Skip to content

Commit

Permalink
[Security Solution][Endpoint] Fix Cypress test to work with refactore…
Browse files Browse the repository at this point in the history
…d Roles page (elastic#202770)

## Summary

- Fixes cypress tests for space awareness RBAC checks to work with the
recent changes to the core Role page
    - Fixes elastic#200962
    - Fixes elastic#200967
- Enables test file for runs on Serverless MKI environments
  • Loading branch information
paul-tavares authored and mykolaharmash committed Dec 11, 2024
1 parent 8020c7e commit 0a84c14
Show file tree
Hide file tree
Showing 11 changed files with 86 additions and 17 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,5 @@ export const KIBANA_KNOWN_DEFAULT_ACCOUNTS = {
elastic: 'elastic',
elastic_serverless: 'elastic_serverless',
system_indices_superuser: 'system_indices_superuser',
admin: 'admin',
} as const;
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,17 @@
* 2.0.
*/

import {
expandEndpointSecurityFeaturePrivileges,
expandSecuritySolutionCategoryKibanaPrivileges,
navigateToRolePage,
openKibanaFeaturePrivilegesFlyout,
setKibanaPrivilegeSpace,
} from '../../screens/stack_management/role_page';
import { closeAllToasts } from '../../tasks/toasts';
import { login, ROLE } from '../../tasks/login';
import { loadPage } from '../../tasks/common';

// FLAKY: https://github.com/elastic/kibana/issues/200967
describe.skip('When defining a kibana role for Endpoint security access', { tags: '@ess' }, () => {
describe('When defining a kibana role for Endpoint security access', { tags: '@ess' }, () => {
const getAllSubFeatureRows = (): Cypress.Chainable<JQuery<HTMLElement>> => {
return cy
.get('#featurePrivilegeControls_siem')
Expand All @@ -20,11 +25,13 @@ describe.skip('When defining a kibana role for Endpoint security access', { tags

beforeEach(() => {
login(ROLE.system_indices_superuser);
loadPage('/app/management/security/roles/edit');
navigateToRolePage();
closeAllToasts();
cy.getByTestSubj('addSpacePrivilegeButton').click();
cy.getByTestSubj('featureCategoryButton_securitySolution').closest('button').click();
cy.get('.featurePrivilegeName:contains("Security")').closest('button').click();

openKibanaFeaturePrivilegesFlyout();
setKibanaPrivilegeSpace('default');
expandSecuritySolutionCategoryKibanaPrivileges();
expandEndpointSecurityFeaturePrivileges();
});

it('should display RBAC entries with expected controls', () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,10 @@ import {
setSecuritySolutionEndpointGroupPrivilege,
} from '../../screens/stack_management/role_page';

// Failing: See https://github.com/elastic/kibana/issues/200962
describe.skip(
describe(
'When defining a kibana role for Endpoint security access with space awareness enabled',
{
// TODO:PR Remove `'@skipInServerlessMKI` once PR merges to `main`
// TODO:PR Remove `'@skipInServerlessMKI` once PR merges to `main` and feature flag is enabled in prod.
tags: ['@ess', '@serverless', '@serverlessMKI', '@skipInServerlessMKI'],
env: {
ftrConfig: {
Expand All @@ -44,11 +43,13 @@ describe.skip(
},
},
() => {
let spaceId: string = '';
// In Serverless MKI we use `admin` for the login user... other deployments use system indices superuser
const loginUser = Cypress.env('CLOUD_SERVERLESS') ? ROLE.admin : ROLE.system_indices_superuser;
const roleName = `test_${Math.random().toString().substring(2, 6)}`;
let spaceId: string = '';

before(() => {
login(ROLE.system_indices_superuser);
login(loginUser);
createSpace(`foo_${Math.random().toString().substring(2, 6)}`).then((response) => {
spaceId = response.body.id;
});
Expand All @@ -62,16 +63,16 @@ describe.skip(
});

beforeEach(() => {
login(ROLE.system_indices_superuser);
login(loginUser);
navigateToRolePage();
setRoleName(roleName);
openKibanaFeaturePrivilegesFlyout();
setKibanaPrivilegeSpace(spaceId);
expandSecuritySolutionCategoryKibanaPrivileges();
expandEndpointSecurityFeaturePrivileges();
});

