Move new test outside of serverless area

elastic · Dec 18, 2023 · 474ed25 · 474ed25
1 parent 5b51b06
commit 474ed25
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 25 deletions.
diff --git a/x-pack/test/security_api_integration/tests/api_keys/has_active_key.ts b/x-pack/test/security_api_integration/tests/api_keys/has_active_key.ts
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import type { ApiKey } from '@kbn/security-plugin/common/model';
+import { adminTestUser } from '@kbn/test';
+import type { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ getService }: FtrProviderContext) {
+  const supertest = getService('supertestWithoutAuth');
+
+  const { username, password } = adminTestUser;
+  const credentials = Buffer.from(`${username}:${password}`).toString('base64');
+
+  const createKey = async () => {
+    const { body: apiKey } = await supertest
+      .post('/api_keys/_grant')
+      .set('Authorization', `Basic ${credentials}`)
+      .set('kbn-xsrf', 'xxx')
+      .send({ name: 'an-actual-api-key' })
+      .expect(200);
+    expect(apiKey.name).to.eql('an-actual-api-key');
+    return apiKey;
+  };
+
+  const cleanup = async () => {
+    // get existing keys which would affect test results
+    const { body, status } = await supertest
+      .get('/internal/security/api_key')
+      .set('Authorization', `Basic ${credentials}`);
+    expect(status).to.be(200);
+    const apiKeys: ApiKey[] = body.apiKeys;
+    const existing = apiKeys.map(({ id, name }) => ({ id, name }));
+
+    // invalidate the keys
+    const deleteResponse = await supertest
+      .post(`/internal/security/api_key/invalidate`)
+      .set('Authorization', `Basic ${credentials}`)
+      .set('kbn-xsrf', 'xxx')
+      .send({ apiKeys: existing, isAdmin: false });
+    expect(deleteResponse.status).to.be(200);
+    expect(deleteResponse.body).to.eql({
+      itemsInvalidated: existing,
+      errors: [],
+    });
+  };
+
+  describe('Has Active API Keys: _has_active', () => {
+    before(cleanup);
+    after(cleanup);
+
+    it('detects when user has no API Keys', async () => {
+      const { body, status } = await supertest
+        .get('/internal/security/api_key/_has_active')
+        .set('Authorization', `Basic ${credentials}`)
+        .set('kbn-xsrf', 'xxx');
+
+      expect(status).to.be(200);
+      expect(body).to.eql({ hasApiKeys: false });
+    });
+
+    it('detects when user has some API Keys', async () => {
+      await createKey();
+
+      const { body, status } = await supertest
+        .get('/internal/security/api_key/_has_active')
+        .set('Authorization', `Basic ${credentials}`)
+        .set('kbn-xsrf', 'xxx');
+
+      expect(status).to.be(200);
+      expect(body).to.eql({ hasApiKeys: true });
+    });
+  });
+}
diff --git a/x-pack/test/security_api_integration/tests/api_keys/index.ts b/x-pack/test/security_api_integration/tests/api_keys/index.ts
@@ -10,5 +10,6 @@ import { FtrProviderContext } from '../../ftr_provider_context';
 export default function ({ loadTestFile }: FtrProviderContext) {
   describe('security APIs - Api Keys', function () {
     loadTestFile(require.resolve('./grant_api_key'));
+    loadTestFile(require.resolve('./has_active_key'));
   });
 }
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts
@@ -163,31 +163,6 @@ export default function ({ getService }: FtrProviderContext) {
           expect(status).toBe(200);
         });
 
-        it('_has_active', async () => {
-          let body: unknown;
-          let status: number;
-
-          ({ body, status } = await supertest
-            .get('/internal/security/api_key/_has_active')
-            .set(svlCommonApi.getCommonRequestHeader()));
-          // expect a rejection because we're not using the internal header
-          expect(body).toEqual({
-            statusCode: 400,
-            error: 'Bad Request',
-            message: expect.stringContaining(
-              'method [get] exists but is not available with the current configuration'
-            ),
-          });
-          expect(status).toBe(400);
-
-          ({ body, status } = await supertest
-            .get('/internal/security/api_key/_has_active')
-            .set(svlCommonApi.getInternalRequestHeader()));
-          // expect success because we're using the internal header
-          expect(status).toBe(200);
-          expect(body).toEqual({ hasApiKeys: true });
-        });
-
         it('invalidate', async () => {
           let body: unknown;
           let status: number;