType;
constructor(initializerContext: PluginInitializerContext) {
this.config = initializerContext.config.get<ConfigType>();
}
public setup({ http, savedObjects }: CoreSetup) {
const router = http.createRouter();
if (!this.config.disableApis) {
registerRoutes(router);
}
}
public start() {}
}

14
src/plugins/ftr_apis/server/routes/index.ts Normal file
View file

@ -0,0 +1,14 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { IRouter } from '@kbn/core/server';
import { registerKbnClientSoRoutes } from './kbn_client_so';
export const registerRoutes = (router: IRouter) => {
registerKbnClientSoRoutes(router);
};

38
src/plugins/ftr_apis/server/routes/kbn_client_so/bulk_delete.ts Normal file
View file

@ -0,0 +1,38 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { IRouter } from '@kbn/core/server';
import { schema } from '@kbn/config-schema';
import { KBN_CLIENT_API_PREFIX, listHiddenTypes, catchAndReturnBoomErrors } from './utils';
export const registerBulkDeleteRoute = (router: IRouter) => {
router.post(
{
path: `${KBN_CLIENT_API_PREFIX}/_bulk_delete`,
options: {
tags: ['access:ftrApis'],
},
validate: {
body: schema.arrayOf(
schema.object({
type: schema.string(),
id: schema.string(),
})
),
},
},
catchAndReturnBoomErrors(async (ctx, req, res) => {
const { savedObjects } = await ctx.core;
const hiddenTypes = listHiddenTypes(savedObjects.typeRegistry);
const soClient = savedObjects.getClient({ includedHiddenTypes: hiddenTypes });
const statuses = await soClient.bulkDelete(req.body, { force: true });
return res.ok({ body: statuses });
})
);
};

62
src/plugins/ftr_apis/server/routes/kbn_client_so/create.ts Normal file
View file

@ -0,0 +1,62 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { IRouter } from '@kbn/core/server';
import { schema } from '@kbn/config-schema';
import { KBN_CLIENT_API_PREFIX, listHiddenTypes, catchAndReturnBoomErrors } from './utils';
export const registerCreateRoute = (router: IRouter) => {
router.post(
{
path: `${KBN_CLIENT_API_PREFIX}/{type}/{id?}`,
options: {
tags: ['access:ftrApis'],
},
validate: {
params: schema.object({
type: schema.string(),
id: schema.maybe(schema.string()),
}),
query: schema.object({
overwrite: schema.boolean({ defaultValue: false }),
}),
body: schema.object({
attributes: schema.recordOf(schema.string(), schema.any()),
migrationVersion: schema.maybe(schema.recordOf(schema.string(), schema.string())),
references: schema.maybe(
schema.arrayOf(
schema.object({
name: schema.string(),
type: schema.string(),
id: schema.string(),
})
)
),
}),
},
},
catchAndReturnBoomErrors(async (ctx, req, res) => {
const { type, id } = req.params;
const { overwrite } = req.query;
const { attributes, migrationVersion, references } = req.body;
const { savedObjects } = await ctx.core;
const hiddenTypes = listHiddenTypes(savedObjects.typeRegistry);
const soClient = savedObjects.getClient({ includedHiddenTypes: hiddenTypes });
const options = {
id,
overwrite,
migrationVersion,
references,
};
const result = await soClient.create(type, attributes, options);
return res.ok({ body: result });
})
);
};

38
src/plugins/ftr_apis/server/routes/kbn_client_so/delete.ts Normal file
View file

@ -0,0 +1,38 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { IRouter } from '@kbn/core/server';
import { schema } from '@kbn/config-schema';
import { KBN_CLIENT_API_PREFIX, listHiddenTypes, catchAndReturnBoomErrors } from './utils';
export const registerDeleteRoute = (router: IRouter) => {
router.delete(
{
path: `${KBN_CLIENT_API_PREFIX}/{type}/{id}`,
options: {
tags: ['access:ftrApis'],
},
validate: {
params: schema.object({
type: schema.string(),
id: schema.string(),
}),
},
},
catchAndReturnBoomErrors(async (ctx, req, res) => {
const { type, id } = req.params;
const { savedObjects } = await ctx.core;
const hiddenTypes = listHiddenTypes(savedObjects.typeRegistry);
const soClient = savedObjects.getClient({ includedHiddenTypes: hiddenTypes });
const result = await soClient.delete(type, id, { force: true });
return res.ok({ body: result });
})
);
};

48
src/plugins/ftr_apis/server/routes/kbn_client_so/find.ts Normal file
View file

