[8.x] [FTR] allow to call roleScopedSupertest service with Cookie header (#192727) #193679
+802
−939
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…lastic#192727) ## Summary During the sync with kibana-security team we agreed on how Kibana APIs should be tested: ### API Authentication in Kibana: Public vs. Internal APIs Kibana provides both public and internal APIs, each requiring authentication with the correct privileges. However, the method of testing these APIs varies, depending on how they are untilized by end users. - **Public APIs**: When testing HTTP requests to public APIs, **API key-based authentication** should be used. It reflect how end user call these APIs. Due to existing restrictions, we utilize `Admin` user credentials to generate API keys for various roles. While the API key permissions are correctly scoped according to the assigned role, the user will internally be recognized as `Admin` during authentication. - **Internal APIs**: Direct HTTP requests to internal APIs are generally not expected. However, for testing purposes, authentication should be performed **using the Cookie header**. This approach simulates client-side behavior during browser interactions, mirroring how internal APIs are indirectly invoked. To simplify the process of creating/updating the tests, this PR makes few changes to `roleScopedSupertest` service 1) testing public APIs (nothing changed) ```ts const supertestAdminWithApiKey = await roleScopedSupertest.getSupertestWithRoleScope('admin', { withCustomHeaders: { 'accept-encoding': 'gzip' }, }); const response = await supertestAdminWithApiKey.get('/app/kibana'); ``` 2) testing internal APIs ```ts const supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( 'admin', { useCookieHeader: true, // will use Cookie header instead of API key withInternalHeaders: true, } ); await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/${TEST_SETTING}`) .send({ value: 100 }) .expect(200); ``` I updated some of the existing tests according to the new approach. Docs for serverless and deployment-agnostic api integration tests were updated accordingly (cherry picked from commit d9148f1)
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Public APIs missing comments
To update your PR or re-run it, just comment with: cc @dmlemeshko |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto8.x:Questions ?
Please refer to the Backport tool documentation