Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[kbn-test] improve error handling for saml auth #182511

Merged
merged 12 commits into from
May 21, 2024
Merged

[kbn-test] improve error handling for saml auth #182511

merged 12 commits into from
May 21, 2024

Conversation

dmlemeshko
Copy link
Member

@dmlemeshko dmlemeshko commented May 2, 2024
edited

Summary

If cloud user has no access to the project, we get error message like Error: Failed to parse SAML response value. This error does not explain the issue and especially because request returns 200 OK (due to redirects)

This PR disables redirects for API call that creates SAML response, so if user has no access to the project response code is 303. To better explain the issue extended message is logged:

Error: Failed to parse SAML response value.
 │ Most likely the <user_email> user has no access to the cloud deployment.
 │ Login to <cloud hostname> with the user from '.ftr/role_users.json' file and try to load
 | <project_kibana_url> in the same window.

The PR also adds test coverage for the SAML auth in Cloud, to make sure we don't break stuff with new changes

@dmlemeshko
Copy link
Member Author

/ci

@dmlemeshko dmlemeshko added v8.15.0 FTR release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting labels May 3, 2024
@dmlemeshko dmlemeshko marked this pull request as ready for review May 3, 2024 08:58
@dmlemeshko dmlemeshko requested review from a team as code owners May 3, 2024 08:58
wayneseymour
wayneseymour reviewed May 15, 2024
View reviewed changes
packages/kbn-test/src/auth/helper.ts
value = value.slice(0, value.length - 1);
}

if (value.length > 253) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I get the feeling there's a great reason for this, but why 253?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The entire hostname, including the delimiting dots, has a maximum of 253 ASCII characters

wayneseymour
wayneseymour reviewed May 15, 2024
View reviewed changes
packages/kbn-test/src/auth/saml_auth.ts Outdated
email: string,
kbnHost: string,
log: ToolingLog
) => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this function be typed? Just a tiny almost-a-nit lol

wayneseymour
wayneseymour approved these changes May 15, 2024
View reviewed changes
Copy link
Member

@wayneseymour wayneseymour left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dmlemeshko dmlemeshko enabled auto-merge (squash) May 17, 2024 13:43
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@dmlemeshko dmlemeshko merged commit ba770bd into elastic:main May 21, 2024
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbudz jbudz jbudz approved these changes

@wayneseymour wayneseymour wayneseymour approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting FTR release_note:skip Skip the PR/issue when compiling release notes v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@dmlemeshko @kibana-ci @jbudz @wayneseymour @kibanamachine