From 65639635a74482796cdcdc2d62a9a0a4fc777257 Mon Sep 17 00:00:00 2001 From: Frank Hassanabad Date: Tue, 9 Feb 2021 22:01:55 -0700 Subject: [PATCH] [7.x] [Security Solutions][Detection Engine] Unskips tests after ES promotion and adds deleteUserRole utility (#90533) (#90847) * [Security Solutions][Detection Engine] Unskips tests after ES promotion and adds deleteUserRole utility (#90533) ## Summary Unskips tests after a ES promotion and adds a delete user role utility. Ref: https://github.com/elastic/kibana/issues/90229 https://github.com/elastic/kibana/issues/88302 Removes one `any` from the utils by switching to using `ProvidedType` Before: Screen Shot 2021-02-05 at 2 45 37 PM After: Screen Shot 2021-02-05 at 4 13 23 PM Turns out that return types on overloaded functions aren't easy fwiw and will fall on the bottom one which in this case looked to be `any` which we don't want: https://github.com/Microsoft/TypeScript/issues/24275#issuecomment-390701982 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios # Conflicts: # x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_index.ts # x-pack/test/detection_engine_api_integration/security_and_spaces/tests/delete_signals_migrations.ts * Fixes test failure as the permissions are true for 7.x -> 7.12 compared to false for 7.11 --- .../roles_users_utils/index.ts | 40 +++++++--- .../security_and_spaces/tests/create_index.ts | 74 ++++++++++++++----- .../tests/create_signals_migrations.ts | 7 +- .../tests/delete_signals_migrations.ts | 15 ++-- .../tests/finalize_signals_migrations.ts | 12 +-- .../tests/get_signals_migration_status.ts | 7 +- .../tests/open_close_signals.ts | 11 ++- .../tests/read_privileges.ts | 24 +++++- 8 files changed, 132 insertions(+), 58 deletions(-) diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/roles_users_utils/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/roles_users_utils/index.ts index 1d3e5244a59ed..9e84ad0a547aa 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/roles_users_utils/index.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/roles_users_utils/index.ts @@ -6,6 +6,7 @@ */ import { assertUnreachable } from '../../../../plugins/security_solution/common/utility_types'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; import { t1AnalystUser, t2AnalystUser, @@ -26,10 +27,9 @@ import { } from '../../../../plugins/security_solution/server/lib/detection_engine/scripts/roles_users'; import { ROLES } from '../../../../plugins/security_solution/common/test'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; export const createUserAndRole = async ( - securityService: ReturnType, + getService: FtrProviderContext['getService'], role: ROLES ): Promise => { switch (role) { @@ -38,32 +38,47 @@ export const createUserAndRole = async ( ROLES.detections_admin, detectionsAdminRole, detectionsAdminUser, - securityService + getService ); case ROLES.t1_analyst: - return postRoleAndUser(ROLES.t1_analyst, t1AnalystRole, t1AnalystUser, securityService); + return postRoleAndUser(ROLES.t1_analyst, t1AnalystRole, t1AnalystUser, getService); case ROLES.t2_analyst: - return postRoleAndUser(ROLES.t2_analyst, t2AnalystRole, t2AnalystUser, securityService); + return postRoleAndUser(ROLES.t2_analyst, t2AnalystRole, t2AnalystUser, getService); case ROLES.hunter: - return postRoleAndUser(ROLES.hunter, hunterRole, hunterUser, securityService); + return postRoleAndUser(ROLES.hunter, hunterRole, hunterUser, getService); case ROLES.rule_author: - return postRoleAndUser(ROLES.rule_author, ruleAuthorRole, ruleAuthorUser, securityService); + return postRoleAndUser(ROLES.rule_author, ruleAuthorRole, ruleAuthorUser, getService); case ROLES.soc_manager: - return postRoleAndUser(ROLES.soc_manager, socManagerRole, socManagerUser, securityService); + return postRoleAndUser(ROLES.soc_manager, socManagerRole, socManagerUser, getService); case ROLES.platform_engineer: return postRoleAndUser( ROLES.platform_engineer, platformEngineerRole, platformEngineerUser, - securityService + getService ); case ROLES.reader: - return postRoleAndUser(ROLES.reader, readerRole, readerUser, securityService); + return postRoleAndUser(ROLES.reader, readerRole, readerUser, getService); default: return assertUnreachable(role); } }; +/** + * Given a roleName and security service this will delete the roleName + * and user + * @param roleName The user and role to delete with the same name + * @param securityService The security service + */ +export const deleteUserAndRole = async ( + getService: FtrProviderContext['getService'], + roleName: ROLES +): Promise => { + const securityService = getService('security'); + await securityService.user.delete(roleName); + await securityService.role.delete(roleName); +}; + interface UserInterface { password: string; roles: string[]; @@ -95,8 +110,9 @@ export const postRoleAndUser = async ( roleName: string, role: RoleInterface, user: UserInterface, - securityService: ReturnType -) => { + getService: FtrProviderContext['getService'] +): Promise => { + const securityService = getService('security'); await securityService.role.create(roleName, { kibana: role.kibana, elasticsearch: role.elasticsearch, diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_index.ts index 938ec16c2d81c..a319c30fa20de 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_index.