From f1fadc2ae5e00369fd9f220666eee2e6967b3005 Mon Sep 17 00:00:00 2001 From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com> Date: Thu, 5 Dec 2024 10:56:53 -0500 Subject: [PATCH] [Security Solution][Endpoint] Fix Cypress test to work with refactored Roles page (#202770) ## Summary - Fixes cypress tests for space awareness RBAC checks to work with the recent changes to the core Role page - Fixes #200962 - Fixes #200967 - Enables test file for runs on Serverless MKI environments (cherry picked from commit 5262902a86a6b2b549e61b81037ce77933e2d484) # Conflicts: # x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac.cy.ts --- .../management/cypress/common/constants.ts | 1 + .../cypress/e2e/rbac/endpoint_role_rbac.cy.ts | 21 ++++++++++++------- ...point_role_rbac_with_space_awareness.cy.ts | 15 ++++++------- .../alerts_response_console.cy.ts | 9 ++++++++ .../response_console/execute.cy.ts | 9 ++++++++ .../response_console/isolate.cy.ts | 9 ++++++++ .../response_console/process_operations.cy.ts | 9 ++++++++ .../response_console/release.cy.ts | 9 ++++++++ .../response_console/scan.cy.ts | 9 ++++++++ .../screens/stack_management/role_page.ts | 7 +++++++ .../public/management/cypress/tasks/login.ts | 5 ++--- 11 files changed, 86 insertions(+), 17 deletions(-) diff --git a/x-pack/plugins/security_solution/public/management/cypress/common/constants.ts b/x-pack/plugins/security_solution/public/management/cypress/common/constants.ts index 41f08f438e3f8..0266914a17182 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/common/constants.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/common/constants.ts @@ -18,4 +18,5 @@ export const KIBANA_KNOWN_DEFAULT_ACCOUNTS = { elastic: 'elastic', elastic_serverless: 'elastic_serverless', system_indices_superuser: 'system_indices_superuser', + admin: 'admin', } as const; diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac.cy.ts index 015ebbc3b0201..2c5ea11329f31 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac.cy.ts @@ -5,12 +5,17 @@ * 2.0. */ +import { + expandEndpointSecurityFeaturePrivileges, + expandSecuritySolutionCategoryKibanaPrivileges, + navigateToRolePage, + openKibanaFeaturePrivilegesFlyout, + setKibanaPrivilegeSpace, +} from '../../screens/stack_management/role_page'; import { closeAllToasts } from '../../tasks/toasts'; import { login, ROLE } from '../../tasks/login'; -import { loadPage } from '../../tasks/common'; -// Failing: See https://github.com/elastic/kibana/issues/200967 -describe.skip('When defining a kibana role for Endpoint security access', { tags: '@ess' }, () => { +describe('When defining a kibana role for Endpoint security access', { tags: '@ess' }, () => { const getAllSubFeatureRows = (): Cypress.Chainable> => { return cy .get('#featurePrivilegeControls_siem') @@ -20,11 +25,13 @@ describe.skip('When defining a kibana role for Endpoint security access', { tags beforeEach(() => { login(ROLE.system_indices_superuser); - loadPage('/app/management/security/roles/edit'); + navigateToRolePage(); closeAllToasts(); - cy.getByTestSubj('addSpacePrivilegeButton').click(); - cy.getByTestSubj('featureCategoryButton_securitySolution').closest('button').click(); - cy.get('.featurePrivilegeName:contains("Security")').closest('button').click(); + + openKibanaFeaturePrivilegesFlyout(); + setKibanaPrivilegeSpace('default'); + expandSecuritySolutionCategoryKibanaPrivileges(); + expandEndpointSecurityFeaturePrivileges(); }); it('should display RBAC entries with expected controls', () => { diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac_with_space_awareness.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac_with_space_awareness.cy.ts index d2a86e7899aee..41f6613be88be 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac_with_space_awareness.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac_with_space_awareness.cy.ts @@ -23,11 +23,10 @@ import { setSecuritySolutionEndpointGroupPrivilege, } from '../../screens/stack_management/role_page'; -// Failing: See https://github.com/elastic/kibana/issues/200962 -describe.skip( +describe( 'When defining a kibana role for Endpoint security access with space awareness enabled', { - // TODO:PR Remove `'@skipInServerlessMKI` once PR merges to `main` + // TODO:PR Remove `'@skipInServerlessMKI` once PR merges to `main` and feature flag is enabled in prod. tags: ['@ess', '@serverless', '@serverlessMKI', '@skipInServerlessMKI'], env: { ftrConfig: { @@ -44,11 +43,13 @@ describe.skip( }, }, () => { - let spaceId: string = ''; + // In Serverless MKI we use `admin` for the login user... other deployments use system indices superuser + const loginUser = Cypress.env('CLOUD_SERVERLESS') ? ROLE.admin : ROLE.system_indices_superuser; const roleName = `test_${Math.random().toString().substring(2, 6)}`; + let spaceId: string = ''; before(() => { - login(ROLE.system_indices_superuser); + login(loginUser); createSpace(`foo_${Math.random().toString().substring(2, 6)}`).then((response) => { spaceId = response.body.id; }); @@ -62,16 +63,16 @@ describe.skip( }); beforeEach(() => { - login(ROLE.system_indices_superuser); + login(loginUser); navigateToRolePage(); setRoleName(roleName); openKibanaFeaturePrivilegesFlyout(); + setKibanaPrivilegeSpace(spaceId); expandSecuritySolutionCategoryKibanaPrivileges(); expandEndpointSecurityFeaturePrivileges(); }); it('should allow configuration per-space', () => { - setKibanaPrivilegeSpace(spaceId); setSecuritySolutionEndpointGroupPrivilege('all'); clickEndpointSubFeaturePrivilegesCustomization(); setEndpointSubFeaturePrivilege('endpoint_list', 'all'); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/alerts_response_console.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/alerts_response_console.cy.ts index d741c3a7f0e59..eed5970fbc9d0 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/alerts_response_console.