Skip to content

Commit

Permalink
[8.x] [APM] Migrate settings API tests to be deployment-agnostic (#20…
Browse files Browse the repository at this point in the history
…0762) (#201328)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[APM] Migrate settings API tests to be deployment-agnostic
(#200762)](#200762)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Irene
Blanco","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-21T22:08:49Z","message":"[APM]
Migrate settings API tests to be deployment-agnostic (#200762)\n\nCloses
https://github.com/elastic/kibana/issues/198989\r\nPart of
https://github.com/elastic/kibana/issues/193245\r\n\r\nThis PR contains
the changes to migrate `settings` test folder to\r\ndeployment-agnostic
testing strategy.\r\n\r\n\r\n**Not Migrated**\r\n-
`agent_configuration`: Not available in Serverless.\r\n-
`anomaly_detection/no_access`: Involves the `noAccess` user role;
we\r\nare only migrating tests for `viewer`, `editor`, or `admin`
roles.\r\n- `anomaly_detection/update_to_v3`: Involves the deletion of
ML jobs; we\r\nwill wait until an \"ml\" service is available to
properly migrate these\r\ntests.\r\n- `anomaly_detection/write_user`:
Involves the deletion of ML jobs; we\r\nwill wait until an \"ml\"
service is available to properly migrate
these\r\ntests.\r\n\r\n**Partially Migrated**\r\n-
`anomaly_detection/read_user`: Involves
the\r\n`apmAllPrivilegesWithoutWriteSettingsUser` role; only tests for
the\r\n`read` role have been migrated.\r\n-
`anomaly_detection/write_user`: Involves
the\r\n`apmReadPrivilegesWithWriteSettingsUser` role; only tests for
the\r\n`write` role have been migrated.\r\n- `apm_indices`: Tests based
on license have not been migrated.\r\ncustom_link: Involves the
`apmReadPrivilegesWithWriteSettingsUser` role;\r\nonly tests for the
trial `write` role have been migrated.\r\n- `agent_keys`: Involves the
`manageOwnAgentKeysUser` and\r\n`createAndAllAgentKeysUser` roles; only
tests for the `write` role have\r\nbeen migrated.\r\n\r\n### How to
test\r\n\r\n\r\n- Serverless\r\n\r\n```\r\nnode
scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts\r\nnode
scripts/functional_test_runner --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts
\r\n```\r\n\r\nIt's recommended to be run
against\r\n[MKI](https://github.com/crespocarlos/kibana/blob/main/x-pack/test_serverless/README.md#run-tests-on-mki)\r\n\r\n-
Stateful\r\n```\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
\r\nnode scripts/functional_test_runner --config
x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
\r\n```\r\n\r\n## Checks\r\n\r\n- [ ] (OPTIONAL, only if a test has been
unskipped) Run flaky test suite\r\n- [x] local run for serverless\r\n-
[x] local run for stateful\r\n- [x] MKI run for serverless
\r\n\r\n<!--ONMERGE {\"backportTargets\":[\"8.x\"]}
ONMERGE-->\r\n\r\n---------\r\n\r\nCo-authored-by: Carlos Crespo
<[email protected]>\r\nCo-authored-by: Carlos Crespo
<[email protected]>","sha":"05bf56f3365e9f273bad6d29cc5855d9c3607fc7","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","apm","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-infra_services","v8.17.0"],"number":200762,"url":"https://github.com/elastic/kibana/pull/200762","mergeCommit":{"message":"[APM]
Migrate settings API tests to be deployment-agnostic (#200762)\n\nCloses
https://github.com/elastic/kibana/issues/198989\r\nPart of
https://github.com/elastic/kibana/issues/193245\r\n\r\nThis PR contains
the changes to migrate `settings` test folder to\r\ndeployment-agnostic
testing strategy.\r\n\r\n\r\n**Not Migrated**\r\n-
`agent_configuration`: Not available in Serverless.\r\n-
`anomaly_detection/no_access`: Involves the `noAccess` user role;
we\r\nare only migrating tests for `viewer`, `editor`, or `admin`