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_index.ts @@ -14,16 +14,14 @@ import { import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteSignalsIndex } from '../../utils'; import { ROLES } from '../../../../plugins/security_solution/common/test'; -import { createUserAndRole } from '../roles_users_utils'; +import { createUserAndRole, deleteUserAndRole } from '../roles_users_utils'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - const security = getService('security'); - // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/90229 - describe.skip('create_index', () => { + describe('create_index', () => { afterEach(async () => { await deleteSignalsIndex(supertest); }); @@ -66,8 +64,13 @@ export default ({ getService }: FtrProviderContext) => { describe('t1_analyst', () => { const role = ROLES.t1_analyst; + beforeEach(async () => { - await createUserAndRole(security, role); + await createUserAndRole(getService, role); + }); + + afterEach(async () => { + await deleteUserAndRole(getService, role); }); it('should return a 404 when the signal index has never been created', async () => { @@ -88,7 +91,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(403); expect(body).to.eql({ message: - 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [t1_analyst]', + 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [t1_analyst], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]', status_code: 403, }); }); @@ -111,8 +114,13 @@ export default ({ getService }: FtrProviderContext) => { describe('t2_analyst', () => { const role = ROLES.t2_analyst; + beforeEach(async () => { - await createUserAndRole(security, role); + await createUserAndRole(getService, role); + }); + + afterEach(async () => { + await deleteUserAndRole(getService, role); }); it('should return a 404 when the signal index has never been created', async () => { @@ -133,7 +141,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(403); expect(body).to.eql({ message: - 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [t2_analyst]', + 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [t2_analyst], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]', status_code: 403, }); }); @@ -156,8 +164,13 @@ export default ({ getService }: FtrProviderContext) => { describe('detections_admin', () => { const role = ROLES.detections_admin; + beforeEach(async () => { - await createUserAndRole(security, role); + await createUserAndRole(getService, role); + }); + + afterEach(async () => { + await deleteUserAndRole(getService, role); }); it('should return a 404 when the signal index has never been created', async () => { @@ -201,8 +214,13 @@ export default ({ getService }: FtrProviderContext) => { describe('soc_manager', () => { const role = ROLES.soc_manager; + beforeEach(async () => { - await createUserAndRole(security, role); + await createUserAndRole(getService, role); + }); + + afterEach(async () => { + await deleteUserAndRole(getService, role); }); it('should return a 404 when the signal index has never been created', async () => { @@ -223,7 +241,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(403); expect(body).to.eql({ message: - 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [soc_manager]', + 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [soc_manager], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]', status_code: 403, }); }); @@ -246,8 +264,13 @@ export default ({ getService }: FtrProviderContext) => { describe('hunter', () => { const role = ROLES.hunter; + beforeEach(async () => { - await createUserAndRole(security, role); + await createUserAndRole(getService, role); + }); + + afterEach(async () => { + await deleteUserAndRole(getService, role); }); it('should return a 404 when the signal index has never been created', async () => { @@ -268,7 +291,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(403); expect(body).to.eql({ message: - 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [hunter]', + 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [hunter], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]', status_code: 403, }); }); @@ -291,8 +314,13 @@ export default ({ getService }: FtrProviderContext) => { describe('platform_engineer', () => { const role = ROLES.platform_engineer; + beforeEach(async () => { - await createUserAndRole(security, role); + await createUserAndRole(getService, role); + }); + + afterEach(async () => { + await deleteUserAndRole(getService, role); }); it('should return a 404 when the signal index has never been created', async () => { @@ -336,8 +364,13 @@ export default ({ getService }: FtrProviderContext) => { describe('reader', () => { const role = ROLES.reader; + beforeEach(async () => { - await createUserAndRole(security, role); + await