Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Controls - Reserved Role Apps #30525

Merged
Merged
Changes from 1 commit
Commits
Show all changes
75 commits
Select commit Hold shift + click to select a range
8ae173a
Removing feature privileges from ml/monitoring/apm
kobelb Feb 1, 2019
49b39ce
Adding monitoring/ml/apm as hard-coded global privileges
kobelb Feb 1, 2019
b36b1b2
A poorly named abstraction enters the room
kobelb Feb 2, 2019
34aee5a
No more wildcards, starting to move some stuff around
kobelb Feb 5, 2019
b210249
Splitting out the feature privilege builders
kobelb Feb 6, 2019
0d67f4d
Using actions instead of relying on their implementation
kobelb Feb 6, 2019
5e6e1ce
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Feb 6, 2019
6708214
We don't need the saved object types any longer
kobelb Feb 6, 2019
df12744
Explicitly specifying some actions that used to rely on wildcards
kobelb Feb 6, 2019
fb369ce
Fixing api integration test for privileges
kobelb Feb 6, 2019
951ceb3
Test fixture plugin which adds the globaltype now specifies a feature
kobelb Feb 6, 2019
92e7e0b
Unauthorized to find unknown types now
kobelb Feb 6, 2019
3828811
Merge branch 'fc/no-wildcards' into fc/reserved/role-apps-3
kobelb Feb 6, 2019
a78bfe7
Adding reserved privileges tests
kobelb Feb 6, 2019
392819b
Adding reserved privileges in a designated reserved bucket
kobelb Feb 6, 2019
c0477ae
Fixing ui capability tests
kobelb Feb 7, 2019
8649157
Adding spaces api tests for apm/ml/monitoring users
kobelb Feb 7, 2019
132e7f4
Adding more roles to the security only ui capability tests
kobelb Feb 7, 2019
2912e7b
You can put a role with reserved privileges using the API
kobelb Feb 7, 2019
dbe36f6
Adding support to get roles with _reserved privileges
kobelb Feb 7, 2019
2044ccd
Adding APM functional tests
kobelb Feb 8, 2019
1ef0d2c
Adding monitoring functional tests
kobelb Feb 8, 2019
46a023d
Merge branch 'granular-app-privileges' into fc/reserved-role-apps-3
kobelb Feb 8, 2019
7fe8e30
Fixing typo
kobelb Feb 8, 2019
03bb72c
Ensuring apm_user, monitoring_user alone don't authorize you
kobelb Feb 8, 2019
cb19823
Adding ml functional tests
kobelb Feb 8, 2019
d9e38b9
Fixing test
kobelb Feb 8, 2019
e467f1b
Fixing some type errors
kobelb Feb 8, 2019
d6031f3
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Feb 8, 2019
908a364
Updating snapshots
kobelb Feb 8, 2019
c1634bb
Fixing privileges tests
kobelb Feb 8, 2019
5396c6f
Trying to force this to run from source
kobelb Feb 8, 2019
13572f3
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Feb 11, 2019
b250672
Fixing TS errors
kobelb Feb 11, 2019
f3d8376
Being a less noisy neighbor
kobelb Feb 11, 2019
0693a06
Forcing logout for apm/dashboard feature controls security tests
kobelb Feb 11, 2019
71785e4
Fixing the security only ui capability tests
kobelb Feb 12, 2019
cd3b11a
Removing test that monitoring now tests itself
kobelb Feb 12, 2019
c6a5570
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Feb 15, 2019
b3a048e
Fixing some ui capability tests
kobelb Feb 15, 2019
6c28a1e
Cleaning up the error page services
kobelb Feb 15, 2019
db19c22
Fixing misspelling in comment
kobelb Feb 15, 2019
50b5ddd
Using forceLogout for monitoring
kobelb Feb 15, 2019
10bbc4e
Removing code that never should have been there, sorry Larry
kobelb Feb 15, 2019
f724694
Less leniency with the get roles
kobelb Feb 15, 2019
fa44f66
Barely alphabetical for a bit
kobelb Feb 15, 2019
1e4ca00
Apply suggestions from code review
legrego Feb 15, 2019
3a5033b
Removing errant timeout
kobelb Feb 15, 2019
03ee483
No more hard coded esFrom source
kobelb Feb 15, 2019
0671209
More nits
kobelb Feb 15, 2019
b71cd27
Adding back esFrom source
kobelb Feb 16, 2019
c833a41
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Mar 15, 2019
11ed79a
APM no longer uses reserved privileges, reserved privileges are
kobelb Mar 15, 2019
13f8831
Fixing typescript errors
kobelb Mar 18, 2019
3f75085
Fixing ui capability test themselves
kobelb Mar 18, 2019
031d1fa
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Mar 18, 2019
0b265c3
Displaying reserved privileges for the space aware and simple forms
kobelb Mar 19, 2019
736712f
Removing ability to PUT roles with _reserved privileges.
kobelb Mar 19, 2019
1a495fd
Updating jest snapshots
kobelb Mar 21, 2019
70a9ffc
Changing the interface for a feature to register a reserved privilege to
kobelb Mar 21, 2019
b7ac747
Displaying features with reserved privileges in the feature table
kobelb Mar 22, 2019
92efdb0
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Mar 22, 2019
7567c9a
Adjusting the reserved role privileges unit tests
kobelb Mar 22, 2019
8c124cb
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Mar 22, 2019
d98c6ca
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Mar 29, 2019
61ed5b1
Changing usages of expect.js to @kbn/expect
kobelb Mar 29, 2019
accf3e8
Changing the CalculatedPrivilege's _reserved property to reserved
kobelb Apr 1, 2019
6dbe5c2
Allowing reserved privileges to be assigned at kibana-*
kobelb Apr 1, 2019
5609563
Updating forgotten snapshot
kobelb Apr 1, 2019
1f3e709
Validating reserved privileges
kobelb Apr 2, 2019
a040191
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Apr 4, 2019
2c5ab8f
Updating imports
kobelb Apr 4, 2019
773a308
Merge remote-tracking branch 'upstream/granular-app-privileges' into …
kobelb Apr 9, 2019
951b4f5
Removing --esFrom flag, we don't need it anymore
kobelb Apr 9, 2019
5cdc103
Switching from tslint's ignore to eslint's ignore
kobelb Apr 9, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Adding APM functional tests
  • Loading branch information
kobelb committed Feb 8, 2019

