Skip to content

Commit

Permalink
[Defend Workflows] Enable Artifacts cy tests against serverless (#170977
Browse files Browse the repository at this point in the history
)

## Summary

Enables _Artifact tabs in Policy details_ and _Artifacts_ cypress tests
against serverless. Or at least the test cases that has `ALL` privilege
(or `NONE` for the _Artifacts_ tests), because there are no such roles
in serverless environment that have:
- read privilege for policy, but no privilege for artifacts,
- read privilege for artifacts

Additionally,
- `@skipInServerless` tag is added,
- the two tests use the usual `indexEndpointHosts()` to have mocked
data,
- and the old `loadEndpointDataForEventFiltersIfNeeded()` is deleted

---------

Co-authored-by: Kibana Machine <[email protected]>
  • Loading branch information
gergoabraham and kibanamachine authored Nov 10, 2023
1 parent ce0114b commit e3f339c
Show file tree
Hide file tree
Showing 5 changed files with 122 additions and 102 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ Similarly to Security Solution cypress tests, we use tags in order to select whi
- `@serverless` includes a test in the Serverless test suite. You need to explicitly add this tag to any test you want to run against a Serverless environment.
- `@ess` includes a test in the normal, non-Serverless test suite. You need to explicitly add this tag to any test you want to run against a non-Serverless environment.
- `@brokenInServerless` excludes a test from the Serverless test suite (even if it's tagged as `@serverless`). Indicates that a test should run in Serverless, but currently is broken.
- `@skipInServerless` excludes a test from the Serverless test suite (even if it's tagged as `@serverless`). Indicates that we don't want to run the given test in Serverless.

Important: if you don't provide any tag, your test won't be executed.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ export default defineCypressConfig(
env: {
IS_SERVERLESS: true,

grepTags: '@serverless --@brokenInServerless',
grepTags: '@serverless --@brokenInServerless --@skipInServerless',
},
})
);
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,10 @@ import {
removeExceptionsList,
yieldFirstPolicyID,
} from '../../tasks/artifacts';
import { loadEndpointDataForEventFiltersIfNeeded } from '../../tasks/load_endpoint_data';
import { login, ROLE } from '../../tasks/login';
import { performUserActions } from '../../tasks/perform_user_actions';
import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
import type { ReturnTypeFromChainable } from '../../types';

const loginWithPrivilegeAll = () => {
login(ROLE.endpoint_policy_manager);
Expand Down Expand Up @@ -58,15 +59,20 @@ const visitArtifactTab = (tabId: string) => {
cy.get(`#${tabId}`).click();
};

describe('Artifact tabs in Policy Details page', { tags: ['@ess'] }, () => {
describe('Artifact tabs in Policy Details page', { tags: ['@ess', '@serverless'] }, () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts> | undefined;

before(() => {
login();
loadEndpointDataForEventFiltersIfNeeded();
indexEndpointHosts().then((indexEndpoints) => {
endpointData = indexEndpoints;
});
});

after(() => {
login();
removeAllArtifacts();

endpointData?.cleanup();
endpointData = undefined;
});

for (const testData of getArtifactsListTestsData()) {
Expand All @@ -76,22 +82,32 @@ describe('Artifact tabs in Policy Details page', { tags: ['@ess'] }, () => {
removeExceptionsList(testData.createRequestBody.list_id);
});

it(`[NONE] User cannot see the tab for ${testData.title}`, () => {
loginWithPrivilegeNone(testData.privilegePrefix);
visitPolicyDetailsPage();
it(
`[NONE] User cannot see the tab for ${testData.title}`,
// there is no such role in Serverless environment that can read policy but cannot read artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithPrivilegeNone(testData.privilegePrefix);
visitPolicyDetailsPage();

cy.get(`#${testData.tabId}`).should('not.exist');
});
cy.get(`#${testData.tabId}`).should('not.exist');
}
);

context(`Given there are no ${testData.title} entries`, () => {
it(`[READ] User CANNOT add ${testData.title} artifact`, () => {
loginWithPrivilegeRead(testData.privilegePrefix);
visitArtifactTab(testData.tabId);
it(
`[READ] User CANNOT add ${testData.title} artifact`,
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithPrivilegeRead(testData.privilegePrefix);
visitArtifactTab(testData.tabId);

cy.getByTestSubj('policy-artifacts-empty-unexisting').should('exist');
cy.getByTestSubj('policy-artifacts-empty-unexisting').should('exist');

cy.getByTestSubj('unexisting-manage-artifacts-button').should('not.exist');
});
cy.getByTestSubj('unexisting-manage-artifacts-button').should('not.exist');
}
);

it(`[ALL] User can add ${testData.title} artifact`, () => {
loginWithPrivilegeAll();
Expand Down Expand Up @@ -129,15 +145,20 @@ describe('Artifact tabs in Policy Details page', { tags: ['@ess'] }, () => {
createPerPolicyArtifact(testData.artifactName, testData.createRequestBody);
});

it(`[READ] User CANNOT Manage or Assign ${testData.title} artifacts`, () => {
loginWithPrivilegeRead(testData.privilegePrefix);
visitArtifactTab(testData.tabId);
it(
`[READ] User CANNOT Manage or Assign ${testData.title} artifacts`,
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithPrivilegeRead(testData.privilegePrefix);
visitArtifactTab(testData.tabId);