createUserAndRole(getService, role); + }); + + afterEach(async () => { + await deleteUserAndRole(getService, role); }); it('should return a 404 when the signal index has never been created', async () => { @@ -358,7 +391,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(403); expect(body).to.eql({ message: - 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [reader]', + 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [reader], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]', status_code: 403, }); }); @@ -381,8 +414,13 @@ export default ({ getService }: FtrProviderContext) => { describe('rule_author', () => { const role = ROLES.rule_author; + beforeEach(async () => { - await createUserAndRole(security, role); + await createUserAndRole(getService, role); + }); + + afterEach(async () => { + await deleteUserAndRole(getService, role); }); it('should return a 404 when the signal index has never been created', async () => { @@ -403,7 +441,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(403); expect(body).to.eql({ message: - 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [rule_author]', + 'security_exception: action [cluster:admin/ilm/get] is unauthorized for user [rule_author], this action is granted by the cluster privileges [read_ilm,manage_ilm,manage,all]', status_code: 403, }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts index fc77fba5fa339..dd0052b03382a 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts @@ -21,7 +21,7 @@ import { getIndexNameFromLoad, waitForIndexToPopulate, } from '../../utils'; -import { createUserAndRole } from '../roles_users_utils'; +import { createUserAndRole, deleteUserAndRole } from '../roles_users_utils'; interface CreateResponse { index: string; @@ -34,7 +34,6 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const esArchiver = getService('esArchiver'); const kbnClient = getService('kibanaServer'); - const security = getService('security'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -173,7 +172,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('rejects the request if the user does not have sufficient privileges', async () => { - await createUserAndRole(security, ROLES.t1_analyst); + await createUserAndRole(getService, ROLES.t1_analyst); await supertestWithoutAuth .post(DETECTION_ENGINE_SIGNALS_MIGRATION_URL) @@ -181,6 +180,8 @@ export default ({ getService }: FtrProviderContext): void => { .auth(ROLES.t1_analyst, 'changeme') .send({ index: [legacySignalsIndexName] }) .expect(400); + + await deleteUserAndRole(getService, ROLES.t1_analyst); }); }); }; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/delete_signals_migrations.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/delete_signals_migrations.ts index 502de32dc7c38..bba6ce1125c37 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/delete_signals_migrations.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/delete_signals_migrations.ts @@ -32,12 +32,10 @@ interface FinalizeResponse extends CreateResponse { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const esArchiver = getService('esArchiver'); - const security = getService('security'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/90229 - describe.skip('deleting signals migrations', () => { + describe('deleting signals migrations', () => { let outdatedSignalsIndexName: string; let createdMigration: CreateResponse; let finalizedMigration: FinalizeResponse; @@ -105,7 +103,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('rejects the request if the user does not have sufficient privileges', async () => { - await createUserAndRole(security, ROLES.t1_analyst); + await createUserAndRole(getService, ROLES.t1_analyst); const { body } = await supertestWithoutAuth .delete(DETECTION_ENGINE_SIGNALS_MIGRATION_URL) @@ -117,10 +115,11 @@ export default ({ getService }: FtrProviderContext): void => { const deletedMigration = body.migrations[0]; expect(deletedMigration.id).to.eql(createdMigration.migration_id); - expect(deletedMigration.error.status_code).to.eql(403); - expect(deletedMigration.error.message).to.contain( - 'security_exception: action [indices:admin/settings/update] is unauthorized for user [t1_analyst]' - ); + expect(deletedMigration.error).to.eql({ + message: + 'security_exception: action [indices:admin/settings/update] is unauthorized for user [t1_analyst] on indices [], this action is granted by the index privileges [manage,all]', + status_code: 403, + }); }); }); }; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/finalize_signals_migrations.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/finalize_signals_migrations.ts index 64c0c6666469a..0fd05904d5e33 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/finalize_signals_migrations.