Skip to content

Commit

Permalink
[FTR](platform-security) update common serverless api tests to use ap…
Browse files Browse the repository at this point in the history 
…i keys

Contributes to: elastic#180834
  • Loading branch information
@wayneseymour
wayneseymour committed Jun 6, 2024
1 parent 556531b commit f3b585d
Show file tree
Hide file tree
Showing 19 changed files with 386 additions and 199 deletions.
23 changes: 18 additions & 5 deletions x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,38 @@
*/

import { FtrProviderContext } from '../../../ftr_provider_context';
import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';

export default function ({ getService }: FtrProviderContext) {
const svlCommonApi = getService('svlCommonApi');
const supertest = getService('supertest');
const svlUserManager = getService('svlUserManager');
const supertestWithoutAuth = getService('supertestWithoutAuth');
let role: RoleCredentials;
let internalReqHeader: InternalRequestHeader;

describe('security/anonymous', function () {
before(async () => {
role = await svlUserManager.createApiKeyForRole('admin');
internalReqHeader = svlCommonApi.getInternalRequestHeader();
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(role);
});
describe('route access', () => {
describe('disabled', () => {
it('get access capabilities', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/internal/security/anonymous_access/capabilities')
.set(svlCommonApi.getCommonRequestHeader());
.set(internalReqHeader)
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('get access state', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/internal/security/anonymous_access/state')
.set(svlCommonApi.getCommonRequestHeader());
.set(internalReqHeader)
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});
});
Expand Down
44 changes: 29 additions & 15 deletions x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,32 @@

import expect from 'expect';
import { FtrProviderContext } from '../../../ftr_provider_context';
import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';

export default function ({ getService }: FtrProviderContext) {
const svlCommonApi = getService('svlCommonApi');
const supertest = getService('supertest');
let roleMapping: { id: string; name: string; api_key: string; encoded: string };

const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
const supertestWithoutAuth = getService('supertestWithoutAuth');
let role: RoleCredentials;
let internalReqHeader: InternalRequestHeader;

describe('security/api_keys', function () {
before(async () => {
role = await svlUserManager.createApiKeyForRole('admin');
internalReqHeader = svlCommonApi.getInternalRequestHeader();
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(role);
});
describe('route access', () => {
describe('internal', () => {
before(async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.post('/internal/security/api_key')
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader)
.send({
name: 'test',
metadata: {},
Expand All @@ -30,12 +43,13 @@ export default function ({ getService }: FtrProviderContext) {
});

after(async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/internal/security/api_key?isAdmin=true')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);

if (status === 200) {
await supertest
await supertestWithoutAuth
.post('/internal/security/api_key/invalidate')
.set(svlCommonApi.getInternalRequestHeader())
.send({
Expand All @@ -54,7 +68,7 @@ export default function ({ getService }: FtrProviderContext) {
role_descriptors: {},
};

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.post('/internal/security/api_key')
.set(svlCommonApi.getCommonRequestHeader())
.send(requestBody));
Expand All @@ -68,7 +82,7 @@ export default function ({ getService }: FtrProviderContext) {
});
expect(status).toBe(400);

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.post('/internal/security/api_key')
.set(svlCommonApi.getInternalRequestHeader())
.send(requestBody));
Expand All @@ -86,7 +100,7 @@ export default function ({ getService }: FtrProviderContext) {
role_descriptors: {},
};

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.put('/internal/security/api_key')
.set(svlCommonApi.getCommonRequestHeader())
.send(requestBody));
Expand All @@ -100,7 +114,7 @@ export default function ({ getService }: FtrProviderContext) {
});
expect(status).toBe(400);

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.put('/internal/security/api_key')
.set(svlCommonApi.getInternalRequestHeader())
.send(requestBody));
Expand All @@ -113,7 +127,7 @@ export default function ({ getService }: FtrProviderContext) {
let body: unknown;
let status: number;

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.get('/internal/security/api_key/_enabled')
.set(svlCommonApi.getCommonRequestHeader()));
// expect a rejection because we're not using the internal header
Expand All @@ -126,7 +140,7 @@ export default function ({ getService }: FtrProviderContext) {
});
expect(status).toBe(400);

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.get('/internal/security/api_key/_enabled')
.set(svlCommonApi.getInternalRequestHeader()));
// expect success because we're using the internal header
Expand All @@ -147,7 +161,7 @@ export default function ({ getService }: FtrProviderContext) {
isAdmin: true,
};

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.post('/internal/security/api_key/invalidate')
.set(svlCommonApi.getCommonRequestHeader())
.send(requestBody));
Expand All @@ -161,7 +175,7 @@ export default function ({ getService }: FtrProviderContext) {
});
expect(status).toBe(400);

