Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create privilege action to allow for decrypted telemetry payload #96571

Merged
merged 5 commits into from
Apr 22, 2021
Merged

Create privilege action to allow for decrypted telemetry payload #96571

merged 5 commits into from
Apr 22, 2021

Conversation

legrego
Copy link
Member

@legrego legrego commented Apr 8, 2021
edited
Loading

Summary

Adds a new decryptedTelemetry privilege action to signal to API endpoints that the user should be able to receive the decrypted telemetry payload.

This action is granted to the "Global All" and "Global Read" privileges.

This is only a partial check, as the user will also need cluster privileges in order to access certain information. That part is out of scope for this PR, and will be addressed in a followup.

This action is not consumed by anything at the moment, but is merely a piece of prep work to simplify the telemetry endpoints.

Related #96536
Related #95143
Related #96538

@legrego legrego added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.13.0 auto-backport Deprecated - use backport:version if exact versions are needed labels Apr 8, 2021
@legrego legrego marked this pull request as ready for review April 8, 2021 15:47
@legrego legrego requested a review from a team as a code owner April 8, 2021 15:47
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego mentioned this pull request Apr 8, 2021
Closed
@legrego
Copy link
Member Author

legrego commented Apr 12, 2021

@elasticmachine merge upstream

azasypkin
azasypkin approved these changes Apr 12, 2021
View reviewed changes
Copy link
Member

@azasypkin azasypkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@legrego
Copy link
Member Author

legrego commented Apr 14, 2021

@elasticmachine merge upstream

@afharo
Copy link
Member

afharo commented Apr 19, 2021

@elasticmachine merge upstream

@spalger spalger added v7.14.0 and removed v7.13.0 labels Apr 21, 2021
@legrego
Copy link
Member Author

legrego commented Apr 22, 2021

@elasticmachine merge upstream

@legrego legrego enabled auto-merge (squash) April 22, 2021 14:12
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / Chrome X-Pack UI Functional Tests.x-pack/test/functional/apps/visualize/feature_controls/visualize_security·ts.Visualize visualize feature controls security global visualize all privileges can view existing Visualization