@ -0,0 +1,48 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { IRouter } from '@kbn/core/server';
import { schema } from '@kbn/config-schema';
import { KBN_CLIENT_API_PREFIX, listHiddenTypes, catchAndReturnBoomErrors } from './utils';
export const registerFindRoute = (router: IRouter) => {
router.get(
{
path: `${KBN_CLIENT_API_PREFIX}/_find`,
options: {
tags: ['access:ftrApis'],
},
validate: {
query: schema.object({
per_page: schema.number({ min: 0, defaultValue: 20 }),
page: schema.number({ min: 0, defaultValue: 1 }),
type: schema.oneOf([schema.string(), schema.arrayOf(schema.string())]),
search: schema.maybe(schema.string()),
fields: schema.maybe(schema.oneOf([schema.string(), schema.arrayOf(schema.string())])),
}),
},
},
catchAndReturnBoomErrors(async (ctx, req, res) => {
const query = req.query;
const { savedObjects } = await ctx.core;
const hiddenTypes = listHiddenTypes(savedObjects.typeRegistry);
const soClient = savedObjects.getClient({ includedHiddenTypes: hiddenTypes });
const result = await soClient.find({
perPage: query.per_page,
page: query.page,
type: Array.isArray(query.type) ? query.type : [query.type],
search: query.search,
fields: typeof query.fields === 'string' ? [query.fields] : query.fields,
});
return res.ok({ body: result });
})
);
};

38
src/plugins/ftr_apis/server/routes/kbn_client_so/get.ts Normal file
View file

@ -0,0 +1,38 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { IRouter } from '@kbn/core/server';
import { schema } from '@kbn/config-schema';
import { KBN_CLIENT_API_PREFIX, listHiddenTypes, catchAndReturnBoomErrors } from './utils';
export const registerGetRoute = (router: IRouter) => {
router.get(
{
path: `${KBN_CLIENT_API_PREFIX}/{type}/{id}`,
options: {
tags: ['access:ftrApis'],
},
validate: {
params: schema.object({
type: schema.string(),
id: schema.string(),
}),
},
},
catchAndReturnBoomErrors(async (ctx, req, res) => {
const { type, id } = req.params;
const { savedObjects } = await ctx.core;
const hiddenTypes = listHiddenTypes(savedObjects.typeRegistry);
const soClient = savedObjects.getClient({ includedHiddenTypes: hiddenTypes });
const object = await soClient.get(type, id);
return res.ok({ body: object });
})
);
};

24
src/plugins/ftr_apis/server/routes/kbn_client_so/index.ts Normal file
View file

@ -0,0 +1,24 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { IRouter } from '@kbn/core/server';
import { registerBulkDeleteRoute } from './bulk_delete';
import { registerCreateRoute } from './create';
import { registerDeleteRoute } from './delete';
import { registerFindRoute } from './find';
import { registerGetRoute } from './get';
import { registerUpdateRoute } from './update';
export const registerKbnClientSoRoutes = (router: IRouter) => {
registerBulkDeleteRoute(router);
registerCreateRoute(router);
registerDeleteRoute(router);
registerFindRoute(router);
registerGetRoute(router);
registerUpdateRoute(router);
};

53
src/plugins/ftr_apis/server/routes/kbn_client_so/update.ts Normal file
View file

@ -0,0 +1,53 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import type { IRouter } from '@kbn/core/server';
import { schema } from '@kbn/config-schema';
import { KBN_CLIENT_API_PREFIX, listHiddenTypes, catchAndReturnBoomErrors } from './utils';
export const registerUpdateRoute = (router: IRouter) => {
router.put(
{
path: `${KBN_CLIENT_API_PREFIX}/{type}/{id}`,
options: {
tags: ['access:ftrApis'],
},
validate: {
params: schema.object({
type: schema.string(),
id: schema.string(),
}),
body: schema.object({
attributes: schema.recordOf(schema.string(), schema.any()),
migrationVersion: schema.maybe(schema.string()),
references: schema.maybe(
schema.arrayOf(
schema.object({
name: schema.string(),
type: schema.string(),
id: schema.string(),
})
)
),
}),
},
},
catchAndReturnBoomErrors(async (ctx, req, res) => {
const { type, id } = req.params;
const { attributes, migrationVersion, references } = req.body;
const { savedObjects } = await ctx.core;
const hiddenTypes = listHiddenTypes(savedObjects.typeRegistry);
const soClient = savedObjects.getClient({ includedHiddenTypes: hiddenTypes });
const options = { version: migrationVersion, references };
const result = await soClient.update(type, id, attributes, options);
return res.ok({ body: result });
})
);
};

36
src/plugins/ftr_apis/server/routes/kbn_client_so/utils.ts Normal file
View file