roles.\r\n- `anomaly_detection/update_to_v3`: Involves the deletion of
ML jobs; we\r\nwill wait until an \"ml\" service is available to
properly migrate these\r\ntests.\r\n- `anomaly_detection/write_user`:
Involves the deletion of ML jobs; we\r\nwill wait until an \"ml\"
service is available to properly migrate
these\r\ntests.\r\n\r\n**Partially Migrated**\r\n-
`anomaly_detection/read_user`: Involves
the\r\n`apmAllPrivilegesWithoutWriteSettingsUser` role; only tests for
the\r\n`read` role have been migrated.\r\n-
`anomaly_detection/write_user`: Involves
the\r\n`apmReadPrivilegesWithWriteSettingsUser` role; only tests for
the\r\n`write` role have been migrated.\r\n- `apm_indices`: Tests based
on license have not been migrated.\r\ncustom_link: Involves the
`apmReadPrivilegesWithWriteSettingsUser` role;\r\nonly tests for the
trial `write` role have been migrated.\r\n- `agent_keys`: Involves the
`manageOwnAgentKeysUser` and\r\n`createAndAllAgentKeysUser` roles; only
tests for the `write` role have\r\nbeen migrated.\r\n\r\n### How to
test\r\n\r\n\r\n- Serverless\r\n\r\n```\r\nnode
scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts\r\nnode
scripts/functional_test_runner --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts
\r\n```\r\n\r\nIt's recommended to be run
against\r\n[MKI](https://github.com/crespocarlos/kibana/blob/main/x-pack/test_serverless/README.md#run-tests-on-mki)\r\n\r\n-
Stateful\r\n```\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
\r\nnode scripts/functional_test_runner --config
x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
\r\n```\r\n\r\n## Checks\r\n\r\n- [ ] (OPTIONAL, only if a test has been
unskipped) Run flaky test suite\r\n- [x] local run for serverless\r\n-
[x] local run for stateful\r\n- [x] MKI run for serverless
\r\n\r\n<!--ONMERGE {\"backportTargets\":[\"8.x\"]}
ONMERGE-->\r\n\r\n---------\r\n\r\nCo-authored-by: Carlos Crespo
<[email protected]>\r\nCo-authored-by: Carlos Crespo
<[email protected]>","sha":"05bf56f3365e9f273bad6d29cc5855d9c3607fc7"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/200762","number":200762,"mergeCommit":{"message":"[APM]
Migrate settings API tests to be deployment-agnostic (#200762)\n\nCloses
https://github.com/elastic/kibana/issues/198989\r\nPart of
https://github.com/elastic/kibana/issues/193245\r\n\r\nThis PR contains
the changes to migrate `settings` test folder to\r\ndeployment-agnostic
testing strategy.\r\n\r\n\r\n**Not Migrated**\r\n-
`agent_configuration`: Not available in Serverless.\r\n-
`anomaly_detection/no_access`: Involves the `noAccess` user role;
we\r\nare only migrating tests for `viewer`, `editor`, or `admin`
roles.\r\n- `anomaly_detection/update_to_v3`: Involves the deletion of
ML jobs; we\r\nwill wait until an \"ml\" service is available to
properly migrate these\r\ntests.\r\n- `anomaly_detection/write_user`:
Involves the deletion of ML jobs; we\r\nwill wait until an \"ml\"
service is available to properly migrate
these\r\ntests.\r\n\r\n**Partially Migrated**\r\n-
`anomaly_detection/read_user`: Involves
the\r\n`apmAllPrivilegesWithoutWriteSettingsUser` role; only tests for
the\r\n`read` role have been migrated.\r\n-
`anomaly_detection/write_user`: Involves
the\r\n`apmReadPrivilegesWithWriteSettingsUser` role; only tests for
the\r\n`write` role have been migrated.\r\n- `apm_indices`: Tests based
on license have not been migrated.\r\ncustom_link: Involves the
`apmReadPrivilegesWithWriteSettingsUser` role;\r\nonly tests for the
trial `write` role have been migrated.\r\n- `agent_keys`: Involves the
`manageOwnAgentKeysUser` and\r\n`createAndAllAgentKeysUser` roles; only
tests for the `write` role have\r\nbeen migrated.\r\n\r\n### How to