Unverified

No user is associated with the committer email.
commit 2044ccd6aae089b3d37f25195303b433bf0ecacc
5 changes: 5 additions & 0 deletions test/functional/page_objects/common_page.js
Original file line number Diff line number Diff line change
@@ -353,6 +353,11 @@ export function CommonPageProvider({ getService, getPageObjects }) {
}
}
}

async getBodyText() {
const el = await find.byCssSelector('body>pre');
return await el.getVisibleText();
}
}

return new CommonPage();
2 changes: 1 addition & 1 deletion x-pack/plugins/apm/public/components/app/Main/index.js
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@ const MainContainer = styled.div`

export default function Main() {
return (
<MainContainer>
<MainContainer data-test-subj="apm-main-container">
<UpdateBreadcrumbs />
<Route component={ConnectRouterToRedux} />
<Route component={ScrollToTopOnPathChange} />
91 changes: 91 additions & 0 deletions x-pack/test/functional/apps/apm/feature_controls/apm_security.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import expect from 'expect.js';
import { SecurityService } from 'x-pack/test/common/services';
import { KibanaFunctionalTestDefaultProviders } from '../../../../types/providers';

// tslint:disable:no-default-export
export default function({ getPageObjects, getService }: KibanaFunctionalTestDefaultProviders) {
const esArchiver = getService('esArchiver');
const security: SecurityService = getService('security');
const appsMenu = getService('appsMenu');
const PageObjects = getPageObjects(['common', 'security']);

describe('security', () => {
before(async () => {
await esArchiver.load('empty_kibana');

await security.role.create('global_all_role', {
elasticsearch: {
indices: [{ names: ['logstash-*'], privileges: ['read', 'view_index_metadata'] }],
},
kibana: [
{
base: ['all'],
spaces: ['*'],
},
],
});

// ensure we're logged out so we can login as the appropriate users
await PageObjects.security.logout();
});

after(async () => {
await esArchiver.unload('empty_kibana');
await security.role.delete('global_all_role');

// logout, so the other tests don't accidentally run as the custom users we're testing below
await PageObjects.security.logout();
});

describe('global all', () => {
before(async () => {
await security.user.create('global_all', {
password: 'global_all-password',
roles: ['global_all_role'],
full_name: 'global all',
});

await PageObjects.security.login('global_all', 'global_all-password');
});

after(async () => {
await security.user.delete('global_all');
});

it(`doens't show apm navlink`, async () => {
const navLinks = (await appsMenu.readLinks()).map(
(link: Record<string, string>) => link.text
);
expect(navLinks).not.to.contain('APM');
});
});

describe('apm_user and global all', () => {
before(async () => {
await security.user.create('apm_user', {
password: 'apm_user-password',
roles: ['apm_user', 'global_all_role'],
full_name: 'apm user',
});

await PageObjects.security.login('apm_user', 'apm_user-password');
});

after(async () => {
await security.user.delete('apm_user');
});

it('shows apm navlink', async () => {
const navLinks = (await appsMenu.readLinks()).map(
(link: Record<string, string>) => link.text
);
expect(navLinks).to.contain('APM');
});
});
});
}
100 changes: 100 additions & 0 deletions x-pack/test/functional/apps/apm/feature_controls/apm_spaces.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import expect from 'expect.js';
import { SpacesService } from 'x-pack/test/common/services';
import { KibanaFunctionalTestDefaultProviders } from '../../../../types/providers';