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[01:03:54]         └-: Visualize
[01:03:54]           └-> "before all" hook in "Visualize"
[01:03:54]           └-: visualize feature controls security
[01:03:54]             └-> "before all" hook in "visualize feature controls security"
[01:03:54]             └-> "before all" hook in "visualize feature controls security"
[01:03:54]               │ info [visualize/default] Loading "mappings.json"
[01:03:54]               │ info [visualize/default] Loading "data.json"
[01:03:54]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_pre6.5.0_001/qE4YIEmCSWmlNlOc_i5Rbw] deleting index
[01:03:54]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_task_manager_8.0.0_001/Z0D3XIRgTKi8Zg5d4zcAiw] deleting index
[01:03:54]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_001/RNVlN29JTzW2c20jCLGOuA] deleting index
[01:03:54]               │ info [visualize/default] Deleted existing index ".kibana_8.0.0_001"
[01:03:54]               │ info [visualize/default] Deleted existing index ".kibana_task_manager_8.0.0_001"
[01:03:54]               │ info [visualize/default] Deleted existing index ".kibana_pre6.5.0_001"
[01:03:54]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_1] creating index, cause [api], templates [], shards [1]/[0]
[01:03:54]               │ info [visualize/default] Created index ".kibana_1"
[01:03:54]               │ debg [visualize/default] ".kibana_1" settings {"index":{"auto_expand_replicas":"0-1","number_of_replicas":"0","number_of_shards":"1"}}
[01:03:54]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [metricbeat-7] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]
[01:03:54]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [metricbeat-7/Gc03fcUtQ2GStUfqRtVvUQ] create_mapping
[01:03:54]               │ info [visualize/default] Indexed 8 docs into ".kibana_1"
[01:03:54]               │ info [visualize/default] Indexed 1 docs into "metricbeat-7"
[01:03:54]               │ debg Migrating saved objects
[01:03:54]               │ proc [kibana]   log   [15:45:57.788] [info][savedobjects-service] [.kibana_task_manager] INIT -> CREATE_NEW_TARGET. took: 3ms.
[01:03:54]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_task_manager_8.0.0_001] creating index, cause [api], templates [], shards [1]/[1]
[01:03:54]               │ proc [kibana]   log   [15:45:57.794] [info][savedobjects-service] [.kibana] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 10ms.
[01:03:54]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] updating number_of_replicas to [0] for indices [.kibana_task_manager_8.0.0_001]
[01:03:54]               │ proc [kibana]   log   [15:45:57.802] [info][savedobjects-service] [.kibana] WAIT_FOR_YELLOW_SOURCE -> SET_SOURCE_WRITE_BLOCK. took: 8ms.
[01:03:54]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] adding block write to indices [[.kibana_1/61GEC5yhRMCa7RIbt7c2Ag]]
[01:03:54]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] completed adding block write to indices [.kibana_1]
[01:03:54]               │ proc [kibana]   log   [15:45:57.846] [info][savedobjects-service] [.kibana_task_manager] CREATE_NEW_TARGET -> MARK_VERSION_INDEX_READY. took: 58ms.
[01:03:54]               │ proc [kibana]   log   [15:45:57.859] [info][savedobjects-service] [.kibana] SET_SOURCE_WRITE_BLOCK -> CREATE_REINDEX_TEMP. took: 57ms.
[01:03:54]               │ proc [kibana]   log   [15:45:57.866] [info][savedobjects-service] [.kibana_task_manager] MARK_VERSION_INDEX_READY -> DONE. took: 20ms.
[01:03:54]               │ proc [kibana]   log   [15:45:57.867] [info][savedobjects-service] [.kibana_task_manager] Migration completed after 82ms
[01:03:54]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_reindex_temp] creating index, cause [api], templates [], shards [1]/[1]
[01:03:54]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] updating number_of_replicas to [0] for indices [.kibana_8.0.0_reindex_temp]
[01:03:54]               │ proc [kibana]   log   [15:45:57.907] [info][savedobjects-service] [.kibana] CREATE_REINDEX_TEMP -> REINDEX_SOURCE_TO_TEMP. took: 48ms.
[01:03:54]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_reindex_temp/qw9WpZY1RmeOz_5ahYR2HA] update_mapping [_doc]
[01:03:54]               │ proc [kibana]   log   [15:45:57.915] [info][savedobjects-service] [.kibana] REINDEX_SOURCE_TO_TEMP -> REINDEX_SOURCE_TO_TEMP_WAIT_FOR_TASK. took: 8ms.
[01:03:54]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_reindex_temp/qw9WpZY1RmeOz_5ahYR2HA] update_mapping [_doc]
[01:03:54]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_reindex_temp/qw9WpZY1RmeOz_5ahYR2HA] update_mapping [_doc]
[01:03:54]               │ info [o.e.t.LoggingTaskListener] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] 99340 finished with response BulkByScrollResponse[took=60.3ms,timed_out=false,sliceId=null,updated=0,created=8,deleted=0,batches=1,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[01:03:54]               │ proc [kibana]   log   [15:45:58.027] [info][savedobjects-service] [.kibana] REINDEX_SOURCE_TO_TEMP_WAIT_FOR_TASK -> SET_TEMP_WRITE_BLOCK. took: 112ms.
[01:03:55]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] adding block write to indices [[.kibana_8.0.0_reindex_temp/qw9WpZY1RmeOz_5ahYR2HA]]
[01:03:55]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] completed adding block write to indices [.kibana_8.0.0_reindex_temp]