test\r\n\r\n\r\n- Serverless\r\n\r\n```\r\nnode
scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts\r\nnode
scripts/functional_test_runner --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts
\r\n```\r\n\r\nIt's recommended to be run
against\r\n[MKI](https://github.com/crespocarlos/kibana/blob/main/x-pack/test_serverless/README.md#run-tests-on-mki)\r\n\r\n-
Stateful\r\n```\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
\r\nnode scripts/functional_test_runner --config
x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
\r\n```\r\n\r\n## Checks\r\n\r\n- [ ] (OPTIONAL, only if a test has been
unskipped) Run flaky test suite\r\n- [x] local run for serverless\r\n-
[x] local run for stateful\r\n- [x] MKI run for serverless
\r\n\r\n<!--ONMERGE {\"backportTargets\":[\"8.x\"]}
ONMERGE-->\r\n\r\n---------\r\n\r\nCo-authored-by: Carlos Crespo
<[email protected]>\r\nCo-authored-by: Carlos Crespo
<[email protected]>","sha":"05bf56f3365e9f273bad6d29cc5855d9c3607fc7"}},{"branch":"8.17","label":"v8.17.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/201327","number":201327,"state":"OPEN"}]}]
BACKPORT-->
  • Loading branch information
iblancof authored Nov 22, 2024
1 parent bf6d847 commit 99cc01b
Show file tree
Hide file tree
Showing 14 changed files with 630 additions and 255 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -12,33 +12,34 @@ export default function apmApiIntegrationTests({
}: DeploymentAgnosticFtrProviderContext) {
describe('APM', function () {
loadTestFile(require.resolve('./agent_explorer'));
loadTestFile(require.resolve('./mobile'));
loadTestFile(require.resolve('./errors'));
loadTestFile(require.resolve('./alerts'));
loadTestFile(require.resolve('./cold_start'));
loadTestFile(require.resolve('./correlations'));
loadTestFile(require.resolve('./custom_dashboards'));
loadTestFile(require.resolve('./data_view'));
loadTestFile(require.resolve('./dependencies'));
loadTestFile(require.resolve('./diagnostics'));
loadTestFile(require.resolve('./entities'));
loadTestFile(require.resolve('./environment'));
loadTestFile(require.resolve('./error_rate'));
loadTestFile(require.resolve('./data_view'));
loadTestFile(require.resolve('./correlations'));
loadTestFile(require.resolve('./entities'));
loadTestFile(require.resolve('./cold_start'));
loadTestFile(require.resolve('./metrics'));
loadTestFile(require.resolve('./services'));
loadTestFile(require.resolve('./errors'));
loadTestFile(require.resolve('./historical_data'));
loadTestFile(require.resolve('./observability_overview'));
loadTestFile(require.resolve('./latency'));
loadTestFile(require.resolve('./infrastructure'));
loadTestFile(require.resolve('./service_maps'));
loadTestFile(require.resolve('./inspect'));
loadTestFile(require.resolve('./latency'));
loadTestFile(require.resolve('./metrics'));
loadTestFile(require.resolve('./mobile'));
loadTestFile(require.resolve('./observability_overview'));
loadTestFile(require.resolve('./service_groups'));
loadTestFile(require.resolve('./time_range_metadata'));
loadTestFile(require.resolve('./diagnostics'));
loadTestFile(require.resolve('./service_maps'));
loadTestFile(require.resolve('./service_nodes'));
loadTestFile(require.resolve('./service_overview'));
loadTestFile(require.resolve('./services'));
loadTestFile(require.resolve('./settings'));
loadTestFile(require.resolve('./span_links'));
loadTestFile(require.resolve('./suggestions'));
loadTestFile(require.resolve('./throughput'));
loadTestFile(require.resolve('./time_range_metadata'));
loadTestFile(require.resolve('./transactions'));
loadTestFile(require.resolve('./service_overview'));
});
}
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ export default function annotationApiTests({ getService }: DeploymentAgnosticFtr
});

