Skip to content

Commit

Permalink
[APM] Migrate settings API tests to be deployment-agnostic (elastic#2…
Browse files Browse the repository at this point in the history
…00762)

Closes elastic#198989
Part of elastic#193245

This PR contains the changes to migrate `settings` test folder to
deployment-agnostic testing strategy.

**Not Migrated**
- `agent_configuration`: Not available in Serverless.
- `anomaly_detection/no_access`: Involves the `noAccess` user role; we
are only migrating tests for `viewer`, `editor`, or `admin` roles.
- `anomaly_detection/update_to_v3`: Involves the deletion of ML jobs; we
will wait until an "ml" service is available to properly migrate these
tests.
- `anomaly_detection/write_user`: Involves the deletion of ML jobs; we
will wait until an "ml" service is available to properly migrate these
tests.

**Partially Migrated**
- `anomaly_detection/read_user`: Involves the
`apmAllPrivilegesWithoutWriteSettingsUser` role; only tests for the
`read` role have been migrated.
- `anomaly_detection/write_user`: Involves the
`apmReadPrivilegesWithWriteSettingsUser` role; only tests for the
`write` role have been migrated.
- `apm_indices`: Tests based on license have not been migrated.
custom_link: Involves the `apmReadPrivilegesWithWriteSettingsUser` role;
only tests for the trial `write` role have been migrated.
- `agent_keys`: Involves the `manageOwnAgentKeysUser` and
`createAndAllAgentKeysUser` roles; only tests for the `write` role have
been migrated.

### How to test

- Serverless

```
node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts
node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts
```

It's recommended to be run against
[MKI](https://github.com/crespocarlos/kibana/blob/main/x-pack/test_serverless/README.md#run-tests-on-mki)

- Stateful
```
node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
```

## Checks

- [ ] (OPTIONAL, only if a test has been unskipped) Run flaky test suite
- [x] local run for serverless
- [x] local run for stateful
- [x] MKI run for serverless

<!--ONMERGE {"backportTargets":["8.x"]} ONMERGE-->

---------

Co-authored-by: Carlos Crespo <[email protected]>
Co-authored-by: Carlos Crespo <[email protected]>
(cherry picked from commit 05bf56f)

# Conflicts:
#	x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/index.ts
  • Loading branch information
iblancof committed Nov 22, 2024
1 parent 54a410c commit cf75e0c
Show file tree
Hide file tree
Showing 14 changed files with 630 additions and 255 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -12,33 +12,34 @@ export default function apmApiIntegrationTests({
}: DeploymentAgnosticFtrProviderContext) {
describe('APM', function () {
loadTestFile(require.resolve('./agent_explorer'));
loadTestFile(require.resolve('./mobile'));
loadTestFile(require.resolve('./errors'));
loadTestFile(require.resolve('./alerts'));
loadTestFile(require.resolve('./cold_start'));
loadTestFile(require.resolve('./correlations'));
loadTestFile(require.resolve('./custom_dashboards'));
loadTestFile(require.resolve('./data_view'));
loadTestFile(require.resolve('./dependencies'));
loadTestFile(require.resolve('./diagnostics'));
loadTestFile(require.resolve('./entities'));
loadTestFile(require.resolve('./environment'));
loadTestFile(require.resolve('./error_rate'));
loadTestFile(require.resolve('./data_view'));
loadTestFile(require.resolve('./correlations'));
loadTestFile(require.resolve('./entities'));
loadTestFile(require.resolve('./cold_start'));
loadTestFile(require.resolve('./metrics'));
loadTestFile(require.resolve('./services'));
loadTestFile(require.resolve('./errors'));
loadTestFile(require.resolve('./historical_data'));
loadTestFile(require.resolve('./observability_overview'));
loadTestFile(require.resolve('./latency'));
loadTestFile(require.resolve('./infrastructure'));
loadTestFile(require.resolve('./service_maps'));
loadTestFile(require.resolve('./inspect'));
loadTestFile(require.resolve('./latency'));
loadTestFile(require.resolve('./metrics'));
loadTestFile(require.resolve('./mobile'));
loadTestFile(require.resolve('./observability_overview'));
loadTestFile(require.resolve('./service_groups'));
loadTestFile(require.resolve('./time_range_metadata'));
loadTestFile(require.resolve('./diagnostics'));
loadTestFile(require.resolve('./service_maps'));
loadTestFile(require.resolve('./service_nodes'));
loadTestFile(require.resolve('./service_overview'));
loadTestFile(require.resolve('./services'));
loadTestFile(require.resolve('./settings'));
loadTestFile(require.resolve('./span_links'));
loadTestFile(require.resolve('./suggestions'));
loadTestFile(require.resolve('./throughput'));
loadTestFile(require.resolve('./time_range_metadata'));
loadTestFile(require.resolve('./transactions'));
loadTestFile(require.resolve('./service_overview'));
});
}
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ export default function annotationApiTests({ getService }: DeploymentAgnosticFtr
});