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/alerts_response_console.cy.ts @@ -85,6 +85,15 @@ describe( } }); + afterEach(function () { + if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) { + cy.task('captureHostVmAgentDiagnostics', { + hostname: createdHost.hostname, + fileNamePrefix: this.currentTest?.fullTitle(), + }); + } + }); + it('should open responder from alert details flyout', () => { waitForEndpointListPageToBeLoaded(createdHost.hostname); toggleRuleOffAndOn(ruleName); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/execute.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/execute.cy.ts index 042031b301185..d5f3bd7d956af 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/execute.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/execute.cy.ts @@ -63,6 +63,15 @@ describe('Response console', { tags: ['@ess', '@serverless'] }, () => { } }); + afterEach(function () { + if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) { + cy.task('captureHostVmAgentDiagnostics', { + hostname: createdHost.hostname, + fileNamePrefix: this.currentTest?.fullTitle(), + }); + } + }); + it('"execute --command" - should execute a command', () => { waitForEndpointListPageToBeLoaded(createdHost.hostname); openResponseConsoleFromEndpointList(); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/isolate.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/isolate.cy.ts index f89f2a6f62ecf..b08dcd0eea492 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/isolate.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/isolate.cy.ts @@ -61,6 +61,15 @@ describe('Response console', { tags: ['@ess', '@serverless'] }, () => { } }); + afterEach(function () { + if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) { + cy.task('captureHostVmAgentDiagnostics', { + hostname: createdHost.hostname, + fileNamePrefix: this.currentTest?.fullTitle(), + }); + } + }); + describe('Host Isolation:', () => { beforeEach(() => { login(); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/process_operations.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/process_operations.cy.ts index e09aa8dc9fc85..f28c2b3d6dee4 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/process_operations.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/process_operations.cy.ts @@ -66,6 +66,15 @@ describe('Response console', { tags: ['@ess', '@serverless', '@skipInServerlessM } }); + afterEach(function () { + if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) { + cy.task('captureHostVmAgentDiagnostics', { + hostname: createdHost.hostname, + fileNamePrefix: this.currentTest?.fullTitle(), + }); + } + }); + it('"processes" - should obtain a list of processes', () => { waitForEndpointListPageToBeLoaded(createdHost.hostname); openResponseConsoleFromEndpointList(); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/release.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/release.cy.ts index d11b7210713a8..4f45522a76ecf 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/release.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/release.cy.ts @@ -62,6 +62,15 @@ describe('Response console', { tags: ['@ess', '@serverless'] }, () => { } }); + afterEach(function () { + if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) { + cy.task('captureHostVmAgentDiagnostics', { + hostname: createdHost.hostname, + fileNamePrefix: this.currentTest?.fullTitle(), + }); + } + }); + describe('Host Isolation:', () => { beforeEach(() => { login(); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts index 04630647ed35f..e9ca6a7ee4229 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts @@ -81,6 +81,15 @@ describe( } }); + afterEach(function () { + if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) { + cy.task('captureHostVmAgentDiagnostics', { + hostname: createdHost.hostname, + fileNamePrefix: this.currentTest?.fullTitle(), + }); + } + }); + [ ['file', filePath], ['folder', homeFilePath], diff --git a/x-pack/plugins/security_solution/public/management/cypress/screens/stack_management/role_page.ts b/x-pack/plugins/security_solution/public/management/cypress/screens/stack_management/role_page.ts index fb9b798b93d6e..a3e7bbc7e4e89 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/screens/stack_management/role_page.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/screens/stack_management/role_page.ts @@ -85,6 +85,13 @@ export const setKibanaPrivilegeSpace = (spaceId: string) => { cy.getByTestSubj('comboBoxOptionsList spaceSelectorComboBox-optionsList') .find(`button#spaceOption_${spaceId}`) .click(); + + // Wait for the selection to be added to the list of selected spaces + cy.getByTestSubj('spaceSelectorComboBox').find(`#spaceOption_${spaceId}`); + + // This `click()` just ensures that the combox in the UI is "closed" after the + // selection and mouse focus is moved away from that field. + getKibanaFeaturePrivilegesFlyout().click(); }; /** diff --git a/x-pack/plugins/security_solution/public/management/cypress/tasks/login.ts b/x-pack/plugins/security_solution/public/management/cypress/tasks/login.ts index fc95d174c4dd7..0a2cee2b31fe5 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/tasks/login.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/tasks/login.ts @@ -9,13 +9,12 @@ import type { LoginState } from '@kbn/security-plugin/common/login_state'; import type { Role } from '@kbn/security-plugin/common'; import { ENDPOINT_SECURITY_ROLE_NAMES } from '../../../../scripts/endpoint/common/roles_users'; import type { SecurityTestUser } from '../common/constants'; +import { KIBANA_KNOWN_DEFAULT_ACCOUNTS } from '../common/constants'; import { COMMON_API_HEADERS, request } from './common'; export const ROLE = Object.freeze>({ ...ENDPOINT_SECURITY_ROLE_NAMES, - elastic: 'elastic', - elastic_serverless: 'elastic_serverless', - system_indices_superuser: 'system_indices_superuser', + ...KIBANA_KNOWN_DEFAULT_ACCOUNTS, }); interface CyLoginTask {