adds spaces only tests (#22)

* adds spaces only tests * remove unused imports * remove auth section of request since security is disabled for these tests * rename basic to trial for spaces only tests
dhurley14 · Jul 8, 2021 · 0b247b3 · 0b247b3
1 parent 6aaae19
commit 0b247b3
Show file tree

Hide file tree

Showing 5 changed files with 241 additions and 0 deletions.
diff --git a/x-pack/scripts/functional_tests.js b/x-pack/scripts/functional_tests.js
@@ -47,6 +47,7 @@ const onlyNotInCoverageTests = [
   require.resolve('../test/plugin_api_integration/config.ts'),
   require.resolve('../test/rule_registry/security_and_spaces/config_basic.ts'),
   require.resolve('../test/rule_registry/security_and_spaces/config_trial.ts'),
+  require.resolve('../test/rule_registry/spaces_only/config_trial.ts'),
   require.resolve('../test/security_api_integration/saml.config.ts'),
   require.resolve('../test/security_api_integration/session_idle.config.ts'),
   require.resolve('../test/security_api_integration/session_invalidate.config.ts'),

diff --git a/x-pack/test/rule_registry/spaces_only/config_trial.ts b/x-pack/test/rule_registry/spaces_only/config_trial.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createTestConfig } from '../common/config';
+
+// eslint-disable-next-line import/no-default-export
+export default createTestConfig('spaces_only', {
+  license: 'trial',
+  disabledPlugins: ['security'],
+  ssl: false,
+  testFiles: [require.resolve('./tests/trial')],
+});
diff --git a/x-pack/test/rule_registry/spaces_only/tests/trial/get_alert_by_id.ts b/x-pack/test/rule_registry/spaces_only/tests/trial/get_alert_by_id.ts
@@ -0,0 +1,87 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+
+import { superUser } from '../../../common/lib/authentication/users';
+import type { User } from '../../../common/lib/authentication/types';
+import { FtrProviderContext } from '../../../common/ftr_provider_context';
+import { getSpaceUrlPrefix } from '../../../common/lib/authentication/spaces';
+
+// eslint-disable-next-line import/no-default-export
+export default ({ getService }: FtrProviderContext) => {
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const esArchiver = getService('esArchiver');
+
+  const TEST_URL = '/internal/rac/alerts';
+  const ALERTS_INDEX_URL = `${TEST_URL}/index`;
+  const SPACE1 = 'space1';
+  const SPACE2 = 'space2';
+  const APM_ALERT_ID = 'NoxgpHkBqbdrfX07MqXV';
+  const APM_ALERT_INDEX = '.alerts-observability-apm';
+  const SECURITY_SOLUTION_ALERT_INDEX = '.alerts-security-solution';
+
+  const getAPMIndexName = async (user: User) => {
+    const {
+      body: indexNames,
+    }: { body: { index_name: string[] | undefined } } = await supertestWithoutAuth
+      .get(`${getSpaceUrlPrefix(SPACE1)}${ALERTS_INDEX_URL}`)
+      .set('kbn-xsrf', 'true')
+      .expect(200);
+    const observabilityIndex = indexNames?.index_name?.find(
+      (indexName) => indexName === APM_ALERT_INDEX
+    );
+    expect(observabilityIndex).to.eql(APM_ALERT_INDEX); // assert this here so we can use constants in the dynamically-defined test cases below
+  };
+
+  const getSecuritySolutionIndexName = async (user: User) => {
+    const {
+      body: indexNames,
+    }: { body: { index_name: string[] | undefined } } = await supertestWithoutAuth
+      .get(`${getSpaceUrlPrefix(SPACE1)}${ALERTS_INDEX_URL}`)
+      .set('kbn-xsrf', 'true')
+      .expect(200);
+    const securitySolution = indexNames?.index_name?.find(
+      (indexName) => indexName === SECURITY_SOLUTION_ALERT_INDEX
+    );
+    expect(securitySolution).to.eql(SECURITY_SOLUTION_ALERT_INDEX); // assert this here so we can use constants in the dynamically-defined test cases below
+  };
+
+  describe('Alerts - GET - RBAC - spaces', () => {
+    before(async () => {
+      await getSecuritySolutionIndexName(superUser);
+      await getAPMIndexName(superUser);
+
+      await esArchiver.load('x-pack/test/functional/es_archives/rule_registry/alerts');
+    });
+
+    after(async () => {
+      await esArchiver.unload('x-pack/test/functional/es_archives/rule_registry/alerts');
+    });
+
+    it('should return a 404 when superuser accesses not-existent alert', async () => {
+      await supertestWithoutAuth
+        .get(`${getSpaceUrlPrefix()}${TEST_URL}?id=myfakeid&index=${APM_ALERT_INDEX}`)
+        .set('kbn-xsrf', 'true')
+        .expect(404);
+    });
+
+    it('should return a 404 when superuser accesses not-existent alerts as data index', async () => {
+      await supertestWithoutAuth
+        .get(`${getSpaceUrlPrefix()}${TEST_URL}?id=${APM_ALERT_ID}&index=myfakeindex`)
+        .set('kbn-xsrf', 'true')
+        .expect(404);
+    });
+
+    it(`${superUser.username} should be able to access alert ${APM_ALERT_ID} in ${SPACE2}/${APM_ALERT_INDEX}`, async () => {
+      await supertestWithoutAuth
+        .get(`${getSpaceUrlPrefix(SPACE2)}${TEST_URL}?id=${APM_ALERT_ID}&index=${APM_ALERT_INDEX}`)
+        .set('kbn-xsrf', 'true')
+        .expect(200);
+    });
+  });
+};
diff --git a/x-pack/test/rule_registry/spaces_only/tests/trial/index.ts b/x-pack/test/rule_registry/spaces_only/tests/trial/index.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../common/ftr_provider_context';
