[7.x] Migrate Security and EncryptedSavedObjects test plugins to the …

…Kibana Platform (#61864)
elastic · Mar 30, 2020 · 07f5798 · 07f5798
1 parent b7f1c29
commit 07f5798
Show file tree

Hide file tree

Showing 20 changed files with 249 additions and 220 deletions.
diff --git a/x-pack/scripts/functional_tests.js b/x-pack/scripts/functional_tests.js
@@ -28,6 +28,7 @@ require('@kbn/test').runTestsCli([
   require.resolve('../test/oidc_api_integration/implicit_flow.config'),
   require.resolve('../test/pki_api_integration/config'),
   require.resolve('../test/login_selector_api_integration/config'),
+  require.resolve('../test/encrypted_saved_objects_api_integration/config'),
   require.resolve('../test/spaces_api_integration/spaces_only/config'),
   require.resolve('../test/spaces_api_integration/security_and_spaces/config_trial'),
   require.resolve('../test/spaces_api_integration/security_and_spaces/config_basic'),

diff --git a/x-pack/test/encrypted_saved_objects_api_integration/config.ts b/x-pack/test/encrypted_saved_objects_api_integration/config.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { resolve } from 'path';
+import { FtrConfigProviderContext } from '@kbn/test/types/ftr';
+import { services } from './services';
+
+export default async function({ readConfigFile }: FtrConfigProviderContext) {
+  const xPackAPITestsConfig = await readConfigFile(require.resolve('../api_integration/config.js'));
+
+  return {
+    testFiles: [require.resolve('./tests')],
+    servers: xPackAPITestsConfig.get('servers'),
+    services,
+    junit: {
+      reportName: 'X-Pack Encrypted Saved Objects API Integration Tests',
+    },
+    esTestCluster: xPackAPITestsConfig.get('esTestCluster'),
+    kbnTestServer: {
+      ...xPackAPITestsConfig.get('kbnTestServer'),
+      serverArgs: [
+        ...xPackAPITestsConfig.get('kbnTestServer.serverArgs'),
+        `--plugin-path=${resolve(__dirname, './fixtures/api_consumer_plugin')}`,
+      ],
+    },
+  };
+}
diff --git a/x-pack/test/encrypted_saved_objects_api_integration/fixtures/api_consumer_plugin/kibana.json b/x-pack/test/encrypted_saved_objects_api_integration/fixtures/api_consumer_plugin/kibana.json
@@ -0,0 +1,8 @@
+{
+  "id": "eso",
+  "version": "8.0.0",
+  "kibanaVersion": "kibana",
+  "requiredPlugins": ["encryptedSavedObjects", "spaces"],
+  "server": true,
+  "ui": false
+}
diff --git a/...test/encrypted_saved_objects_api_integration/fixtures/api_consumer_plugin/server/index.ts b/...test/encrypted_saved_objects_api_integration/fixtures/api_consumer_plugin/server/index.ts
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { CoreSetup, PluginInitializer } from '../../../../../../src/core/server';
+import { deepFreeze } from '../../../../../../src/core/utils';
+import {
+  EncryptedSavedObjectsPluginSetup,
+  EncryptedSavedObjectsPluginStart,
+} from '../../../../../plugins/encrypted_saved_objects/server';
+import { SpacesPluginSetup } from '../../../../../plugins/spaces/server';
+
+const SAVED_OBJECT_WITH_SECRET_TYPE = 'saved-object-with-secret';
+
+interface PluginsSetup {
+  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup;
+  spaces: SpacesPluginSetup;
+}
+
+interface PluginsStart {
+  encryptedSavedObjects: EncryptedSavedObjectsPluginStart;
+  spaces: never;
+}
+
+export const plugin: PluginInitializer<void, void, PluginsSetup, PluginsStart> = () => ({
+  setup(core: CoreSetup<PluginsStart>, deps) {
+    core.savedObjects.registerType({
+      name: SAVED_OBJECT_WITH_SECRET_TYPE,
+      hidden: false,
+      namespaceAgnostic: false,
+      mappings: deepFreeze({
+        properties: {
+          publicProperty: { type: 'keyword' },
+          publicPropertyExcludedFromAAD: { type: 'keyword' },
+          privateProperty: { type: 'binary' },
+        },
+      }),
+    });
+
+    deps.encryptedSavedObjects.registerType({
+      type: SAVED_OBJECT_WITH_SECRET_TYPE,
+      attributesToEncrypt: new Set(['privateProperty']),
+      attributesToExcludeFromAAD: new Set(['publicPropertyExcludedFromAAD']),
+    });
+
+    core.http.createRouter().get(
+      {
+        path: '/api/saved_objects/get-decrypted-as-internal-user/{id}',
+        validate: { params: value => ({ value }) },
+      },
+      async (context, request, response) => {
+        const [, { encryptedSavedObjects }] = await core.getStartServices();
+        const spaceId = deps.spaces.spacesService.getSpaceId(request);
+        const namespace = deps.spaces.spacesService.spaceIdToNamespace(spaceId);
+
+        try {
+          return response.ok({
+            body: await encryptedSavedObjects.getDecryptedAsInternalUser(
+              SAVED_OBJECT_WITH_SECRET_TYPE,
+              request.params.id,
+              { namespace }
+            ),
+          });
+        } catch (err) {
+          if (encryptedSavedObjects.isEncryptionError(err)) {
+            return response.badRequest({ body: 'Failed to encrypt attributes' });
+          }
+
+          return response.customError({ body: err, statusCode: 500 });
+        }
+      }
+    );
+  },
+  start() {},
+  stop() {},
+});
diff --git a/x-pack/test/encrypted_saved_objects_api_integration/ftr_provider_context.d.ts b/x-pack/test/encrypted_saved_objects_api_integration/ftr_provider_context.d.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { GenericFtrProviderContext } from '@kbn/test/types/ftr';
+
+import { services } from './services';
+
+export type FtrProviderContext = GenericFtrProviderContext<typeof services, {}>;
diff --git a/x-pack/test/encrypted_saved_objects_api_integration/services.ts b/x-pack/test/encrypted_saved_objects_api_integration/services.ts
@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export { services } from '../api_integration/services';
diff --git a/...ed_objects/encrypted_saved_objects_api.ts → ...tion/tests/encrypted_saved_objects_api.ts b/...ed_objects/encrypted_saved_objects_api.ts → ...tion/tests/encrypted_saved_objects_api.ts
@@ -6,7 +6,7 @@
 