cy.getByTestSubj('policy-artifacts-empty-unassigned').should('exist');
cy.getByTestSubj('policy-artifacts-empty-unassigned').should('exist');

cy.getByTestSubj('unassigned-manage-artifacts-button').should('not.exist');
cy.getByTestSubj('unassigned-assign-artifacts-button').should('not.exist');
});
cy.getByTestSubj('unassigned-manage-artifacts-button').should('not.exist');
cy.getByTestSubj('unassigned-assign-artifacts-button').should('not.exist');
}
);

it(`[ALL] User can Manage and Assign ${testData.title} artifacts`, () => {
loginWithPrivilegeAll();
Expand Down Expand Up @@ -173,23 +194,28 @@ describe('Artifact tabs in Policy Details page', { tags: ['@ess'] }, () => {
});
});

it(`[READ] User can see ${testData.title} artifacts but CANNOT assign or remove from policy`, () => {
loginWithPrivilegeRead(testData.privilegePrefix);
visitArtifactTab(testData.tabId);

// List of artifacts
cy.getByTestSubj('artifacts-collapsed-list-card').should('have.length', 1);
cy.getByTestSubj('artifacts-collapsed-list-card-header-titleHolder').contains(
testData.artifactName
);

// Cannot assign artifacts
cy.getByTestSubj('artifacts-assign-button').should('not.exist');

// Cannot remove from policy
cy.getByTestSubj('artifacts-collapsed-list-card-header-actions-button').click();
cy.getByTestSubj('remove-from-policy-action').should('not.exist');
});
it(
`[READ] User can see ${testData.title} artifacts but CANNOT assign or remove from policy`,
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithPrivilegeRead(testData.privilegePrefix);
visitArtifactTab(testData.tabId);

// List of artifacts
cy.getByTestSubj('artifacts-collapsed-list-card').should('have.length', 1);
cy.getByTestSubj('artifacts-collapsed-list-card-header-titleHolder').contains(
testData.artifactName
);

// Cannot assign artifacts
cy.getByTestSubj('artifacts-assign-button').should('not.exist');

// Cannot remove from policy
cy.getByTestSubj('artifacts-collapsed-list-card-header-actions-button').click();
cy.getByTestSubj('remove-from-policy-action').should('not.exist');
}
);

it(`[ALL] User can see ${testData.title} artifacts and can assign or remove artifacts from policy`, () => {
loginWithPrivilegeAll();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ import { loadPage } from '../../tasks/common';
import { getArtifactsListTestsData } from '../../fixtures/artifacts_page';
import { removeAllArtifacts } from '../../tasks/artifacts';
import { performUserActions } from '../../tasks/perform_user_actions';
import { loadEndpointDataForEventFiltersIfNeeded } from '../../tasks/load_endpoint_data';
import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
import type { ReturnTypeFromChainable } from '../../types';

const loginWithWriteAccess = (url: string) => {
login(ROLE.endpoint_policy_manager);
Expand All @@ -30,17 +31,22 @@ const loginWithoutAccess = (url: string) => {
loadPage(url);
};

describe('Artifacts pages', { tags: ['@ess'] }, () => {
describe('Artifacts pages', { tags: ['@ess', '@serverless'] }, () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts> | undefined;

before(() => {
login();
loadEndpointDataForEventFiltersIfNeeded();
// Clean artifacts data
indexEndpointHosts().then((indexEndpoints) => {
endpointData = indexEndpoints;
});

removeAllArtifacts();
});

after(() => {
// Clean artifacts data
removeAllArtifacts();

endpointData?.cleanup();
endpointData = undefined;
});

for (const testData of getArtifactsListTestsData()) {
Expand All @@ -53,14 +59,19 @@ describe('Artifacts pages', { tags: ['@ess'] }, () => {
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
});

it(`read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`, () => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
cy.getByTestSubj(testData.emptyState).should('exist');
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
});
it(
`read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`,
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
cy.getByTestSubj(testData.emptyState).should('exist');
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
}
);

it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
Expand All @@ -87,25 +98,35 @@ describe('Artifacts pages', { tags: ['@ess'] }, () => {
cy.getByTestSubj('header-page-title').contains(testData.title);
});

it(`read - should not be able to update/delete an existing ${testData.title} entry`, () => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should('not.exist');
});

it(`read - should not be able to create a new ${testData.title} entry`, () => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
});
it(
`read - should not be able to update/delete an existing ${testData.title} entry`,
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should('not.exist');
}
);

it(
`read - should not be able to create a new ${testData.title} entry`,
// there is no such role in Serverless environment that only reads artifacts
{ tags: ['@skipInServerless'] },
() => {
loginWithReadAccess(
testData.privilegePrefix,
`/app/security/administration/${testData.urlPath}`
);
cy.getByTestSubj('header-page-title').contains(testData.title);
cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
}
);

it(`write - should be able to update an existing ${testData.title} entry`, () => {
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
Expand Down

This file was deleted.

0 comments on commit e3f339c

Please sign in to comment.