it('should allow configuration per-space', () => {
setKibanaPrivilegeSpace(spaceId);
setSecuritySolutionEndpointGroupPrivilege('all');
clickEndpointSubFeaturePrivilegesCustomization();
setEndpointSubFeaturePrivilege('endpoint_list', 'all');
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,15 @@ describe(
}
});

afterEach(function () {
if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) {
cy.task('captureHostVmAgentDiagnostics', {
hostname: createdHost.hostname,
fileNamePrefix: this.currentTest?.fullTitle(),
});
}
});

it('should open responder from alert details flyout', () => {
waitForEndpointListPageToBeLoaded(createdHost.hostname);
toggleRuleOffAndOn(ruleName);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,15 @@ describe('Response console', { tags: ['@ess', '@serverless'] }, () => {
}
});

afterEach(function () {
if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) {
cy.task('captureHostVmAgentDiagnostics', {
hostname: createdHost.hostname,
fileNamePrefix: this.currentTest?.fullTitle(),
});
}
});

it('"execute --command" - should execute a command', () => {
waitForEndpointListPageToBeLoaded(createdHost.hostname);
openResponseConsoleFromEndpointList();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,15 @@ describe('Response console', { tags: ['@ess', '@serverless'] }, () => {
}
});

afterEach(function () {
if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) {
cy.task('captureHostVmAgentDiagnostics', {
hostname: createdHost.hostname,
fileNamePrefix: this.currentTest?.fullTitle(),
});
}
});

describe('Host Isolation:', () => {
beforeEach(() => {
login();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,15 @@ describe.skip('Response console', { tags: ['@ess', '@serverless', '@skipInServer
}
});

afterEach(function () {
if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) {
cy.task('captureHostVmAgentDiagnostics', {
hostname: createdHost.hostname,
fileNamePrefix: this.currentTest?.fullTitle(),
});
}
});

it('"processes" - should obtain a list of processes', () => {
waitForEndpointListPageToBeLoaded(createdHost.hostname);
openResponseConsoleFromEndpointList();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,15 @@ describe('Response console', { tags: ['@ess', '@serverless'] }, () => {
}
});

afterEach(function () {
if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) {
cy.task('captureHostVmAgentDiagnostics', {
hostname: createdHost.hostname,
fileNamePrefix: this.currentTest?.fullTitle(),
});
}
});

describe('Host Isolation:', () => {
beforeEach(() => {
login();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,15 @@ describe(
}
});

afterEach(function () {
if (Cypress.env('IS_CI') && this.currentTest?.isFailed() && createdHost) {
cy.task('captureHostVmAgentDiagnostics', {
hostname: createdHost.hostname,
fileNamePrefix: this.currentTest?.fullTitle(),
});
}
});

[
['file', filePath],
['folder', homeFilePath],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,13 @@ export const setKibanaPrivilegeSpace = (spaceId: string) => {
cy.getByTestSubj('comboBoxOptionsList spaceSelectorComboBox-optionsList')
.find(`button#spaceOption_${spaceId}`)
.click();

// Wait for the selection to be added to the list of selected spaces
cy.getByTestSubj('spaceSelectorComboBox').find(`#spaceOption_${spaceId}`);

// This `click()` just ensures that the combox in the UI is "closed" after the
// selection and mouse focus is moved away from that field.
getKibanaFeaturePrivilegesFlyout().click();
};

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,12 @@ import type { LoginState } from '@kbn/security-plugin/common/login_state';
import type { Role } from '@kbn/security-plugin/common';
import { ENDPOINT_SECURITY_ROLE_NAMES } from '../../../../scripts/endpoint/common/roles_users';
import type { SecurityTestUser } from '../common/constants';
import { KIBANA_KNOWN_DEFAULT_ACCOUNTS } from '../common/constants';
import { COMMON_API_HEADERS, request } from './common';

export const ROLE = Object.freeze<Record<SecurityTestUser, SecurityTestUser>>({
...ENDPOINT_SECURITY_ROLE_NAMES,
elastic: 'elastic',
elastic_serverless: 'elastic_serverless',
system_indices_superuser: 'system_indices_superuser',
...KIBANA_KNOWN_DEFAULT_ACCOUNTS,
});

interface CyLoginTask {
Expand Down

0 comments on commit 0a84c14

Please sign in to comment.