From e2bce112bd472e076319846d6d058b10d056063f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Thu, 9 Nov 2023 17:47:53 +0100 Subject: [PATCH 1/5] Enable 'Artifact tabs in policy details' cy test against serverless --- .../cypress/cypress_serverless.config.ts | 2 +- .../artifact_tabs_in_policy_details.cy.ts | 92 +++++++++++-------- 2 files changed, 57 insertions(+), 37 deletions(-) diff --git a/x-pack/plugins/security_solution/public/management/cypress/cypress_serverless.config.ts b/x-pack/plugins/security_solution/public/management/cypress/cypress_serverless.config.ts index 35dda2bd68501..77507e12fae87 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/cypress_serverless.config.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/cypress_serverless.config.ts @@ -14,7 +14,7 @@ export default defineCypressConfig( env: { IS_SERVERLESS: true, - grepTags: '@serverless --@brokenInServerless', + grepTags: '@serverless --@brokenInServerless --@skipInServerless', }, }) ); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts index 5988b73852af5..89be4061e9323 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts @@ -58,7 +58,7 @@ const visitArtifactTab = (tabId: string) => { cy.get(`#${tabId}`).click(); }; -describe('Artifact tabs in Policy Details page', { tags: ['@ess'] }, () => { +describe('Artifact tabs in Policy Details page', { tags: ['@ess', '@serverless'] }, () => { before(() => { login(); loadEndpointDataForEventFiltersIfNeeded(); @@ -76,22 +76,32 @@ describe('Artifact tabs in Policy Details page', { tags: ['@ess'] }, () => { removeExceptionsList(testData.createRequestBody.list_id); }); - it(`[NONE] User cannot see the tab for ${testData.title}`, () => { - loginWithPrivilegeNone(testData.privilegePrefix); - visitPolicyDetailsPage(); + it( + `[NONE] User cannot see the tab for ${testData.title}`, + // there is no such role in Serverless environment that can read policy but cannot read artifacts + { tags: ['@skipInServerless'] }, + () => { + loginWithPrivilegeNone(testData.privilegePrefix); + visitPolicyDetailsPage(); - cy.get(`#${testData.tabId}`).should('not.exist'); - }); + cy.get(`#${testData.tabId}`).should('not.exist'); + } + ); context(`Given there are no ${testData.title} entries`, () => { - it(`[READ] User CANNOT add ${testData.title} artifact`, () => { - loginWithPrivilegeRead(testData.privilegePrefix); - visitArtifactTab(testData.tabId); + it( + `[READ] User CANNOT add ${testData.title} artifact`, + // there is no such role in Serverless environment that only reads artifacts + { tags: ['@skipInServerless'] }, + () => { + loginWithPrivilegeRead(testData.privilegePrefix); + visitArtifactTab(testData.tabId); - cy.getByTestSubj('policy-artifacts-empty-unexisting').should('exist'); + cy.getByTestSubj('policy-artifacts-empty-unexisting').should('exist'); - cy.getByTestSubj('unexisting-manage-artifacts-button').should('not.exist'); - }); + cy.getByTestSubj('unexisting-manage-artifacts-button').should('not.exist'); + } + ); it(`[ALL] User can add ${testData.title} artifact`, () => { loginWithPrivilegeAll(); @@ -129,15 +139,20 @@ describe('Artifact tabs in Policy Details page', { tags: ['@ess'] }, () => { createPerPolicyArtifact(testData.artifactName, testData.createRequestBody); }); - it(`[READ] User CANNOT Manage or Assign ${testData.title} artifacts`, () => { - loginWithPrivilegeRead(testData.privilegePrefix); - visitArtifactTab(testData.tabId); + it( + `[READ] User CANNOT Manage or Assign ${testData.title} artifacts`, + // there is no such role in Serverless environment that only reads artifacts + { tags: ['@skipInServerless'] }, + () => { + loginWithPrivilegeRead(testData.privilegePrefix); + visitArtifactTab(testData.tabId); - cy.getByTestSubj('policy-artifacts-empty-unassigned').should('exist'); + cy.getByTestSubj('policy-artifacts-empty-unassigned').should('exist'); - cy.getByTestSubj('unassigned-manage-artifacts-button').should('not.exist'); - cy.getByTestSubj('unassigned-assign-artifacts-button').should('not.exist'); - }); + cy.getByTestSubj('unassigned-manage-artifacts-button').should('not.exist'); + cy.getByTestSubj('unassigned-assign-artifacts-button').should('not.exist'); + } + ); it(`[ALL] User can Manage and Assign ${testData.title} artifacts`, () => { loginWithPrivilegeAll(); @@ -173,23 +188,28 @@ describe('Artifact tabs in Policy Details page', { tags: ['@ess'] }, () => { }); }); - it(`[READ] User can see ${testData.title} artifacts but CANNOT assign or remove from policy`, () => { - loginWithPrivilegeRead(testData.privilegePrefix); - visitArtifactTab(testData.tabId); - - // List of artifacts - cy.getByTestSubj('artifacts-collapsed-list-card').should('have.length', 1); - cy.getByTestSubj('artifacts-collapsed-list-card-header-titleHolder').contains( - testData.artifactName - ); - - // Cannot assign artifacts - cy.getByTestSubj('artifacts-assign-button').should('not.exist'); - - // Cannot remove from policy - cy.getByTestSubj('artifacts-collapsed-list-card-header-actions-button').click(); - cy.getByTestSubj('remove-from-policy-action').should('not.exist'); - }); + it( + `[READ] User can see ${testData.title} artifacts but CANNOT assign or remove from policy`, + // there is no such role in