diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/bulk_get.ts b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/bulk_get.ts index 58456ac6debaa..8579aa5a986c4 100644 --- a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/bulk_get.ts +++ b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/bulk_get.ts @@ -25,170 +25,193 @@ export default function({ getService }: TestInvoker) { [ { spaceId: SPACES.DEFAULT.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, }, { - spaceId: SPACES.DEFAULT.spaceId, - userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, - userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, - userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, + spaceId: SPACES.SPACE_1.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithNoKibanaAccess: AUTHENTICATION.NOT_A_KIBANA_USER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, + userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, + userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_READ_USER, + userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, }, - ].forEach(({ spaceId, userWithAllAtSpace, userWithReadAtSpace, userWithAllAtOtherSpace }) => { - bulkGetTest(`not a kibana user`, { + ].forEach(scenario => { + bulkGetTest(`${scenario.notAKibanaUser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, - password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD, + username: scenario.notAKibanaUser.USERNAME, + password: scenario.notAKibanaUser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + response: createExpectLegacyForbidden(scenario.notAKibanaUser.USERNAME), }, }, }); - bulkGetTest(`superuser`, { + bulkGetTest(`${scenario.superuser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.SUPERUSER.USERNAME, - password: AUTHENTICATION.SUPERUSER.PASSWORD, + username: scenario.superuser.USERNAME, + password: scenario.superuser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, }, }); - bulkGetTest(`kibana legacy user`, { + bulkGetTest(`${scenario.userWithLegacyAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD, + username: scenario.userWithLegacyAll.USERNAME, + password: scenario.userWithLegacyAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, }, }); - bulkGetTest(`kibana legacy dashboard only user`, { + bulkGetTest(`${scenario.userWithLegacyRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithLegacyRead.USERNAME, + password: scenario.userWithLegacyRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, }, }); - bulkGetTest(`kibana dual-privileges user`, { + bulkGetTest(`${scenario.userWithDualAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD, + username: scenario.userWithDualAll.USERNAME, + password: scenario.userWithDualAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, }, }); - bulkGetTest(`kibana dual-privileges dashboard only user`, { + bulkGetTest(`${scenario.userWithDualRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithDualRead.USERNAME, + password: scenario.userWithDualRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, }, }); - bulkGetTest(`kibana rbac user`, { + bulkGetTest(`${scenario.userWithAllGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD, + username: scenario.userWithAllGlobally.USERNAME, + password: scenario.userWithAllGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, }, }); - bulkGetTest(`kibana rbac dashboard only user`, { - auth: { - username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD, - }, - spaceId, - tests: { - default: { - statusCode: 200, - response: createExpectResults(spaceId), + bulkGetTest( + `${scenario.userWithReadGlobally.USERNAME} within the ${scenario.spaceId} space`, + { + auth: { + username: scenario.userWithReadGlobally.USERNAME, + password: scenario.userWithReadGlobally.PASSWORD, }, - }, - }); + spaceId: scenario.spaceId, + tests: { + default: { + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + } + ); - bulkGetTest(userWithAllAtSpace.USERNAME, { + bulkGetTest(`${scenario.userWithAllAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithAllAtSpace.USERNAME, - password: userWithAllAtSpace.PASSWORD, + username: scenario.userWithAllAtSpace.USERNAME, + password: scenario.userWithAllAtSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, }, }); - bulkGetTest(userWithReadAtSpace.USERNAME, { + bulkGetTest(`${scenario.userWithReadAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithReadAtSpace.USERNAME, - password: userWithReadAtSpace.PASSWORD, + username: scenario.userWithReadAtSpace.USERNAME, + password: scenario.userWithReadAtSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { default: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, }, }); - bulkGetTest(userWithAllAtOtherSpace.USERNAME, { - auth: { - username: userWithAllAtOtherSpace.USERNAME, - password: userWithAllAtOtherSpace.PASSWORD, - }, - spaceId, - tests: { - default: { - statusCode: 403, - response: expectRbacForbidden, + bulkGetTest( + `${scenario.userWithAllAtOtherSpace.USERNAME} within the ${scenario.spaceId} space`, + { + auth: { + username: scenario.userWithAllAtOtherSpace.USERNAME, + password: scenario.userWithAllAtOtherSpace.PASSWORD, }, - }, - }); + spaceId: scenario.spaceId, + tests: { + default: { + statusCode: 403, + response: expectRbacForbidden, + }, + }, + } + ); }); }); } diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/create.ts b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/create.ts index 09b40f238bae2..f147e28c01e98 100644 --- a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/create.ts +++ b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/create.ts @@ -28,45 +28,62 @@ export default function({ getService }: TestInvoker) { [ { spaceId: SPACES.DEFAULT.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, }, { - spaceId: SPACES.DEFAULT.spaceId, - userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, - userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, - userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, + spaceId: SPACES.SPACE_1.