[01:03:55]               │ proc [kibana]   log   [15:45:58.066] [info][savedobjects-service] [.kibana] SET_TEMP_WRITE_BLOCK -> CLONE_TEMP_TO_TARGET. took: 39ms.
[01:03:55]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] applying create index request using existing index [.kibana_8.0.0_reindex_temp] metadata
[01:03:55]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_001] creating index, cause [clone_index], templates [], shards [1]/[1]
[01:03:55]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] updating number_of_replicas to [0] for indices [.kibana_8.0.0_001]
[01:03:55]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_001/B7XCMmhwTq2hfWJLrA2VXA] create_mapping
[01:03:55]               │ proc [kibana]   log   [15:45:58.153] [info][savedobjects-service] [.kibana] CLONE_TEMP_TO_TARGET -> OUTDATED_DOCUMENTS_SEARCH. took: 87ms.
[01:03:55]               │ proc [kibana]   log   [15:45:58.163] [info][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH -> OUTDATED_DOCUMENTS_TRANSFORM. took: 10ms.
[01:03:56]               │ proc [kibana]   log   [15:45:59.101] [info][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_TRANSFORM -> OUTDATED_DOCUMENTS_SEARCH. took: 938ms.
[01:03:56]               │ proc [kibana]   log   [15:45:59.111] [info][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH -> UPDATE_TARGET_MAPPINGS. took: 10ms.
[01:03:56]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_001/B7XCMmhwTq2hfWJLrA2VXA] update_mapping [_doc]
[01:03:56]               │ proc [kibana]   log   [15:45:59.157] [info][savedobjects-service] [.kibana] UPDATE_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK. took: 46ms.
[01:03:56]               │ info [o.e.t.LoggingTaskListener] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] 99418 finished with response BulkByScrollResponse[took=16.7ms,timed_out=false,sliceId=null,updated=8,created=0,deleted=0,batches=1,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[01:03:56]               │ proc [kibana]   log   [15:45:59.267] [info][savedobjects-service] [.kibana] UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK -> MARK_VERSION_INDEX_READY. took: 110ms.
[01:03:56]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_reindex_temp/qw9WpZY1RmeOz_5ahYR2HA] deleting index
[01:03:56]               │ proc [kibana]   log   [15:45:59.302] [info][savedobjects-service] [.kibana] MARK_VERSION_INDEX_READY -> DONE. took: 35ms.
[01:03:56]               │ proc [kibana]   log   [15:45:59.303] [info][savedobjects-service] [.kibana] Migration completed after 1519ms
[01:03:56]               │ debg [visualize/default] Migrated Kibana index after loading Kibana data
[01:03:56]               │ debg [visualize/default] Ensured that default space exists in .kibana
[01:03:56]               │ debg applying update to kibana config: {"accessibility:disableAnimations":true,"dateFormat:tz":"UTC","visualization:visualize:legacyChartsLibrary":true}
[01:03:56]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] [.kibana_8.0.0_001/B7XCMmhwTq2hfWJLrA2VXA] update_mapping [_doc]
[01:03:58]               │ info [logstash_functional] Loading "mappings.json"
[01:03:58]               │ info [logstash_functional] Loading "data.json.gz"
[01:03:58]               │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.22"
[01:03:58]               │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.20"
[01:03:58]               │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.21"
[01:03:59]             └-: global visualize all privileges
[01:03:59]               └-> "before all" hook for "shows visualize navlink"
[01:03:59]               └-> "before all" hook for "shows visualize navlink"
[01:03:59]                 │ debg creating role global_visualize_all_role
[01:03:59]                 │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] added role [global_visualize_all_role]
[01:03:59]                 │ debg creating user global_visualize_all_user
[01:03:59]                 │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-centos-tests-xxl-1619100776018413850] added user [global_visualize_all_user]
[01:03:59]                 │ debg created user global_visualize_all_user
[01:03:59]                 │ debg SecurityPage.forceLogout
[01:03:59]                 │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=100
[01:03:59]                 │ debg --- retry.tryForTime error: .login-form is not displayed
[01:03:59]                 │ debg Redirecting to /logout to force the logout
[01:03:59]                 │ debg Waiting on the login form to appear
[01:03:59]                 │ debg Waiting for Login Page to appear.
[01:03:59]                 │ debg Waiting up to 100000ms for login page...
[01:03:59]                 │ debg browser[INFO] http://localhost:6151/logout?_t=1619106362797 341 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[01:03:59]                 │
[01:03:59]                 │ debg browser[INFO] http://localhost:6151/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[01:03:59]                 │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[01:04:01]                 │ERROR browser[SEVERE] http://localhost:6151/api/alerts/list_alert_types - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[01:04:01]                 │ debg browser[INFO] http://localhost:6151/42341/bundles/core/core.entry.js 12:151585 "Detected an unhandled Promise rejection.
[01:04:01]                 │      Error: Unauthorized"
