-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add test service to manage observability test users (#110849)
Co-authored-by: Kibana Machine <[email protected]>
- Loading branch information
1 parent
4eb8b6f
commit 8915f7d
Showing
4 changed files
with
130 additions
and
77 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { FtrProviderContext } from '../../ftr_provider_context'; | ||
import { ObservabilityUsersProvider } from './users'; | ||
|
||
export function ObservabilityProvider(context: FtrProviderContext) { | ||
const users = ObservabilityUsersProvider(context); | ||
|
||
return { | ||
users, | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { Role } from '../../../../plugins/security/common/model'; | ||
import { FtrProviderContext } from '../../ftr_provider_context'; | ||
|
||
type CreateRolePayload = Pick<Role, 'metadata' | 'elasticsearch' | 'kibana'>; | ||
|
||
const OBSERVABILITY_TEST_ROLE_NAME = 'observability-functional-test-role'; | ||
|
||
export function ObservabilityUsersProvider({ getPageObject, getService }: FtrProviderContext) { | ||
const security = getService('security'); | ||
const commonPageObject = getPageObject('common'); | ||
|
||
/** | ||
* Creates a test role and set it as the test user's role. Performs a page | ||
* reload to apply the role change, but doesn't require a re-login. | ||
* | ||
* @arg roleDefinition - the privileges of the test role | ||
*/ | ||
const setTestUserRole = async (roleDefinition: CreateRolePayload) => { | ||
// return to neutral grounds to avoid running into permission problems on reload | ||
await commonPageObject.navigateToActualUrl('kibana'); | ||
|
||
await security.role.create(OBSERVABILITY_TEST_ROLE_NAME, roleDefinition); | ||
|
||
await security.testUser.setRoles([OBSERVABILITY_TEST_ROLE_NAME]); // performs a page reload | ||
}; | ||
|
||
/** | ||
* Deletes the test role and restores thedefault test user role. Performs a | ||
* page reload to apply the role change, but doesn't require a re-login. | ||
*/ | ||
const restoreDefaultTestUserRole = async () => { | ||
await Promise.all([ | ||
security.role.delete(OBSERVABILITY_TEST_ROLE_NAME), | ||
security.testUser.restoreDefaults(), | ||
]); | ||
}; | ||
|
||
return { | ||
defineBasicObservabilityRole, | ||
restoreDefaultTestUserRole, | ||
setTestUserRole, | ||
}; | ||
} | ||
|
||
/** | ||
* Generates a combination of Elasticsearch and Kibana privileges for given | ||
* observability features. | ||
*/ | ||
const defineBasicObservabilityRole = ( | ||
features: Partial<{ | ||
observabilityCases: string[]; | ||
apm: string[]; | ||
logs: string[]; | ||
infrastructure: string[]; | ||
uptime: string[]; | ||
}> | ||
): CreateRolePayload => { | ||
return { | ||
elasticsearch: { | ||
cluster: ['all'], | ||
indices: [ | ||
...((features.logs?.length ?? 0) > 0 | ||
? [{ names: ['filebeat-*', 'logs-*'], privileges: ['all'] }] | ||
: []), | ||
...((features.infrastructure?.length ?? 0) > 0 | ||
? [{ names: ['metricbeat-*', 'metrics-*'], privileges: ['all'] }] | ||
: []), | ||
...((features.apm?.length ?? 0) > 0 ? [{ names: ['apm-*'], privileges: ['all'] }] : []), | ||
...((features.uptime?.length ?? 0) > 0 | ||
? [{ names: ['heartbeat-*,synthetics-*'], privileges: ['all'] }] | ||
: []), | ||
], | ||
run_as: [], | ||
}, | ||
kibana: [ | ||
{ | ||
spaces: ['*'], | ||
base: [], | ||
// @ts-expect-error TypeScript doesn't distinguish between missing and | ||
// undefined props yet | ||
feature: features, | ||
}, | ||
], | ||
}; | ||
}; |