[APM] Migrate settings API tests to be deployment-agnostic #200762
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
| import expect from '@kbn/expect'; | ||
| import { PrivilegeType, ClusterPrivilegeType } from '@kbn/apm-plugin/common/privilege_type'; | ||
| import type { RoleCredentials } from '../../../../../services'; | ||
| import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context'; | ||
| import { expectToReject } from '../../../../../../../apm_api_integration/common/utils/expect_to_reject'; | ||
| import type { ApmApiError } from '../../../../../services/apm_api'; | ||
|
|
||
| export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) { | ||
| const apmApiClient = getService('apmApi'); | ||
| const samlAuth = getService('samlAuth'); | ||
|
|
||
| const agentKeyName = 'test'; | ||
| const allApplicationPrivileges = [PrivilegeType.AGENT_CONFIG, PrivilegeType.EVENT]; | ||
| const clusterPrivileges = [ClusterPrivilegeType.MANAGE_OWN_API_KEY]; | ||
|
|
||
| async function createAgentKey( | ||
| apiClient: (typeof apmApiClient)[keyof typeof apmApiClient], | ||
| roleAuthc: RoleCredentials, | ||
| privileges = allApplicationPrivileges | ||
| ) { | ||
| return await apiClient({ | ||
iblancof marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| endpoint: 'POST /api/apm/agent_keys 2023-10-31', | ||
| params: { | ||
| body: { | ||
| name: agentKeyName, | ||
| privileges, | ||
| }, | ||
| }, | ||
| roleAuthc, | ||
| }); | ||
| } | ||
|
|
||
| async function invalidateAgentKey(id: string) { | ||
| return await apmApiClient.writeUser({ | ||
| endpoint: 'POST /internal/apm/api_key/invalidate', | ||
| params: { | ||
| body: { id }, | ||
| }, | ||
| }); | ||
| } | ||
|
|
||
| async function getAgentKeys() { | ||
| return await apmApiClient.writeUser({ endpoint: 'GET /internal/apm/agent_keys' }); | ||
| } | ||
|
|
||
| describe('When the user does not have the required privileges', () => { | ||
| let roleAuthc: RoleCredentials; | ||
|
|
||
| before(async () => { | ||
| roleAuthc = await samlAuth.createM2mApiKeyWithRoleScope('editor'); | ||
| }); | ||
|
Comment on lines
+51
to
+53
There was a problem hiding this comment. API key should be invalidated in after(async () => {
await samlAuth.invalidateM2mApiKeyWithRoleScope(roleAuthc);
});There was a problem hiding this comment. I missed that, thank you! |
||
|
|
||
| after(async () => { | ||
| await samlAuth.invalidateM2mApiKeyWithRoleScope(roleAuthc); | ||
| }); | ||
|
|
||
| describe('When the user does not have the required cluster privileges', () => { | ||
| it('should return an error when creating an agent key', async () => { | ||
| const error = await expectToReject<ApmApiError>(() => | ||
| createAgentKey(apmApiClient.writeUser, roleAuthc) | ||
|
There was a problem hiding this comment. Could you explain why do we use different sources of authentication here: afaik There was a problem hiding this comment. The From what I observed in the code, this is necessary because the endpoint is not considered internal, so additional credential information must be included in the request headers. It seems the credentials require an API key, but the I’m not sure about the reasoning behind handling this outside of the Perhaps @crespocarlos could share more details about why it’s done this way in case you want to know more about it. There was a problem hiding this comment. Now that I'm looking at it, it is weird. We need to improve it.
There was a problem hiding this comment. For now, lets not use the we could type the response manually as: let response: APIReturnType<'POST /api/apm/agent_keys 2023-10-31'>There was a problem hiding this comment. Suggestion: iblancof#1 There was a problem hiding this comment. I’ll be using the new |
||
| ); | ||
| expect(error.res.status).to.be(403); | ||
| expect(error.res.body.message).contain('is missing the following requested privilege'); | ||
| expect(error.res.body.attributes).to.eql({ | ||
| _inspect: [], | ||
| data: { | ||
| missingPrivileges: allApplicationPrivileges, | ||
| missingClusterPrivileges: clusterPrivileges, | ||
| }, | ||
| }); | ||
| }); | ||
|
|
||
| it('should return an error when invalidating an agent key', async () => { | ||
| const error = await expectToReject<ApmApiError>(() => invalidateAgentKey(agentKeyName)); | ||
| expect(error.res.status).to.be(500); | ||
| }); | ||
|
|
||
| it('should return an error when getting a list of agent keys', async () => { | ||
| const error = await expectToReject<ApmApiError>(() => getAgentKeys()); | ||
| expect(error.res.status).to.be(500); | ||
| }); | ||
| }); | ||
| }); | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import expect from '@kbn/expect'; | ||
| import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context'; | ||
| import type { ApmApiError } from '../../../../../services/apm_api'; | ||
|
|
||
| export default function apiTest({ getService }: DeploymentAgnosticFtrProviderContext) { | ||
| const apmApiClient = getService('apmApi'); | ||
|
|
||
| type SupertestAsUser = typeof apmApiClient.readUser | typeof apmApiClient.writeUser; | ||
|
|
||
| function getJobs(user: SupertestAsUser) { | ||