 import expect from '@kbn/expect';
 import { SavedObject } from 'src/core/server';
-import { FtrProviderContext } from '../../ftr_provider_context';
+import { FtrProviderContext } from '../ftr_provider_context';
 
 export default function({ getService }: FtrProviderContext) {
   const es = getService('legacyEs');

diff --git a/...t_suites/encrypted_saved_objects/index.ts → ...ed_objects_api_integration/tests/index.ts b/...t_suites/encrypted_saved_objects/index.ts → ...ed_objects_api_integration/tests/index.ts
@@ -4,7 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { FtrProviderContext } from '../../ftr_provider_context';
+import { FtrProviderContext } from '../ftr_provider_context';
 
 export default function({ loadTestFile }: FtrProviderContext) {
   describe('encryptedSavedObjects', function encryptedSavedObjectsSuite() {

diff --git a/x-pack/test/login_selector_api_integration/config.ts b/x-pack/test/login_selector_api_integration/config.ts
@@ -130,11 +130,6 @@ export default async function({ readConfigFile }: FtrConfigProviderContext) {
             saml2: { order: 5, realm: 'saml2', maxRedirectURLSize: '100b' },
           },
         })}`,
-        '--server.xsrf.whitelist',
-        JSON.stringify([
-          '/api/oidc_provider/token_endpoint',
-          '/api/oidc_provider/userinfo_endpoint',
-        ]),
       ],
     },
   };

diff --git a/x-pack/test/oidc_api_integration/config.ts b/x-pack/test/oidc_api_integration/config.ts
@@ -51,12 +51,6 @@ export default async function({ readConfigFile }: FtrConfigProviderContext) {
         `--plugin-path=${plugin}`,
         '--xpack.security.authc.providers=["oidc"]',
         '--xpack.security.authc.oidc.realm="oidc1"',
-        '--server.xsrf.whitelist',
-        JSON.stringify([
-          '/api/security/oidc/initiate_login',
-          '/api/oidc_provider/token_endpoint',
-          '/api/oidc_provider/userinfo_endpoint',
-        ]),
       ],
     },
   };

diff --git a/x-pack/test/oidc_api_integration/fixtures/oidc_provider/init_routes.js b/x-pack/test/oidc_api_integration/fixtures/oidc_provider/init_routes.js
diff --git a/x-pack/test/oidc_api_integration/fixtures/oidc_provider/kibana.json b/x-pack/test/oidc_api_integration/fixtures/oidc_provider/kibana.json
@@ -0,0 +1,7 @@
+{
+  "id": "oidc_provider_plugin",
+  "version": "8.0.0",
+  "kibanaVersion": "kibana",
+  "server": true,
+  "ui": false
+}
diff --git a/x-pack/test/oidc_api_integration/fixtures/oidc_provider/package.json b/x-pack/test/oidc_api_integration/fixtures/oidc_provider/package.json
diff --git a/...tegration/fixtures/oidc_provider/index.js → ...on/fixtures/oidc_provider/server/index.ts b/...tegration/fixtures/oidc_provider/index.js → ...on/fixtures/oidc_provider/server/index.ts
@@ -4,16 +4,11 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { PluginInitializer } from '../../../../../../src/core/server';
 import { initRoutes } from './init_routes';
 
-export default function(kibana) {
-  return new kibana.Plugin({
-    name: 'oidcProvider',
-    id: 'oidcProvider',
-    require: ['elasticsearch'],
-
-    init(server) {
-      initRoutes(server);
-    },
-  });
-}
+export const plugin: PluginInitializer<void, void> = () => ({
+  setup: core => initRoutes(core.http.createRouter()),
+  start: () => {},
+  stop: () => {},
+});