tylersmalley · tylersmalley · Jan 20, 2022 · Jan 20, 2022
diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts
@@ -13,7 +13,6 @@ import { ILM_POLICY_NAME } from '../../../plugins/reporting/common/constants';
 // eslint-disable-next-line import/no-default-export
 export default function ({ getService }: FtrProviderContext) {
   const es = getService('es');
-  const supertest = getService('supertest');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
   const reportingAPI = getService('reportingAPI');
   const security = getService('security');
@@ -28,10 +27,42 @@ export default function ({ getService }: FtrProviderContext) {
     `,index:aac3e500-f2c7-11ea-8250-fb138aa491e7,query:(language:kuery,query:'')` +
     `,version:!t),sort:!((order_date:desc)),trackTotalHits:!t),title:'EC SEARCH from DEFAULT')`;
 
+  const runMigrate = async () => {
+    await reportingAPI.migrateReportingIndices(
+      reportingAPI.REPORTING_USER_USERNAME,
+      reportingAPI.REPORTING_USER_PASSWORD
+    );
+  };
+
   describe('ILM policy migration APIs', () => {
     before(async () => {
+      await security.role.create(reportingAPI.REPORTING_ROLE, {
+        metadata: {},
+        elasticsearch: {
+          cluster: ['manage_ilm'],
+          indices: [
+            { names: ['ecommerce'], privileges: ['read'], allow_restricted_indices: false },
+            { names: ['.reporting-*'], privileges: ['all'], allow_restricted_indices: true },
+          ],
+          run_as: [],
+        },
+        kibana: [
+          {
+            base: [],
+            feature: {
+              dashboard: ['minimal_read', 'download_csv_report', 'generate_report'],
+              discover: ['minimal_read', 'generate_report'],
+              canvas: ['minimal_read', 'generate_report'],
+              visualize: ['minimal_read', 'generate_report'],
+            },
+            spaces: ['*'],
+          },
+        ],
+      });
+      await reportingAPI.createTestReportingUser();
+
       await reportingAPI.initLogs();
-      await reportingAPI.migrateReportingIndices(); // ensure that the ILM policy exists for the first test
+      await runMigrate(); // ensure that the ILM policy exists for the first test
     });
 
     after(async () => {
@@ -40,47 +71,80 @@ export default function ({ getService }: FtrProviderContext) {
 
     afterEach(async () => {
       await reportingAPI.deleteAllReports();
-      await reportingAPI.migrateReportingIndices(); // ensure that the ILM policy exists
+      await runMigrate(); // ensure that the ILM policy exists
     });
 
     it('detects when no migration is needed', async () => {
-      expect(await reportingAPI.checkIlmMigrationStatus()).to.eql('ok');
+      expect(
+        await reportingAPI.checkIlmMigrationStatus(
+          reportingAPI.REPORTING_USER_USERNAME,
+          reportingAPI.REPORTING_USER_PASSWORD
+        )
+      ).to.eql('ok');
 
       // try creating a report
-      await supertest
+      await supertestWithoutAuth
         .post(`/api/reporting/generate/csv_searchsource`)
+        .auth(reportingAPI.REPORTING_USER_USERNAME, reportingAPI.REPORTING_USER_PASSWORD)
         .set('kbn-xsrf', 'xxx')
         .send({ jobParams: JOB_PARAMS_RISON_CSV });
 
-      expect(await reportingAPI.checkIlmMigrationStatus()).to.eql('ok');
+      expect(
+        await reportingAPI.checkIlmMigrationStatus(
+          reportingAPI.REPORTING_USER_USERNAME,
+          reportingAPI.REPORTING_USER_PASSWORD
+        )
+      ).to.eql('ok');
     });
 
     it('detects when reporting indices should be migrated due to missing ILM policy', async () => {
       await reportingAPI.makeAllReportingIndicesUnmanaged();
       await es.ilm.deleteLifecycle({ name: ILM_POLICY_NAME });
 
-      await supertest
+      await supertestWithoutAuth
         .post(`/api/reporting/generate/csv_searchsource`)
+        .auth(reportingAPI.REPORTING_USER_USERNAME, reportingAPI.REPORTING_USER_PASSWORD)
         .set('kbn-xsrf', 'xxx')
         .send({ jobParams: JOB_PARAMS_RISON_CSV });
 
-      expect(await reportingAPI.checkIlmMigrationStatus()).to.eql('policy-not-found');
+      expect(
+        await reportingAPI.checkIlmMigrationStatus(
+          reportingAPI.REPORTING_USER_USERNAME,
+          reportingAPI.REPORTING_USER_PASSWORD
+        )
+      ).to.eql('policy-not-found');
       // assert that migration fixes this
-      await reportingAPI.migrateReportingIndices();
-      expect(await reportingAPI.checkIlmMigrationStatus()).to.eql('ok');
+      await runMigrate();
+      expect(
+        await reportingAPI.checkIlmMigrationStatus(
+          reportingAPI.REPORTING_USER_USERNAME,
+          reportingAPI.REPORTING_USER_PASSWORD
+        )
+      ).to.eql('ok');
     });
 
     it('detects when reporting indices should be migrated due to unmanaged indices', async () => {
       await reportingAPI.makeAllReportingIndicesUnmanaged();
-      await supertest
+      await supertestWithoutAuth
         .post(`/api/reporting/generate/csv_searchsource`)
+        .auth(reportingAPI.REPORTING_USER_USERNAME, reportingAPI.REPORTING_USER_PASSWORD)
         .set('kbn-xsrf', 'xxx')
         .send({ jobParams: JOB_PARAMS_RISON_CSV });
 
