github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/x-pack/plugins/fleet/cypress/tasks/privileges.ts
Gloria Hornero dd4708414a
Upgrading cypress to 12.17.4 (#165869) 
Co-authored-by: Yuliia Naumenko <jo.naumenko@gmail.com>
Co-authored-by: Thomas Watson <w@tson.dk>
Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2023-09-19 10:15:53 -07:00

265 lines
5.9 KiB
TypeScript
Raw Blame History

/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { request } from './common';
import { constructUrlWithUser, getEnvAuth } from './login';
interface User {
username: string;
password: string;
description?: string;
roles: string[];
}
interface UserInfo {
username: string;
full_name: string;
email: string;
}
interface FeaturesPrivileges {
[featureId: string]: string[];
}
interface ElasticsearchIndices {
names: string[];
privileges: string[];
}
interface ElasticSearchPrivilege {
cluster?: string[];
indices?: ElasticsearchIndices[];
}
interface KibanaPrivilege {
spaces: string[];
base?: string[];
feature?: FeaturesPrivileges;
}
interface Role {
name: string;
privileges: {
elasticsearch?: ElasticSearchPrivilege;
kibana?: KibanaPrivilege[];
};
}
// Create roles with allowed combinations of Fleet and Integrations
export const FleetAllIntegrAllRole: Role = {
name: 'fleet_all_int_all_role',
privileges: {
elasticsearch: {
indices: [
{
names: ['*'],
privileges: ['all'],
},
],
},
kibana: [
{
feature: {
fleetv2: ['all'],
fleet: ['all'],
},
spaces: ['*'],
},
],
},
};
export const FleetAllIntegrAllUser: User = {
username: 'fleet_all_int_all_user',
password: 'password',
roles: [FleetAllIntegrAllRole.name],
};
export const FleetAllIntegrReadRole: Role = {
name: 'fleet_all_int_read_user',
privileges: {
elasticsearch: {
indices: [
{
names: ['*'],
privileges: ['all'],
},
],
},
kibana: [
{
feature: {
fleetv2: ['all'],
fleet: ['read'],
},
spaces: ['*'],
},
],
},
};
export const FleetAllIntegrReadUser: User = {
username: 'fleet_all_int_read_user',
password: 'password',
roles: [FleetAllIntegrReadRole.name],
};
export const FleetAllIntegrNoneRole: Role = {
name: 'fleet_all_int_none_role',
privileges: {
elasticsearch: {
indices: [
{
names: ['*'],
privileges: ['all'],
},
],
},
kibana: [
{
feature: {
fleetv2: ['all'],
fleet: ['none'],
},
spaces: ['*'],
},
],
},
};
export const FleetAllIntegrNoneUser: User = {
username: 'fleet_all_int_none_user',
password: 'password',
roles: [FleetAllIntegrNoneRole.name],
};
export const FleetNoneIntegrAllRole: Role = {
name: 'fleet_none_int_all_role',
privileges: {
elasticsearch: {
indices: [
{
names: ['*'],
privileges: ['all'],
},
],
},
kibana: [
{
feature: {
fleetv2: ['none'],
fleet: ['all'],
},
spaces: ['*'],
},
],
},
};
export const FleetNoneIntegrAllUser: User = {
username: 'fleet_none_int_all_user',
password: 'password',
roles: [FleetNoneIntegrAllRole.name],
};
export const BuiltInEditorUser: User = {
username: 'editor_user',
password: 'password',
roles: ['editor'],
};
export const BuiltInViewerUser: User = {
username: 'viewer_user',
password: 'password',
roles: ['viewer'],
};
const getUserInfo = (user: User): UserInfo => ({
username: user.username,
full_name: user.username.replace('_', ' '),
email: `${user.username}@elastic.co`,
});
export enum ROLES {
elastic = 'elastic',
}
export const createRoles = (roles: Role[]) => {
const envUser = getEnvAuth();
for (const role of roles) {
cy.log(`Creating role: ${JSON.stringify(role)}`);
request({
body: role.privileges,
headers: { 'kbn-xsrf': 'cypress-creds-via-config' },
method: 'PUT',
url: constructUrlWithUser(envUser, `/api/security/role/${role.name}`),
})
.its('status')
.should('eql', 204);
}
};
export const deleteRoles = (roles: Role[]) => {
const envUser = getEnvAuth();
for (const role of roles) {
cy.log(`Deleting role: ${JSON.stringify(role)}`);
request({
headers: { 'kbn-xsrf': 'cypress-creds-via-config' },
method: 'DELETE',
url: constructUrlWithUser(envUser, `/api/security/role/${role.name}`),
failOnStatusCode: false,
})
.its('status')
.should('oneOf', [204, 404]);
}
};
// This function can also be used to create users with built-in roles
// see https://www.elastic.co/guide/en/elasticsearch/reference/master/built-in-roles.html
export const createUsers = (users: User[]) => {
const envUser = getEnvAuth();
for (const user of users) {
const userInfo = getUserInfo(user);
cy.log(`Creating user: ${JSON.stringify(user)}`);
request({
body: {
username: user.username,
password: user.password,
roles: user.roles,
full_name: userInfo.full_name,
email: userInfo.email,
},
headers: { 'kbn-xsrf': 'cypress-creds-via-config' },
method: 'POST',
url: constructUrlWithUser(envUser, `/internal/security/users/${user.username}`),
})
.its('status')
.should('eql', 200);
}
};
export const deleteUsers = (users: User[]) => {
const envUser = getEnvAuth();
for (const user of users) {
cy.log(`Deleting user: ${JSON.stringify(user)}`);
request({
headers: { 'kbn-xsrf': 'cypress-creds-via-config' },
method: 'DELETE',
url: constructUrlWithUser(envUser, `/internal/security/users/${user.username}`),
failOnStatusCode: false,
})
.its('status')
.should('oneOf', [204, 404]);
}
};
export const createUsersAndRoles = (users: User[], roles: Role[]) => {
createUsers(users);
createRoles(roles);
};
export const deleteUsersAndRoles = (users: User[], roles: Role[]) => {
deleteUsers(users);
deleteRoles(roles);
};
Reference in a new issue View git blame Copy permalink