[Security] Moved reset_creds call to reset_internal_creds (elastic#17…

…6410) ## Summary Actions needed following the email that was sent about the breaking change : > API: rather than returning credentials for a privileged "elastic" user, [we'll return](https://elasticco.atlassian.net/browse/CP-5477) credentials for a much-less privileged "admin" user. Note this is the user that can be manipulated by customers. This new user won't be an "operator" user anymore: any test that relies on this user being able to do things such as retrieving the cluster health, role mappings, node stats, etc. would therefore break. > A second set of credentials can be retrieved for a privileged "testing-internal" user through a dedicated API endpoint. To retrieve credentials for that user, please update your automation with a small change: > 1. rather than calling the _reset-credentials endpoint, please call the[_reset-internal-credentials > 2. remove any hard-coded reference of the "elastic" user: the new username is returned in the API response --------- Co-authored-by: Gloria Hornero <[email protected]>
fkanout · Mar 4, 2024 · beaa289 · beaa289
1 parent 92e5032
commit beaa289
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 7 deletions.
diff --git a/.buildkite/pipelines/security_solution/api_integration.yml b/.buildkite/pipelines/security_solution/api_integration.yml
@@ -23,6 +23,7 @@ steps:
           limit: 2
 
   - group: 'Execute Tests'
+    key: test_execution
     depends_on: build_image
     steps:
       - label: Running exception_workflows:qa:serverless

diff --git a/.buildkite/pipelines/security_solution/security_solution_cypress.yml b/.buildkite/pipelines/security_solution/security_solution_cypress.yml
@@ -24,6 +24,7 @@ steps:
 
   - group: "Execute Tests"
     depends_on: build_image
+    key: test_execution
     steps:
     # - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:explore
     #   label: 'Serverless MKI QA Explore - Security Solution Cypress Tests'

diff --git a/...scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh b/...scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh
@@ -51,7 +51,7 @@ KB_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.kibana')
 sleep 5
 
 # Resetting the credentials of the elastic user in the project
-CREDS_BODY=$(curl -s --location --request POST "$QA_CONSOLE_URL/api/v1/serverless/projects/security/$ID/_reset-credentials" \
+CREDS_BODY=$(curl -s --location --request POST "$QA_CONSOLE_URL/api/v1/serverless/projects/security/$ID/_reset-internal-credentials" \
   --header "Authorization: ApiKey $QA_API_KEY" \
   --header 'Content-Type: application/json' | jq '.')
 USERNAME=$(echo $CREDS_BODY | jq -r '.username')

diff --git a/x-pack/plugins/security_solution/scripts/run_cypress/parallel_serverless.ts b/x-pack/plugins/security_solution/scripts/run_cypress/parallel_serverless.ts
@@ -179,7 +179,7 @@ async function resetCredentials(
 
   const fetchResetCredentialsStatusAttempt = async (attemptNum: number) => {
     const response = await axios.post(
-      `${BASE_ENV_URL}/api/v1/serverless/projects/security/${projectId}/_reset-credentials`,
+      `${BASE_ENV_URL}/api/v1/serverless/projects/security/${projectId}/_reset-internal-credentials`,
       {},
       {
         headers: {
@@ -199,7 +199,7 @@ async function resetCredentials(
       if (error instanceof AxiosError && error.code === 'ENOTFOUND') {
         log.info('Project is not reachable. A retry will be triggered soon..');
       } else {
-        log.info(error);
+        log.error(`${error.message}`);
       }
     },
     retries: 100,
@@ -223,6 +223,7 @@ function waitForProjectInitialized(projectId: string, apiKey: string): Promise<v
       }
     );
     if (response.data.phase !== 'initialized') {
+      log.info(response.data);
       throw new Error('Project is not initialized. A retry will be triggered soon...');
     } else {
       log.info('Project is initialized');
@@ -233,7 +234,7 @@ function waitForProjectInitialized(projectId: string, apiKey: string): Promise<v
       if (error instanceof AxiosError && error.code === 'ENOTFOUND') {
         log.info('Project is not reachable. A retry will be triggered soon...');
       } else {
-        log.info(error);
+        log.error(`${error.message}`);
       }
     },
     retries: 100,
@@ -294,7 +295,7 @@ function waitForKibanaAvailable(kbUrl: string, auth: string, runnerId: string):
           `${runnerId}: The Kibana URL is not yet reachable. A retry will be triggered soon...`
         );
       } else {
-        log.info(`${runnerId}: ${error}`);
+        log.info(`${runnerId}: ${error.message}`);
       }
     },
     retries: 50,
@@ -350,7 +351,7 @@ function waitForKibanaLogin(kbUrl: string, credentials: Credentials): Promise<vo
       if (error instanceof AxiosError && error.code === 'ENOTFOUND') {
         log.info('Project is not reachable. A retry will be triggered soon...');
       } else {
-        log.info(error);
+        log.error(`${error.message}`);
       }
     },
     retries: 100,

diff --git a/x-pack/test/security_solution_cypress/cypress/support/es_archiver.ts b/x-pack/test/security_solution_cypress/cypress/support/es_archiver.ts
@@ -22,7 +22,7 @@ export const esArchiver = (
   const isCloudServerless = config.env.CLOUD_SERVERLESS;
 
   const serverlessCloudUser = {
-    username: 'elastic',
+    username: config.env.ELASTICSEARCH_USERNAME,
     password: config.env.ELASTICSEARCH_PASSWORD,
   };