From 07566912242e6adaeb84ac2ccc1e71e6a297315f Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Fri, 17 Jul 2020 08:53:57 -0400 Subject: [PATCH 1/9] introduce reserved ml privilege for the apm_user role --- x-pack/plugins/infra/server/features.ts | 12 +-- .../plugins/ml/common/types/capabilities.ts | 16 ++++ x-pack/plugins/ml/server/plugin.ts | 6 +- .../authorization/disable_ui_capabilities.ts | 9 +-- .../feature_privilege_builder/navlink.ts | 5 +- .../privileges/privileges.test.ts | 25 +------ .../security_solution/server/plugin.ts | 2 +- .../capabilities/capabilities_switcher.ts | 3 +- .../apis/security/privileges.ts | 2 +- .../apis/security/privileges_basic.ts | 2 +- .../apps/infra/feature_controls/index.ts | 6 +- .../infrastructure_security.ts | 38 +++++++--- .../infra/feature_controls/logs_security.ts | 36 ++++++--- x-pack/test/functional/apps/infra/index.ts | 12 +-- x-pack/test/functional/config.js | 74 +++++++++---------- .../test/ui_capabilities/common/features.ts | 2 +- .../plugins/foo_plugin/server/index.ts | 6 +- .../common/nav_links_builder.ts | 12 +-- .../common/services/features.ts | 2 +- .../common/services/ui_capabilities.ts | 2 +- 20 files changed, 147 insertions(+), 125 deletions(-) diff --git a/x-pack/plugins/infra/server/features.ts b/x-pack/plugins/infra/server/features.ts index fa228e03194a9..9393bfc1bdbf1 100644 --- a/x-pack/plugins/infra/server/features.ts +++ b/x-pack/plugins/infra/server/features.ts @@ -14,11 +14,11 @@ export const METRICS_FEATURE = { order: 700, icon: 'metricsApp', navLinkId: 'metrics', - app: ['infra', 'kibana'], + app: ['infra', 'metrics', 'kibana'], catalogue: ['infraops'], privileges: { all: { - app: ['infra', 'kibana'], + app: ['infra', 'metrics', 'kibana'], catalogue: ['infraops'], api: ['infra', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'], savedObject: { @@ -38,7 +38,7 @@ export const METRICS_FEATURE = { ], }, read: { - app: ['infra', 'kibana'], + app: ['infra', 'metrics', 'kibana'], catalogue: ['infraops'], api: ['infra', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'], savedObject: { @@ -66,11 +66,11 @@ export const LOGS_FEATURE = { order: 800, icon: 'logsApp', navLinkId: 'logs', - app: ['infra', 'kibana'], + app: ['infra', 'logs', 'kibana'], catalogue: ['infralogging'], privileges: { all: { - app: ['infra', 'kibana'], + app: ['infra', 'logs', 'kibana'], catalogue: ['infralogging'], api: ['infra'], savedObject: { @@ -80,7 +80,7 @@ export const LOGS_FEATURE = { ui: ['show', 'configureSource', 'save'], }, read: { - app: ['infra', 'kibana'], + app: ['infra', 'logs', 'kibana'], catalogue: ['infralogging'], api: ['infra'], savedObject: { diff --git a/x-pack/plugins/ml/common/types/capabilities.ts b/x-pack/plugins/ml/common/types/capabilities.ts index b46dd87eec15f..4cdc8539e86fd 100644 --- a/x-pack/plugins/ml/common/types/capabilities.ts +++ b/x-pack/plugins/ml/common/types/capabilities.ts @@ -7,6 +7,10 @@ import { KibanaRequest } from 'kibana/server'; import { PLUGIN_ID } from '../constants/app'; +export const apmUserMlCapabilities = { + canGetJobs: false, +}; + export const userMlCapabilities = { canAccessML: false, // Anomaly Detection @@ -68,6 +72,7 @@ export function getDefaultCapabilities(): MlCapabilities { } export function getPluginPrivileges() { + const apmUserMlCapabilitiesKeys = Object.keys(apmUserMlCapabilities); const userMlCapabilitiesKeys = Object.keys(userMlCapabilities); const adminMlCapabilitiesKeys = Object.keys(adminMlCapabilities); const allMlCapabilitiesKeys = [...adminMlCapabilitiesKeys, ...userMlCapabilitiesKeys]; @@ -96,6 +101,17 @@ export function getPluginPrivileges() { api: userMlCapabilitiesKeys.map((k) => `ml:${k}`), ui: userMlCapabilitiesKeys, }, + apmUser: { + excludeFromBasePrivileges: true, + app: [], + catalogue: [], + savedObject: { + all: [], + read: [], + }, + api: apmUserMlCapabilitiesKeys.map((k) => `ml:${k}`), + ui: apmUserMlCapabilitiesKeys, + }, }; } diff --git a/x-pack/plugins/ml/server/plugin.ts b/x-pack/plugins/ml/server/plugin.ts index 812db744d1bda..3c3824a785032 100644 --- a/x-pack/plugins/ml/server/plugin.ts +++ b/x-pack/plugins/ml/server/plugin.ts @@ -75,7 +75,7 @@ export class MlServerPlugin implements Plugin [feature.navLinkId, ...feature.app]) + .flatMap((feature) => feature.app) .filter((navLinkId) => navLinkId != null); const shouldDisableFeatureUICapability = ( diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/navlink.ts b/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/navlink.ts index f25632407be86..a6e5a01c7dba8 100644 --- a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/navlink.ts +++ b/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/navlink.ts @@ -9,9 +9,6 @@ import { BaseFeaturePrivilegeBuilder } from './feature_privilege_builder'; export class FeaturePrivilegeNavlinkBuilder extends BaseFeaturePrivilegeBuilder { public getActions(privilegeDefinition: FeatureKibanaPrivileges, feature: Feature): string[] { - const appNavLinks = feature.app.map((app) => this.actions.ui.get('navLinks', app)); - return feature.navLinkId - ? [this.actions.ui.get('navLinks', feature.navLinkId), ...appNavLinks] - : appNavLinks; + return (privilegeDefinition.app ?? []).map((app) => this.actions.ui.get('navLinks', app)); } } diff --git a/x-pack/plugins/security/server/authorization/privileges/privileges.test.ts b/x-pack/plugins/security/server/authorization/privileges/privileges.test.ts index d8ece8f68d425..89ac73c220756 100644 --- a/x-pack/plugins/security/server/authorization/privileges/privileges.test.ts +++ b/x-pack/plugins/security/server/authorization/privileges/privileges.test.ts @@ -54,20 +54,8 @@ describe('features', () => { const actual = privileges.get(); expect(actual).toHaveProperty('features.foo-feature', { - all: [ - actions.login, - actions.version, - actions.ui.get('navLinks', 'kibana:foo'), - actions.ui.get('navLinks', 'app-1'), - actions.ui.get('navLinks', 'app-2'), - ], - read: [ - actions.login, - actions.version, - actions.ui.get('navLinks', 'kibana:foo'), - actions.ui.get('navLinks', 'app-1'), - actions.ui.get('navLinks', 'app-2'), - ], + all: [actions.login, actions.version], + read: [actions.login, actions.version], }); }); @@ -275,7 +263,6 @@ describe('features', () => { actions.ui.get('catalogue', 'all-catalogue-2'), actions.ui.get('management', 'all-management', 'all-management-1'), actions.ui.get('management', 'all-management', 'all-management-2'), - actions.ui.get('navLinks', 'kibana:foo'), actions.savedObject.get('all-savedObject-all-1', 'bulk_get'), actions.savedObject.get('all-savedObject-all-1', 'get'), actions.savedObject.get('all-savedObject-all-1', 'find'), @@ -386,7 +373,6 @@ describe('features', () => { actions.ui.get('catalogue', 'read-catalogue-2'), actions.ui.get('management', 'read-management', 'read-management-1'), actions.ui.get('management', 'read-management', 'read-management-2'), - actions.ui.get('navLinks', 'kibana:foo'), actions.savedObject.get('read-savedObject-all-1', 'bulk_get'), actions.savedObject.get('read-savedObject-all-1', 'get'), actions.savedObject.get('read-savedObject-all-1', 'find'), @@ -644,12 +630,7 @@ describe('reserved', () => { const privileges = privilegesFactory(actions, mockXPackMainPlugin as any, mockLicenseService); const actual = privileges.get(); - expect(actual).toHaveProperty('reserved.foo', [ - actions.version, - actions.ui.get('navLinks', 'kibana:foo'), - actions.ui.get('navLinks', 'app-1'), - actions.ui.get('navLinks', 'app-2'), - ]); + expect(actual).toHaveProperty('reserved.foo', [actions.version]); }); test(`actions only specified at the privilege are alright too`, () => { diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts index 17192057d2ad3..7c7fbb07caa27 100644 --- a/x-pack/plugins/security_solution/server/plugin.ts +++ b/x-pack/plugins/security_solution/server/plugin.ts @@ -161,7 +161,7 @@ export class Plugin implements IPlugin { + feature.app.forEach((app) => { if (navLinks.hasOwnProperty(app) && !enabledAppEntries.has(app)) { navLinks[app] = false; } diff --git a/x-pack/test/api_integration/apis/security/privileges.ts b/x-pack/test/api_integration/apis/security/privileges.ts index 59fcfae5db3cf..b3de255ce874a 100644 --- a/x-pack/test/api_integration/apis/security/privileges.ts +++ b/x-pack/test/api_integration/apis/security/privileges.ts @@ -41,7 +41,7 @@ export default function ({ getService }: FtrProviderContext) { }, global: ['all', 'read'], space: ['all', 'read'], - reserved: ['ml_user', 'ml_admin', 'monitoring'], + reserved: ['ml_user', 'ml_admin', 'ml_apm_user', 'monitoring'], }; await supertest diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 5c2a2875852d6..4bbdb644fec90 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -39,7 +39,7 @@ export default function ({ getService }: FtrProviderContext) { }, global: ['all', 'read'], space: ['all', 'read'], - reserved: ['ml_user', 'ml_admin', 'monitoring'], + reserved: ['ml_user', 'ml_admin', 'ml_apm_user', 'monitoring'], }; await supertest diff --git a/x-pack/test/functional/apps/infra/feature_controls/index.ts b/x-pack/test/functional/apps/infra/feature_controls/index.ts index bb05aa93a7b36..2d1af3e5f41f2 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/index.