From 138c117aaf1c928d53566b1441cf769d4f819aca Mon Sep 17 00:00:00 2001
From: Paul Tavares <paul.tavares@elastic.co>
Date: Thu, 20 Jul 2023 19:30:11 -0400
Subject: [PATCH] Fix bugs in kibana roles lib

---
 .../lib/security/kibana_roles/kibana_roles.ts |  2 +-
 .../project_controller_security_roles.yml     |  4 +-
 .../lib/security/kibana_roles/role_loader.ts  | 57 ++++++++++++-------
 3 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/x-pack/test_serverless/shared/lib/security/kibana_roles/kibana_roles.ts b/x-pack/test_serverless/shared/lib/security/kibana_roles/kibana_roles.ts
index 3ac61a10811b3e..4a84351231fd95 100644
--- a/x-pack/test_serverless/shared/lib/security/kibana_roles/kibana_roles.ts
+++ b/x-pack/test_serverless/shared/lib/security/kibana_roles/kibana_roles.ts
@@ -11,7 +11,7 @@ import * as path from 'path';
 import { cloneDeep } from 'lodash';
 import { FeaturesPrivileges, Role, RoleIndexPrivilege } from '@kbn/security-plugin/common';
 
-type ServerlessRoleName =
+export type ServerlessRoleName =
   | 't1_analyst'
   | 't2_analyst'
   | 't3_analyst'
diff --git a/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml b/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml
index 2ddccf577a8267..1ab162fab0b45c 100644
--- a/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml
+++ b/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml
@@ -528,7 +528,7 @@ endpoint_operations_manager:
         - .siem-signals-*
         - .preview.alerts-security*
         - .internal.preview.alerts-security*
-    - privileges:
+      privileges:
         - read
         - write
         - manage
@@ -572,5 +572,5 @@ endpoint_operations_manager:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
diff --git a/x-pack/test_serverless/shared/lib/security/kibana_roles/role_loader.ts b/x-pack/test_serverless/shared/lib/security/kibana_roles/role_loader.ts
index 8d3e3ab66e7fb6..53c17b80547d94 100644
--- a/x-pack/test_serverless/shared/lib/security/kibana_roles/role_loader.ts
+++ b/x-pack/test_serverless/shared/lib/security/kibana_roles/role_loader.ts
@@ -9,19 +9,32 @@
 
 import { KbnClient } from '@kbn/test';
 import { Role } from '@kbn/security-plugin/common';
+import { ToolingLog } from '@kbn/tooling-log';
+import { inspect } from 'util';
 import {
   getServerlessSecurityKibanaRoleDefinitions,
   ServerlessSecurityRoles,
 } from './kibana_roles';
 
-interface LoadedRoleAndUser {
+export interface LoadedRoleAndUser {
   role: string;
   username: string;
   password: string;
 }
 
 export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, Role>> {
-  constructor(private readonly kbnClient: KbnClient, private readonly roles: R) {}
+  protected readonly logPromiseError: (error: Error) => never;
+
+  constructor(
+    protected readonly kbnClient: KbnClient,
+    protected readonly logger: ToolingLog,
+    protected readonly roles: R
+  ) {
+    this.logPromiseError = (error) => {
+      this.logger.error(inspect(error, { depth: 5 }));
+      throw error;
+    };
+  }
 
   async load(name: keyof R): Promise<LoadedRoleAndUser> {
     const role = this.roles[name];
@@ -40,11 +53,13 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
   private async createRole(role: Role): Promise<void> {
     const { name: roleName, ...roleDefinition } = role;
 
-    await this.kbnClient.request({
-      method: 'PUT',
-      path: `/api/security/role/${name}?createOnly=true`,
-      body: roleDefinition,
-    });
+    await this.kbnClient
+      .request({
+        method: 'PUT',
+        path: `/api/security/role/${roleName}?createOnly=true`,
+        body: roleDefinition,
+      })
+      .catch(this.logPromiseError);
   }
 
   private async createUser(
@@ -52,22 +67,24 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
     password: string,
     roles: string[] = []
   ): Promise<void> {
-    await this.kbnClient.request({
-      method: 'POST',
-      path: `/internal/security/users/${username}`,
-      body: {
-        username,
-        password,
-        roles,
-        full_name: username,
-        email: '',
-      },
-    });
+    await this.kbnClient
+      .request({
+        method: 'POST',
+        path: `/internal/security/users/${username}`,
+        body: {
+          username,
+          password,
+          roles,
+          full_name: username,
+          email: '',
+        },
+      })
+      .catch(this.logPromiseError);
   }
 }
 
 export class SecurityRoleAndUserLoader extends RoleAndUserLoader<ServerlessSecurityRoles> {
-  constructor(kbnClient: KbnClient) {
-    super(kbnClient, getServerlessSecurityKibanaRoleDefinitions());
+  constructor(kbnClient: KbnClient, logger: ToolingLog) {
+    super(kbnClient, logger, getServerlessSecurityKibanaRoleDefinitions());
   }
 }