[Security Solution] Support roles in Serverless FTR tests

.buildkite/ftr_configs.yml

@@ -461,8 +461,5 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/ess.config.ts
-
-
-
-
-
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/privileges/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/privileges/configs/ess.config.ts

packages/kbn-test/src/functional_test_runner/lib/config/schema.ts

@@ -146,6 +146,9 @@ export const schema = Joi.object()
         slow: Joi.number().default(30000),
         timeout: Joi.number().default(INSPECTING ? 360000 * 100 : 360000),
         ui: Joi.string().default('bdd'),
+        rootHooks: Joi.object().keys({
+          beforeAll: Joi.func(),
+        }),
       })
       .default(),
 

packages/kbn-test/src/functional_test_runner/lib/mocha/setup_mocha.ts

@@ -20,6 +20,7 @@ import { Lifecycle } from '../lifecycle';
 import { Config } from '../config';
 import { ProviderCollection } from '../providers';
 import { EsVersion } from '../es_version';
+import { GenericFtrProviderContext } from '../../public_types';
 
 import { MochaReporterProvider } from './reporter';
 import { validateCiGroupTags } from './validate_ci_group_tags';
@@ -47,9 +48,24 @@ export async function setupMocha({
   reporter,
   reporterOptions,
 }: Options) {
+  const mochaRootHooks = config.get('mochaOpts.rootHooks');
+  const rootHookCtx: GenericFtrProviderContext<any, any> = {
+    loadTestFile: () => {
+      throw new Error('loadTestFile is unsupported in root hooks');
+    },
+    getService: providers.getService as any,
+    hasService: providers.hasService as any,
+    getPageObject: providers.getPageObject as any,
+    getPageObjects: providers.getPageObjects as any,
+    updateBaselines: config.get('updateBaselines'),
+  };
+
   // configure mocha
   const mocha = new Mocha({
     ...config.get('mochaOpts'),
+    rootHooks: {
+      beforeAll: () => mochaRootHooks?.beforeAll?.(rootHookCtx),
+    },
     reporter:
       reporter || (await providers.loadExternalService('mocha reporter', MochaReporterProvider)),
     reporterOptions,

packages/kbn-test/src/functional_tests/run_tests/run_tests.ts

@@ -7,7 +7,7 @@
  */
 
 import Path from 'path';
-import { setTimeout } from 'timers/promises';
+import { setTimeout, scheduler } from 'timers/promises';
 
 import { REPO_ROOT } from '@kbn/repo-info';
 import { ToolingLog } from '@kbn/tooling-log';
@@ -68,6 +68,7 @@ export async function runTests(log: ToolingLog, options: RunTestsOptions) {
       }
 
       const config = await readConfigFile(log, options.esVersion, path, settingOverrides);
+      const serverless = config.get('serverless') as boolean;
 
       const hasTests = await checkForEnabledTestsInFtrConfig({
         config,
@@ -113,6 +114,12 @@ export async function runTests(log: ToolingLog, options: RunTestsOptions) {
             return;
           }
 
+          if (serverless) {
+            // A dirty temporary solution to wait for ES to process Kibana privileges.
+            // Stateless ES takes 30-35 seconds to process privileges request sent by Kibana
+            await scheduler.wait(35000);
+          }
+
           await runFtr({
             log,
             config,

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts

@@ -15,7 +15,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
     // existence being near 0.
 
     loadTestFile(require.resolve('./aliases'));
-    loadTestFile(require.resolve('./check_privileges'));
     loadTestFile(require.resolve('./create_index'));
     loadTestFile(require.resolve('./create_rules_bulk'));
     loadTestFile(require.resolve('./delete_rules'));

x-pack/test/detection_engine_api_integration/security_and_spaces/group10/index.ts

@@ -25,7 +25,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
     loadTestFile(require.resolve('./perform_bulk_action'));
     loadTestFile(require.resolve('./perform_bulk_action_dry_run'));
     loadTestFile(require.resolve('./patch_rules'));
-    loadTestFile(require.resolve('./read_privileges'));
     loadTestFile(require.resolve('./open_close_signals'));
     loadTestFile(require.resolve('./get_signals_migration_status'));
     loadTestFile(require.resolve('./create_signals_migrations'));

x-pack/test/security_solution_api_integration/config/ess/config.base.ts

@@ -8,6 +8,8 @@
 import { CA_CERT_PATH } from '@kbn/dev-utils';
 import { FtrConfigProviderContext, kbnTestConfig, kibanaTestUser } from '@kbn/test';
 import { services } from '../../../api_integration/services';
+import { FtrProviderContext } from '../../ftr_provider_context';
+import { setupUsers } from './setup_users';
 
 interface CreateTestConfigOptions {
   license: string;
@@ -107,6 +109,10 @@ export function createTestConfig(options: CreateTestConfigOptions, testFiles?: s
       },
       mochaOpts: {
         grep: '/^(?!.*@brokenInEss).*@ess.*/',
+        rootHooks: {
+          beforeAll: async ({ getService }: FtrProviderContext) =>
+            setupUsers(getService('security')),
+        },
       },
     };
   };

x-pack/test/security_solution_api_integration/config/ess/setup_users.ts

@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  KNOWN_ESS_ROLE_DEFINITIONS,
+  KNOWN_SERVERLESS_ROLE_DEFINITIONS,
+} from '@kbn/security-solution-plugin/common/test';
+import { SecurityService } from '../../../../../test/common/services/security/security';
+
+export async function setupUsers(securityService: SecurityService): Promise<void> {
+  const KNOWN_ROLE_DEFINITIONS = [
+    ...Object.values(KNOWN_SERVERLESS_ROLE_DEFINITIONS),
+    ...Object.values(KNOWN_ESS_ROLE_DEFINITIONS),
+  ];
+
+  for (const roleDefinition of KNOWN_ROLE_DEFINITIONS) {
+    await securityService.role.create(roleDefinition.name, roleDefinition);
+
+    await securityService.user.create(roleDefinition.name, {
+      password: 'changeme',
+      roles: [roleDefinition.name],
+      full_name: roleDefinition.name,
+      email: '[email protected]',
+    });
+  }
+}

x-pack/test/security_solution_api_integration/package.json

@@ -36,6 +36,10 @@
     "actions:runner:serverless": "npm run run-tests:dr:default actions serverless serverlessEnv",
     "actions:qa:serverless": "npm run run-tests:dr:default actions serverless qaEnv",
     "actions:server:ess": "npm run initialize-server:dr:default actions ess",
-    "actions:runner:ess": "npm run run-tests:dr:default actions ess essEnv"
+    "actions:runner:ess": "npm run run-tests:dr:default actions ess essEnv",
+    "privileges:server:serverless": "npm run initialize-server:dr:default privileges serverless",
+    "privileges:runner:serverless": "npm run run-tests:dr:default privileges serverless serverlessEnv",
+    "privileges:server:ess": "npm run initialize-server:dr:default privileges ess",
+    "privileges:runner:ess": "npm run run-tests:dr:default privileges ess essEnv"
   }
 }

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/privileges/configs/ess.config.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName: 'Detection Engine ESS/ Privileges API Integration Tests',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/privileges/configs/serverless.config.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createTestConfig } from '../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName: 'Detection Engine Serverless/ Privileges API Integration Tests',
+  },
+});