mirror of
https://github.com/elastic/kibana.git
synced 2025-06-27 18:51:07 -04:00
ac8d73ac6d
## Summary
This PR fixes few issues occurring while running FTR API tests against
actual serverless project.
How to run:
```
TEST_CLOUD=1 ES_SECURITY_ENABLED=1 NODE_TLS_REJECT_UNAUTHORIZED=0 TEST_ES_URL=<your_es_url_with_credentials> TEST_KIBANA_URL=<your_es_url_with_credentials> node --no-warnings scripts/functional_test_runner --es-version=8.9.0 --config x-pack/test_serverless/api_integration/test_suites/search/config.ts --bail
```
The first error is faced during Elasticsearch version validation
```
ERROR Error: attempted to use the "es" service to fetch Elasticsearch version info but the request failed: ResponseError: {"ok":false,"message":"Unknown resource."}
at SniffingTransport.request (/Users/dmle/github/kibana/node_modules/@elastic/transport/src/Transport.ts:535:17)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at Client.InfoApi [as info] (/Users/dmle/github/kibana/node_modules/@elastic/elasticsearch/src/api/api/info.ts:60:10)
at FunctionalTestRunner.validateEsVersion (functional_test_runner.ts:129:16)
at functional_test_runner.ts:64:11
at FunctionalTestRunner.runHarness (functional_test_runner.ts:251:14)
at FunctionalTestRunner.run (functional_test_runner.ts:48:12)
at log.defaultLevel (cli.ts:112:32)
at run.ts:70:7
at withProcRunner (with_proc_runner.ts:29:5)
at run (run.ts:69:5)
at FunctionalTestRunner.validateEsVersion (functional_test_runner.ts:131:13)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at functional_test_runner.ts:64:11
at FunctionalTestRunner.runHarness (functional_test_runner.ts:251:14)
at FunctionalTestRunner.run (functional_test_runner.ts:48:12)
at log.defaultLevel (cli.ts:112:32)
at run.ts:70:7
at withProcRunner (with_proc_runner.ts:29:5)
at run (run.ts:69:5)
```
Since there is no version term in case of serverless, we can skip
version check by using newly added to FTR schema `serverless` property
(`false` by default). It is set to `true` in root FTR config
`/shared/config.base`.
The next error is related to ESArchiver relying on `ES` FTR service to
provide ESClient.
```
ResponseError: security_exception
│ Root causes:
│ security_exception: unable to authenticate user [system_indices_superuser] for REST request [/kibana_sample_data_flights]
```
It is fixed by using the default user (from host url) instead of
`system_indices_superuser` we use in stateful run.
84 lines
2.4 KiB
TypeScript
84 lines
2.4 KiB
TypeScript
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the Elastic License
|
|
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
|
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
|
* Side Public License, v 1.
|
|
*/
|
|
|
|
import { Client } from '@elastic/elasticsearch';
|
|
import { ToolingLog } from '@kbn/tooling-log';
|
|
import {
|
|
systemIndicesSuperuser,
|
|
createEsClientForFtrConfig,
|
|
createRemoteEsClientForFtrConfig,
|
|
} from '@kbn/test';
|
|
import { FtrProviderContext } from '../../ftr_provider_context';
|
|
|
|
const SYSTEM_INDICES_SUPERUSER_ROLE = 'system_indices_superuser';
|
|
|
|
async function ensureSystemIndicesUser(es: Client, log: ToolingLog) {
|
|
// There are cases where the test config file doesn't have security disabled
|
|
// but tests are still executed on ES without security. Checking this case
|
|
// by trying to fetch the users list.
|
|
try {
|
|
await es.security.getUser();
|
|
} catch (error) {
|
|
log.debug('Could not fetch users, assuming security is disabled');
|
|
return;
|
|
}
|
|
|
|
log.debug('===============creating system indices role and user===============');
|
|
|
|
await es.security.putRole({
|
|
name: SYSTEM_INDICES_SUPERUSER_ROLE,
|
|
refresh: 'wait_for',
|
|
cluster: ['all'],
|
|
indices: [
|
|
{
|
|
names: ['*'],
|
|
privileges: ['all'],
|
|
allow_restricted_indices: true,
|
|
},
|
|
],
|
|
applications: [
|
|
{
|
|
application: '*',
|
|
privileges: ['*'],
|
|
resources: ['*'],
|
|
},
|
|
],
|
|
run_as: ['*'],
|
|
});
|
|
|
|
await es.security.putUser({
|
|
username: systemIndicesSuperuser.username,
|
|
refresh: 'wait_for',
|
|
password: systemIndicesSuperuser.password,
|
|
roles: [SYSTEM_INDICES_SUPERUSER_ROLE],
|
|
});
|
|
|
|
await es.close();
|
|
}
|
|
|
|
export async function createSystemIndicesUser(ctx: FtrProviderContext) {
|
|
const log = ctx.getService('log');
|
|
const config = ctx.getService('config');
|
|
|
|
const enabled = !config
|
|
.get('esTestCluster.serverArgs')
|
|
.some((arg: string) => arg === 'xpack.security.enabled=false');
|
|
const isServerless = !!config.get('serverless');
|
|
|
|
if (!enabled || isServerless) {
|
|
return;
|
|
}
|
|
|
|
const localEs = createEsClientForFtrConfig(config);
|
|
await ensureSystemIndicesUser(localEs, log);
|
|
|
|
if (config.get('esTestCluster.ccs')) {
|
|
const remoteEs = createRemoteEsClientForFtrConfig(config);
|
|
await ensureSystemIndicesUser(remoteEs, log);
|
|
}
|
|
}
|