// tslint:disable:no-default-export
export default function({ getPageObjects, getService }: KibanaFunctionalTestDefaultProviders) {
const esArchiver = getService('esArchiver');
const spacesService: SpacesService = getService('spaces');
const PageObjects = getPageObjects(['common', 'dashboard', 'security', 'spaceSelector']);
const appsMenu = getService('appsMenu');
const testSubjects = getService('testSubjects');

describe.only('spaces', () => {
before(async () => {
await esArchiver.load('empty_kibana');
});

after(async () => {
await esArchiver.unload('empty_kibana');
});

describe('space with no features disabled', () => {
before(async () => {
await spacesService.create({
id: 'custom_space',
name: 'custom_space',
disabledFeatures: [],
});
});

after(async () => {
await spacesService.delete('custom_space');
});

it('shows apm navlink', async () => {
await PageObjects.common.navigateToApp('home', {
basePath: '/s/custom_space',
});
const navLinks = (await appsMenu.readLinks()).map(
(link: Record<string, string>) => link.text
);
expect(navLinks).to.contain('APM');
});

it(`can navigate to app`, async () => {
await PageObjects.common.navigateToApp('apm', {
basePath: '/s/custom_space',
});

await testSubjects.existOrFail('apm-main-container', 10000);
kobelb marked this conversation as resolved.
Show resolved Hide resolved
});
});

describe('space with APM disabled', () => {
before(async () => {
await spacesService.create({
id: 'custom_space',
name: 'custom_space',
disabledFeatures: ['apm'],
});
});

after(async () => {
await spacesService.delete('custom_space');
});

it(`doesn't show apm navlink`, async () => {
await PageObjects.common.navigateToApp('home', {
basePath: '/s/custom_space',
});
const navLinks = (await appsMenu.readLinks()).map(
(link: Record<string, string>) => link.text
);
expect(navLinks).not.to.contain('APM');
});

it(`navigating to app returns a 404`, async () => {
await PageObjects.common.navigateToUrl('apm', '', {
basePath: '/s/custom_space',
shouldLoginIfPrompted: false,
ensureCurrentUrl: false,
});

const messageText = await PageObjects.common.getBodyText();
expect(messageText).to.eql(
JSON.stringify({
statusCode: 404,
error: 'Not Found',
message: 'Not Found',
})
);
});
});
});
}
14 changes: 14 additions & 0 deletions x-pack/test/functional/apps/apm/feature_controls/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import { KibanaFunctionalTestDefaultProviders } from '../../../../types/providers';

// tslint:disable:no-default-export
export default function({ loadTestFile }: KibanaFunctionalTestDefaultProviders) {
describe('feature controls', () => {
loadTestFile(require.resolve('./apm_security'));
loadTestFile(require.resolve('./apm_spaces'));
});
}
15 changes: 15 additions & 0 deletions x-pack/test/functional/apps/apm/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import { KibanaFunctionalTestDefaultProviders } from '../../../types/providers';

// tslint:disable:no-default-export
export default function({ loadTestFile }: KibanaFunctionalTestDefaultProviders) {
describe('apm', function() {
this.tags('ciGroup3');

loadTestFile(require.resolve('./feature_controls'));
});
}
4 changes: 4 additions & 0 deletions x-pack/test/functional/config.js
Original file line number Diff line number Diff line change
@@ -77,6 +77,7 @@ export default async function ({ readConfigFile }) {
return {
// list paths to the files that contain your plugins tests
testFiles: [
resolve(__dirname, './apps/apm'),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: apm > advanced settings if you were going for an alpha-sorted list

resolve(__dirname, './apps/canvas'),
resolve(__dirname, './apps/graph'),
resolve(__dirname, './apps/monitoring'),
@@ -212,6 +213,9 @@ export default async function ({ readConfigFile }) {
},
uptime: {
pathname: '/app/uptime',
},
apm: {
pathname: '/app/apm'
}
},