Failing ES Promotion: X-Pack Lists Integration Tests.x-pack/test/lists_api_integration/security_and_spaces/tests/read_list_privileges·ts.lists api security and spaces enabled read_list_privileges should return true for all privileges when its the system user of "elastic" in space of "default" #88302

spalger · 2021-01-14T05:01:57Z

ES Promotion is failing for master, and I'm guessing 7.x is coming, due to a change that is causing changes to the security API responses:

https://kibana-ci.elastic.co/job/elastic+kibana+pipeline-pull-request/98757/testReport/junit/X-Pack%20Detection%20Engine%20API%20Integration%20Tests/x-pack_test_detection_engine_api_integration_security_and_spaces_tests_finalize_signals_migrations%C2%B7ts/detection_engine_api_security_and_spaces_enabled_Finalizing_signals_migrations_rejects_the_request_if_the_user_does_not_have_sufficient_privileges/

[00:01:43]               │       + expected - actual
[00:01:43]               │ 
[00:01:43]               │              "manage_ilm": true
[00:01:43]               │              "manage_index_templates": true
[00:01:43]               │              "manage_ingest_pipelines": true
[00:01:43]               │              "manage_ml": true
[00:01:43]               │       -      "manage_own_api_key": true
[00:01:43]               │       +      "manage_own_api_key": false
[00:01:43]               │              "manage_pipeline": true
[00:01:43]               │              "manage_rollup": true
[00:01:43]               │              "manage_saml": true
[00:01:43]               │              "manage_security": true
[00:01:43]               │ --
[00:01:43]               │              "read_ccr": true
[00:01:43]               │              "read_ilm": true
[00:01:43]               │              "transport_client": true
[00:01:43]               │            }
[00:01:43]               │       -    "has_all_requested": true
[00:01:43]               │       +    "has_all_requested": false
[00:01:43]               │            "index": {
[00:01:43]               │              ".items-default": {
[00:01:43]               │                "all": true
[00:01:43]               │                "create": true
[00:01:43]               │ --
[00:01:43]               │              "manage_ilm": true
[00:01:43]               │              "manage_index_templates": true
[00:01:43]               │              "manage_ingest_pipelines": true
[00:01:43]               │              "manage_ml": true
[00:01:43]               │       -      "manage_own_api_key": true
[00:01:43]               │       +      "manage_own_api_key": false
[00:01:43]               │              "manage_pipeline": true
[00:01:43]               │              "manage_rollup": true
[00:01:43]               │              "manage_saml": true
[00:01:43]               │              "manage_security": true
[00:01:43]               │ --
[00:01:43]               │              "read_ccr": true
[00:01:43]               │              "read_ilm": true
[00:01:43]               │              "transport_client": true
[00:01:43]               │            }
[00:01:43]               │       -    "has_all_requested": true
[00:01:43]               │       +    "has_all_requested": false
[00:01:43]               │            "index": {
[00:01:43]               │              ".lists-default": {
[00:01:43]               │                "all": true
[00:01:43]               │                "create": true

There is a similar error that's also failing the following test which I'm skipping at the same time:

https://kibana-ci.elastic.co/job/elastic+kibana+pipeline-pull-request/98757/testReport/X-Pack%20Detection%20Engine%20API%20Integration%20Tests/x-pack_test_detection_engine_api_integration_security_and_spaces_tests_finalize_signals_migrations%C2%B7ts/detection_engine_api_security_and_spaces_enabled_Finalizing_signals_migrations_rejects_the_request_if_the_user_does_not_have_sufficient_privileges/