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/finalize_signals_migrations.ts @@ -21,7 +21,7 @@ import { getIndexNameFromLoad, waitFor, } from '../../utils'; -import { createUserAndRole } from '../roles_users_utils'; +import { createUserAndRole, deleteUserAndRole } from '../roles_users_utils'; interface StatusResponse { index: string; @@ -44,12 +44,10 @@ interface FinalizeResponse { export default ({ getService }: FtrProviderContext): void => { const esArchiver = getService('esArchiver'); const kbnClient = getService('kibanaServer'); - const security = getService('security'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/88302 - describe.skip('Finalizing signals migrations', () => { + describe('Finalizing signals migrations', () => { let legacySignalsIndexName: string; let outdatedSignalsIndexName: string; let createdMigrations: CreateResponse[]; @@ -234,7 +232,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('rejects the request if the user does not have sufficient privileges', async () => { - await createUserAndRole(security, ROLES.t1_analyst); + await createUserAndRole(getService, ROLES.t1_analyst); const { body } = await supertestWithoutAuth .post(DETECTION_ENGINE_SIGNALS_FINALIZE_MIGRATION_URL) @@ -249,9 +247,11 @@ export default ({ getService }: FtrProviderContext): void => { expect(finalizeResponse.completed).not.to.eql(true); expect(finalizeResponse.error).to.eql({ message: - 'security_exception: action [cluster:monitor/task/get] is unauthorized for user [t1_analyst]', + 'security_exception: action [cluster:monitor/task/get] is unauthorized for user [t1_analyst], this action is granted by the cluster privileges [monitor,manage,all]', status_code: 403, }); + + await deleteUserAndRole(getService, ROLES.t1_analyst); }); }); }; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/get_signals_migration_status.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/get_signals_migration_status.ts index 3b9ec8e0909dc..793dec9eaae4b 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/get_signals_migration_status.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/get_signals_migration_status.ts @@ -11,12 +11,11 @@ import { DETECTION_ENGINE_SIGNALS_MIGRATION_STATUS_URL } from '../../../../plugi import { ROLES } from '../../../../plugins/security_solution/common/test'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, deleteSignalsIndex, getIndexNameFromLoad } from '../../utils'; -import { createUserAndRole } from '../roles_users_utils'; +import { createUserAndRole, deleteUserAndRole } from '../roles_users_utils'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const esArchiver = getService('esArchiver'); - const security = getService('security'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -99,7 +98,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('rejects the request if the user does not have sufficient privileges', async () => { - await createUserAndRole(security, ROLES.t1_analyst); + await createUserAndRole(getService, ROLES.t1_analyst); await supertestWithoutAuth .get(DETECTION_ENGINE_SIGNALS_MIGRATION_STATUS_URL) @@ -107,6 +106,8 @@ export default ({ getService }: FtrProviderContext): void => { .auth(ROLES.t1_analyst, 'changeme') .query({ from: '2020-10-10' }) .expect(403); + + await deleteUserAndRole(getService, ROLES.t1_analyst); }); }); }; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts index 973b643a7a425..36a05f0ae8c0e 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts @@ -27,7 +27,7 @@ import { waitForRuleSuccessOrStatus, getRuleForSignalTesting, } from '../../utils'; -import { createUserAndRole } from '../roles_users_utils'; +import { createUserAndRole, deleteUserAndRole } from '../roles_users_utils'; import { ROLES } from '../../../../plugins/security_solution/common/test'; // eslint-disable-next-line import/no-default-export @@ -35,7 +35,6 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const esArchiver = getService('esArchiver'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - const securityService = getService('security'); describe('open_close_signals', () => { describe('validation checks', () => { @@ -172,7 +171,7 @@ export default ({ getService }: FtrProviderContext) => { const { id } = await createRule(supertest, rule); await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); - await createUserAndRole(securityService, ROLES.t1_analyst); + await createUserAndRole(getService, ROLES.t1_analyst); const signalsOpen = await getSignalsByIds(supertest, [id]); const signalIds = signalsOpen.hits.hits.map((signal) => signal._id); @@ -203,6 +202,8 @@ export default ({ getService }: FtrProviderContext) => { }) => status === 'closed' ); expect(everySignalOpen).to.eql(true); + + await deleteUserAndRole(getService, ROLES.t1_analyst); }); it('should be able to close signals with soc_manager user', async () => { @@ -211,7 +212,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const userAndRole = ROLES.soc_manager; - await createUserAndRole(securityService, userAndRole); + await createUserAndRole(getService, userAndRole); const signalsOpen = await getSignalsByIds(supertest, [id]); const signalIds = signalsOpen.hits.hits.map((signal) => signal._id); @@ -240,6 +241,8 @@ export default ({ getService }: FtrProviderContext) => { }) => status === 'closed' ); expect(everySignalClosed).to.eql(true); + + await deleteUserAndRole(getService, userAndRole); }); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/read_privileges.