Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[kbn-mock-idp-utils] export plugin and metadata files paths #198712

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
+46 −24
Draft

[kbn-mock-idp-utils] export plugin and metadata files paths #198712

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ba19ff8
[kbn-mock-idp-utils] export plugin and metadata files paths
dmlemeshko Nov 1, 2024
81ed48d
[CI] Auto-commit changed files from 'node scripts/notice'
kibanamachine Nov 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions packages/kbn-mock-idp-utils/src/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@
* License v3.0 only", or the "Server Side Public License, v 1".
*/

import path from 'path';

import { REPO_ROOT } from '@kbn/repo-info';

export const MOCK_IDP_LOGIN_PATH = '/mock_idp/login';
export const MOCK_IDP_LOGOUT_PATH = '/mock_idp/logout';

Expand All @@ -19,3 +23,30 @@ export const MOCK_IDP_ATTRIBUTE_PRINCIPAL = 'http://saml.elastic-cloud.com/attri
export const MOCK_IDP_ATTRIBUTE_ROLES = 'http://saml.elastic-cloud.com/attributes/roles';
export const MOCK_IDP_ATTRIBUTE_EMAIL = 'http://saml.elastic-cloud.com/attributes/email';
export const MOCK_IDP_ATTRIBUTE_NAME = 'http://saml.elastic-cloud.com/attributes/name';

export const MOCK_IDP_TEST_PLUGIN_PATH = path.resolve(
REPO_ROOT,
'x-pack',
'test',
'security_api_integration',
'plugins',
'saml_provider'
);

const idPResourcesPath = path.resolve(
REPO_ROOT,
'x-pack',
'test',
'security_api_integration',
'packages',
'helpers',
'saml'
);

export const IDP_METADATA_PATHS = {
default: path.resolve(MOCK_IDP_TEST_PLUGIN_PATH, 'metadata.xml'),
saml1: path.resolve(idPResourcesPath, 'idp_metadata.xml'),
saml2: path.resolve(idPResourcesPath, 'idp_metadata_2.xml'),
neverLogin: path.resolve(idPResourcesPath, 'idp_metadata_never_login.xml'),
mockIdpPlugin: path.resolve(idPResourcesPath, 'idp_metadata_mock_idp.xml'),
};
2 changes: 2 additions & 0 deletions packages/kbn-mock-idp-utils/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ export {
MOCK_IDP_ATTRIBUTE_ROLES,
MOCK_IDP_ATTRIBUTE_EMAIL,
MOCK_IDP_ATTRIBUTE_NAME,
MOCK_IDP_TEST_PLUGIN_PATH,
IDP_METADATA_PATHS,
} from './constants';

export { createMockIdpMetadata, createSAMLResponse, ensureSAMLRoleMapping } from './utils';
1 change: 1 addition & 0 deletions packages/kbn-mock-idp-utils/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,6 @@
],
"kbn_references": [
"@kbn/dev-utils",
"@kbn/repo-info",
]
}
16 changes: 5 additions & 11 deletions x-pack/test/api_integration/deployment_agnostic/default_configs/stateful.config.base.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ import {
MOCK_IDP_ATTRIBUTE_ROLES,
MOCK_IDP_ATTRIBUTE_EMAIL,
MOCK_IDP_ATTRIBUTE_NAME,
MOCK_IDP_TEST_PLUGIN_PATH,
IDP_METADATA_PATHS,
} from '@kbn/mock-idp-utils';
import {
esTestConfig,
Expand Down Expand Up @@ -61,15 +63,6 @@ export function createStatefulTestConfig<T extends DeploymentAgnosticCommonServi

const xPackAPITestsConfig = await readConfigFile(require.resolve('../../config.ts'));