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.post('/internal/security/api_key/invalidate')
.set(svlCommonApi.getInternalRequestHeader())
.send(requestBody));
Expand All @@ -188,7 +202,7 @@ export default function ({ getService }: FtrProviderContext) {
size: 1,
};

const { body } = await supertest
const { body } = await supertestWithoutAuth
.post('/internal/security/api_key/_query')
.set(svlCommonApi.getInternalRequestHeader())
.send(requestBody)
Expand Down
92 changes: 58 additions & 34 deletions ...ck/test_serverless/api_integration/test_suites/common/platform_security/authentication.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,106 +7,127 @@

import expect from 'expect';
import { FtrProviderContext } from '../../../ftr_provider_context';
import { RoleCredentials } from '../../../../shared/services';

export default function ({ getService }: FtrProviderContext) {
const svlCommonApi = getService('svlCommonApi');
const supertest = getService('supertest');
const config = getService('config');
const svlCommonApi = getService('svlCommonApi');
const svlUserManager = getService('svlUserManager');
const supertestWithoutAuth = getService('supertestWithoutAuth');
let role: RoleCredentials;

describe('security/authentication', function () {
before(async () => {
role = await svlUserManager.createApiKeyForRole('admin');
});
after(async () => {
await svlUserManager.invalidateApiKeyForRole(role);
});
describe('route access', () => {
describe('disabled', () => {
// ToDo: uncomment when we disable login
// it('login', async () => {
// const { body, status } = await supertest
// const { body, status } = await supertestWithoutAuth
// .post('/internal/security/login')
// .set(svlCommonApi.getInternalRequestHeader());
// .set(svlCommonApi.getInternalRequestHeader()).set(role.apiKeyHeader)
// svlCommonApi.assertApiNotFound(body, status);
// });

it('logout (deprecated)', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/api/security/v1/logout')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('get current user (deprecated)', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/internal/security/v1/me')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('acknowledge access agreement', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.post('/internal/security/access_agreement/acknowledge')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

describe('OIDC', () => {
it('OIDC implicit', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/api/security/oidc/implicit')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('OIDC implicit (deprecated)', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/api/security/v1/oidc/implicit')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('OIDC implicit.js', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/internal/security/oidc/implicit.js')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('OIDC callback', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/api/security/oidc/callback')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('OIDC callback (deprecated)', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/api/security/v1/oidc')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('OIDC login', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.post('/api/security/oidc/initiate_login')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('OIDC login (deprecated)', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.post('/api/security/v1/oidc')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});

it('OIDC 3rd party login', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.get('/api/security/oidc/initiate_login')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});
});

it('SAML callback (deprecated)', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.post('/api/security/v1/saml')
.set(svlCommonApi.getInternalRequestHeader());
.set(svlCommonApi.getInternalRequestHeader())
.set(role.apiKeyHeader);
svlCommonApi.assertApiNotFound(body, status);
});
});
Expand All @@ -116,8 +137,9 @@ export default function ({ getService }: FtrProviderContext) {
let body: any;
let status: number;

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.get('/internal/security/me')
.set(role.apiKeyHeader)
.set(svlCommonApi.getCommonRequestHeader()));
// expect a rejection because we're not using the internal header
expect(body).toEqual({
Expand All @@ -129,7 +151,7 @@ export default function ({ getService }: FtrProviderContext) {
});
expect(status).toBe(400);

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.get('/internal/security/me')
.set(svlCommonApi.getInternalRequestHeader()));
// expect success because we're using the internal header
Expand All @@ -155,7 +177,7 @@ export default function ({ getService }: FtrProviderContext) {
let body: any;
let status: number;

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.post('/internal/security/login')
.set(svlCommonApi.getCommonRequestHeader()));
// expect a rejection because we're not using the internal header
Expand All @@ -168,23 +190,25 @@ export default function ({ getService }: FtrProviderContext) {
});
expect(status).toBe(400);

({ body, status } = await supertest
({ body, status } = await supertestWithoutAuth
.post('/internal/security/login')
.set(role.apiKeyHeader)
.set(svlCommonApi.getInternalRequestHeader()));
expect(status).not.toBe(404);
});
});

describe('public', () => {
it('logout', async () => {
const { status } = await supertest.get('/api/security/logout');
const { status } = await supertestWithoutAuth.get('/api/security/logout');
expect(status).toBe(302);
});

it('SAML callback', async () => {
const { body, status } = await supertest
const { body, status } = await supertestWithoutAuth
.post('/api/security/saml/callback')
.set(svlCommonApi.getCommonRequestHeader())
.set(role.apiKeyHeader)
.send({
SAMLResponse: '',
});
Expand Down
Loading

0 comments on commit f3b585d

Please sign in to comment.