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/read_privileges.ts index 5378c710d1389..f8949daea831e 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/read_privileges.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/read_privileges.ts @@ -10,19 +10,19 @@ import { DETECTION_ENGINE_PRIVILEGES_URL } from '../../../../plugins/security_so import { FtrProviderContext } from '../../common/ftr_provider_context'; import { ROLES } from '../../../../plugins/security_solution/common/test'; +import { createUserAndRole, deleteUserAndRole } from '../roles_users_utils'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/90229 - describe.skip('read_privileges', () => { + describe('read_privileges', () => { it('should return expected privileges for elastic admin', async () => { const { body } = await supertest.get(DETECTION_ENGINE_PRIVILEGES_URL).send().expect(200); expect(body).to.eql({ username: 'elastic', - has_all_requested: false, + has_all_requested: true, cluster: { monitor_ml: true, manage_ccr: true, @@ -32,7 +32,7 @@ export default ({ getService }: FtrProviderContext) => { read_ilm: true, manage_api_key: true, manage_security: true, - manage_own_api_key: false, + manage_own_api_key: true, manage_saml: true, all: true, manage_ilm: true, @@ -78,6 +78,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return expected privileges for a "reader" user', async () => { + await createUserAndRole(getService, ROLES.reader); const { body } = await supertestWithoutAuth .get(DETECTION_ENGINE_PRIVILEGES_URL) .auth(ROLES.reader, 'changeme') @@ -138,9 +139,11 @@ export default ({ getService }: FtrProviderContext) => { is_authenticated: true, has_encryption_key: true, }); + await deleteUserAndRole(getService, ROLES.reader); }); it('should return expected privileges for a "t1_analyst" user', async () => { + await createUserAndRole(getService, ROLES.t1_analyst); const { body } = await supertestWithoutAuth .get(DETECTION_ENGINE_PRIVILEGES_URL) .auth(ROLES.t1_analyst, 'changeme') @@ -201,9 +204,11 @@ export default ({ getService }: FtrProviderContext) => { is_authenticated: true, has_encryption_key: true, }); + await deleteUserAndRole(getService, ROLES.t1_analyst); }); it('should return expected privileges for a "t2_analyst" user', async () => { + await createUserAndRole(getService, ROLES.t2_analyst); const { body } = await supertestWithoutAuth .get(DETECTION_ENGINE_PRIVILEGES_URL) .auth(ROLES.t2_analyst, 'changeme') @@ -264,9 +269,11 @@ export default ({ getService }: FtrProviderContext) => { is_authenticated: true, has_encryption_key: true, }); + await deleteUserAndRole(getService, ROLES.t2_analyst); }); it('should return expected privileges for a "hunter" user', async () => { + await createUserAndRole(getService, ROLES.hunter); const { body } = await supertestWithoutAuth .get(DETECTION_ENGINE_PRIVILEGES_URL) .auth(ROLES.hunter, 'changeme') @@ -327,9 +334,11 @@ export default ({ getService }: FtrProviderContext) => { is_authenticated: true, has_encryption_key: true, }); + await deleteUserAndRole(getService, ROLES.hunter); }); it('should return expected privileges for a "rule_author" user', async () => { + await createUserAndRole(getService, ROLES.rule_author); const { body } = await supertestWithoutAuth .get(DETECTION_ENGINE_PRIVILEGES_URL) .auth(ROLES.rule_author, 'changeme') @@ -390,9 +399,11 @@ export default ({ getService }: FtrProviderContext) => { is_authenticated: true, has_encryption_key: true, }); + await deleteUserAndRole(getService, ROLES.rule_author); }); it('should return expected privileges for a "soc_manager" user', async () => { + await createUserAndRole(getService, ROLES.soc_manager); const { body } = await supertestWithoutAuth .get(DETECTION_ENGINE_PRIVILEGES_URL) .auth(ROLES.soc_manager, 'changeme') @@ -453,9 +464,11 @@ export default ({ getService }: FtrProviderContext) => { is_authenticated: true, has_encryption_key: true, }); + await deleteUserAndRole(getService, ROLES.soc_manager); }); it('should return expected privileges for a "platform_engineer" user', async () => { + await createUserAndRole(getService, ROLES.platform_engineer); const { body } = await supertestWithoutAuth .get(DETECTION_ENGINE_PRIVILEGES_URL) .auth(ROLES.platform_engineer, 'changeme') @@ -516,9 +529,11 @@ export default ({ getService }: FtrProviderContext) => { is_authenticated: true, has_encryption_key: true, }); + await deleteUserAndRole(getService, ROLES.platform_engineer); }); it('should return expected privileges for a "detections_admin" user', async () => { + await createUserAndRole(getService, ROLES.detections_admin); const { body } = await supertestWithoutAuth .get(DETECTION_ENGINE_PRIVILEGES_URL) .auth(ROLES.detections_admin, 'changeme') @@ -579,6 +594,7 @@ export default ({ getService }: FtrProviderContext) => { is_authenticated: true, has_encryption_key: true, }); + await deleteUserAndRole(getService, ROLES.detections_admin); }); }); };