| return user({ endpoint: `GET /internal/apm/settings/anomaly-detection/jobs` }); | ||
| } | ||
|
|
||
| function createJobs(user: SupertestAsUser, environments: string[]) { | ||
| return user({ | ||
| endpoint: 'POST /internal/apm/settings/anomaly-detection/jobs', | ||
| params: { | ||
| body: { environments }, | ||
| }, | ||
| }); | ||
| } | ||
|
|
||
| async function expectForbidden(user: SupertestAsUser) { | ||
| try { | ||
| await getJobs(user); | ||
| } catch (e) { | ||
| const err = e as ApmApiError; | ||
| expect(err.res.status).to.be(403); | ||
| } | ||
|
|
||
| try { | ||
| await createJobs(user, ['production', 'staging']); | ||
| } catch (e) { | ||
| const err = e as ApmApiError; | ||
| expect(err.res.status).to.be(403); | ||
| } | ||
| } | ||
|
|
||
| describe('ML jobs return a 403 for', () => { | ||
| describe('basic', function () { | ||
| this.tags('skipFIPS'); | ||
iblancof marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| it('read user', async () => { | ||
| await expectForbidden(apmApiClient.readUser); | ||
| }); | ||
|
|
||
| it('write user', async () => { | ||
| await expectForbidden(apmApiClient.writeUser); | ||
| }); | ||
| }); | ||
| }); | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import expect from '@kbn/expect'; | ||
| import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context'; | ||
| import type { ApmApiError } from '../../../../../services/apm_api'; | ||
|
|
||
| export default function apiTest({ getService }: DeploymentAgnosticFtrProviderContext) { | ||
| const apmApiClient = getService('apmApi'); | ||
|
|
||
| function getJobs() { | ||
| return apmApiClient.readUser({ endpoint: `GET /internal/apm/settings/anomaly-detection/jobs` }); | ||
| } | ||
|
|
||
| function createJobs(environments: string[]) { | ||
| return apmApiClient.readUser({ | ||
| endpoint: `POST /internal/apm/settings/anomaly-detection/jobs`, | ||
| params: { | ||
| body: { environments }, | ||
| }, | ||
| }); | ||
| } | ||
|
|
||
| describe('ML jobs', () => { | ||
| describe(`when readUser has read access to ML`, () => { | ||
| describe('when calling the endpoint for listing jobs', () => { | ||
| it('returns a list of jobs', async () => { | ||
| const { body } = await getJobs(); | ||
|
|
||
| expect(body.jobs).not.to.be(undefined); | ||
| expect(body.hasLegacyJobs).to.be(false); | ||
| }); | ||
| }); | ||
|
|
||
| describe('when calling create endpoint', () => { | ||
| it('returns an error because the user does not have access', async () => { | ||
| try { | ||
| await createJobs(['production', 'staging']); | ||
| expect(true).to.be(false); | ||
| } catch (e) { | ||
| const err = e as ApmApiError; | ||
| expect(err.res.status).to.be(403); | ||
| } | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { | ||
| APM_INDEX_SETTINGS_SAVED_OBJECT_ID, | ||
| APM_INDEX_SETTINGS_SAVED_OBJECT_TYPE, | ||
| } from '@kbn/apm-data-access-plugin/server/saved_objects/apm_indices'; | ||
| import expect from '@kbn/expect'; | ||
| import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context'; | ||
|
|
||
| export default function apmIndicesTests({ getService }: DeploymentAgnosticFtrProviderContext) { | ||
| const kibanaServer = getService('kibanaServer'); | ||
| const apmApiClient = getService('apmApi'); | ||
|
|
||
| async function deleteSavedObject() { | ||
| try { | ||
| return await kibanaServer.savedObjects.delete({ | ||
| type: APM_INDEX_SETTINGS_SAVED_OBJECT_TYPE, | ||
| id: APM_INDEX_SETTINGS_SAVED_OBJECT_ID, | ||
| }); | ||
| } catch (e) { | ||
| if (e.response.status !== 404) { | ||
| throw e; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| describe('APM Indices', () => { | ||
| beforeEach(async () => { | ||
| await deleteSavedObject(); | ||
| }); | ||
| afterEach(async () => { | ||
| await deleteSavedObject(); | ||
| }); | ||
iblancof marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| it('returns APM Indices', async () => { | ||
| const response = await apmApiClient.readUser({ | ||
| endpoint: 'GET /internal/apm/settings/apm-indices', | ||
| }); | ||
| expect(response.status).to.be(200); | ||
| expect(response.body).to.eql({ | ||
| transaction: 'traces-apm*,apm-*,traces-*.otel-*', | ||
| span: 'traces-apm*,apm-*,traces-*.otel-*', | ||
| error: 'logs-apm*,apm-*,logs-*.otel-*', | ||
| metric: 'metrics-apm*,apm-*,metrics-*.otel-*', | ||
| onboarding: 'apm-*', | ||
| sourcemap: 'apm-*', | ||
| }); | ||
| }); | ||
|
|
||
| it('updates apm indices', async () => { | ||
| const INDEX_VALUE = 'foo-*'; | ||
|
|
||
| const writeResponse = await apmApiClient.writeUser({ | ||
| endpoint: 'POST /internal/apm/settings/apm-indices/save', | ||
| params: { | ||
| body: { transaction: INDEX_VALUE }, | ||
| }, | ||
| }); | ||
| expect(writeResponse.status).to.be(200); | ||
|
|
||
| const readResponse = await apmApiClient.readUser({ | ||
| endpoint: 'GET /internal/apm/settings/apm-indices', | ||
| }); | ||
|
|
||
| expect(readResponse.status).to.be(200); | ||
| expect(readResponse.body.transaction).to.eql(INDEX_VALUE); | ||
| }); | ||
| }); | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for reorg the list. This was bothering me so much.