-      expect(await reportingAPI.checkIlmMigrationStatus()).to.eql('indices-not-managed-by-policy');
+      expect(
+        await reportingAPI.checkIlmMigrationStatus(
+          reportingAPI.REPORTING_USER_USERNAME,
+          reportingAPI.REPORTING_USER_PASSWORD
+        )
+      ).to.eql('indices-not-managed-by-policy');
       // assert that migration fixes this
-      await reportingAPI.migrateReportingIndices();
-      expect(await reportingAPI.checkIlmMigrationStatus()).to.eql('ok');
+      await runMigrate();
+      expect(
+        await reportingAPI.checkIlmMigrationStatus(
+          reportingAPI.REPORTING_USER_USERNAME,
+          reportingAPI.REPORTING_USER_PASSWORD
+        )
+      ).to.eql('ok');
     });
 
     it('does not override an existing ILM policy', async () => {
@@ -109,7 +173,7 @@ export default function ({ getService }: FtrProviderContext) {
         body: customLifecycle,
       });
 
-      await reportingAPI.migrateReportingIndices();
+      await runMigrate();
 
       const {
         [ILM_POLICY_NAME]: { policy },

diff --git a/x-pack/test/reporting_api_integration/services/scenarios.ts b/x-pack/test/reporting_api_integration/services/scenarios.ts
@@ -37,6 +37,7 @@ export function createScenarios({ getService }: Pick<FtrProviderContext, 'getSer
   const DATA_ANALYST_PASSWORD = 'data_analyst-password';
   const REPORTING_USER_USERNAME = 'reporting_user';
   const REPORTING_USER_PASSWORD = 'reporting_user-password';
+  const REPORTING_ROLE = 'test_reporting_user';
 
   const logTaskManagerHealth = async () => {
     // Check task manager health for analyzing test failures. See https://github.com/elastic/kibana/issues/114946
@@ -90,7 +91,7 @@ export function createScenarios({ getService }: Pick<FtrProviderContext, 'getSer
   };
 
   const createTestReportingUserRole = async () => {
-    await security.role.create('test_reporting_user', {
+    await security.role.create(REPORTING_ROLE, {
       metadata: {},
       elasticsearch: {
         cluster: [],
@@ -127,9 +128,9 @@ export function createScenarios({ getService }: Pick<FtrProviderContext, 'getSer
   };
 
   const createTestReportingUser = async () => {
-    await security.user.create('reporting_user', {
-      password: 'reporting_user-password',
-      roles: ['test_reporting_user'],
+    await security.user.create(REPORTING_USER_USERNAME, {
+      password: REPORTING_USER_PASSWORD,
+      roles: [REPORTING_ROLE],
       full_name: 'Reporting User',
     });
   };
@@ -202,18 +203,29 @@ export function createScenarios({ getService }: Pick<FtrProviderContext, 'getSer
     });
   };
 
-  const checkIlmMigrationStatus = async () => {
+  const checkIlmMigrationStatus = async (username: string, password: string) => {
     log.debug('ReportingAPI.checkIlmMigrationStatus');
-    const { body } = await supertest
+    const { body } = await supertestWithoutAuth
       .get(API_GET_ILM_POLICY_STATUS)
+      .auth(username, password)
       .set('kbn-xsrf', 'xxx')
       .expect(200);
     return body.status;
   };
 
-  const migrateReportingIndices = async () => {
+  const migrateReportingIndices = async (username: string, password: string) => {
     log.debug('ReportingAPI.migrateReportingIndices');
-    await supertest.put(API_MIGRATE_ILM_POLICY_URL).set('kbn-xsrf', 'xxx').expect(200);
+    try {
+      await supertestWithoutAuth
+        .put(API_MIGRATE_ILM_POLICY_URL)
+        .auth(username, password)
+        .set('kbn-xsrf', 'xxx')
+        .expect(200);
+    } catch (err) {
+      log.error(`Could not migrate Reporting indices!`);
+      log.error(err);
+      throw err;
+    }
   };
 
   const makeAllReportingIndicesUnmanaged = async () => {
@@ -239,6 +251,7 @@ export function createScenarios({ getService }: Pick<FtrProviderContext, 'getSer
     DATA_ANALYST_PASSWORD,
     REPORTING_USER_USERNAME,
     REPORTING_USER_PASSWORD,
+    REPORTING_ROLE,
     routes: {
       API_GET_ILM_POLICY_STATUS,
       API_MIGRATE_ILM_POLICY_URL,