From 0c70304a2fb64309f510ff4fb6362b840d7739cb Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 13 Nov 2024 06:54:40 +1100 Subject: [PATCH] [8.x] [Data Usage] add functional tests for privileges (#199377) (#199849) # Backport This will backport the following commits from `main` to `8.x`: - [[Data Usage] add functional tests for privileges (#199377)](https://github.com/elastic/kibana/pull/199377) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Sandra G --- .../page_objects/svl_common_page.ts | 15 +++ .../page_objects/svl_management_page.ts | 3 + .../test_suites/common/data_usage/index.ts | 1 + .../common/data_usage/privileges.ts | 105 ++++++++++++++++++ 4 files changed, 124 insertions(+) create mode 100644 x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts diff --git a/x-pack/test_serverless/functional/page_objects/svl_common_page.ts b/x-pack/test_serverless/functional/page_objects/svl_common_page.ts index 5533128c2d19e..a298ed5f7d0c1 100644 --- a/x-pack/test_serverless/functional/page_objects/svl_common_page.ts +++ b/x-pack/test_serverless/functional/page_objects/svl_common_page.ts @@ -134,6 +134,21 @@ export function SvlCommonPageProvider({ getService, getPageObjects }: FtrProvide await this.loginWithRole('viewer'); }, + /** + * + * Login to Kibana using SAML authentication with Editor role (observability, security) + */ + async loginAsEditor() { + await this.loginWithRole('editor'); + }, + + /** + * Login to Kibana using SAML authentication with Developer role (search) + */ + async loginAsDeveloper() { + await this.loginWithRole('developer'); + }, + /** * Login to Kibana using SAML authentication with Editor/Developer role */ diff --git a/x-pack/test_serverless/functional/page_objects/svl_management_page.ts b/x-pack/test_serverless/functional/page_objects/svl_management_page.ts index 5676975a89c08..e5e510c2d22d2 100644 --- a/x-pack/test_serverless/functional/page_objects/svl_management_page.ts +++ b/x-pack/test_serverless/functional/page_objects/svl_management_page.ts @@ -64,6 +64,9 @@ export function SvlManagementPageProvider({ getService }: FtrProviderContext) { async assertDataUsageManagementCardExists() { await testSubjects.existOrFail('app-card-data_usage'); }, + async assertDataUsageManagementCardDoesNotExist() { + await testSubjects.missingOrFail('app-card-data_usage'); + }, async clickDataUsageManagementCard() { await testSubjects.click('app-card-data_usage'); }, diff --git a/x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts b/x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts index dcdd23b13605f..9d3668aeb2ec5 100644 --- a/x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts +++ b/x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts @@ -10,5 +10,6 @@ import { FtrProviderContext } from '../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext) => { describe('Data Usage', function () { loadTestFile(require.resolve('./main')); + loadTestFile(require.resolve('./privileges')); }); }; diff --git a/x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts b/x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts new file mode 100644 index 0000000000000..7865672e90498 --- /dev/null +++ b/x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts @@ -0,0 +1,105 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../ftr_provider_context'; + +export default ({ getPageObjects, getService }: FtrProviderContext) => { + const pageObjects = getPageObjects(['svlCommonPage', 'svlManagementPage', 'common']); + const testSubjects = getService('testSubjects'); + const samlAuth = getService('samlAuth'); + const retry = getService('retry'); + const dataUsageAppUrl = 'management/data/data_usage'; + + const navigateAndVerify = async (expectedVisible: boolean) => { + await pageObjects.common.navigateToApp('management'); + await retry.waitFor('page to be visible', async () => + testSubjects.exists('cards-navigation-page') + ); + + if (expectedVisible) { + await pageObjects.svlManagementPage.assertDataUsageManagementCardExists(); + await pageObjects.common.navigateToApp(dataUsageAppUrl); + await testSubjects.exists('DataUsagePage'); + } else { + await pageObjects.svlManagementPage.assertDataUsageManagementCardDoesNotExist(); + await pageObjects.common.navigateToApp(dataUsageAppUrl); + await testSubjects.missingOrFail('DataUsagePage'); + } + }; + + describe('privileges', function () { + // plugin needs to be enabled in serverless + this.tags(['skipMKI']); + + it('renders for the admin role', async () => { + await pageObjects.svlCommonPage.loginAsAdmin(); + await navigateAndVerify(true); + }); + + it('does not render for viewer', async () => { + await pageObjects.svlCommonPage.loginAsViewer(); + await navigateAndVerify(false); + }); + describe('with editor role', function () { + // editor role does not exist in search solution + this.tags(['skipSvlSearch']); + it('does not render for default (editor) role', async () => { + await pageObjects.svlCommonPage.loginAsEditor(); + await navigateAndVerify(false); + }); + }); + describe('with developer role', function () { + // developer role only exists in ecs solution + this.tags(['skipSvlOblt', 'skipSvlSec']); + it('renders for developer role', async () => { + await pageObjects.svlCommonPage.loginAsDeveloper(); + await navigateAndVerify(true); + }); + }); + describe('with custom role', function () { + // custom roles aren't available in observability yet + this.tags(['skipSvlOblt']); + afterEach(async () => { + await samlAuth.deleteCustomRole(); + }); + it('renders with a custom role that has the monitor cluster privilege', async () => { + await samlAuth.setCustomRole({ + elasticsearch: { + cluster: ['monitor'], + indices: [{ names: ['*'], privileges: ['all'] }], + }, + kibana: [ + { + base: ['all'], + feature: {}, + spaces: ['*'], + }, + ], + }); + await pageObjects.svlCommonPage.loginWithCustomRole(); + await navigateAndVerify(true); + }); + + it('does not render with a custom role that does not have the monitor cluster privilege', async () => { + await samlAuth.setCustomRole({ + elasticsearch: { + indices: [{ names: ['*'], privileges: ['all'] }], + }, + kibana: [ + { + base: ['all'], + feature: {}, + spaces: ['*'], + }, + ], + }); + await pageObjects.svlCommonPage.loginWithCustomRole(); + await navigateAndVerify(false); + }); + }); + }); +};