@ -0,0 +1,36 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import Boom from '@hapi/boom';
import type { ISavedObjectTypeRegistry, RequestHandlerWrapper } from '@kbn/core/server';
export const KBN_CLIENT_API_PREFIX = '/internal/ftr/kbn_client_so';
export const listHiddenTypes = (registry: ISavedObjectTypeRegistry): string[] => {
return registry
.getAllTypes()
.map((type) => type.name)
.filter((typeName) => registry.isHidden(typeName));
};
export const catchAndReturnBoomErrors: RequestHandlerWrapper = (handler) => {
return async (context, request, response) => {
try {
return await handler(context, request, response);
} catch (e) {
if (Boom.isBoom(e) && e.output.statusCode !== 500) {
return response.customError({
body: e.output.payload,
statusCode: e.output.statusCode,
headers: e.output.headers as { [key: string]: string },
});
}
throw e;
}
};
};

19
src/plugins/ftr_apis/tsconfig.json Normal file
View file

@ -0,0 +1,19 @@
{
"extends": "../../../tsconfig.base.json",
"compilerOptions": {
"outDir": "target/types",
"isolatedModules": true
},
"include": [
"common/**/*",
"public/**/*",
"server/**/*"
],
"exclude": [
"target/**/*",
],
"kbn_references": [
"@kbn/core",
"@kbn/config-schema",
]
}

2
tsconfig.base.json
View file

@ -698,6 +698,8 @@
"@kbn/fleet-plugin/*": ["x-pack/plugins/fleet/*"],
"@kbn/flot-charts": ["packages/kbn-flot-charts"],
"@kbn/flot-charts/*": ["packages/kbn-flot-charts/*"],
"@kbn/ftr-apis-plugin": ["src/plugins/ftr_apis"],
"@kbn/ftr-apis-plugin/*": ["src/plugins/ftr_apis/*"],
"@kbn/ftr-common-functional-services": ["packages/kbn-ftr-common-functional-services"],
"@kbn/ftr-common-functional-services/*": ["packages/kbn-ftr-common-functional-services/*"],
"@kbn/ftr-screenshot-filename": ["packages/kbn-ftr-screenshot-filename"],

142
x-pack/test/ftr_apis/common/fixtures/es_archiver/base_data/default_space.json Normal file
View file

File diff suppressed because one or more lines are too long

11
x-pack/test/ftr_apis/common/fixtures/es_archiver/base_data/space_1.json Normal file
View file

@ -0,0 +1,11 @@
{
"id": "space_1-tag-3",
"type": "tag",
"attributes": {
"name": "tag-3",
"description": "Tag 3 in space 1",
"color": "#117744"
},
"references": [],
"updated_at": "2021-06-17T18:57:58.076Z"
}