response = (
await apmApiClient.readUser({
await apmApiClient.publicApi({
endpoint: 'GET /api/apm/services/{serviceName}/annotation/search 2023-10-31',
params: {
path: {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import expect from '@kbn/expect';
import { PrivilegeType, ClusterPrivilegeType } from '@kbn/apm-plugin/common/privilege_type';
import type { RoleCredentials } from '../../../../../services';
import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
import { expectToReject } from '../../../../../../../apm_api_integration/common/utils/expect_to_reject';
import type { ApmApiError } from '../../../../../services/apm_api';

export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
const apmApiClient = getService('apmApi');
const samlAuth = getService('samlAuth');

const agentKeyName = 'test';
const allApplicationPrivileges = [PrivilegeType.AGENT_CONFIG, PrivilegeType.EVENT];
const clusterPrivileges = [ClusterPrivilegeType.MANAGE_OWN_API_KEY];

async function createAgentKey(roleAuthc: RoleCredentials) {
return await apmApiClient.publicApi({
endpoint: 'POST /api/apm/agent_keys 2023-10-31',
params: {
body: {
name: agentKeyName,
privileges: allApplicationPrivileges,
},
},
roleAuthc,
});
}

async function invalidateAgentKey(id: string) {
return await apmApiClient.writeUser({
endpoint: 'POST /internal/apm/api_key/invalidate',
params: {
body: { id },
},
});
}

async function getAgentKeys() {
return await apmApiClient.writeUser({ endpoint: 'GET /internal/apm/agent_keys' });
}

describe('When the user does not have the required privileges', () => {
let roleAuthc: RoleCredentials;

before(async () => {
roleAuthc = await samlAuth.createM2mApiKeyWithRoleScope('editor');
});

after(async () => {
await samlAuth.invalidateM2mApiKeyWithRoleScope(roleAuthc);
});

describe('When the user does not have the required cluster privileges', () => {
it('should return an error when creating an agent key', async () => {
const error = await expectToReject<ApmApiError>(() => createAgentKey(roleAuthc));
expect(error.res.status).to.be(403);
expect(error.res.body.message).contain('is missing the following requested privilege');
expect(error.res.body.attributes).to.eql({
_inspect: [],
data: {
missingPrivileges: allApplicationPrivileges,
missingClusterPrivileges: clusterPrivileges,
},
});
});

it('should return an error when invalidating an agent key', async () => {
const error = await expectToReject<ApmApiError>(() => invalidateAgentKey(agentKeyName));
expect(error.res.status).to.be(500);
});

it('should return an error when getting a list of agent keys', async () => {
const error = await expectToReject<ApmApiError>(() => getAgentKeys());
expect(error.res.status).to.be(500);
});
});
});
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,13 @@
*/

import expect from '@kbn/expect';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
import { ApmApiError } from '../../../common/apm_api_supertest';
import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
import type { ApmApiError } from '../../../../../services/apm_api';

export default function apiTest({ getService }: FtrProviderContext) {
const registry = getService('registry');
const apmApiClient = getService('apmApiClient');
export default function apiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
const apmApiClient = getService('apmApi');

type SupertestAsUser =
| typeof apmApiClient.readUser
| typeof apmApiClient.writeUser
| typeof apmApiClient.noAccessUser;
type SupertestAsUser = typeof apmApiClient.readUser | typeof apmApiClient.writeUser;