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/index.ts @@ -10,8 +10,8 @@ export default function ({ loadTestFile }: FtrProviderContext) { describe('feature controls', function () { this.tags('skipFirefox'); loadTestFile(require.resolve('./infrastructure_security')); - loadTestFile(require.resolve('./infrastructure_spaces')); - loadTestFile(require.resolve('./logs_security')); - loadTestFile(require.resolve('./logs_spaces')); + // loadTestFile(require.resolve('./infrastructure_spaces')); + // loadTestFile(require.resolve('./logs_security')); + // loadTestFile(require.resolve('./logs_spaces')); }); } diff --git a/x-pack/test/functional/apps/infra/feature_controls/infrastructure_security.ts b/x-pack/test/functional/apps/infra/feature_controls/infrastructure_security.ts index 971826112a3e2..b5ad66fc2bfb5 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/infrastructure_security.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/infrastructure_security.ts @@ -423,19 +423,33 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { expect(navLinks).to.not.contain(['Metrics']); }); - it(`metrics app is inaccessible and Application Not Found message is rendered`, async () => { - await PageObjects.common.navigateToApp('infraOps'); - await testSubjects.existOrFail('~appNotFoundPageContent'); - await PageObjects.common.navigateToUrlWithBrowserHistory( - 'infraOps', - '/inventory', - undefined, - { - ensureCurrentUrl: false, - shouldLoginIfPrompted: false, - } + it(`metrics app is inaccessible and returns a 404`, async () => { + await PageObjects.common.navigateToActualUrl('infraOps', '', { + ensureCurrentUrl: false, + shouldLoginIfPrompted: false, + }); + let messageText = await PageObjects.common.getBodyText(); + expect(messageText).to.eql( + JSON.stringify({ + statusCode: 404, + error: 'Not Found', + message: 'Not Found', + }) + ); + + await PageObjects.common.navigateToActualUrl('infraOps', 'inventory', { + ensureCurrentUrl: false, + shouldLoginIfPrompted: false, + }); + + messageText = await PageObjects.common.getBodyText(); + expect(messageText).to.eql( + JSON.stringify({ + statusCode: 404, + error: 'Not Found', + message: 'Not Found', + }) ); - await testSubjects.existOrFail('~appNotFoundPageContent'); }); }); }); diff --git a/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts b/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts index c7d94f86ea420..6a88dadc523cd 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts @@ -187,19 +187,31 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { expect(navLinks).to.not.contain('Logs'); }); - it(`logs app is inaccessible and Application Not Found message is rendered`, async () => { - await PageObjects.common.navigateToApp('infraLogs'); - await testSubjects.existOrFail('~appNotFoundPageContent'); - await PageObjects.common.navigateToUrlWithBrowserHistory( - 'infraLogs', - '/stream', - undefined, - { - ensureCurrentUrl: false, - shouldLoginIfPrompted: false, - } + it(`logs app is inaccessible and returns a 404`, async () => { + await PageObjects.common.navigateToActualUrl('infraLogs', '', { + ensureCurrentUrl: false, + shouldLoginIfPrompted: false, + }); + let messageText = await PageObjects.common.getBodyText(); + expect(messageText).to.eql( + JSON.stringify({ + statusCode: 404, + error: 'Not Found', + message: 'Not Found', + }) + ); + await PageObjects.common.navigateToActualUrl('infraLogs', 'stream', { + ensureCurrentUrl: false, + shouldLoginIfPrompted: false, + }); + messageText = await PageObjects.common.getBodyText(); + expect(messageText).to.eql( + JSON.stringify({ + statusCode: 404, + error: 'Not Found', + message: 'Not Found', + }) ); - await testSubjects.existOrFail('~appNotFoundPageContent'); }); }); }); diff --git a/x-pack/test/functional/apps/infra/index.ts b/x-pack/test/functional/apps/infra/index.ts index 8fd3b705a7237..a16eff990a6d0 100644 --- a/x-pack/test/functional/apps/infra/index.ts +++ b/x-pack/test/functional/apps/infra/index.ts @@ -10,12 +10,12 @@ export default ({ loadTestFile }: FtrProviderContext) => { describe('InfraOps app', function () { this.tags('ciGroup7'); - loadTestFile(require.resolve('./home_page')); + // loadTestFile(require.resolve('./home_page')); loadTestFile(require.resolve('./feature_controls')); - loadTestFile(require.resolve('./log_entry_categories_tab')); - loadTestFile(require.resolve('./log_entry_rate_tab')); - loadTestFile(require.resolve('./logs_source_configuration')); - loadTestFile(require.resolve('./metrics_source_configuration')); - loadTestFile(require.resolve('./link_to')); + // loadTestFile(require.resolve('./log_entry_categories_tab')); + // loadTestFile(require.resolve('./log_entry_rate_tab')); + // loadTestFile(require.resolve('./logs_source_configuration')); + // loadTestFile(require.resolve('./metrics_source_configuration')); + // loadTestFile(require.resolve('./link_to')); }); }; diff --git a/x-pack/test/functional/config.js b/x-pack/test/functional/config.js index 5c13e430ae2ca..3464715a877d0 100644 --- a/x-pack/test/functional/config.js +++ b/x-pack/test/functional/config.js @@ -22,45 +22,45 @@ export default async function ({ readConfigFile }) { return { // list paths to the files that contain your plugins tests testFiles: [ - resolve(__dirname, './apps/advanced_settings'), - resolve(__dirname, './apps/canvas'), - resolve(__dirname, './apps/graph'), - resolve(__dirname, './apps/monitoring'), - resolve(__dirname, './apps/watcher'), - resolve(__dirname, './apps/dashboard'), - resolve(__dirname, './apps/dashboard_mode'), - resolve(__dirname, './apps/discover'), - resolve(__dirname, './apps/security'), - resolve(__dirname, './apps/spaces'), - resolve(__dirname, './apps/lens'), - resolve(__dirname, './apps/logstash'), - resolve(__dirname, './apps/grok_debugger'), + // resolve(__dirname, './apps/advanced_settings'), + // resolve(__dirname, './apps/canvas'), + // resolve(__dirname, './apps/graph'), + // resolve(__dirname, './apps/monitoring'), + // resolve(__dirname, './apps/watcher'), + // resolve(__dirname, './apps/dashboard'), + // resolve(__dirname, './apps/dashboard_mode'), + // resolve(__dirname, './apps/discover'), + // resolve(__dirname, './apps/security'), + // resolve(__dirname, './apps/spaces'), + // resolve(__dirname, './apps/lens'), + // resolve(__dirname, './apps/logstash'), + // resolve(__dirname, './apps/grok_debugger'), resolve(__dirname, './apps/infra'), - resolve(__dirname, './apps/ml'), - resolve(__dirname, './apps/rollup_job'), - resolve(__dirname, './apps/maps'), - resolve(__dirname, './apps/status_page'), - resolve(__dirname, './apps/timelion'), - resolve(__dirname, './apps/upgrade_assistant'), - resolve(__dirname, './apps/visualize'), - resolve(__dirname, './apps/uptime'), - resolve(__dirname, './apps/saved_objects_management'), - resolve(__dirname, './apps/dev_tools'), - resolve(__dirname, './apps/apm'), - resolve(__dirname, './apps/api_keys'), - resolve(__dirname, './apps/index_patterns'), - resolve(__dirname, './apps/index_management'), - resolve(__dirname, './apps/index_lifecycle_management'), - resolve(__dirname, './apps/ingest_pipelines'), - resolve(__dirname, './apps/snapshot_restore'), - resolve(__dirname, './apps/cross_cluster_replication'), - resolve(__dirname, './apps/remote_clusters'), - resolve(__dirname, './apps/transform'), - resolve(__dirname, './apps/reporting_management'), - resolve(__dirname, './apps/management'), + // resolve(__dirname, './apps/ml'), + // resolve(__dirname, './apps/rollup_job'), + // resolve(__dirname, './apps/maps'), + // resolve(__dirname, './apps/status_page'), + // resolve(__dirname, './apps/timelion'), + // resolve(__dirname, './apps/upgrade_assistant'), + // resolve(__dirname, './apps/visualize'), + // resolve(__dirname, './apps/uptime'), + // resolve(__dirname, './apps/saved_objects_management'), + // resolve(__dirname, './apps/dev_tools'), + // resolve(__dirname, './apps/apm'), + // resolve(__dirname, './apps/api_keys'), + // resolve(__dirname, './apps/index_patterns'), + // resolve(__dirname, './apps/index_management'), + // resolve(__dirname, './apps/index_lifecycle_management'), + // resolve(__dirname, './apps/ingest_pipelines'), + // resolve(__dirname, './apps/snapshot_restore'), + // resolve(__dirname, './apps/cross_cluster_replication'), + // resolve(__dirname, './apps/remote_clusters'), + // resolve(__dirname, './apps/transform'), + // resolve(__dirname, './apps/reporting_management'), + // resolve(__dirname, './apps/management'), - // This license_management file must be last because it is destructive. - resolve(__dirname, './apps/license_management'), + // // This license_management file must be last because it is destructive. + // resolve(__dirname, './apps/license_management'), ], services, diff --git a/x-pack/test/ui_capabilities/common/features.ts b/x-pack/test/ui_capabilities/common/features.ts index 3c015bc21e937..e3febc945c299 100644 --- a/x-pack/test/ui_capabilities/common/features.ts +++ b/x-pack/test/ui_capabilities/common/features.ts @@ -5,7 +5,7 @@ */ interface Feature { - navLinkId: string; + app: string[]; } export interface Features { diff --git a/x-pack/test/ui_capabilities/common/fixtures/plugins/foo_plugin/server/index.ts b/x-pack/test/ui_capabilities/common/fixtures/plugins/foo_plugin/server/index.ts index bff794801119a..5c80b4283a69b 100644 --- a/x-pack/test/ui_capabilities/common/fixtures/plugins/foo_plugin/server/index.ts +++ b/x-pack/test/ui_capabilities/common/fixtures/plugins/foo_plugin/server/index.ts @@ -19,11 +19,11 @@ class FooPlugin implements Plugin { name: 'Foo', icon: 'upArrow', navLinkId: 'foo_plugin', - app: ['kibana'], + app: ['foo_plugin', 'kibana'], catalogue: ['foo'], privileges: { all: { - app: ['kibana'], + app: ['foo_plugin', 'kibana'], catalogue: ['foo'], savedObject: { all: ['foo'], @@ -32,7 +32,7 @@ class FooPlugin implements Plugin { ui: ['create', 'edit', 'delete', 'show'], }, read: { - app: ['kibana'], + app: ['foo_plugin', 'kibana'], catalogue: ['foo'], savedObject: { all: [], diff --git a/x-pack/test/ui_capabilities/common/nav_links_builder.ts b/x-pack/test/ui_capabilities/common/nav_links_builder.ts index b20a499ba7e20..472aaac0c1b9c 100644 --- a/x-pack/test/ui_capabilities/common/nav_links_builder.ts +++ b/x-pack/test/ui_capabilities/common/nav_links_builder.ts @@ -13,11 +13,11 @@ export class NavLinksBuilder { ...features, // management isn't a first-class "feature", but it makes our life easier here to pretend like it is management: { - navLinkId: 'kibana:stack_management', + app: ['kibana:stack_management'], }, // TODO: Temp until navLinkIds fix is merged in - appSearch: { - navLinkId: 'appSearch', + kibana: { + app: ['kibana'], }, }; } @@ -38,9 +38,9 @@ export class NavLinksBuilder { private build(callback: buildCallback): Record { const navLinks = {} as Record; for (const [featureId, feature] of Object.entries(this.features)) { - if (feature.navLinkId) { - navLinks[feature.navLinkId] = callback(featureId); - } + feature.app.forEach((app) => { + navLinks[app] = callback(featureId); + }); } return navLinks; diff --git a/x-pack/test/ui_capabilities/common/services/features.ts b/x-pack/test/ui_capabilities/common/services/features.ts index 0f796c1d0a0cc..5f6ec0ad050c7 100644 --- a/x-pack/test/ui_capabilities/common/services/features.ts +++ b/x-pack/test/ui_capabilities/common/services/features.ts @@ -40,7 +40,7 @@ export class FeaturesService { (acc: Features, feature: any) => ({ ...acc, [feature.id]: { - navLinkId: feature.navLinkId, + app: feature.app, }, }), {} diff --git a/x-pack/test/ui_capabilities/common/services/ui_capabilities.ts b/x-pack/test/ui_capabilities/common/services/ui_capabilities.ts index bb1f3b6eefe4a..7f831973aea5c 100644 --- a/x-pack/test/ui_capabilities/common/services/ui_capabilities.ts +++ b/x-pack/test/ui_capabilities/common/services/ui_capabilities.ts @@ -52,7 +52,7 @@ export class UICapabilitiesService { }): Promise { const features = await this.featureService.get(); const applications = Object.values(features) - .map((feature) => feature.navLinkId) + .flatMap((feature) => feature.app) .filter((link) => !!link); const spaceUrlPrefix = spaceId ? `/s/${spaceId}` : ''; From e9e1dd3d19378322ec8fe12b99051ae37d118502 Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Fri, 17 Jul 2020 13:53:25 -0400 Subject: [PATCH 2/9] remove duplicate app id from siem --- x-pack/plugins/security_solution/server/plugin.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts index 7c7fbb07caa27..17192057d2ad3 100644 --- a/x-pack/plugins/security_solution/server/plugin.ts +++ b/x-pack/plugins/security_solution/server/plugin.ts @@ -161,7 +161,7 @@ export class Plugin implements IPlugin Date: Fri, 17 Jul 2020 15:11:26 -0400 Subject: [PATCH 3/9] fixing capabilities tests --- .../server/authorization/disable_ui_capabilities.test.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts index 45f55b34baf96..9037970e80b69 100644 --- a/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts +++ b/x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts @@ -50,7 +50,7 @@ describe('usingPrivileges', () => { new Feature({ id: 'fooFeature', name: 'Foo Feature', - app: ['fooApp'], + app: ['fooApp', 'foo'], navLinkId: 'foo', privileges: null, }), @@ -126,7 +126,7 @@ describe('usingPrivileges', () => { new Feature({ id: 'fooFeature', name: 'Foo Feature', - app: [], + app: ['foo'], navLinkId: 'foo', privileges: null, }), @@ -259,7 +259,7 @@ describe('usingPrivileges', () => { id: 'barFeature', name: 'Bar Feature', navLinkId: 'bar', - app: [], + app: ['bar'], privileges: null, }), ], @@ -409,7 +409,7 @@ describe('all', () => { new Feature({ id: 'fooFeature', name: 'Foo Feature', - app: [], + app: ['foo'], navLinkId: 'foo', privileges: null, }), From 70e43cafd6bbd40df318fa013f7f36d27ac8cb73 Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Fri, 17 Jul 2020 16:13:04 -0400 Subject: [PATCH 4/9] restore appSearch workaround --- .../spaces/server/capabilities/capabilities_switcher.test.ts | 2 +- x-pack/test/ui_capabilities/common/nav_links_builder.ts | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts b/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts index 797d7fd1bdcc4..c9ea1b44e723d 100644 --- a/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts +++ b/x-pack/plugins/spaces/server/capabilities/capabilities_switcher.test.ts @@ -23,7 +23,7 @@ const features = ([ id: 'feature_2', name: 'Feature 2', navLinkId: 'feature2', - app: [], + app: ['feature2'], catalogue: ['feature2Entry'], management: { kibana: ['somethingElse'], diff --git a/x-pack/test/ui_capabilities/common/nav_links_builder.ts b/x-pack/test/ui_capabilities/common/nav_links_builder.ts index 472aaac0c1b9c..04ab08e08a2ba 100644 --- a/x-pack/test/ui_capabilities/common/nav_links_builder.ts +++ b/x-pack/test/ui_capabilities/common/nav_links_builder.ts @@ -16,6 +16,9 @@ export class NavLinksBuilder { app: ['kibana:stack_management'], }, // TODO: Temp until navLinkIds fix is merged in + appSearch: { + app: ['appSearch', 'workplaceSearch'], + }, kibana: { app: ['kibana'], }, From 1bbea52c7b8f06fa930e5c677a0bb1dde4a15574 Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Mon, 20 Jul 2020 07:43:13 -0400 Subject: [PATCH 5/9] add kibana workaround --- x-pack/test/ui_capabilities/security_only/tests/nav_links.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/ui_capabilities/security_only/tests/nav_links.ts b/x-pack/test/ui_capabilities/security_only/tests/nav_links.ts index 18838e536cf96..d7a0dfa1cf80a 100644 --- a/x-pack/test/ui_capabilities/security_only/tests/nav_links.ts +++ b/x-pack/test/ui_capabilities/security_only/tests/nav_links.ts @@ -57,7 +57,7 @@ export default function navLinksTests({ getService }: FtrProviderContext) { expect(uiCapabilities.success).to.be(true); expect(uiCapabilities.value).to.have.property('navLinks'); expect(uiCapabilities.value!.navLinks).to.eql( - navLinksBuilder.only('management', 'foo') + navLinksBuilder.only('management', 'foo', 'kibana') ); break; case 'legacy_all': From ad35b36f508e79bdc417bc3aa26ad1c41d6152f7 Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Mon, 20 Jul 2020 09:49:29 -0400 Subject: [PATCH 6/9] re-enable infra functional tests --- x-pack/test/functional/apps/infra/feature_controls/index.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/x-pack/test/functional/apps/infra/feature_controls/index.ts b/x-pack/test/functional/apps/infra/feature_controls/index.ts index 2d1af3e5f41f2..bb05aa93a7b36 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/index.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/index.ts @@ -10,8 +10,8 @@ export default function ({ loadTestFile }: FtrProviderContext) { describe('feature controls', function () { this.tags('skipFirefox'); loadTestFile(require.resolve('./infrastructure_security')); - // loadTestFile(require.resolve('./infrastructure_spaces')); - // loadTestFile(require.resolve('./logs_security')); - // loadTestFile(require.resolve('./logs_spaces')); + loadTestFile(require.resolve('./infrastructure_spaces')); + loadTestFile(require.resolve('./logs_security')); + loadTestFile(require.resolve('./logs_spaces')); }); } From 772eb83446e00968d722dc0fd1b30cb232a7aceb Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Mon, 20 Jul 2020 09:50:16 -0400 Subject: [PATCH 7/9] re-enable infra functional tests --- x-pack/test/functional/apps/infra/index.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/x-pack/test/functional/apps/infra/index.ts b/x-pack/test/functional/apps/infra/index.ts index a16eff990a6d0..8fd3b705a7237 100644 --- a/x-pack/test/functional/apps/infra/index.ts +++ b/x-pack/test/functional/apps/infra/index.ts @@ -10,12 +10,12 @@ export default ({ loadTestFile }: FtrProviderContext) => { describe('InfraOps app', function () { this.tags('ciGroup7'); - // loadTestFile(require.resolve('./home_page')); + loadTestFile(require.resolve('./home_page')); loadTestFile(require.resolve('./feature_controls')); - // loadTestFile(require.resolve('./log_entry_categories_tab')); - // loadTestFile(require.resolve('./log_entry_rate_tab')); - // loadTestFile(require.resolve('./logs_source_configuration')); - // loadTestFile(require.resolve('./metrics_source_configuration')); - // loadTestFile(require.resolve('./link_to')); + loadTestFile(require.resolve('./log_entry_categories_tab')); + loadTestFile(require.resolve('./log_entry_rate_tab')); + loadTestFile(require.resolve('./logs_source_configuration')); + loadTestFile(require.resolve('./metrics_source_configuration')); + loadTestFile(require.resolve('./link_to')); }); }; From e4db14c9cb6940a81576b79708afbc5238feb03e Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Mon, 20 Jul 2020 09:51:07 -0400 Subject: [PATCH 8/9] re-enable x-pack functional tests --- .../feature_controls/infrastructure_spaces.ts | 22 +++--- .../infra/feature_controls/logs_spaces.ts | 22 +++--- x-pack/test/functional/config.js | 72 +++++++++---------- 3 files changed, 56 insertions(+), 60 deletions(-) diff --git a/x-pack/test/functional/apps/infra/feature_controls/infrastructure_spaces.ts b/x-pack/test/functional/apps/infra/feature_controls/infrastructure_spaces.ts index 211a9ce718b56..1bf8ded69016b 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/infrastructure_spaces.