Serverless environment that only reads artifacts + { tags: ['@skipInServerless'] }, + () => { + loginWithPrivilegeRead(testData.privilegePrefix); + visitArtifactTab(testData.tabId); + + // List of artifacts + cy.getByTestSubj('artifacts-collapsed-list-card').should('have.length', 1); + cy.getByTestSubj('artifacts-collapsed-list-card-header-titleHolder').contains( + testData.artifactName + ); + + // Cannot assign artifacts + cy.getByTestSubj('artifacts-assign-button').should('not.exist'); + + // Cannot remove from policy + cy.getByTestSubj('artifacts-collapsed-list-card-header-actions-button').click(); + cy.getByTestSubj('remove-from-policy-action').should('not.exist'); + } + ); it(`[ALL] User can see ${testData.title} artifacts and can assign or remove artifacts from policy`, () => { loginWithPrivilegeAll(); From 44454a1fc00830d1f992445335ddfa300d9988c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Thu, 9 Nov 2023 18:05:21 +0100 Subject: [PATCH 2/5] Enable 'Artifacts' cy test against serverless --- .../e2e/artifacts/artifacts_mocked_data.cy.ts | 71 +++++++++++-------- 1 file changed, 43 insertions(+), 28 deletions(-) diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts index 807502f93880c..ab21bfb9e14d1 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts @@ -30,7 +30,7 @@ const loginWithoutAccess = (url: string) => { loadPage(url); }; -describe('Artifacts pages', { tags: ['@ess'] }, () => { +describe('Artifacts pages', { tags: ['@ess', '@serverless'] }, () => { before(() => { login(); loadEndpointDataForEventFiltersIfNeeded(); @@ -53,14 +53,19 @@ describe('Artifacts pages', { tags: ['@ess'] }, () => { cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist'); }); - it(`read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`, () => { - loginWithReadAccess( - testData.privilegePrefix, - `/app/security/administration/${testData.urlPath}` - ); - cy.getByTestSubj(testData.emptyState).should('exist'); - cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist'); - }); + it( + `read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`, + // there is no such role in Serverless environment that only reads artifacts + { tags: ['@skipInServerless'] }, + () => { + loginWithReadAccess( + testData.privilegePrefix, + `/app/security/administration/${testData.urlPath}` + ); + cy.getByTestSubj(testData.emptyState).should('exist'); + cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist'); + } + ); it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => { loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`); @@ -87,25 +92,35 @@ describe('Artifacts pages', { tags: ['@ess'] }, () => { cy.getByTestSubj('header-page-title').contains(testData.title); }); - it(`read - should not be able to update/delete an existing ${testData.title} entry`, () => { - loginWithReadAccess( - testData.privilegePrefix, - `/app/security/administration/${testData.urlPath}` - ); - cy.getByTestSubj('header-page-title').contains(testData.title); - cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should('not.exist'); - cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist'); - cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should('not.exist'); - }); - - it(`read - should not be able to create a new ${testData.title} entry`, () => { - loginWithReadAccess( - testData.privilegePrefix, - `/app/security/administration/${testData.urlPath}` - ); - cy.getByTestSubj('header-page-title').contains(testData.title); - cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist'); - }); + it( + `read - should not be able to update/delete an existing ${testData.title} entry`, + // there is no such role in Serverless environment that only reads artifacts + { tags: ['@skipInServerless'] }, + () => { + loginWithReadAccess( + testData.privilegePrefix, + `/app/security/administration/${testData.urlPath}` + ); + cy.getByTestSubj('header-page-title').contains(testData.title); + cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should('not.exist'); + cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist'); + cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should('not.exist'); + } + ); + + it( + `read - should not be able to create a new ${testData.title} entry`, + // there is no such role in Serverless environment that only reads artifacts + { tags: ['@skipInServerless'] }, + () => { + loginWithReadAccess( + testData.privilegePrefix, + `/app/security/administration/${testData.urlPath}` + ); + cy.getByTestSubj('header-page-title').contains(testData.title); + cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist'); + } + ); it(`write - should be able to update an existing ${testData.title} entry`, () => { loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`); From 64da55637db90d2f51bff383338ed275aba7731c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Thu, 9 Nov 2023 18:05:36 +0100 Subject: [PATCH 3/5] update readme with skipInServerless --- .../security_solution/public/management/cypress/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugins/security_solution/public/management/cypress/README.md b/x-pack/plugins/security_solution/public/management/cypress/README.md index 65af201662c48..79689e650faea 