function getJobs(user: SupertestAsUser) {
return user({ endpoint: `GET /internal/apm/settings/anomaly-detection/jobs` });
Expand All @@ -34,28 +30,21 @@ export default function apiTest({ getService }: FtrProviderContext) {
async function expectForbidden(user: SupertestAsUser) {
try {
await getJobs(user);
expect(true).to.be(false);
} catch (e) {
const err = e as ApmApiError;
expect(err.res.status).to.be(403);
}

try {
await createJobs(user, ['production', 'staging']);
expect(true).to.be(false);
} catch (e) {
const err = e as ApmApiError;
expect(err.res.status).to.be(403);
}
}

registry.when('ML jobs return a 403 for', { config: 'basic', archives: [] }, () => {
describe('ML jobs return a 403 for', () => {
describe('basic', function () {
this.tags('skipFIPS');
it('user without access', async () => {
await expectForbidden(apmApiClient.noAccessUser);
});

it('read user', async () => {
await expectForbidden(apmApiClient.readUser);
});
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import expect from '@kbn/expect';
import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
import type { ApmApiError } from '../../../../../services/apm_api';

export default function apiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
const apmApiClient = getService('apmApi');

function getJobs() {
return apmApiClient.readUser({ endpoint: `GET /internal/apm/settings/anomaly-detection/jobs` });
}

function createJobs(environments: string[]) {
return apmApiClient.readUser({
endpoint: `POST /internal/apm/settings/anomaly-detection/jobs`,
params: {
body: { environments },
},
});
}

describe('ML jobs', () => {
describe(`when readUser has read access to ML`, () => {
describe('when calling the endpoint for listing jobs', () => {
it('returns a list of jobs', async () => {
const { body } = await getJobs();

expect(body.jobs).not.to.be(undefined);
expect(body.hasLegacyJobs).to.be(false);
});
});

describe('when calling create endpoint', () => {
it('returns an error because the user does not have access', async () => {
try {
await createJobs(['production', 'staging']);
expect(true).to.be(false);
} catch (e) {
const err = e as ApmApiError;
expect(err.res.status).to.be(403);
}
});
});
});
});
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import {
APM_INDEX_SETTINGS_SAVED_OBJECT_ID,
APM_INDEX_SETTINGS_SAVED_OBJECT_TYPE,
} from '@kbn/apm-data-access-plugin/server/saved_objects/apm_indices';
import expect from '@kbn/expect';
import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';

export default function apmIndicesTests({ getService }: DeploymentAgnosticFtrProviderContext) {
const kibanaServer = getService('kibanaServer');
const apmApiClient = getService('apmApi');

async function deleteSavedObject() {
try {
return await kibanaServer.savedObjects.delete({
type: APM_INDEX_SETTINGS_SAVED_OBJECT_TYPE,
id: APM_INDEX_SETTINGS_SAVED_OBJECT_ID,
});
} catch (e) {
if (e.response.status !== 404) {
throw e;
}
}
}

describe('APM Indices', () => {
beforeEach(async () => {
await deleteSavedObject();
});

afterEach(async () => {
await deleteSavedObject();
});

it('returns APM Indices', async () => {
const response = await apmApiClient.readUser({
endpoint: 'GET /internal/apm/settings/apm-indices',
});
expect(response.status).to.be(200);
expect(response.body).to.eql({
transaction: 'traces-apm*,apm-*,traces-*.otel-*',
span: 'traces-apm*,apm-*,traces-*.otel-*',
error: 'logs-apm*,apm-*,logs-*.otel-*',
metric: 'metrics-apm*,apm-*,metrics-*.otel-*',
onboarding: 'apm-*',
sourcemap: 'apm-*',
});
});

it('updates apm indices', async () => {
const INDEX_VALUE = 'foo-*';

const writeResponse = await apmApiClient.writeUser({
endpoint: 'POST /internal/apm/settings/apm-indices/save',
params: {
body: { transaction: INDEX_VALUE },
},
});
expect(writeResponse.status).to.be(200);

const readResponse = await apmApiClient.readUser({
endpoint: 'GET /internal/apm/settings/apm-indices',
});

expect(readResponse.status).to.be(200);
expect(readResponse.body.transaction).to.eql(INDEX_VALUE);
});
});
}
Loading

0 comments on commit cf75e0c

Please sign in to comment.