Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Update serverless FTR tests to not run with operator privileges #185870

Merged
merged 14 commits into from
Jun 25, 2024
Merged

[Security Solution] Update serverless FTR tests to not run with operator privileges #185870

merged 14 commits into from
Jun 25, 2024

Conversation

machadoum
Copy link
Member

@machadoum machadoum commented Jun 10, 2024
edited
Loading

Summary

  • Create a new service that replaced the serverless supertest with a custom implementation that adds auth headers
  • username updates
    • Update SessionManager to store username
    • Create and export securitySolutionUtils to return the username
    • Update tests to use the getUsername helper
  • Create a helper that allows switching serverless roles on a test
export default ({ getService }: FtrProviderContext) => {
   const utils = getService('securitySolutionUtils');

   describe('@ess @serverless my_test', () => {
      let supertest: TestAgent;

      before(async () => {
         supertest = await utils.createSuperTest('admin');
      });
   ...

Flaky test runner: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6320

Know issues

Checklist

Delete any items that are not applicable to this PR.

@machadoum
Copy link
Member Author

/ci

@machadoum machadoum self-assigned this Jun 10, 2024
@machadoum
Copy link
Member Author

/ci

1 similar comment
@machadoum
Copy link
Member Author

/ci

@machadoum machadoum marked this pull request as ready for review June 11, 2024 13:49
@machadoum machadoum requested review from a team as code owners June 11, 2024 13:49
@machadoum machadoum added release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Entity Analytics Security Entity Analytics Team labels Jun 11, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@machadoum
Copy link
Member Author

/ci

wayneseymour
wayneseymour approved these changes Jun 11, 2024
View reviewed changes
Copy link
Member

@wayneseymour wayneseymour left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one question so far.

.../security_solution_api_integration/config/services/security_solution_serverless_supertest.ts Outdated Show resolved Hide resolved
wayneseymour
wayneseymour requested changes Jun 11, 2024
View reviewed changes
Copy link
Member

@wayneseymour wayneseymour left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about the false LGTM, but I do have one question.

@machadoum machadoum marked this pull request as draft June 11, 2024 14:20
@dmlemeshko dmlemeshko mentioned this pull request Jun 17, 2024
Merged
dmlemeshko added a commit that referenced this pull request Jun 17, 2024
@dmlemeshko
[kbn-test] call Kibana API to fetch current user profile (#186279)
dce29e2 
Related to #185870

In this PR I move user_profile fetching out of SAML session creation to
its `sessionManager.getUserData()`:
- rely on Kibana Security API for both local/Kibana CI and MKI cases
(currently it is cloud and cached on saml session creation)
- do not cache profile data in test service, Kibana API is fast enough

I deleted the tests that no longer relevant
nikitaindik pushed a commit to nikitaindik/kibana that referenced this pull request Jun 18, 2024
@dmlemeshko @nikitaindik
[kbn-test] call Kibana API to fetch current user profile (elastic#186279
33cad8f 
)

Related to elastic#185870

In this PR I move user_profile fetching out of SAML session creation to
its `sessionManager.getUserData()`:
- rely on Kibana Security API for both local/Kibana CI and MKI cases
(currently it is cloud and cached on saml session creation)
- do not cache profile data in test service, Kibana API is fast enough

I deleted the tests that no longer relevant
@tiansivive tiansivive self-assigned this Jun 19, 2024
@MadameSheema
Copy link
Member

One question: What's the expectation for updating the tests for less-privileged roles once the #184948 is resolved? Will your team update all the affected tests or should every test-owning team do it?

@nikitaindik each team should take care of their tests for that specific case :)

@machadoum
Copy link
Member Author

machadoum commented Jun 24, 2024
edited
Loading

One question: What's the expectation for updating the tests for less-privileged roles once the #184948 is resolved? Will your team update all the affected tests or should every test-owning team do it?

@nikitaindik
The expectation is that every team updates its tests mainly because the team that owns the tests knows which role is more appropriate for it. The change should be minimal. Like:

- supertest = await utils.createSuperTest();
+ supertest = await utils.createSuperTest('role');

If some test resources require an admin role to be created, the test has to instantiate two super test instances. Like here:

   adminSupertest = await utils.createSuperTest('admin');
   viewerSupertest = await utils.createSuperTest('viewer');

@machadoum
Copy link
Member Author

@dmlemeshko @wayneseymour Could you please take a second look?

wayneseymour
wayneseymour requested changes Jun 25, 2024
View reviewed changes
Copy link
Member

@wayneseymour wayneseymour left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a bit more and I think this will be good.

x-pack/test/security_solution_api_integration/README.md Outdated Show resolved Hide resolved
x-pack/test/security_solution_api_integration/README.md Show resolved Hide resolved
x-pack/test/security_solution_api_integration/config/services/types.ts Show resolved Hide resolved
@wayneseymour
Copy link
Member

:LGTM:

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @machadoum @tiansivive

dhurley14
dhurley14 approved these changes Jun 25, 2024
View reviewed changes
Copy link
Contributor

@dhurley14 dhurley14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@machadoum machadoum merged commit 131ade8 into elastic:main Jun 25, 2024
20 checks passed
@kibanamachine kibanamachine added v8.15.0 backport:skip This commit does not require backporting labels Jun 25, 2024
This was referenced Jun 26, 2024
Closed
Closed
Closed
Closed
Open
Merged
@angorayc angorayc mentioned this pull request Jul 22, 2024
Merged
angorayc added a commit that referenced this pull request Aug 6, 2024
@angorayc @kibanamachine
[SecuritySolution] Remove duplicated serverless tests (#188855)
644e818 
## Summary

1. Apply #185870 for Security
Solution Explore and Investigation tests.
2. Remove duplicated tests.
3. Investigation/timeline/serverless tests are skipped atm.

How to run the api integration tests (Use Investigation Timeline ESS as
an example)
```
cd x-pack

node scripts/functional_tests_server.js --config ./test/security_solution_api_integration/test_suites/investigation/timeline/trial_license_complete_tier/configs/ess.config.ts

// After server is started, open another terminal

cd x-pack

node ../scripts/functional_test_runner --config=test/security_solution_api_integration/test_suites/investigation/timeline/trial_license_complete_tier/configs/ess.config.ts
```

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
@PhilippeOberti PhilippeOberti mentioned this pull request Oct 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MadameSheema MadameSheema MadameSheema left review comments

@dhurley14 dhurley14 dhurley14 approved these changes

@delanni delanni delanni approved these changes

@wayneseymour wayneseymour wayneseymour approved these changes

@dmlemeshko dmlemeshko dmlemeshko approved these changes

@nikitaindik nikitaindik nikitaindik approved these changes

Assignees

@machadoum machadoum

@tiansivive tiansivive

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Entity Analytics Security Entity Analytics Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.