[Security Solution] [Cypress] SAML for Serverless login and role testing #172655
Conversation
There was a problem hiding this comment.
As discussed in slack, we should try to use some shared functionality to handle all this SAML stuff. This will make it more stable and easier to maintain in the future. There's currently work going on to move the SAML test logic into the kbn-test package so it can also be used by Cypress tests, see #172678.
@MadameSheema is there a reason to NOT use the shared functionality?
Not at all :) In this draft PR I'm reusing the initial code Dima wrote, I was not aware of the I already synced with @dmlemeshko and will wait for the above-mentioned PR to finalize the integration with Cypress. |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
MadameSheema
changed the title
MadameSheema
added
release_note:skip
MadameSheema
requested review from
patrykkopycinski,
oatkiller,
maximpn,
banderror and
a team
as code owners
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
/ci |
x-pack/test/security_solution_cypress/cypress/e2e/explore/overview/overview.cy.ts
Show resolved
Hide resolved
| @@ -571,6 +571,7 @@ ${JSON.stringify(cypressConfigFile, null, 2)} | |||
| KIBANA_PASSWORD: credentials.password, | |||
|
|
|||
| CLOUD_SERVERLESS: true, | |||
| IS_SERVERLESS: true, | |||
There was a problem hiding this comment.
Cant we use only one of these two flags in lines 573 and 574? If this is not a big rework.
There was a problem hiding this comment.
These flags represent two different things.
IS_SERVERLESSis used for both FTR and cloud environments.CLOUD_SERVERLESSis used for just deployed projects on the cloud, this cannot be used for the FTR serverless environment.
💛 Build succeeded, but was flaky
Failed CI Steps
Test Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
| @@ -16,6 +16,9 @@ export JOB=kibana-security-solution-chrome | |||
|
|
|||
| buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true" | |||
|
|
|||
| mkdir .ftr | |||
| retry 5 5 vault kv get -format=json -field=data secret/kibana-issues/dev/security-quality-gate/role-users > .ftr/role_users.json | |||
There was a problem hiding this comment.
We recently implemented a change where we're accessing vault through a variable path. I think for this to be future-proof to some degree, we should also care for that branching in here. However, the utility function that we use cannot be parameterized with extra args in its current state.
If this is urgent, we can go with this.
If you have some time to chisel the edges, I'll follow up with the details, so you can add it to this PR.
There was a problem hiding this comment.
Detection Response area LGTM. Thanks for this PR implementation
Successfully log in by different roles, created for test qa depoloyment
Note: in PR description , when testing MKI deployment, script in second step should be
Execute yarn cypress:open:qa:serverless
Observation: most of the tests against MKI failed when I run it locally, Chrome just crashed
We detected that the Chrome Renderer process just crashed.
We have failed the current spec but will continue running the next spec.
This can happen for a number of different reasons.
If you're running lots of tests on a memory intense application.
- Try increasing the CPU/memory on the machine you're running on.
- Try enabling experimentalMemoryManagement in your config file.
- Try lowering numTestsKeptInMemory in your config file during 'cypress open'.
You can learn more here:
https://on.cypress.io/renderer-process-crashed
Have you seen it before? Is it possibly related to this PR?
| } | ||
| ``` | ||
|
|
||
| As role names please use: |
There was a problem hiding this comment.
should list of these role match ROLES enum?
There was a problem hiding this comment.
This is something I want to double check with @maximpn when he is back. The listed roles are the ones available on serverless and are the ones we can retrieve cookies from so I've the feeling we might be missing roles on that enum.
|
@vitaliidm you are right around the script!! thanks for noticing! about the failure, I didn't see it before. |
Relates to:
Summary
In this PR we are using the code implemented on #170417 and #172678 to allow SAML and role testing inside Cypress.
BASE_ENV_URLvariable to use the proper QA environment (pending to be done in follow-up PRs, to extract this value so it is not hardcoded cc @dkirchan )IS_SERVERLESSenvironment variable needed for the logic on the login task. This changed implied to update thees_archiverfile to continue work as expected.TEST_CLOUD_HOST_NAMEenvironment variable needed for the code we are reusing to retrieve the session cookie for MKI.role_users.jsonfile needed by the code we are reusing to get the different session cookies on MKItest <role>(@dmlemeshko is it possible to have as username just the role? Is this something that can impact other tests and teams?)How to test it in your machine
Serverless FTR
x-pack/test/security_solution_cypressyarn cypress:open:serverlessE2E testingServerless MKI
Setup a valid Elastic Cloud API key for QA environment:
User menu buttonlocated on the top right of the header.Organization.API keystab.Create API keybutton.Create API keyStore the saved key on
~/.elastic/cloud.jsonusing the following format:{ "api_key": { "qa": "<API_KEY>" } }Store the email and password of the account you used to login in the QA Environment at the root directory of your Kibana project on
.ftr/role_users.json, using the following format:{ "admin": { "email": "<email>", "password": "<password>" } }If you want to execute a test with a role different from the default one, make sure you have created the user under your organization and is added to the above json following the format:
{ "admin": { "email": "<email>", "password": "<password>" }, "<roleName>": { "email": "<email>", "password": "<password>" } }x-pack/test/security_solution_cypressyarn cypress:open:qa:serverlessE2E testing