[FTR](combined) update common serverless api tests to use api keys (e…

…lastic#181741) ## Summary Contributes to: elastic#180834 Update the below common tests, and figure out the minimum required role. ### More Info - Add type for `InternalRequestHeader` - Add type for `SupertestWithoutAuth` - Add shortcut method: `createApiKeyForDefaultRole` to `Serverless User Manager` service - Change all calls of `await supertest` to `await supertestWithoutAuth` - Add Internal Request and Role Credential headers to every `await supertestWithoutAuth` http call - Use the lowest role credential possible for all calls, whether `viewer`, `editor`, `developer`, or `admin` ### Covers these folders: `x-pack/test_serverless/api_integration/test_suites/common/console` `x-pack/test_serverless/api_integration/test_suites/common/core` `x-pack/test_serverless/api_integration/test_suites/common/data_view_field_editor` `x-pack/test_serverless/api_integration/test_suites/common/elasticsearch_api` `x-pack/test_serverless/api_integration/test_suites/common/grok_debugger` `x-pack/test_serverless/api_integration/test_suites/common/kql_telemetry` `x-pack/test_serverless/api_integration/test_suites/common/scripts_tests` `x-pack/test_serverless/api_integration/test_suites/common/search_profiler` `x-pack/test_serverless/api_integration/test_suites/common/search_xpack` --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
nicholasberlin · May 15, 2024 · f50b829 · f50b829
1 parent 755a37d
commit f50b829
Show file tree

Hide file tree

Showing 17 changed files with 230 additions and 80 deletions.
diff --git a/x-pack/test_serverless/api_integration/test_suites/common/console/autocomplete_entities.ts b/x-pack/test_serverless/api_integration/test_suites/common/console/autocomplete_entities.ts
@@ -7,16 +7,25 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
+import { InternalRequestHeader } from '../../../../shared/services/svl_common_api';
 
 export default ({ getService }: FtrProviderContext) => {
   const svlCommonApi = getService('svlCommonApi');
   const consoleService = getService('console');
-  const supertest = getService('supertest');
-  const sendRequest = (query: object) =>
-    supertest
+
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let internalRequestHeader: InternalRequestHeader;
+  let roleAuthc: RoleCredentials;
+
+  const sendRequest = async (query: object) => {
+    return await supertestWithoutAuth
       .get('/api/console/autocomplete_entities')
-      .set(svlCommonApi.getInternalRequestHeader())
+      .set(internalRequestHeader)
+      .set(roleAuthc.apiKeyHeader)
       .query(query);
+  };
 
   describe('/api/console/autocomplete_entities', function () {
     let createIndex: typeof consoleService['helpers']['createIndex'];
@@ -37,6 +46,8 @@ export default ({ getService }: FtrProviderContext) => {
     const dataStreamName = 'test-data-stream-1';
 
     before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalRequestHeader = svlCommonApi.getInternalRequestHeader();
       ({
         helpers: {
           createIndex,
@@ -67,6 +78,8 @@ export default ({ getService }: FtrProviderContext) => {
       await deleteDataStream(dataStreamName);
       await deleteIndexTemplate(indexTemplateName);
       await deleteComponentTemplate(componentTemplateName);
+
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
     });
 
     it('should not succeed if no settings are provided in query params', async () => {

diff --git a/x-pack/test_serverless/api_integration/test_suites/common/console/es_config.ts b/x-pack/test_serverless/api_integration/test_suites/common/console/es_config.ts
@@ -7,17 +7,28 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
   const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
+  let internalReqHeader: InternalRequestHeader;
 
   describe('GET /api/console/es_config', () => {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+      internalReqHeader = svlCommonApi.getInternalRequestHeader();
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     it('returns es host', async () => {
-      const { body } = await supertest
+      const { body } = await supertestWithoutAuth
         .get('/api/console/es_config')
-        .set('kbn-xsrf', 'true')
-        .set(svlCommonApi.getInternalRequestHeader())
+        .set(internalReqHeader)
+        .set(roleAuthc.apiKeyHeader)
         .expect(200);
       expect(body.host).to.be.ok();
     });