Error: expected { message: 'security_exception: action [cluster:monitor/task/get] is unauthorized for user [t1_analyst], this action is granted by the privileges [monitor,manage,all]',
  status_code: 403 } to sort of equal { message: 'security_exception: action [cluster:monitor/task/get] is unauthorized for user [t1_analyst]',
  status_code: 403 }
    at Assertion.assert (/dev/shm/workspace/parallel/24/kibana/packages/kbn-expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/parallel/24/kibana/packages/kbn-expect/expect.js:244:8)
    at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/finalize_signals_migrations.ts:248:41)
    at Object.apply (/dev/shm/workspace/parallel/24/kibana/packages/kbn-test/src/functional_test_runner/lib/mocha/wrap_function.js:84:16) {
  actual: '{\n' +
    '  "message": "security_exception: action [cluster:monitor/task/get] is unauthorized for user [t1_analyst], this action is granted by the privileges [monitor,manage,all]"\n' +
    '  "status_code": 403\n' +
    '}',
  expected: '{\n' +
    '  "message": "security_exception: action [cluster:monitor/task/get] is unauthorized for user [t1_analyst]"\n' +
    '  "status_code": 403\n' +
    '}',
  showDiff: true
}

The text was updated successfully, but these errors were encountered:

(cherry picked from commit 850242c)

spalger · 2021-01-14T05:04:43Z

Skipped

master: 850242c
7.x/7.12: c6bb436

…on and adds deleteUserRole utility (#90533) ## Summary Unskips tests after a ES promotion and adds a delete user role utility. Ref: #90229 #88302 Removes one `any` from the utils by switching to using `ProvidedType` Before: <img width="558" alt="Screen Shot 2021-02-05 at 2 45 37 PM" src="https://user-images.githubusercontent.com/1151048/107098890-8dce5b80-67cd-11eb-8f6e-51f83eef4647.png"> After: <img width="513" alt="Screen Shot 2021-02-05 at 4 13 23 PM" src="https://user-images.githubusercontent.com/1151048/107098898-9161e280-67cd-11eb-8085-a5220938834e.png"> Turns out that return types on overloaded functions aren't easy fwiw and will fall on the bottom one which in this case looked to be `any` which we don't want: microsoft/TypeScript#24275 (comment) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

…romotion and adds deleteUserRole utility (#90533) (#90847) * [Security Solutions][Detection Engine] Unskips tests after ES promotion and adds deleteUserRole utility (#90533) ## Summary Unskips tests after a ES promotion and adds a delete user role utility. Ref: #90229 #88302 Removes one `any` from the utils by switching to using `ProvidedType` Before: <img width="558" alt="Screen Shot 2021-02-05 at 2 45 37 PM" src="https://user-images.githubusercontent.com/1151048/107098890-8dce5b80-67cd-11eb-8f6e-51f83eef4647.png"> After: <img width="513" alt="Screen Shot 2021-02-05 at 4 13 23 PM" src="https://user-images.githubusercontent.com/1151048/107098898-9161e280-67cd-11eb-8085-a5220938834e.png"> Turns out that return types on overloaded functions aren't easy fwiw and will fall on the bottom one which in this case looked to be `any` which we don't want: microsoft/TypeScript#24275 (comment) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios # Conflicts: # x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_index.ts # x-pack/test/detection_engine_api_integration/security_and_spaces/tests/delete_signals_migrations.ts * Fixes test failure as the permissions are true for 7.x -> 7.12 compared to false for 7.11

spalger added blocker failed-es-promotion v7.12.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jan 14, 2021

spalger added a commit that referenced this issue Jan 14, 2021

skip suites failing es promotion (#88302)

850242c

spalger added a commit that referenced this issue Jan 14, 2021

skip suites failing es promotion (#88302)

c6bb436

(cherry picked from commit 850242c)

FrankHassanabad self-assigned this Feb 5, 2021

FrankHassanabad mentioned this issue Feb 5, 2021

[Security Solutions][Detection Engine] Unskips tests after ES promotion and adds deleteUserRole utility #90533

Merged

1 task

FrankHassanabad linked a pull request Feb 5, 2021 that will close this issue

[Security Solutions][Detection Engine] Unskips tests after ES promotion and adds deleteUserRole utility #90533

Merged

1 task

FrankHassanabad closed this as completed in #90533 Feb 9, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

spalger commented Jan 14, 2021 •

edited

Loading

spalger commented Jan 14, 2021

Comments

spalger commented Jan 14, 2021 • edited Loading

spalger commented Jan 14, 2021

spalger commented Jan 14, 2021 •

edited

Loading