Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
FTR - adjust auth for esSupertest in serverless (#166745)
## Summary This PR removes the `systemIndicesSuperuser` auth in the `esSupertest` service for serverless test runs, adds `certificateAuthorities` to the Elasticsearch server config in serverless and adds a tiny test to verify functionality of this fix. ### Details Issues before this PR when using the `esSupertest` service in serverless tests (can be reproduced by running the added `elasticsearch_api` test without the supertest and config changes): 1. Running against a local `functional_tests_server`, `esSupertest` produces an error: `Error: self-signed certificate in certificate chain` 2. Running against an MKI project produces an error: `unable to authenticate user [system_indices_superuser] for REST request [/]`, because the `system_indices_superuser` doesn't exist in MKI. How this PR addresses the issues: 1. Add `certificateAuthorities` to `servers.elasticsearch` in `x-pack/test_serverless/shared/config.base.ts` in the same way we already have it for `servers.kibana` 2. Modify the `esSUpertest` service to not override the default ES auth when running in serverless, instead go with the default auth (regular superuser), which is the best we can get. ### Additional information It has been considered to add a serverless specific version of `esSupertest` in order to avoid the `config.get('serverless') ?` code. The fact that a number of stateful services are planned to be re-used in serverless and rely on `esSupertest` in combination with the very small change in a central service made it seem worth to make an exception here. Note that service methods or tests that use `esSupertest` can still run into issues on serverless if they actually try to modify system indices. This should be avoided anyways and particularly for serverless tests.
- Loading branch information