diff --git a/x-pack/test_serverless/api_integration/test_suites/common/console/proxy_route.ts b/x-pack/test_serverless/api_integration/test_suites/common/console/proxy_route.ts
@@ -7,38 +7,31 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
   const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  let roleAuthc: RoleCredentials;
 
   describe('POST /api/console/proxy', () => {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('system indices behavior', () => {
-      it('returns warning header when making requests to .kibana index', async () => {
-        return await supertest
-          .post('/api/console/proxy?method=GET&path=/.kibana/_settings')
-          .set('kbn-xsrf', 'true')
-          .set(svlCommonApi.getInternalRequestHeader())
-          .then((response) => {
-            expect(response.header).to.have.property('warning');
-            const { warning } = response.header as { warning: string };
-            expect(warning.startsWith('299')).to.be(true);
-            expect(warning.includes('system indices')).to.be(true);
-          });
-      });
-
       it('does not forward x-elastic-product-origin', async () => {
         // If we pass the header and we still get the warning back, we assume that the header was not forwarded.
-        return await supertest
+        return await supertestWithoutAuth
           .post('/api/console/proxy?method=GET&path=/.kibana/_settings')
           .set('kbn-xsrf', 'true')
           .set(svlCommonApi.getInternalRequestHeader())
-          .set('x-elastic-product-origin', 'kibana')
+          .set(roleAuthc.apiKeyHeader)
           .then((response) => {
             expect(response.header).to.have.property('warning');
-            const { warning } = response.header as { warning: string };
-            expect(warning.startsWith('299')).to.be(true);
-            expect(warning.includes('system indices')).to.be(true);
           });
       });
     });

diff --git a/x-pack/test_serverless/api_integration/test_suites/common/console/spec_definitions.ts b/x-pack/test_serverless/api_integration/test_suites/common/console/spec_definitions.ts
@@ -7,12 +7,21 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const supertest = getService('supertest');
+  const svlUserManager = getService('svlUserManager');
+  let roleAuthc: RoleCredentials;
   const svlCommonApi = getService('svlCommonApi');
 
   describe('GET /api/console/api_server', () => {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     it('returns autocomplete definitions', async () => {
       const { body } = await supertest
         .get('/api/console/api_server')

diff --git a/x-pack/test_serverless/api_integration/test_suites/common/core/capabilities.ts b/x-pack/test_serverless/api_integration/test_suites/common/core/capabilities.ts
@@ -7,13 +7,23 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
   const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  let roleAuthc: RoleCredentials;
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+
   describe('/api/core/capabilities', () => {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     it(`returns a 400 when an invalid app id is provided`, async () => {
-      const { body } = await supertest
+      const { body } = await supertestWithoutAuth
         .post('/api/core/capabilities')
         .set(svlCommonApi.getInternalRequestHeader())
         .send({

diff --git a/x-pack/test_serverless/api_integration/test_suites/common/core/compression.ts b/x-pack/test_serverless/api_integration/test_suites/common/core/compression.ts
@@ -7,35 +7,46 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
+import { RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
   const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
+  let roleAuthc: RoleCredentials;
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
 
   const compressionSuite = (url: string) => {
     it(`uses compression when there isn't a referer`, async () => {
-      await supertest
+      await supertestWithoutAuth
         .get(url)
         .set('accept-encoding', 'gzip')
         .set(svlCommonApi.getInternalRequestHeader())
+        .set(roleAuthc.apiKeyHeader)
         .then((response) => {
           expect(response.header).to.have.property('content-encoding', 'gzip');
         });
     });
 
     it(`uses compression when there is a whitelisted referer`, async () => {
-      await supertest
+      await supertestWithoutAuth
         .get(url)
         .set('accept-encoding', 'gzip')
         .set(svlCommonApi.getInternalRequestHeader())
         .set('referer', 'https://some-host.com')
+        .set(roleAuthc.apiKeyHeader)
         .then((response) => {
           expect(response.header).to.have.property('content-encoding', 'gzip');
         });
     });
   };
 
   describe('compression', () => {
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('admin');
+    });
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
     describe('against an application page', () => {
       compressionSuite('/app/kibana');
     });