[Security Solution] Support roles in Serverless FTR tests #170131
Conversation
maximpn
added
release_note:skip
maximpn
force-pushed
the
support-roles-in-serverless-ftr-tests
branch
11 times, most recently
from
972efc8
to
969d42b
Compare
maximpn
force-pushed
the
support-roles-in-serverless-ftr-tests
branch
from
969d42b
to
72378ad
Compare
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
| if (serverless) { | ||
| // A dirty temporary solution to wait for ES to process Kibana privileges. | ||
| // Stateless ES takes 30-35 seconds to process privileges request sent by Kibana | ||
| await scheduler.wait(35000); |
There was a problem hiding this comment.
Have we looked into any alternatives with the elasticsearch team? @afharo do you know who we can reach out to?
35 seconds per suite is going to add a not-insignificant amount of minutes to each build. I'm hoping we can find a quicker check.
There was a problem hiding this comment.
@elastic/appex-qa is working close with Kibana security folks @azasypkin @jeramysoucy to enable roles testing. Our approach is to add a FTR service that will generate cookie for a specific user role, that will be used for browser authentication and kbnClient init. We expect it to work both with Kibana CI and MKI.
This PR is making quite many changes in FTR and doesn't match the concept we agreed on, I suggest @maximpn to join the sync meeting FTR with Serverless Security Sync this Thursday to discuss approach with all the folks involved.
There was a problem hiding this comment.
@dmlemeshko, @maximpn is on PTO during this week.
There was a problem hiding this comment.
@afharo do you know who we can reach out to?
TBH, I just asked in the general #elasticssearch Slack channel.
@maximpn, did your test include these changes? I wonder if the need for the delay occurred before I managed to merge my PR.
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @maximpn |
…ated tests and Action Throttle (#171397) ## Summary Following the initial work in this #166755 - Addresses part of #151902 for Privileges related tests and Action Throttle - Moved the utility files associated with telemetry to the new directory `security_solution_api_integration`. Files not actively used in the previous folder were moved, while duplicate files remained in their original positions. - Updated the CodeOwner file for the newly moved tests - Old/new group details, decisions, and execution time are mentioned in this [document](https://docs.google.com/document/d/1CRFfDWMzw3ob03euWIvT4-IoiLXjoiPWI8mTBqP4Zks/edit) - The **Privileges** Tests are skipped in Serverless now until the FTR Roles [PR](#170131) gets merged | Action | File | New Path if moved | |--------|------|----------| | Delete| security_and_spaces/group4| - | | Move|detection_engine_api_integration/security_and_spaces/group10/throttle|detections_response/default_license/action/throttle| | Move|detection_engine_api_integration/security_and_spaces/group1/check_privileges|detections_response/default_license/actions/check_privileges| | Move|detection_engine_api_integration/security_and_spaces/group10/read_privileges|detections_response/default_license/user_roles/read_privileges|
…n engine tests (elastic#171531) ## Summary Following the initial work in this elastic#166755 - Addresses part of elastic#151902 for basic detection engine-related tests - Introduced a new license folder to hold the `Basic` Ess tests and the `Essentials` Serverless tests, is called `basic_essentials_license` - Added new base configurations files for `serverless/config.base.essentials` and `ess/config.base.basic` - Moved the utility files associated with Basic tests to the new directory `security_solution_api_integration`. Files not actively used in the previous folder were moved, while duplicate files remained in their original positions. - Updated the CodeOwner file for the newly moved tests - Old/new group details, decisions, and execution time are mentioned in this [document](https://docs.google.com/document/d/1CRFfDWMzw3ob03euWIvT4-IoiLXjoiPWI8mTBqP4Zks/edit) - The **Privileges** Tests are skipped in Serverless now until the FTR Roles [PR](elastic#170131) gets merged | Action | File | New Path | |--------|------|----------| | Moved|basic/create_rules| basic_essentials_license/detection_engine/rules/create_rules| | Moved|basic/create_rules| basic_essentials_license/detection_engine/rules/create_ml_rules_privileges| | Moved|basic/create_rules| basic_essentials_license/detection_engine/alerts/open_close_alerts| | Moved|basic/create_rules| basic_essentials_license/detection_engine/alerts/query_alerts_backword_compatibility| | Moved|basic/create_rules| basic_essentials_license/detection_engine/alerts/query_alerts|
Addresses: #164451
Summary
Enables role based testing in Serverless FTR tests. Approach is similar to #169017.
Details
The main idea behind is to make environmental differences for tests unnoticeable the same as in #169017. As Serverless enironment already has roles and users but ESS environment allows to create any possible role and user we just need to create Serverless roles and corresponding users + specific ESS roles and corresponding users in ESS env before running any ESS tests. This way tests will run in a similar env and don't have to bother by roles/users creation in test suites. This is achieved by using
beforeAllin rootHooks Mocha config has to create roles and used in ESS environment.On top of this privileges Serverless role based tests were moved to
security_solution_api_integrationand unskipped.Flaky test runner
detections_response/default_license/privileges(ESS + Serverless) 150 runs