-
Notifications
You must be signed in to change notification settings - Fork 8.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Update serverless FTR tests to not run with opera…
…tor privileges (#185870) ## Summary * ***Create a new service that replaced the serverless `supertest` with a custom implementation that adds auth headers*** * `username` updates * Update `SessionManager` to store `username` * Create and export `securitySolutionUtils` to return the `username` * Update tests to use the `getUsername` helper * Create a helper that allows switching serverless roles on a test ```js export default ({ getService }: FtrProviderContext) => { const utils = getService('securitySolutionUtils'); describe('@ess @serverless my_test', () => { let supertest: TestAgent; before(async () => { supertest = await utils.createSuperTest('admin'); }); ... ``` * Update FTR tests [README file](https://github.com/machadoum/kibana/blob/siem-ea-183512/x-pack/test/security_solution_api_integration/README.md#testing-with-serverless-roles) with further details Flaky test runner: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6320 ### Know issues * Currently `utils.createSuperTest('viewer')` fails on the API creation. It will be fixed by @elastic/kibana-security #184948 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
- Loading branch information
Showing
63 changed files
with
464 additions
and
366 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
x-pack/test/security_solution_api_integration/config/services/security_solution_ess_utils.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { FtrProviderContext } from '../../ftr_provider_context'; | ||
import { SecuritySolutionUtils } from './types'; | ||
|
||
export function SecuritySolutionESSUtils({ | ||
getService, | ||
}: FtrProviderContext): SecuritySolutionUtils { | ||
const config = getService('config'); | ||
const supertest = getService('supertest'); | ||
|
||
return { | ||
getUsername: (_role?: string) => | ||
Promise.resolve(config.get('servers.kibana.username') as string), | ||
createSuperTest: (_role?: string) => Promise.resolve(supertest), | ||
}; | ||
} |
15 changes: 15 additions & 0 deletions
15
...curity_solution_api_integration/config/services/security_solution_serverless_supertest.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { FtrProviderContext } from '../../ftr_provider_context'; | ||
|
||
// It is wrapper around supertest that injects Serverless auth headers for the admin user. | ||
export async function SecuritySolutionServerlessSuperTest({ getService }: FtrProviderContext) { | ||
const { createSuperTest } = getService('securitySolutionUtils'); | ||
|
||
return await createSuperTest('admin'); | ||
} |
68 changes: 68 additions & 0 deletions
68
...t/security_solution_api_integration/config/services/security_solution_serverless_utils.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import supertest from 'supertest'; | ||
import { format as formatUrl } from 'url'; | ||
import { RoleCredentials } from '../../../../test_serverless/shared/services'; | ||
import { FtrProviderContext } from '../../ftr_provider_context'; | ||
import { SecuritySolutionUtils } from './types'; | ||
|
||
export function SecuritySolutionServerlessUtils({ | ||
getService, | ||
}: FtrProviderContext): SecuritySolutionUtils { | ||
const svlUserManager = getService('svlUserManager'); | ||
const lifecycle = getService('lifecycle'); | ||
const svlCommonApi = getService('svlCommonApi'); | ||
const config = getService('config'); | ||
const log = getService('log'); | ||
|
||
const rolesCredentials = new Map<string, RoleCredentials>(); | ||
const commonRequestHeader = svlCommonApi.getCommonRequestHeader(); | ||
const kbnUrl = formatUrl({ | ||
...config.get('servers.kibana'), | ||
auth: false, | ||
}); | ||
const agentWithCommonHeaders = supertest.agent(kbnUrl).set(commonRequestHeader); | ||
|
||
async function invalidateApiKey(credentials: RoleCredentials) { | ||
await svlUserManager.invalidateApiKeyForRole(credentials); | ||
} | ||
|
||
async function cleanCredentials(role: string) { | ||
if (rolesCredentials.has(role)) { | ||
log.debug(`Invalidating API key for role [${role}]`); | ||
await invalidateApiKey(rolesCredentials.get(role)!); | ||
rolesCredentials.delete(role); | ||
} | ||
} | ||
|
||
// Invalidate API keys when all tests have finished. | ||
lifecycle.cleanup.add(async () => { | ||
rolesCredentials.forEach((credential, role) => { | ||
log.debug(`Invalidating API key for role [${role}]`); | ||
invalidateApiKey(credential); | ||
}); | ||
}); | ||
|
||
return { | ||
getUsername: async (role = 'admin') => { | ||
const { username } = await svlUserManager.getUserData(role); | ||
|
||
return username; | ||
}, | ||
/** | ||
* Only one API key for each role can be active at a time. | ||
*/ | ||
createSuperTest: async (role = 'admin') => { | ||
cleanCredentials(role); | ||
const credentials = await svlUserManager.createApiKeyForRole(role); | ||
rolesCredentials.set(role, credentials); | ||
|
||
return agentWithCommonHeaders.set(credentials.apiKeyHeader); | ||
}, | ||
}; | ||
} |
13 changes: 13 additions & 0 deletions
13
x-pack/test/security_solution_api_integration/config/services/types.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import TestAgent from 'supertest/lib/agent'; | ||
|
||
export interface SecuritySolutionUtils { | ||
getUsername: (role?: string) => Promise<string>; | ||
createSuperTest: (role?: string) => Promise<TestAgent<any>>; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.