243
x-pack/test/ftr_apis/common/lib/authentication.ts Normal file
View file

@ -0,0 +1,243 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export const ROLES = {
KIBANA_RBAC_DEFAULT_SPACE_READ_USER: {
name: 'kibana_rbac_default_space_read_user',
privileges: {
kibana: [
{
base: ['read'],
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_WRITE_USER: {
name: 'kibana_rbac_default_space_write_user',
privileges: {
kibana: [
{
base: ['all'],
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER: {
name: 'kibana_rbac_default_space_so_management_write_user',
privileges: {
kibana: [
{
feature: {
savedObjectsManagement: ['all'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_SO_MANAGEMENT_READ_USER: {
name: 'kibana_rbac_default_space_so_management_read_user',
privileges: {
kibana: [
{
feature: {
savedObjectsManagement: ['read'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_SO_TAGGING_READ_USER: {
name: 'kibana_rbac_default_space_so_tagging_read_user',
privileges: {
kibana: [
{
feature: {
savedObjectsTagging: ['read'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_SO_TAGGING_WRITE_USER: {
name: 'kibana_rbac_default_space_so_tagging_write_user',
privileges: {
kibana: [
{
feature: {
savedObjectsTagging: ['all'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_DASHBOARD_READ_USER: {
name: 'kibana_rbac_default_space_dashboard_read_user',
privileges: {
kibana: [
{
feature: {
dashboard: ['read'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_DASHBOARD_WRITE_USER: {
name: 'kibana_rbac_default_space_dashboard_write_user',
privileges: {
kibana: [
{
feature: {
dashboard: ['all'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_VISUALIZE_READ_USER: {
name: 'kibana_rbac_default_space_visualize_read_user',
privileges: {
kibana: [
{
feature: {
visualize: ['read'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_VISUALIZE_WRITE_USER: {
name: 'kibana_rbac_default_space_visualize_write_user',
privileges: {
kibana: [
{
feature: {
visualize: ['all'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER: {
name: 'kibana_rbac_default_space_advanced_settings_read_user',
privileges: {
kibana: [
{
feature: {
advancedSettings: ['read'],
},
spaces: ['default'],
},
],
},
},
KIBANA_RBAC_DEFAULT_SPACE_MAPS_READ_USER: {
name: 'kibana_rbac_default_space_maps_read_user',
privileges: {
kibana: [
{
feature: {
maps: ['read'],
},
spaces: ['default'],
},
],
},
},
};
export const USERS = {
NOT_A_KIBANA_USER: {
username: 'not_a_kibana_user',
password: 'password',
roles: [],
description: 'user with no access',
},
SUPERUSER: {
username: 'elastic',
password: 'changeme',
roles: [],
superuser: true,
description: 'superuser',
},
DEFAULT_SPACE_READ_USER: {
username: 'a_kibana_rbac_default_space_read_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_READ_USER.name],
description: 'rbac user with read on default space',
},
DEFAULT_SPACE_WRITE_USER: {
username: 'a_kibana_rbac_default_space_write_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_WRITE_USER.name],
description: 'rbac user with all on default space',
},
DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER: {
username: 'a_kibana_rbac_default_space_so_management_write_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER.name],
description: 'rbac user with all on SO management on default space',
},
DEFAULT_SPACE_SO_TAGGING_READ_USER: {
username: 'a_kibana_rbac_default_space_so_tagging_read_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_SO_TAGGING_READ_USER.name],
},
DEFAULT_SPACE_SO_TAGGING_READ_SO_MANAGEMENT_READ_USER: {
username: 'a_kibana_rbac_default_space_so_tagging_read_so_management_read_user',
password: 'password',
roles: [
ROLES.KIBANA_RBAC_DEFAULT_SPACE_SO_TAGGING_READ_USER.name,
ROLES.KIBANA_RBAC_DEFAULT_SPACE_SO_MANAGEMENT_READ_USER.name,
],
},
DEFAULT_SPACE_SO_TAGGING_WRITE_USER: {
username: 'a_kibana_rbac_default_space_so_tagging_write_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_SO_TAGGING_WRITE_USER.name],
},
DEFAULT_SPACE_DASHBOARD_READ_USER: {
username: 'a_kibana_rbac_default_space_dashboard_read_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_DASHBOARD_READ_USER.name],
},
DEFAULT_SPACE_VISUALIZE_READ_USER: {
username: 'a_kibana_rbac_default_space_visualize_read_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_VISUALIZE_READ_USER.name],
},
DEFAULT_SPACE_DASHBOARD_WRITE_USER: {
username: 'a_kibana_rbac_default_space_dashboard_write_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_DASHBOARD_WRITE_USER.name],
},
DEFAULT_SPACE_VISUALIZE_WRITE_USER: {
username: 'a_kibana_rbac_default_space_visualize_write_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_VISUALIZE_WRITE_USER.name],
},
DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER: {
username: 'a_kibana_rbac_default_space_advanced_settings_read_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER.name],
},
DEFAULT_SPACE_MAPS_READ_USER: {
username: 'a_kibana_rbac_default_space_maps_read_user',
password: 'password',
roles: [ROLES.KIBANA_RBAC_DEFAULT_SPACE_MAPS_READ_USER.name],
},
};

40
x-pack/test/ftr_apis/common/lib/create_users_and_roles.ts Normal file
View file

@ -0,0 +1,40 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { FtrProviderContext as CommonFtrProviderContext } from '../../../common/ftr_provider_context';
import { USERS, ROLES } from './authentication';
import { User, Role } from './types';
export const createUsersAndRoles = async (getService: CommonFtrProviderContext['getService']) => {
const security = getService('security');
const createRole = async ({ name, privileges }: Role) => {
return await security.role.create(name, privileges);
};
const createUser = async ({ username, password, roles, superuser }: User) => {
// no need to create superuser
if (superuser) {
return;
}
return await security.user.create(username, {
password,
roles,
full_name: username.replace('_', ' '),
email: `${username}@elastic.co`,
});
};
for (const role of Object.values(ROLES)) {
await createRole(role);
}
for (const user of Object.values(USERS)) {
await createUser(user);
}
};

10
x-pack/test/ftr_apis/common/lib/index.ts Normal file
View file

@ -0,0 +1,10 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export type { Role, User, ExpectedResponse } from './types';
export { ROLES, USERS } from './authentication';
export { createUsersAndRoles } from './create_users_and_roles';

24
x-pack/test/ftr_apis/common/lib/types.ts Normal file
View file

@ -0,0 +1,24 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export interface User {
username: string;
password: string;
roles: string[];
superuser?: boolean;
description?: string;
}
export interface Role {
name: string;
privileges: any;
}
export interface ExpectedResponse {
httpCode: number;
expectResponse: (body: Record<string, any>) => void | Promise<void>;
}