// TODO: move to kbn-es because currently metadata file has hardcoded entityID and Location
const idpPath = require.resolve(
'@kbn/security-api-integration-helpers/saml/idp_metadata_mock_idp.xml'
);
const samlIdPPlugin = path.resolve(
__dirname,
'../../../security_api_integration/plugins/saml_provider'
);

const servers = {
kibana: {
...kbnTestConfig.getUrlParts(systemIndicesSuperuser),
Expand Down Expand Up @@ -109,7 +102,8 @@ export function createStatefulTestConfig<T extends DeploymentAgnosticCommonServi
...xPackAPITestsConfig.get('esTestCluster.serverArgs'),
'xpack.security.authc.token.enabled=true',
`xpack.security.authc.realms.saml.${MOCK_IDP_REALM_NAME}.order=0`,
`xpack.security.authc.realms.saml.${MOCK_IDP_REALM_NAME}.idp.metadata.path=${idpPath}`,
// TODO: move to kbn-es because currently metadata file has hardcoded entityID and Location
`xpack.security.authc.realms.saml.${MOCK_IDP_REALM_NAME}.idp.metadata.path=${IDP_METADATA_PATHS.default}`,
`xpack.security.authc.realms.saml.${MOCK_IDP_REALM_NAME}.idp.entity_id=${MOCK_IDP_ENTITY_ID}`,
`xpack.security.authc.realms.saml.${MOCK_IDP_REALM_NAME}.sp.entity_id=${kbnUrl}`,
`xpack.security.authc.realms.saml.${MOCK_IDP_REALM_NAME}.sp.acs=${kbnUrl}/api/security/saml/callback`,
Expand All @@ -133,7 +127,7 @@ export function createStatefulTestConfig<T extends DeploymentAgnosticCommonServi
...(isRunOnCI ? [] : ['--mock_idp_plugin.enabled=true']),
// This ensures that we register the Security SAML API endpoints.
// In the real world the SAML config is injected by control plane.
`--plugin-path=${samlIdPPlugin}`,
`--plugin-path=${MOCK_IDP_TEST_PLUGIN_PATH}`,
'--xpack.cloud.id=ftr_fake_cloud_id',
// Ensure that SAML is used as the default authentication method whenever a user navigates to Kibana. In other
// words, Kibana should attempt to authenticate the user using the provider with the lowest order if the Login
Expand Down
20 changes: 7 additions & 13 deletions x-pack/test_serverless/shared/config.base.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,11 @@ import {
} from '@kbn/test';
import { CA_CERT_PATH, kibanaDevServiceAccount } from '@kbn/dev-utils';
import { commonFunctionalServices } from '@kbn/ftr-common-functional-services';
import { MOCK_IDP_REALM_NAME } from '@kbn/mock-idp-utils';
import {
MOCK_IDP_REALM_NAME,
MOCK_IDP_TEST_PLUGIN_PATH,
IDP_METADATA_PATHS,
} from '@kbn/mock-idp-utils';
import path from 'path';
import { defineDockerServersConfig } from '@kbn/test';
import { dockerImage } from '@kbn/test-suites-xpack/fleet_api_integration/config.base';
Expand Down Expand Up @@ -49,16 +53,6 @@ export default async () => {
},
};

// "Fake" SAML provider
const idpPath = resolve(
__dirname,
'../../test/security_api_integration/plugins/saml_provider/metadata.xml'
);
const samlIdPPlugin = resolve(
__dirname,
'../../test/security_api_integration/plugins/saml_provider'
);

const jwksPath = require.resolve('@kbn/security-api-integration-helpers/oidc/jwks.json');

return {
Expand All @@ -79,7 +73,7 @@ export default async () => {
},
esTestCluster: {
from: 'serverless',
files: [idpPath, jwksPath],
files: [IDP_METADATA_PATHS.default, jwksPath],
serverArgs: [
'xpack.security.authc.realms.file.file1.order=-100',
`xpack.security.authc.realms.native.native1.enabled=false`,
Expand Down Expand Up @@ -155,7 +149,7 @@ export default async () => {
})}`,
// This ensures that we register the Security SAML API endpoints.
// In the real world the SAML config is injected by control plane.
`--plugin-path=${samlIdPPlugin}`,
`--plugin-path=${MOCK_IDP_TEST_PLUGIN_PATH}`,
// Ensure that SAML is used as the default authentication method whenever a user navigates to Kibana. In other
// words, Kibana should attempt to authenticate the user using the provider with the lowest order if the Login
// Selector is disabled (which is how Serverless Kibana is configured). By declaring `cloud-basic` with a higher
Expand Down