[01:04:01]                 │ERROR browser[SEVERE] http://localhost:6151/42341/bundles/core/core.entry.js 5:2514 
[01:04:01]                 │ debg browser[INFO] http://localhost:6151/login?msg=LOGGED_OUT 341 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[01:04:01]                 │
[01:04:01]                 │ debg browser[INFO] http://localhost:6151/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[01:04:01]                 │ERROR browser[SEVERE] http://localhost:6151/internal/spaces/_active_space - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[01:04:01]                 │ debg browser[INFO] http://localhost:6151/42341/bundles/core/core.entry.js 12:151585 "Detected an unhandled Promise rejection.
[01:04:01]                 │      Error: Unauthorized"
[01:04:01]                 │ERROR browser[SEVERE] http://localhost:6151/42341/bundles/core/core.entry.js 5:2514 
[01:04:01]                 │ERROR browser[SEVERE] http://localhost:6151/api/licensing/info - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[01:04:01]                 │ERROR browser[SEVERE] http://localhost:6151/api/fleet/epm/packages?experimental=true - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[01:04:01]                 │ debg TestSubjects.exists(loginForm)
[01:04:01]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="loginForm"]') with timeout=2500
[01:04:01]                 │ debg Waiting for Login Form to appear.
[01:04:01]                 │ debg Waiting up to 100000ms for login form...
[01:04:01]                 │ debg TestSubjects.exists(loginForm)
[01:04:01]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="loginForm"]') with timeout=2500
[01:04:01]                 │ debg TestSubjects.setValue(loginUsername, global_visualize_all_user)
[01:04:01]                 │ debg TestSubjects.click(loginUsername)
[01:04:01]                 │ debg Find.clickByCssSelector('[data-test-subj="loginUsername"]') with timeout=10000
[01:04:01]                 │ debg Find.findByCssSelector('[data-test-subj="loginUsername"]') with timeout=10000
[01:04:01]                 │ debg TestSubjects.setValue(loginPassword, global_visualize_all_user-password)
[01:04:01]                 │ debg TestSubjects.click(loginPassword)
[01:04:01]                 │ debg Find.clickByCssSelector('[data-test-subj="loginPassword"]') with timeout=10000
[01:04:01]                 │ debg Find.findByCssSelector('[data-test-subj="loginPassword"]') with timeout=10000
[01:04:02]                 │ debg TestSubjects.click(loginSubmit)
[01:04:02]                 │ debg Find.clickByCssSelector('[data-test-subj="loginSubmit"]') with timeout=10000
[01:04:02]                 │ debg Find.findByCssSelector('[data-test-subj="loginSubmit"]') with timeout=10000
[01:04:02]                 │ debg Waiting for login result, expected: undefined.
[01:04:02]                 │ debg Waiting up to 20000ms for logout button visible...
[01:04:02]                 │ debg TestSubjects.exists(userMenuButton)
[01:04:02]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenuButton"]') with timeout=2500
[01:04:02]                 │ proc [kibana]   log   [15:46:05.277] [info][plugins][routes][security] Logging in with provider "basic" (basic)
[01:04:04]                 │ proc [kibana]   log   [15:46:07.377] [warning][api-authorization][plugins][security] User not authorized for "/api/fleet/epm/packages?experimental=true": responding with 403
[01:04:04]                 │ debg browser[INFO] http://localhost:6151/app/home 341 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[01:04:04]                 │
[01:04:04]                 │ debg browser[INFO] http://localhost:6151/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[01:04:04]                 │ debg TestSubjects.exists(userMenu)
[01:04:04]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenu"]') with timeout=2500
[01:04:06]                 │ERROR browser[SEVERE] http://localhost:6151/api/fleet/epm/packages?experimental=true - Failed to load resource: the server responded with a status of 403 (Forbidden)
[01:04:06]                 │ debg --- retry.tryForTime error: [data-test-subj="userMenu"] is not displayed
[01:04:07]                 │ debg TestSubjects.click(userMenuButton)
[01:04:07]                 │ debg Find.clickByCssSelector('[data-test-subj="userMenuButton"]') with timeout=10000
[01:04:07]                 │ debg Find.findByCssSelector('[data-test-subj="userMenuButton"]') with timeout=10000
[01:04:07]                 │ debg TestSubjects.exists(userMenu)
[01:04:07]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenu"]') with timeout=120000
[01:04:07]                 │ debg TestSubjects.exists(userMenu > logoutLink)
[01:04:07]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenu"] [data-test-subj="logoutLink"]') with timeout=2500
[01:04:07]               └-> shows visualize navlink
[01:04:07]                 └-> "before each" hook: global before each for "shows visualize navlink"
[01:04:07]                 │ debg isGlobalLoadingIndicatorVisible
[01:04:07]                 │ debg TestSubjects.exists(globalLoadingIndicator)
[01:04:07]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="globalLoadingIndicator"]') with timeout=1500
[01:04:09]                 │ debg --- retry.tryForTime error: [data-test-subj="globalLoadingIndicator"] is not displayed
[01:04:09]                 │ debg TestSubjects.exists(globalLoadingIndicator-hidden)