92
x-pack/test/ftr_apis/security_and_spaces/apis/bulk_delete.ts Normal file
View file

@ -0,0 +1,92 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { USERS, User, ExpectedResponse } from '../../common/lib';
import { FtrProviderContext } from '../services';
import { createTestSpaces, deleteTestSpaces, createData, deleteData } from './test_utils';
// eslint-disable-next-line import/no-default-export
export default function (ftrContext: FtrProviderContext) {
const supertest = ftrContext.getService('supertestWithoutAuth');
describe('POST /internal/ftr/kbn_client_so/_bulk_delete', () => {
before(async () => {
await createTestSpaces(ftrContext);
});
after(async () => {
await deleteTestSpaces(ftrContext);
});
beforeEach(async () => {
await createData(ftrContext);
});
afterEach(async () => {
await deleteData(ftrContext);
});
const responses: Record<string, ExpectedResponse> = {
authorized: {
httpCode: 200,
expectResponse: ({ body }) => {
expect(body.statuses.length).to.eql(1);
},
},
unauthorized: {
httpCode: 403,
expectResponse: ({ body }) => {
expect(body).to.eql({
statusCode: 403,
error: 'Forbidden',
message: 'Forbidden',
});
},
},
};
const expectedResults: Record<string, User[]> = {
authorized: [USERS.SUPERUSER],
unauthorized: [
USERS.DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_WRITE_USER,
USERS.DEFAULT_SPACE_READ_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_READ_USER,
USERS.DEFAULT_SPACE_DASHBOARD_READ_USER,
USERS.DEFAULT_SPACE_VISUALIZE_READ_USER,
USERS.DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER,
USERS.NOT_A_KIBANA_USER,
],
};
const createUserTest = (
{ username, password, description }: User,
{ httpCode, expectResponse }: ExpectedResponse
) => {
it(`returns expected ${httpCode} response for ${description ?? username}`, async () => {
await supertest
.post(`/internal/ftr/kbn_client_so/_bulk_delete`)
.send([{ type: 'tag', id: 'tag-1' }])
.auth(username, password)
.expect(httpCode)
.then(expectResponse);
});
};
const createTestSuite = () => {
Object.entries(expectedResults).forEach(([responseId, users]) => {
const response: ExpectedResponse = responses[responseId];
users.forEach((user) => {
createUserTest(user, response);
});
});
};
createTestSuite();
});
}

103
x-pack/test/ftr_apis/security_and_spaces/apis/create.ts Normal file
View file

@ -0,0 +1,103 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { USERS, User, ExpectedResponse } from '../../common/lib';
import { FtrProviderContext } from '../services';
import { createTestSpaces, deleteTestSpaces, createData, deleteData } from './test_utils';
// eslint-disable-next-line import/no-default-export
export default function (ftrContext: FtrProviderContext) {
const supertest = ftrContext.getService('supertestWithoutAuth');
describe('POST /internal/ftr/kbn_client_so/{type}', () => {
before(async () => {
await createTestSpaces(ftrContext);
});
after(async () => {
await deleteTestSpaces(ftrContext);
});
beforeEach(async () => {
await createData(ftrContext);
});
afterEach(async () => {
await deleteData(ftrContext);
});
const responses: Record<string, ExpectedResponse> = {
authorized: {
httpCode: 200,
expectResponse: ({ body }) => {
expect(body.attributes).to.eql({
name: 'My new tag',
description: 'I just created that',
color: '#009000',
});
},
},
unauthorized: {
httpCode: 403,
expectResponse: ({ body }) => {
expect(body).to.eql({
statusCode: 403,
error: 'Forbidden',
message: 'Forbidden',
});
},
},
};
const expectedResults: Record<string, User[]> = {
authorized: [USERS.SUPERUSER],
unauthorized: [
USERS.DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_WRITE_USER,
USERS.DEFAULT_SPACE_READ_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_READ_USER,
USERS.DEFAULT_SPACE_DASHBOARD_READ_USER,
USERS.DEFAULT_SPACE_VISUALIZE_READ_USER,
USERS.DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER,
USERS.DEFAULT_SPACE_MAPS_READ_USER,
USERS.NOT_A_KIBANA_USER,
],
};
const createUserTest = (
{ username, password, description }: User,
{ httpCode, expectResponse }: ExpectedResponse
) => {
it(`returns expected ${httpCode} response for ${description ?? username}`, async () => {
await supertest
.post(`/internal/ftr/kbn_client_so/tag`)
.send({
attributes: {
name: 'My new tag',
description: 'I just created that',
color: '#009000',
},
})
.auth(username, password)
.expect(httpCode)
.then(expectResponse);
});
};
const createTestSuite = () => {
Object.entries(expectedResults).forEach(([responseId, users]) => {
const response: ExpectedResponse = responses[responseId];
users.forEach((user) => {
createUserTest(user, response);
});
});
};
createTestSuite();
});
}