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/infrastructure_spaces.ts @@ -79,21 +79,19 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }); it(`metrics app is inaccessible and Application Not Found message is rendered`, async () => { - await PageObjects.common.navigateToApp('infraOps', { + await PageObjects.common.navigateToActualUrl('infraOps', '', { + ensureCurrentUrl: false, + shouldLoginIfPrompted: false, basePath: '/s/custom_space', }); - await testSubjects.existOrFail('~appNotFoundPageContent'); - await PageObjects.common.navigateToUrlWithBrowserHistory( - 'infraOps', - '/inventory', - undefined, - { - basePath: '/s/custom_space', - ensureCurrentUrl: false, - shouldLoginIfPrompted: false, - } + const messageText = await PageObjects.common.getBodyText(); + expect(messageText).to.eql( + JSON.stringify({ + statusCode: 404, + error: 'Not Found', + message: 'Not Found', + }) ); - await testSubjects.existOrFail('~appNotFoundPageContent'); }); }); diff --git a/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts b/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts index 4d54539a4d09e..ea08307ccedd3 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts @@ -80,21 +80,19 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }); it(`logs app is inaccessible and Application Not Found message is rendered`, async () => { - await PageObjects.common.navigateToApp('infraLogs', { + await PageObjects.common.navigateToActualUrl('infraLogs', '', { + ensureCurrentUrl: false, + shouldLoginIfPrompted: false, basePath: '/s/custom_space', }); - await testSubjects.existOrFail('~appNotFoundPageContent'); - await PageObjects.common.navigateToUrlWithBrowserHistory( - 'infraLogs', - '/stream', - undefined, - { - basePath: '/s/custom_space', - ensureCurrentUrl: false, - shouldLoginIfPrompted: false, - } + const messageText = await PageObjects.common.getBodyText(); + expect(messageText).to.eql( + JSON.stringify({ + statusCode: 404, + error: 'Not Found', + message: 'Not Found', + }) ); - await testSubjects.existOrFail('~appNotFoundPageContent'); }); }); }); diff --git a/x-pack/test/functional/config.js b/x-pack/test/functional/config.js index 3464715a877d0..c59786727d9e4 100644 --- a/x-pack/test/functional/config.js +++ b/x-pack/test/functional/config.js @@ -22,45 +22,45 @@ export default async function ({ readConfigFile }) { return { // list paths to the files that contain your plugins tests testFiles: [ - // resolve(__dirname, './apps/advanced_settings'), - // resolve(__dirname, './apps/canvas'), - // resolve(__dirname, './apps/graph'), - // resolve(__dirname, './apps/monitoring'), - // resolve(__dirname, './apps/watcher'), - // resolve(__dirname, './apps/dashboard'), - // resolve(__dirname, './apps/dashboard_mode'), - // resolve(__dirname, './apps/discover'), - // resolve(__dirname, './apps/security'), - // resolve(__dirname, './apps/spaces'), - // resolve(__dirname, './apps/lens'), - // resolve(__dirname, './apps/logstash'), - // resolve(__dirname, './apps/grok_debugger'), + resolve(__dirname, './apps/advanced_settings'), + resolve(__dirname, './apps/canvas'), + resolve(__dirname, './apps/graph'), + resolve(__dirname, './apps/monitoring'), + resolve(__dirname, './apps/watcher'), + resolve(__dirname, './apps/dashboard'), + resolve(__dirname, './apps/dashboard_mode'), + resolve(__dirname, './apps/discover'), + resolve(__dirname, './apps/security'), + resolve(__dirname, './apps/spaces'), + resolve(__dirname, './apps/lens'), + resolve(__dirname, './apps/logstash'), + resolve(__dirname, './apps/grok_debugger'), resolve(__dirname, './apps/infra'), - // resolve(__dirname, './apps/ml'), - // resolve(__dirname, './apps/rollup_job'), - // resolve(__dirname, './apps/maps'), - // resolve(__dirname, './apps/status_page'), - // resolve(__dirname, './apps/timelion'), - // resolve(__dirname, './apps/upgrade_assistant'), - // resolve(__dirname, './apps/visualize'), - // resolve(__dirname, './apps/uptime'), - // resolve(__dirname, './apps/saved_objects_management'), - // resolve(__dirname, './