[01:04:09]                 │ debg Find.existsByCssSelector('[data-test-subj="globalLoadingIndicator-hidden"]') with timeout=100000
[01:04:09]                 │ debg TestSubjects.exists(collapsibleNav)
[01:04:09]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="collapsibleNav"]') with timeout=2500
[01:04:12]                 │ debg --- retry.tryForTime error: [data-test-subj="collapsibleNav"] is not displayed
[01:04:12]                 │ debg TestSubjects.click(toggleNavButton)
[01:04:12]                 │ debg Find.clickByCssSelector('[data-test-subj="toggleNavButton"]') with timeout=10000
[01:04:12]                 │ debg Find.findByCssSelector('[data-test-subj="toggleNavButton"]') with timeout=10000
[01:04:12]                 │ debg TestSubjects.find(collapsibleNav)
[01:04:12]                 │ debg Find.findByCssSelector('[data-test-subj="collapsibleNav"]') with timeout=10000
[01:04:12]                 │ debg Find.existsByCssSelector('[data-test-subj=collapsibleNav] > button') with timeout=2500
[01:04:12]                 │ debg Find.findByCssSelector('[data-test-subj=collapsibleNav] > button') with timeout=10000
[01:04:12]                 │ debg Find.clickByCssSelector('[data-test-subj=collapsibleNav] > button') with timeout=10000
[01:04:12]                 │ debg Find.findByCssSelector('[data-test-subj=collapsibleNav] > button') with timeout=10000
[01:04:13]                 └- ✓ pass  (5.4s) "Visualize visualize feature controls security global visualize all privileges shows visualize navlink"
[01:04:13]               └-> landing page shows "Create new Visualization" button
[01:04:13]                 └-> "before each" hook: global before each for "landing page shows "Create new Visualization" button"
[01:04:13]                 │ debg navigating to visualize url: http://localhost:6151/app/visualize#/
[01:04:13]                 │ debg navigate to: http://localhost:6151/app/visualize#/
[01:04:13]                 │ debg browser[INFO] http://localhost:6151/app/visualize?_t=1619106376087#/ 341 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[01:04:13]                 │
[01:04:13]                 │ debg browser[INFO] http://localhost:6151/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[01:04:13]                 │ debg ... sleep(700) start
[01:04:13]                 │ debg ... sleep(700) end
[01:04:13]                 │ debg returned from get, calling refresh
[01:04:14]                 │ERROR browser[SEVERE] http://localhost:6151/42341/bundles/core/core.entry.js 12:150657 TypeError: Failed to fetch
[01:04:14]                 │          at fetch_Fetch.fetchResponse (http://localhost:6151/42341/bundles/core/core.entry.js:6:26193)
[01:04:14]                 │          at async http://localhost:6151/42341/bundles/core/core.entry.js:6:24090
[01:04:14]                 │          at async http://localhost:6151/42341/bundles/core/core.entry.js:6:23996
[01:04:14]                 │ debg browser[INFO] http://localhost:6151/app/visualize?_t=1619106376087#/ 341 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[01:04:14]                 │
[01:04:14]                 │ debg browser[INFO] http://localhost:6151/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[01:04:14]                 │ debg currentUrl = http://localhost:6151/app/visualize#/
[01:04:14]                 │          appUrl = http://localhost:6151/app/visualize#/
[01:04:14]                 │ debg TestSubjects.find(kibanaChrome)
[01:04:14]                 │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=60000
[01:04:14]                 │ debg ... sleep(501) start
[01:04:14]                 │ proc [kibana]   log   [15:46:17.923] [warning][api-authorization][plugins][security] User not authorized for "/api/fleet/epm/packages?experimental=true": responding with 403
[01:04:14]                 │ERROR browser[SEVERE] http://localhost:6151/api/fleet/epm/packages?experimental=true - Failed to load resource: the server responded with a status of 403 (Forbidden)
[01:04:15]                 │ERROR browser[SEVERE] http://localhost:6151/api/kibana/settings - Failed to load resource: the server responded with a status of 403 (Forbidden)
[01:04:15]                 │ debg ... sleep(501) end
[01:04:15]                 │ debg in navigateTo url = http://localhost:6151/app/visualize#/?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))
[01:04:15]                 │ debg --- retry.try error: URL changed, waiting for it to settle
[01:04:15]                 │ debg ... sleep(501) start
[01:04:16]                 │ debg ... sleep(501) end
[01:04:16]                 │ debg in navigateTo url = http://localhost:6151/app/visualize#/?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))
[01:04:16]                 │ debg TestSubjects.exists(statusPageContainer)
[01:04:16]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="statusPageContainer"]') with timeout=2500
[01:04:18]                 │ debg --- retry.tryForTime error: [data-test-subj="statusPageContainer"] is not displayed
[01:04:19]                 │ debg TestSubjects.exists(visualizationLandingPage)
[01:04:19]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="visualizationLandingPage"]') with timeout=20000
[01:04:19]                 │ debg TestSubjects.exists(newItemButton)
[01:04:19]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="newItemButton"]') with timeout=120000
[01:04:19]                 └- ✓ pass  (6.4s) "Visualize visualize feature controls security global visualize all privileges landing page shows "Create new Visualization" button"
