Skip to content

Commit

Permalink
Add API integration tests for roles with index and app privileges (#2…
Browse files Browse the repository at this point in the history 
…1033)
  • Loading branch information
@kobelb
kobelb committed Jul 20, 2018
1 parent e170337 commit 95dbb99
Show file tree
Hide file tree
Showing 8 changed files with 280 additions and 0 deletions.
26 changes: 26 additions & 0 deletions x-pack/test/rbac_api_integration/apis/saved_objects/bulk_get.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,32 @@ export default function ({ getService }) {
}
});

bulkGetTest(`kibana dual-privileges user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
},
tests: {
default: {
statusCode: 200,
response: expectResults,
},
}
});

bulkGetTest(`kibana dual-privileges dashboard only user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
},
tests: {
default: {
statusCode: 200,
response: expectResults,
},
}
});

bulkGetTest(`kibana rbac user`, {
auth: {
username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
Expand Down
26 changes: 26 additions & 0 deletions x-pack/test/rbac_api_integration/apis/saved_objects/create.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,32 @@ export default function ({ getService }) {
}
});

createTest(`kibana dual-privileges user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
},
tests: {
default: {
statusCode: 200,
response: expectResults,
},
}
});

createTest(`kibana dual-privileges dashboard only user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
},
tests: {
default: {
statusCode: 403,
response: expectRbacForbidden,
},
}
});

createTest(`kibana rbac user`, {
auth: {
username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
Expand Down
34 changes: 34 additions & 0 deletions x-pack/test/rbac_api_integration/apis/saved_objects/delete.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,40 @@ export default function ({ getService }) {
}
});

deleteTest(`kibana dual-privileges user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
},
tests: {
actualId: {
statusCode: 200,
response: expectEmpty,
},
invalidId: {
statusCode: 404,
response: expectNotFound,
}
}
});

deleteTest(`kibana dual-privileges dashboard only user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
},
tests: {
actualId: {
statusCode: 403,
response: expectRbacForbidden,
},
invalidId: {
statusCode: 403,
response: expectRbacForbidden,
}
}
});

deleteTest(`kibana rbac user`, {
auth: {
username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
Expand Down
68 changes: 68 additions & 0 deletions x-pack/test/rbac_api_integration/apis/saved_objects/find.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,6 +329,74 @@ export default function ({ getService }) {
}
});

findTest(`kibana dual-privileges user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
},
tests: {
normal: {
description: 'only the visualization',
statusCode: 200,
response: expectVisualizationResults,
},
unknownType: {
description: 'empty result',
statusCode: 200,
response: createExpectEmpty(1, 20, 0),
},
pageBeyondTotal: {
description: 'empty result',
statusCode: 200,
response: createExpectEmpty(100, 100, 1),
},
unknownSearchField: {
description: 'empty result',
statusCode: 200,
response: createExpectEmpty(1, 20, 0),
},
noType: {
description: 'all objects',
statusCode: 200,
response: expectResultsWithValidTypes,
},
},
});

findTest(`kibana dual-privileges dashboard only user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
},
tests: {
normal: {
description: 'only the visualization',
statusCode: 200,
response: expectVisualizationResults,
},
unknownType: {
description: 'forbidden find wigwags message',
statusCode: 403,
response: createExpectRbacForbidden('wigwags'),
},
pageBeyondTotal: {
description: 'empty result',
statusCode: 200,
response: createExpectEmpty(100, 100, 1),
},
unknownSearchField: {
description: 'forbidden find wigwags message',
statusCode: 403,
response: createExpectRbacForbidden('wigwags'),
},
noType: {
description: 'all objects',
statusCode: 200,
response: expectResultsWithValidTypes,
},
}
});

findTest(`kibana rbac user`, {
auth: {
username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
Expand Down
34 changes: 34 additions & 0 deletions x-pack/test/rbac_api_integration/apis/saved_objects/get.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,40 @@ export default function ({ getService }) {
}
});

getTest(`kibana dual-privileges user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
},
tests: {
exists: {
statusCode: 200,
response: expectResults,
},
doesntExist: {
statusCode: 404,
response: expectNotFound,
},
}
});

getTest(`kibana dual-privileges dashboard only user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
},
tests: {
exists: {
statusCode: 200,
response: expectResults,
},
doesntExist: {
statusCode: 404,
response: expectNotFound,
},
}
});

getTest(`kibana rbac user`, {
auth: {
username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
Expand Down
50 changes: 50 additions & 0 deletions x-pack/test/rbac_api_integration/apis/saved_objects/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,36 @@ export default function ({ loadTestFile, getService }) {
}
});

await supertest.put('/api/security/role/kibana_dual_privileges_user')
.send({
elasticsearch: {
indices: [{
names: ['.kibana'],
privileges: ['manage', 'read', 'index', 'delete']
}]
},
kibana: [
{
privileges: ['all']
}
]
});

await supertest.put('/api/security/role/kibana_dual_privileges_dashboard_only_user')
.send({
elasticsearch: {
indices: [{
names: ['.kibana'],
privileges: ['read', 'view_index_metadata']
}]
},
kibana: [
{
privileges: ['read']
}
]
});

await supertest.put('/api/security/role/kibana_rbac_user')
.send({
kibana: [
Expand Down Expand Up @@ -80,6 +110,26 @@ export default function ({ loadTestFile, getService }) {
}
});

await es.shield.putUser({
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
body: {
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
roles: ['kibana_dual_privileges_user'],
full_name: 'a kibana dual_privileges user',
email: 'a_kibana_dual_privileges_user@elastic.co',
}
});

await es.shield.putUser({
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
body: {
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
roles: ["kibana_dual_privileges_dashboard_only_user"],
full_name: 'a kibana dual_privileges dashboard only user',
email: 'a_kibana_dual_privileges_dashboard_only_user@elastic.co',
}
});

await es.shield.putUser({
username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
body: {
Expand Down
8 changes: 8 additions & 0 deletions x-pack/test/rbac_api_integration/apis/saved_objects/lib/authentication.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,14 @@ export const AUTHENTICATION = {
USERNAME: 'a_kibana_legacy_dashboard_only_user',
PASSWORD: 'password'
},
KIBANA_DUAL_PRIVILEGES_USER: {
USERNAME: 'a_kibana_dual_privileges_user',
PASSWORD: 'password'
},
KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER: {
USERNAME: 'a_kibana_dual_privileges_dashboard_only_user',
PASSWORD: 'password'
},
KIBANA_RBAC_USER: {
USERNAME: 'a_kibana_rbac_user',
PASSWORD: 'password'
Expand Down
34 changes: 34 additions & 0 deletions x-pack/test/rbac_api_integration/apis/saved_objects/update.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,40 @@ export default function ({ getService }) {
}
});

updateTest(`kibana dual-privileges user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
},
tests: {
exists: {
statusCode: 200,
response: expectResults,
},
doesntExist: {
statusCode: 404,
response: expectNotFound,
},
}
});

updateTest(`kibana dual-privileges dashboard only user`, {
auth: {
username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
},
tests: {
exists: {
statusCode: 403,
response: expectRbacForbidden,
},
doesntExist: {
statusCode: 403,
response: expectRbacForbidden,
},
}
});

updateTest(`kibana rbac user`, {
auth: {
username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
Expand Down

0 comments on commit 95dbb99

Please sign in to comment.