mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
a1e511a727
* [ML] Changing all calls to ML endpoints to use internal user * updating alerting * updating documentation * [ML] Changing all calls to ML endpoints to use internal user * updating alerting * updating documentation * fixing missed types * adding authorization headers to endpoint calls * correcting has privileges call * updating security tests * odd eslint error * adding auth header to module setup * fixing missing auth argument * fixing delete DFA job permission checks * removing debug test tag * removing additional ml privilege checks * adding authorization header to _evaluate * updating alerting cluster client name * code clean up * changing authorizationHeader name * updating alterting documentation * fixing secondary credentials * adding management links * updating SIEM telemetry * fixing merge conflicts * granting access to index patterns Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
75 lines
2.9 KiB
TypeScript
75 lines
2.9 KiB
TypeScript
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the Elastic License;
|
|
* you may not use this file except in compliance with the Elastic License.
|
|
*/
|
|
import util from 'util';
|
|
import { isEqual, isEqualWith } from 'lodash';
|
|
import { FtrProviderContext } from '../../ftr_provider_context';
|
|
|
|
export default function ({ getService }: FtrProviderContext) {
|
|
const supertest = getService('supertest');
|
|
|
|
describe('Privileges', () => {
|
|
describe('GET /api/security/privileges', () => {
|
|
it('should return a privilege map with all known privileges, without actions', async () => {
|
|
// If you're adding a privilege to the following, that's great!
|
|
// If you're removing a privilege, this breaks backwards compatibility
|
|
// Roles are associated with these privileges, and we shouldn't be removing them in a minor version.
|
|
const expected = {
|
|
features: {
|
|
discover: ['all', 'read'],
|
|
visualize: ['all', 'read'],
|
|
dashboard: ['all', 'read'],
|
|
dev_tools: ['all', 'read'],
|
|
advancedSettings: ['all', 'read'],
|
|
indexPatterns: ['all', 'read'],
|
|
savedObjectsManagement: ['all', 'read'],
|
|
timelion: ['all', 'read'],
|
|
graph: ['all', 'read'],
|
|
maps: ['all', 'read'],
|
|
canvas: ['all', 'read'],
|
|
infrastructure: ['all', 'read'],
|
|
logs: ['all', 'read'],
|
|
uptime: ['all', 'read'],
|
|
apm: ['all', 'read'],
|
|
ml: ['all', 'read'],
|
|
siem: ['all', 'read'],
|
|
ingestManager: ['all', 'read'],
|
|
},
|
|
global: ['all', 'read'],
|
|
space: ['all', 'read'],
|
|
reserved: ['ml_user', 'ml_admin', 'monitoring'],
|
|
};
|
|
|
|
await supertest
|
|
.get('/api/security/privileges')
|
|
.set('kbn-xsrf', 'xxx')
|
|
.send()
|
|
.expect(200)
|
|
.expect((res: any) => {
|
|
// when comparing privileges, the order of the privileges doesn't matter.
|
|
// supertest uses assert.deepStrictEqual.
|
|
// expect.js doesn't help us here.
|
|
// and lodash's isEqual doesn't know how to compare Sets.
|
|
const success = isEqualWith(res.body, expected, (value, other, key) => {
|
|
if (Array.isArray(value) && Array.isArray(other)) {
|
|
return isEqual(value.sort(), other.sort());
|
|
}
|
|
|
|
// Lodash types aren't correct, `undefined` should be supported as a return value here and it
|
|
// has special meaning.
|
|
return undefined as any;
|
|
});
|
|
|
|
if (!success) {
|
|
throw new Error(
|
|
`Expected ${util.inspect(res.body)} to equal ${util.inspect(expected)}`
|
|
);
|
|
}
|
|
})
|
|
.expect(200);
|
|
});
|
|
});
|
|
});
|
|
}
|