[01:04:19]               └-> doesn't show read-only badge
[01:04:19]                 └-> "before each" hook: global before each for "doesn't show read-only badge"
[01:04:19]                 │ debg TestSubjects.missingOrFail(headerBadge)
[01:04:19]                 │ debg Find.waitForDeletedByCssSelector('[data-test-subj="headerBadge"]') with timeout=2500
[01:04:20]                 └- ✓ pass  (511ms) "Visualize visualize feature controls security global visualize all privileges doesn't show read-only badge"
[01:04:20]               └-> can view existing Visualization
[01:04:20]                 └-> "before each" hook: global before each for "can view existing Visualization"
[01:04:20]                 │ debg navigateToActualUrl http://localhost:6151/app/visualize#/edit/i-exist
[01:04:20]                 │ debg browser[INFO] http://localhost:6151/app/visualize?_t=1619106383048#/edit/i-exist 341 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[01:04:20]                 │
[01:04:20]                 │ debg browser[INFO] http://localhost:6151/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[01:04:20]                 │ debg TestSubjects.exists(visualizationLoader)
[01:04:20]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="visualizationLoader"]') with timeout=20000
[01:04:22]                 │ERROR browser[SEVERE] http://localhost:6151/api/fleet/epm/packages?experimental=true - Failed to load resource: net::ERR_NETWORK_CHANGED
[01:04:22]                 │ERROR browser[SEVERE] http://localhost:6151/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern - Failed to load resource: net::ERR_NETWORK_CHANGED
[01:04:22]                 │ERROR browser[SEVERE] http://localhost:6151/42341/bundles/core/core.entry.js 12:46050 TypeError: Failed to fetch
[01:04:22]                 │          at fetch_Fetch.fetchResponse (http://localhost:6151/42341/bundles/core/core.entry.js:6:26193)
[01:04:22]                 │          at async http://localhost:6151/42341/bundles/core/core.entry.js:6:24090
[01:04:22]                 │          at async http://localhost:6151/42341/bundles/core/core.entry.js:6:23996
[01:04:22]                 │ERROR browser[SEVERE] http://localhost:6151/internal/global_search/searchable_types - Failed to load resource: net::ERR_NETWORK_CHANGED
[01:04:22]                 │ERROR browser[SEVERE] http://localhost:6151/api/_newsfeed-FTS-external-service-simulators/kibana/v8.0.0.json - Failed to load resource: net::ERR_NETWORK_CHANGED
[01:04:22]                 │ERROR browser[SEVERE] http://localhost:6151/42341/bundles/plugin/newsfeed/kibana/newsfeed.plugin.js 0:18527 TypeError: Failed to fetch
[01:04:22]                 │          at fetch_Fetch.fetchResponse (http://localhost:6151/42341/bundles/core/core.entry.js:6:26193)
[01:04:22]                 │          at async http://localhost:6151/42341/bundles/core/core.entry.js:6:24090
[01:04:22]                 │          at async http://localhost:6151/42341/bundles/core/core.entry.js:6:23996
[01:04:22]                 │ debg browser[INFO] http://localhost:6151/42341/bundles/core/core.entry.js 12:151585 "Detected an unhandled Promise rejection.
[01:04:22]                 │      TypeError: Failed to fetch"
[01:04:22]                 │ERROR browser[SEVERE] http://localhost:6151/42341/bundles/core/core.entry.js 5:2514 
[01:04:22]                 │ debg --- retry.tryForTime error: [data-test-subj="visualizationLoader"] is not displayed
[01:04:25]                 │ debg --- retry.tryForTime failed again with the same message...
[01:04:28]                 │ debg --- retry.tryForTime failed again with the same message...
[01:04:31]                 │ debg --- retry.tryForTime failed again with the same message...
[01:04:34]                 │ debg --- retry.tryForTime failed again with the same message...
[01:04:37]                 │ debg --- retry.tryForTime failed again with the same message...
[01:04:40]                 │ debg --- retry.tryForTime failed again with the same message...
[01:04:41]                 │ info Taking screenshot "/dev/shm/workspace/parallel/5/kibana/x-pack/test/functional/screenshots/failure/Visualize visualize feature controls security global visualize all privileges can view existing Visualization.png"
[01:04:41]                 │ info Current URL is: http://localhost:6151/app/visualize#/edit/i-exist
[01:04:41]                 │ info Saving page source to: /dev/shm/workspace/parallel/5/kibana/x-pack/test/functional/failure_debug/html/Visualize visualize feature controls security global visualize all privileges can view existing Visualization.html
[01:04:41]                 └- ✖ fail: Visualize visualize feature controls security global visualize all privileges can view existing Visualization
[01:04:41]                 │      Error: expected testSubject(visualizationLoader) to exist
[01:04:41]                 │       at TestSubjects.existOrFail (/dev/shm/workspace/parallel/5/kibana/test/functional/services/common/test_subjects.ts:51:15)
[01:04:41]                 │       at Context.<anonymous> (test/functional/apps/visualize/feature_controls/visualize_security.ts:104:9)
[01:04:41]                 │       at Object.apply (/dev/shm/workspace/parallel/5/kibana/node_modules/@kbn/test/src/functional_test_runner/lib/mocha/wrap_function.js:73:16)
[01:04:41]                 │ 
[01:04:41]                 │