+import { createSpaces, deleteSpaces } from '../../../common/lib/authentication';
+
+// eslint-disable-next-line import/no-default-export
+export default ({ loadTestFile, getService }: FtrProviderContext): void => {
+  describe('rule registry spaces only: trial', function () {
+    // Fastest ciGroup for the moment.
+    this.tags('ciGroup5');
+
+    before(async () => {
+      await createSpaces(getService);
+    });
+
+    after(async () => {
+      await deleteSpaces(getService);
+    });
+
+    // Basic
+    loadTestFile(require.resolve('./get_alert_by_id'));
+    loadTestFile(require.resolve('./update_alert'));
+  });
+};
diff --git a/x-pack/test/rule_registry/spaces_only/tests/trial/update_alert.ts b/x-pack/test/rule_registry/spaces_only/tests/trial/update_alert.ts
@@ -0,0 +1,108 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import expect from '@kbn/expect';
+
+import { superUser } from '../../../common/lib/authentication/users';
+import type { User } from '../../../common/lib/authentication/types';
+import { FtrProviderContext } from '../../../common/ftr_provider_context';
+import { getSpaceUrlPrefix } from '../../../common/lib/authentication/spaces';
+
+// eslint-disable-next-line import/no-default-export
+export default ({ getService }: FtrProviderContext) => {
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const esArchiver = getService('esArchiver');
+
+  const TEST_URL = '/internal/rac/alerts';
+  const ALERTS_INDEX_URL = `${TEST_URL}/index`;
+  const SPACE1 = 'space1';
+  const SPACE2 = 'space2';
+  const APM_ALERT_ID = 'NoxgpHkBqbdrfX07MqXV';
+  const APM_ALERT_INDEX = '.alerts-observability-apm';
+  const SECURITY_SOLUTION_ALERT_INDEX = '.alerts-security-solution';
+  const ALERT_VERSION = Buffer.from(JSON.stringify([0, 1]), 'utf8').toString('base64'); // required for optimistic concurrency control
+
+  const getAPMIndexName = async (user: User) => {
+    const {
+      body: indexNames,
+    }: { body: { index_name: string[] | undefined } } = await supertestWithoutAuth
+      .get(`${getSpaceUrlPrefix(SPACE1)}${ALERTS_INDEX_URL}`)
+      .set('kbn-xsrf', 'true')
+      .expect(200);
+    const observabilityIndex = indexNames?.index_name?.find(
+      (indexName) => indexName === APM_ALERT_INDEX
+    );
+    expect(observabilityIndex).to.eql(APM_ALERT_INDEX); // assert this here so we can use constants in the dynamically-defined test cases below
+  };
+
+  const getSecuritySolutionIndexName = async (user: User) => {
+    const {
+      body: indexNames,
+    }: { body: { index_name: string[] | undefined } } = await supertestWithoutAuth
+      .get(`${getSpaceUrlPrefix(SPACE1)}${ALERTS_INDEX_URL}`)
+      .set('kbn-xsrf', 'true')
+      .expect(200);
+    const securitySolution = indexNames?.index_name?.find(
+      (indexName) => indexName === SECURITY_SOLUTION_ALERT_INDEX
+    );
+    expect(securitySolution).to.eql(SECURITY_SOLUTION_ALERT_INDEX); // assert this here so we can use constants in the dynamically-defined test cases below
+  };
+
+  describe('Alert - Update - RBAC - spaces', () => {
+    before(async () => {
+      await getSecuritySolutionIndexName(superUser);
+      await getAPMIndexName(superUser);
+    });
+
+    before(async () => {
+      await esArchiver.load('x-pack/test/functional/es_archives/rule_registry/alerts');
+    });
+
+    after(async () => {
+      await esArchiver.unload('x-pack/test/functional/es_archives/rule_registry/alerts');
+    });
+
+    it('should return a 404 when superuser accesses not-existent alert', async () => {
+      await supertestWithoutAuth
+        .post(`${getSpaceUrlPrefix()}${TEST_URL}`)
+        .set('kbn-xsrf', 'true')
+        .send({
+          ids: ['this id does not exist'],
+          status: 'closed',
+          index: APM_ALERT_INDEX,
+          _version: Buffer.from(JSON.stringify([0, 1]), 'utf8').toString('base64'),
+        })
+        .expect(404);
+    });
+
+    it('should return a 404 when superuser accesses not-existent alerts as data index', async () => {
+      await supertestWithoutAuth
+        .post(`${getSpaceUrlPrefix()}${TEST_URL}`)
+        .set('kbn-xsrf', 'true')
+        .send({
+          ids: [APM_ALERT_ID],
+          status: 'closed',
+          index: 'this index does not exist',
+          _version: Buffer.from(JSON.stringify([0, 1]), 'utf8').toString('base64'),
+        })
+        .expect(404);
+    });
+
+    it(`${superUser.username} should be able to update alert ${APM_ALERT_ID} in ${SPACE2}/${APM_ALERT_INDEX}`, async () => {
+      await esArchiver.load('x-pack/test/functional/es_archives/rule_registry/alerts'); // since this is a success case, reload the test data immediately beforehand
+      await supertestWithoutAuth
+        .post(`${getSpaceUrlPrefix(SPACE2)}${TEST_URL}`)
+        .set('kbn-xsrf', 'true')
+        .send({
+          ids: [APM_ALERT_ID],
+          status: 'closed',
+          index: APM_ALERT_INDEX,
+          _version: ALERT_VERSION,
+        })
+        .expect(200);
+    });
+  });
+};