92
x-pack/test/ftr_apis/security_and_spaces/apis/delete.ts Normal file
View file

@ -0,0 +1,92 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { USERS, User, ExpectedResponse } from '../../common/lib';
import { FtrProviderContext } from '../services';
import { createTestSpaces, deleteTestSpaces, createData, deleteData } from './test_utils';
// eslint-disable-next-line import/no-default-export
export default function (ftrContext: FtrProviderContext) {
const supertest = ftrContext.getService('supertestWithoutAuth');
describe('DELETE /internal/ftr/kbn_client_so/{type}/{id}', () => {
before(async () => {
await createTestSpaces(ftrContext);
});
after(async () => {
await deleteTestSpaces(ftrContext);
});
beforeEach(async () => {
await createData(ftrContext);
});
afterEach(async () => {
await deleteData(ftrContext);
});
const responses: Record<string, ExpectedResponse> = {
authorized: {
httpCode: 200,
expectResponse: ({ body }) => {
expect(body).to.eql({});
},
},
unauthorized: {
httpCode: 403,
expectResponse: ({ body }) => {
expect(body).to.eql({
statusCode: 403,
error: 'Forbidden',
message: 'Forbidden',
});
},
},
};
const expectedResults: Record<string, User[]> = {
authorized: [USERS.SUPERUSER],
unauthorized: [
USERS.DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_WRITE_USER,
USERS.DEFAULT_SPACE_READ_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_READ_USER,
USERS.DEFAULT_SPACE_DASHBOARD_READ_USER,
USERS.DEFAULT_SPACE_VISUALIZE_READ_USER,
USERS.DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER,
USERS.DEFAULT_SPACE_MAPS_READ_USER,
USERS.NOT_A_KIBANA_USER,
],
};
const createUserTest = (
{ username, password, description }: User,
{ httpCode, expectResponse }: ExpectedResponse
) => {
it(`returns expected ${httpCode} response for ${description ?? username}`, async () => {
await supertest
.delete(`/internal/ftr/kbn_client_so/visualization/vis-area-1`)
.auth(username, password)
.expect(httpCode)
.then(expectResponse);
});
};
const createTestSuite = () => {
Object.entries(expectedResults).forEach(([responseId, users]) => {
const response: ExpectedResponse = responses[responseId];
users.forEach((user) => {
createUserTest(user, response);
});
});
};
createTestSuite();
});
}

94
x-pack/test/ftr_apis/security_and_spaces/apis/find.ts Normal file
View file

@ -0,0 +1,94 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { USERS, User, ExpectedResponse } from '../../common/lib';
import { FtrProviderContext } from '../services';
import { createData, createTestSpaces, deleteData, deleteTestSpaces } from './test_utils';
// eslint-disable-next-line import/no-default-export
export default function (ftrContext: FtrProviderContext) {
const supertest = ftrContext.getService('supertestWithoutAuth');
describe('GET /internal/ftr/kbn_client_so/_find', () => {
before(async () => {
await createTestSpaces(ftrContext);
});
after(async () => {
await deleteTestSpaces(ftrContext);
});
beforeEach(async () => {
await createData(ftrContext);
});
afterEach(async () => {
await deleteData(ftrContext);
});
const responses: Record<string, ExpectedResponse> = {
authorized: {
httpCode: 200,
expectResponse: ({ body }) => {
expect(body.saved_objects.length).to.be.greaterThan(0);
},
},
unauthorized: {
httpCode: 403,
expectResponse: ({ body }) => {
expect(body).to.eql({
error: 'Forbidden',
message: 'Forbidden',
statusCode: 403,
});
},
},
};
const expectedResults: Record<string, User[]> = {
authorized: [USERS.SUPERUSER],
unauthorized: [
USERS.DEFAULT_SPACE_READ_USER,
USERS.DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_READ_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_WRITE_USER,
USERS.DEFAULT_SPACE_DASHBOARD_READ_USER,
USERS.DEFAULT_SPACE_VISUALIZE_READ_USER,
USERS.DEFAULT_SPACE_MAPS_READ_USER,
USERS.DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER,
USERS.NOT_A_KIBANA_USER,
],
};
const createUserTest = (
{ username, password, description }: User,
{ httpCode, expectResponse }: ExpectedResponse
) => {
it(`returns expected ${httpCode} response for ${description ?? username}`, async () => {
await supertest
.get(`/internal/ftr/kbn_client_so/_find`)
.query({
type: 'tag',
})
.auth(username, password)
.expect(httpCode)
.then(expectResponse);
});
};
const createTestSuite = () => {
Object.entries(expectedResults).forEach(([responseId, users]) => {
const response: ExpectedResponse = responses[responseId];
users.forEach((user) => {
createUserTest(user, response);
});
});
};
createTestSuite();
});
}