Stack Trace

Error: expected testSubject(visualizationLoader) to exist
    at TestSubjects.existOrFail (/dev/shm/workspace/parallel/5/kibana/test/functional/services/common/test_subjects.ts:51:15)
    at Context.<anonymous> (test/functional/apps/visualize/feature_controls/visualize_security.ts:104:9)
    at Object.apply (/dev/shm/workspace/parallel/5/kibana/node_modules/@kbn/test/src/functional_test_runner/lib/mocha/wrap_function.js:73:16)

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@legrego legrego merged commit dc87866 into elastic:master Apr 22, 2021
@kibanamachine kibanamachine mentioned this pull request Apr 22, 2021
Merged
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Apr 22, 2021
@legrego @kibanamachine
Create privilege action to allow for decrypted telemetry payload (ela…
a375cd8 
…stic#96571)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Apr 22, 2021
@kibanamachine @legrego
Create privilege action to allow for decrypted telemetry payload (#96571
d782bfe 
) (#98059)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Larry Gregory <larry.gregory@elastic.co>
madirey pushed a commit to madirey/kibana that referenced this pull request May 11, 2021
@legrego @kibanamachine @madirey
Create privilege action to allow for decrypted telemetry payload (ela…
bddd020 
…stic#96571)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@afharo afharo mentioned this pull request Feb 23, 2022
Closed
@afharo afharo mentioned this pull request Feb 23, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azasypkin azasypkin azasypkin approved these changes

Assignees
No one assigned
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@legrego @elasticmachine @afharo @kibanamachine @azasypkin @spalger