apps/dev_tools'), - // resolve(__dirname, './apps/apm'), - // resolve(__dirname, './apps/api_keys'), - // resolve(__dirname, './apps/index_patterns'), - // resolve(__dirname, './apps/index_management'), - // resolve(__dirname, './apps/index_lifecycle_management'), - // resolve(__dirname, './apps/ingest_pipelines'), - // resolve(__dirname, './apps/snapshot_restore'), - // resolve(__dirname, './apps/cross_cluster_replication'), - // resolve(__dirname, './apps/remote_clusters'), - // resolve(__dirname, './apps/transform'), - // resolve(__dirname, './apps/reporting_management'), - // resolve(__dirname, './apps/management'), + resolve(__dirname, './apps/ml'), + resolve(__dirname, './apps/rollup_job'), + resolve(__dirname, './apps/maps'), + resolve(__dirname, './apps/status_page'), + resolve(__dirname, './apps/timelion'), + resolve(__dirname, './apps/upgrade_assistant'), + resolve(__dirname, './apps/visualize'), + resolve(__dirname, './apps/uptime'), + resolve(__dirname, './apps/saved_objects_management'), + resolve(__dirname, './apps/dev_tools'), + resolve(__dirname, './apps/apm'), + resolve(__dirname, './apps/api_keys'), + resolve(__dirname, './apps/index_patterns'), + resolve(__dirname, './apps/index_management'), + resolve(__dirname, './apps/index_lifecycle_management'), + resolve(__dirname, './apps/ingest_pipelines'), + resolve(__dirname, './apps/snapshot_restore'), + resolve(__dirname, './apps/cross_cluster_replication'), + resolve(__dirname, './apps/remote_clusters'), + resolve(__dirname, './apps/transform'), + resolve(__dirname, './apps/reporting_management'), + resolve(__dirname, './apps/management'), // // This license_management file must be last because it is destructive. - // resolve(__dirname, './apps/license_management'), + resolve(__dirname, './apps/license_management'), ], services, From 717afe0e75ea4d949729d5350937dce3ac159d2f Mon Sep 17 00:00:00 2001 From: Larry Gregory Date: Wed, 22 Jul 2020 10:50:26 -0400 Subject: [PATCH 9/9] address PR feedback --- .../feature_controls/infrastructure_security.ts | 16 +--------------- .../apps/infra/feature_controls/logs_security.ts | 14 +------------- x-pack/test/functional/config.js | 2 +- 3 files changed, 3 insertions(+), 29 deletions(-) diff --git a/x-pack/test/functional/apps/infra/feature_controls/infrastructure_security.ts b/x-pack/test/functional/apps/infra/feature_controls/infrastructure_security.ts index b5ad66fc2bfb5..3c471516e9c66 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/infrastructure_security.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/infrastructure_security.ts @@ -428,21 +428,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { ensureCurrentUrl: false, shouldLoginIfPrompted: false, }); - let messageText = await PageObjects.common.getBodyText(); - expect(messageText).to.eql( - JSON.stringify({ - statusCode: 404, - error: 'Not Found', - message: 'Not Found', - }) - ); - - await PageObjects.common.navigateToActualUrl('infraOps', 'inventory', { - ensureCurrentUrl: false, - shouldLoginIfPrompted: false, - }); - - messageText = await PageObjects.common.getBodyText(); + const messageText = await PageObjects.common.getBodyText(); expect(messageText).to.eql( JSON.stringify({ statusCode: 404, diff --git a/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts b/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts index 6a88dadc523cd..64154ff6cf3f7 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts @@ -192,19 +192,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { ensureCurrentUrl: false, shouldLoginIfPrompted: false, }); - let messageText = await PageObjects.common.getBodyText(); - expect(messageText).to.eql( - JSON.stringify({ - statusCode: 404, - error: 'Not Found', - message: 'Not Found', - }) - ); - await PageObjects.common.navigateToActualUrl('infraLogs', 'stream', { - ensureCurrentUrl: false, - shouldLoginIfPrompted: false, - }); - messageText = await PageObjects.common.getBodyText(); + const messageText = await PageObjects.common.getBodyText(); expect(messageText).to.eql( JSON.stringify({ statusCode: 404, diff --git a/x-pack/test/functional/config.js b/x-pack/test/functional/config.js index c59786727d9e4..5c13e430ae2ca 100644 --- a/x-pack/test/functional/config.js +++ b/x-pack/test/functional/config.js @@ -59,7 +59,7 @@ export default async function ({ readConfigFile }) { resolve(__dirname, './apps/reporting_management'), resolve(__dirname, './apps/management'), - // // This license_management file must be last because it is destructive. + // This license_management file must be last because it is destructive. resolve(__dirname, './apps/license_management'), ],