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/README.md +++ b/x-pack/plugins/security_solution/public/management/cypress/README.md @@ -36,6 +36,7 @@ Similarly to Security Solution cypress tests, we use tags in order to select whi - `@serverless` includes a test in the Serverless test suite. You need to explicitly add this tag to any test you want to run against a Serverless environment. - `@ess` includes a test in the normal, non-Serverless test suite. You need to explicitly add this tag to any test you want to run against a non-Serverless environment. - `@brokenInServerless` excludes a test from the Serverless test suite (even if it's tagged as `@serverless`). Indicates that a test should run in Serverless, but currently is broken. +- `@skipInServerless` excludes a test from the Serverless test suite (even if it's tagged as `@serverless`). Indicates that we don't want to run the given test in Serverless. Important: if you don't provide any tag, your test won't be executed. From 08b0b8f7525f75a80694eea1713676d990f2f3bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Fri, 10 Nov 2023 11:43:40 +0100 Subject: [PATCH 4/5] use `indexEndpointHosts` in artifact cy tests --- .../artifact_tabs_in_policy_details.cy.ts | 14 ++++++++++---- .../e2e/artifacts/artifacts_mocked_data.cy.ts | 16 +++++++++++----- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts index 89be4061e9323..b6040691c485f 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts @@ -16,9 +16,10 @@ import { removeExceptionsList, yieldFirstPolicyID, } from '../../tasks/artifacts'; -import { loadEndpointDataForEventFiltersIfNeeded } from '../../tasks/load_endpoint_data'; import { login, ROLE } from '../../tasks/login'; import { performUserActions } from '../../tasks/perform_user_actions'; +import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts'; +import type { ReturnTypeFromChainable } from '../../types'; const loginWithPrivilegeAll = () => { login(ROLE.endpoint_policy_manager); @@ -59,14 +60,19 @@ const visitArtifactTab = (tabId: string) => { }; describe('Artifact tabs in Policy Details page', { tags: ['@ess', '@serverless'] }, () => { + let endpointData: ReturnTypeFromChainable | undefined; + before(() => { - login(); - loadEndpointDataForEventFiltersIfNeeded(); + indexEndpointHosts().then((indexEndpoints) => { + endpointData = indexEndpoints; + }); }); after(() => { - login(); removeAllArtifacts(); + + endpointData?.cleanup(); + endpointData = undefined; }); for (const testData of getArtifactsListTestsData()) { diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts index ab21bfb9e14d1..e7f32820c00d7 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts @@ -12,7 +12,8 @@ import { loadPage } from '../../tasks/common'; import { getArtifactsListTestsData } from '../../fixtures/artifacts_page'; import { removeAllArtifacts } from '../../tasks/artifacts'; import { performUserActions } from '../../tasks/perform_user_actions'; -import { loadEndpointDataForEventFiltersIfNeeded } from '../../tasks/load_endpoint_data'; +import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts'; +import type { ReturnTypeFromChainable } from '../../types'; const loginWithWriteAccess = (url: string) => { login(ROLE.endpoint_policy_manager); @@ -31,16 +32,21 @@ const loginWithoutAccess = (url: string) => { }; describe('Artifacts pages', { tags: ['@ess', '@serverless'] }, () => { + let endpointData: ReturnTypeFromChainable | undefined; + before(() => { - login(); - loadEndpointDataForEventFiltersIfNeeded(); - // Clean artifacts data + indexEndpointHosts().then((indexEndpoints) => { + endpointData = indexEndpoints; + }); + removeAllArtifacts(); }); after(() => { - // Clean artifacts data removeAllArtifacts(); + + endpointData?.cleanup(); + endpointData = undefined; }); for (const testData of getArtifactsListTestsData()) { From 93f93b281a65b600edfe9721617ee7d616839052 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= Date: Fri, 10 Nov 2023 11:44:26 +0100 Subject: [PATCH 5/5] remove now unused `loadEndpointDataForEventFiltersIfNeeded` --- .../cypress/tasks/load_endpoint_data.ts | 28 ------------------- 1 file changed, 28 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/management/cypress/tasks/load_endpoint_data.ts diff --git a/x-pack/plugins/security_solution/public/management/cypress/tasks/load_endpoint_data.ts b/x-pack/plugins/security_solution/public/management/cypress/tasks/load_endpoint_data.ts deleted file mode 100644 index b8029a8528e94..0000000000000 --- a/x-pack/plugins/security_solution/public/management/cypress/tasks/load_endpoint_data.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { isEmpty } from 'lodash'; -import { BASE_ENDPOINT_ROUTE } from '../../../../common/endpoint/constants'; -import { runEndpointLoaderScript } from './run_endpoint_loader'; -import { request } from './common'; - -// Checks for Endpoint data and creates it if needed -export const loadEndpointDataForEventFiltersIfNeeded = () => { - request({ - method: 'POST', - url: `${BASE_ENDPOINT_ROUTE}/suggestions/eventFilters`, - body: { - field: 'agent.type', - query: '', - }, - failOnStatusCode: false, - }).then(({ body }) => { - if (isEmpty(body)) { - runEndpointLoaderScript(); - } - }); -};