response = (
await apmApiClient.readUser({
await apmApiClient.publicApi({
endpoint: 'GET /api/apm/services/{serviceName}/annotation/search 2023-10-31',
params: {
path: {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { PrivilegeType, ClusterPrivilegeType } from '@kbn/apm-plugin/common/privilege_type';
import type { RoleCredentials } from '../../../../../services';
import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
import { expectToReject } from '../../../../../../../apm_api_integration/common/utils/expect_to_reject';
import type { ApmApiError } from '../../../../../services/apm_api';

export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
const apmApiClient = getService('apmApi');
const samlAuth = getService('samlAuth');

const agentKeyName = 'test';
const allApplicationPrivileges = [PrivilegeType.AGENT_CONFIG, PrivilegeType.EVENT];
const clusterPrivileges = [ClusterPrivilegeType.MANAGE_OWN_API_KEY];

async function createAgentKey(roleAuthc: RoleCredentials) {
return await apmApiClient.publicApi({
endpoint: 'POST /api/apm/agent_keys 2023-10-31',
params: {
body: {
name: agentKeyName,
privileges: allApplicationPrivileges,
},
},
roleAuthc,
});
}

async function invalidateAgentKey(id: string) {
return await apmApiClient.writeUser({
endpoint: 'POST /internal/apm/api_key/invalidate',
params: {
body: { id },
},
});
}

async function getAgentKeys() {
return await apmApiClient.writeUser({ endpoint: 'GET /internal/apm/agent_keys' });
}

describe('When the user does not have the required privileges', () => {
let roleAuthc: RoleCredentials;

before(async () => {
roleAuthc = await samlAuth.createM2mApiKeyWithRoleScope('editor');
});

after(async () => {
await samlAuth.invalidateM2mApiKeyWithRoleScope(roleAuthc);
});

describe('When the user does not have the required cluster privileges', () => {
it('should return an error when creating an agent key', async () => {
const error = await expectToReject<ApmApiError>(() => createAgentKey(roleAuthc));
expect(error.res.status).to.be(403);
expect(error.res.body.message).contain('is missing the following requested privilege');
expect(error.res.body.attributes).to.eql({
_inspect: [],
data: {
missingPrivileges: allApplicationPrivileges,
missingClusterPrivileges: clusterPrivileges,
},
});
});

it('should return an error when invalidating an agent key', async () => {
const error = await expectToReject<ApmApiError>(() => invalidateAgentKey(agentKeyName));
expect(error.res.status).to.be(500);
});

it('should return an error when getting a list of agent keys', async () => {
const error = await expectToReject<ApmApiError>(() => getAgentKeys());
expect(error.res.status).to.be(500);
});
});
});
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,13 @@
*/

import expect from '@kbn/expect';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
import { ApmApiError } from '../../../common/apm_api_supertest';
import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
import type { ApmApiError } from '../../../../../services/apm_api';

export default function apiTest({ getService }: FtrProviderContext) {
const registry = getService('registry');
const apmApiClient = getService('apmApiClient');
export default function apiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
const apmApiClient = getService('apmApi');

type SupertestAsUser =
| typeof apmApiClient.readUser
| typeof apmApiClient.writeUser
| typeof apmApiClient.noAccessUser;
type SupertestAsUser = typeof apmApiClient.readUser | typeof apmApiClient.writeUser;

function getJobs(user: SupertestAsUser) {
return user({ endpoint: `GET /internal/apm/settings/anomaly-detection/jobs` });
Expand All @@ -34,28 +30,21 @@ export default function apiTest({ getService }: FtrProviderContext) {
async function expectForbidden(user: SupertestAsUser) {
try {
await getJobs(user);
expect(true).to.be(false);
} catch (e) {
const err = e as ApmApiError;
expect(err.res.status).to.be(403);
}

