github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-29 03:24:45 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/x-pack/test/api_integration/apis/spaces/saved_objects.ts
Christiane (Tina) Heiligers 3a68f8b3ae
[http] api_integration tests handle internal route restriction (#192407) 
fix https://github.com/elastic/kibana/issues/192052
## Summary

Internal APIs will be
[restricted](https://github.com/elastic/kibana/issues/163654) from
public access as of 9.0.0. In non-serverless environments, this breaking
change will result in a 400 error if an external request is made to an
internal Kibana API (route `access` option as `"internal"` or
`"public"`).
This PR allows API owners of non-xpack plugins to run their `ftr` API
integration tests against the restriction and adds examples of how to
handle it.

### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios


Note to reviewers: The header needed to allow access to internal apis
shouldn't change your test output, with or without the restriction
enabled.

### How to test the changes work:
#### Non x-pack:
1. Set `server.restrictInternalApis: true` in `test/common/config.js`
2. Ensure your tests pass

#### x-pack:
1. Set `server.restrictInternalApis: true` in
`x-pack/test/api_integration/apis/security/config.ts`
2. Ensure the spaces tests pass

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2024-09-12 09:23:10 +02:00

107 lines
3.6 KiB
TypeScript
Raw Blame History

/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common';
import { FtrProviderContext } from '../../ftr_provider_context';
export default function ({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
describe('`space` saved object type', () => {
describe('GET /api/saved_objects/space/default', () => {
it('should not return the default space', async () => {
await supertest
.get('/api/saved_objects/space/default')
.set('kbn-xsrf', 'xxx')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send()
.expect(404)
.then((response: Record<string, any>) => {
expect(response.body).to.eql({
message: `Saved object [space/default] not found`,
statusCode: 404,
error: 'Not Found',
});
});
});
});
describe('GET /api/saved_objects/_find?type=space', () => {
it('should not locate any spaces', async () => {
await supertest
.get('/api/saved_objects/_find?type=space')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set('kbn-xsrf', 'xxx')
.send()
.expect(200)
.then((response: Record<string, any>) => {
expect(response.body).to.eql({
page: 1,
per_page: 20,
total: 0,
saved_objects: [],
});
});
});
});
describe('POST /api/saved_objects/space/my-space', () => {
it('should not allow a space to be created', async () => {
await supertest
.post('/api/saved_objects/space/my-space')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set('kbn-xsrf', 'xxx')
.send({ attributes: {} })
.expect(400)
.then((response: Record<string, any>) => {
expect(response.body).to.eql({
message: "Unsupported saved object type: 'space': Bad Request",
statusCode: 400,
error: 'Bad Request',
});
});
});
});
describe('PUT /api/saved_objects/space/default', () => {
it('should not allow a space to be updated', async () => {
await supertest
.post('/api/saved_objects/space/default')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set('kbn-xsrf', 'xxx')
.send({ attributes: {} })
.expect(400)
.then((response: Record<string, any>) => {
expect(response.body).to.eql({
message: "Unsupported saved object type: 'space': Bad Request",
statusCode: 400,
error: 'Bad Request',
});
});
});
});
describe('DELETE /api/saved_objects/space/default', () => {
it('should not allow a space to be deleted', async () => {
await supertest
.delete('/api/saved_objects/space/default')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.set('kbn-xsrf', 'xxx')
.send()
.expect(404)
.then((response: Record<string, any>) => {
expect(response.body).to.eql({
message: 'Saved object [space/default] not found',
statusCode: 404,
error: 'Not Found',
});
});
});
});
});
}
Reference in a new issue View git blame Copy permalink