92
x-pack/test/ftr_apis/security_and_spaces/apis/get.ts Normal file
View file

@ -0,0 +1,92 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { USERS, User, ExpectedResponse } from '../../common/lib';
import { FtrProviderContext } from '../services';
import { createTestSpaces, deleteTestSpaces, createData, deleteData } from './test_utils';
// eslint-disable-next-line import/no-default-export
export default function (ftrContext: FtrProviderContext) {
const supertest = ftrContext.getService('supertestWithoutAuth');
describe('GET /internal/ftr/kbn_client_so/{type}/{id}', () => {
before(async () => {
await createTestSpaces(ftrContext);
});
after(async () => {
await deleteTestSpaces(ftrContext);
});
beforeEach(async () => {
await createData(ftrContext);
});
afterEach(async () => {
await deleteData(ftrContext);
});
const responses: Record<string, ExpectedResponse> = {
authorized: {
httpCode: 200,
expectResponse: ({ body }) => {
expect(body.id).to.eql('vis-area-4');
},
},
unauthorized: {
httpCode: 403,
expectResponse: ({ body }) => {
expect(body).to.eql({
statusCode: 403,
error: 'Forbidden',
message: 'Forbidden',
});
},
},
};
const expectedResults: Record<string, User[]> = {
authorized: [USERS.SUPERUSER],
unauthorized: [
USERS.NOT_A_KIBANA_USER,
USERS.DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER,
USERS.DEFAULT_SPACE_READ_USER,
USERS.DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_READ_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_WRITE_USER,
USERS.DEFAULT_SPACE_DASHBOARD_READ_USER,
USERS.DEFAULT_SPACE_VISUALIZE_READ_USER,
USERS.DEFAULT_SPACE_MAPS_READ_USER,
],
};
const createUserTest = (
{ username, password, description }: User,
{ httpCode, expectResponse }: ExpectedResponse
) => {
it(`returns expected ${httpCode} response for ${description ?? username}`, async () => {
await supertest
.get(`/internal/ftr/kbn_client_so/visualization/vis-area-4`)
.auth(username, password)
.expect(httpCode)
.then(expectResponse);
});
};
const createTestSuite = () => {
Object.entries(expectedResults).forEach(([responseId, users]) => {
const response: ExpectedResponse = responses[responseId];
users.forEach((user) => {
createUserTest(user, response);
});
});
};
createTestSuite();
});
}

25
x-pack/test/ftr_apis/security_and_spaces/apis/index.ts Normal file
View file

@ -0,0 +1,25 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { FtrProviderContext } from '../services';
import { createUsersAndRoles } from '../../common/lib';
// eslint-disable-next-line import/no-default-export
export default function ({ getService, loadTestFile }: FtrProviderContext) {
describe('FTR API - security and spaces integration', function () {
before(async () => {
await createUsersAndRoles(getService);
});
loadTestFile(require.resolve('./get'));
loadTestFile(require.resolve('./create'));
loadTestFile(require.resolve('./update'));
loadTestFile(require.resolve('./delete'));
loadTestFile(require.resolve('./find'));
loadTestFile(require.resolve('./bulk_delete'));
});
}

50
x-pack/test/ftr_apis/security_and_spaces/apis/test_utils.ts Normal file
View file

@ -0,0 +1,50 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { FtrProviderContext } from '../services';
export const createTestSpaces = async ({ getService }: FtrProviderContext) => {
const spaceService = getService('spaces');
await spaceService.create({
id: 'space_1',
name: 'Space 1',
description: 'This is the first test space',
});
await spaceService.create({
id: 'space_2',
name: 'Space 2',
description: 'This is the second test space',
});
};
export const deleteTestSpaces = async ({ getService }: FtrProviderContext) => {
const spaceService = getService('spaces');
await spaceService.delete('space_1');
await spaceService.delete('space_2');
};
export const createData = async ({ getService }: FtrProviderContext) => {
const kibanaServer = getService('kibanaServer');
await kibanaServer.importExport.load(
'x-pack/test/ftr_apis/common/fixtures/es_archiver/base_data/default_space.json'
);
await kibanaServer.importExport.load(
'x-pack/test/ftr_apis/common/fixtures/es_archiver/base_data/space_1.json',
{ space: 'space_1' }
);
};
export const deleteData = async ({ getService }: FtrProviderContext) => {
const kibanaServer = getService('kibanaServer');
await kibanaServer.importExport.unload(
'x-pack/test/ftr_apis/common/fixtures/es_archiver/base_data/default_space.json'
);
await kibanaServer.importExport.unload(
'x-pack/test/ftr_apis/common/fixtures/es_archiver/base_data/space_1.json',
{ space: 'space_1' }
);
};