try {
await createJobs(user, ['production', 'staging']);
expect(true).to.be(false);
} catch (e) {
const err = e as ApmApiError;
expect(err.res.status).to.be(403);
}
}

registry.when('ML jobs return a 403 for', { config: 'basic', archives: [] }, () => {
describe('ML jobs return a 403 for', () => {
describe('basic', function () {
this.tags('skipFIPS');
it('user without access', async () => {
await expectForbidden(apmApiClient.noAccessUser);
});

it('read user', async () => {
await expectForbidden(apmApiClient.readUser);
});
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import expect from '@kbn/expect';
import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
import type { ApmApiError } from '../../../../../services/apm_api';

export default function apiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
const apmApiClient = getService('apmApi');

function getJobs() {
return apmApiClient.readUser({ endpoint: `GET /internal/apm/settings/anomaly-detection/jobs` });
}

function createJobs(environments: string[]) {
return apmApiClient.readUser({
endpoint: `POST /internal/apm/settings/anomaly-detection/jobs`,
params: {
body: { environments },
},
});
}

describe('ML jobs', () => {
describe(`when readUser has read access to ML`, () => {
describe('when calling the endpoint for listing jobs', () => {
it('returns a list of jobs', async () => {
const { body } = await getJobs();

expect(body.jobs).not.to.be(undefined);
expect(body.hasLegacyJobs).to.be(false);
});
});

describe('when calling create endpoint', () => {
it('returns an error because the user does not have access', async () => {
try {
await createJobs(['production', 'staging']);
expect(true).to.be(false);
} catch (e) {
const err = e as ApmApiError;
expect(err.res.status).to.be(403);
}
});
});
});
});
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import {
APM_INDEX_SETTINGS_SAVED_OBJECT_ID,
APM_INDEX_SETTINGS_SAVED_OBJECT_TYPE,
} from '@kbn/apm-data-access-plugin/server/saved_objects/apm_indices';
import expect from '@kbn/expect';
import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';

export default function apmIndicesTests({ getService }: DeploymentAgnosticFtrProviderContext) {
const kibanaServer = getService('kibanaServer');
const apmApiClient = getService('apmApi');

async function deleteSavedObject() {
try {
return await kibanaServer.savedObjects.delete({
type: APM_INDEX_SETTINGS_SAVED_OBJECT_TYPE,
id: APM_INDEX_SETTINGS_SAVED_OBJECT_ID,
});
} catch (e) {
if (e.response.status !== 404) {
throw e;
}
}
}

describe('APM Indices', () => {
beforeEach(async () => {
await deleteSavedObject();
});

afterEach(async () => {
await deleteSavedObject();
});

it('returns APM Indices', async () => {
const response = await apmApiClient.readUser({
endpoint: 'GET /internal/apm/settings/apm-indices',
});
expect(response.status).to.be(200);
expect(response.body).to.eql({
transaction: 'traces-apm*,apm-*,traces-*.otel-*',
span: 'traces-apm*,apm-*,traces-*.otel-*',
error: 'logs-apm*,apm-*,logs-*.otel-*',
metric: 'metrics-apm*,apm-*,metrics-*.otel-*',
onboarding: 'apm-*',
sourcemap: 'apm-*',
});
});

it('updates apm indices', async () => {
const INDEX_VALUE = 'foo-*';

const writeResponse = await apmApiClient.writeUser({
endpoint: 'POST /internal/apm/settings/apm-indices/save',
params: {
body: { transaction: INDEX_VALUE },
},
});
expect(writeResponse.status).to.be(200);

const readResponse = await apmApiClient.readUser({
endpoint: 'GET /internal/apm/settings/apm-indices',
});

expect(readResponse.status).to.be(200);
expect(readResponse.body.transaction).to.eql(INDEX_VALUE);
});
});
}
Loading

0 comments on commit 99cc01b

Please sign in to comment.