95
x-pack/test/ftr_apis/security_and_spaces/apis/update.ts Normal file
View file

@ -0,0 +1,95 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { USERS, User, ExpectedResponse } from '../../common/lib';
import { FtrProviderContext } from '../services';
import { createTestSpaces, deleteTestSpaces, createData, deleteData } from './test_utils';
// eslint-disable-next-line import/no-default-export
export default function (ftrContext: FtrProviderContext) {
const supertest = ftrContext.getService('supertestWithoutAuth');
describe('PUT /internal/ftr/kbn_client_so/{type}/{id}', () => {
before(async () => {
await createTestSpaces(ftrContext);
});
after(async () => {
await deleteTestSpaces(ftrContext);
});
beforeEach(async () => {
await createData(ftrContext);
});
afterEach(async () => {
await deleteData(ftrContext);
});
const responses: Record<string, ExpectedResponse> = {
authorized: {
httpCode: 200,
expectResponse: ({ body }) => {
expect(body.attributes.name).to.eql('Updated title');
},
},
unauthorized: {
httpCode: 403,
expectResponse: ({ body }) => {
expect(body).to.eql({
statusCode: 403,
error: 'Forbidden',
message: 'Forbidden',
});
},
},
};
const expectedResults: Record<string, User[]> = {
authorized: [USERS.SUPERUSER],
unauthorized: [
USERS.DEFAULT_SPACE_SO_MANAGEMENT_WRITE_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_WRITE_USER,
USERS.DEFAULT_SPACE_READ_USER,
USERS.DEFAULT_SPACE_SO_TAGGING_READ_USER,
USERS.DEFAULT_SPACE_DASHBOARD_READ_USER,
USERS.DEFAULT_SPACE_VISUALIZE_READ_USER,
USERS.DEFAULT_SPACE_ADVANCED_SETTINGS_READ_USER,
USERS.DEFAULT_SPACE_MAPS_READ_USER,
USERS.NOT_A_KIBANA_USER,
],
};
const createUserTest = (
{ username, password, description }: User,
{ httpCode, expectResponse }: ExpectedResponse
) => {
it(`returns expected ${httpCode} response for ${description ?? username}`, async () => {
await supertest
.put(`/internal/ftr/kbn_client_so/tag/tag-1`)
.send({
attributes: { name: 'Updated title' },
})
.auth(username, password)
.expect(httpCode)
.then(expectResponse);
});
};
const createTestSuite = () => {
Object.entries(expectedResults).forEach(([responseId, users]) => {
const response: ExpectedResponse = responses[responseId];
users.forEach((user) => {
createUserTest(user, response);
});
});
};
createTestSuite();
});
}

37
x-pack/test/ftr_apis/security_and_spaces/config.ts Normal file
View file

@ -0,0 +1,37 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { FtrConfigProviderContext } from '@kbn/test';
import { services } from './services';
// eslint-disable-next-line import/no-default-export
export default async function ({ readConfigFile }: FtrConfigProviderContext) {
const apiIntegrationConfig = await readConfigFile(
require.resolve('../../api_integration/config.ts')
);
return {
testFiles: [require.resolve('./apis')],
servers: apiIntegrationConfig.get('servers'),
services,
junit: {
reportName: 'X-Pack FTR API Integration Tests - Security and Spaces',
},
esTestCluster: {
...apiIntegrationConfig.get('esTestCluster'),
license: 'trial',
},
kbnTestServer: {
...apiIntegrationConfig.get('kbnTestServer'),
serverArgs: [
...apiIntegrationConfig.get('kbnTestServer.serverArgs'),
'--server.xsrf.disableProtection=true',
`--xpack.fleet.registryUrl=http://localhost:12345`, // setting to invalid registry url to prevent installing preconfigured packages
],
},
};
}

15
x-pack/test/ftr_apis/security_and_spaces/services.ts Normal file
View file

@ -0,0 +1,15 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { GenericFtrProviderContext } from '@kbn/test';
import { services as apiIntegrationServices } from '../../api_integration/services';
export const services = {
...apiIntegrationServices,
};
export type FtrProviderContext = GenericFtrProviderContext<typeof services, {}>;