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithNoKibanaAccess: AUTHENTICATION.NOT_A_KIBANA_USER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, + userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, + userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_READ_USER, + userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, }, - ].forEach(({ spaceId, userWithAllAtSpace, userWithReadAtSpace, userWithAllAtOtherSpace }) => { - createTest(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, { + ].forEach(scenario => { + createTest(`${scenario.notAKibanaUser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, - password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD, + username: scenario.notAKibanaUser.USERNAME, + password: scenario.notAKibanaUser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + response: createExpectLegacyForbidden(scenario.notAKibanaUser.USERNAME), }, notSpaceAware: { statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + response: createExpectLegacyForbidden(scenario.notAKibanaUser.USERNAME), }, }, }); - createTest(AUTHENTICATION.SUPERUSER.USERNAME, { + createTest(`${scenario.superuser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.SUPERUSER.USERNAME, - password: AUTHENTICATION.SUPERUSER.PASSWORD, + username: scenario.superuser.USERNAME, + password: scenario.superuser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, - response: createExpectSpaceAwareResults(), + response: createExpectSpaceAwareResults(scenario.spaceId), }, notSpaceAware: { statusCode: 200, @@ -75,16 +92,16 @@ export default function({ getService }: TestInvoker) { }, }); - createTest(AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, { + createTest(`${scenario.userWithLegacyAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD, + username: scenario.userWithLegacyAll.USERNAME, + password: scenario.userWithLegacyAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, - response: createExpectSpaceAwareResults(), + response: createExpectSpaceAwareResults(scenario.spaceId), }, notSpaceAware: { statusCode: 200, @@ -93,38 +110,34 @@ export default function({ getService }: TestInvoker) { }, }); - createTest(AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, { + createTest(`${scenario.userWithLegacyRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithLegacyRead.USERNAME, + password: scenario.userWithLegacyRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, - response: createExpectLegacyForbidden( - AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME - ), + response: createExpectLegacyForbidden(scenario.userWithLegacyRead.USERNAME), }, notSpaceAware: { statusCode: 403, - response: createExpectLegacyForbidden( - AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME - ), + response: createExpectLegacyForbidden(scenario.userWithLegacyRead.USERNAME), }, }, }); - createTest(AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, { + createTest(`${scenario.userWithDualAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD, + username: scenario.userWithDualAll.USERNAME, + password: scenario.userWithDualAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, - response: createExpectSpaceAwareResults(), + response: createExpectSpaceAwareResults(scenario.spaceId), }, notSpaceAware: { statusCode: 200, @@ -133,12 +146,12 @@ export default function({ getService }: TestInvoker) { }, }); - createTest(AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, { + createTest(`${scenario.userWithDualRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithDualRead.USERNAME, + password: scenario.userWithDualRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -151,16 +164,16 @@ export default function({ getService }: TestInvoker) { }, }); - createTest(AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, { + createTest(`${scenario.userWithAllGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD, + username: scenario.userWithAllGlobally.USERNAME, + password: scenario.userWithAllGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, - response: createExpectSpaceAwareResults(), + response: createExpectSpaceAwareResults(scenario.spaceId), }, notSpaceAware: { statusCode: 200, @@ -169,12 +182,12 @@ export default function({ getService }: TestInvoker) { }, }); - createTest(AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, { + createTest(`${scenario.userWithReadGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithReadGlobally.USERNAME, + password: scenario.userWithReadGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -187,15 +200,16 @@ export default function({ getService }: TestInvoker) { }, }); - createTest(userWithAllAtSpace.USERNAME, { + createTest(`${scenario.userWithAllAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithAllAtSpace.USERNAME, - password: userWithAllAtSpace.PASSWORD, + username: scenario.userWithAllAtSpace.USERNAME, + password: scenario.userWithAllAtSpace.PASSWORD, }, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, - response: createExpectSpaceAwareResults(spaceId), + response: createExpectSpaceAwareResults(scenario.spaceId), }, notSpaceAware: { statusCode: 200, @@ -204,11 +218,12 @@ export default function({ getService }: TestInvoker) { }, }); - createTest(userWithReadAtSpace.USERNAME, { + createTest(`${scenario.userWithReadAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithReadAtSpace.USERNAME, - password: userWithReadAtSpace.PASSWORD, + username: scenario.userWithReadAtSpace.USERNAME, + password: scenario.userWithReadAtSpace.PASSWORD, }, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -221,22 +236,26 @@ export default function({ getService }: TestInvoker) { }, }); - createTest(userWithAllAtOtherSpace.USERNAME, { - auth: { - username: userWithAllAtOtherSpace.USERNAME, - password: userWithAllAtOtherSpace.PASSWORD, - }, - tests: { - spaceAware: { - statusCode: 403, - response: expectSpaceAwareRbacForbidden, + createTest( + `${scenario.userWithAllAtOtherSpace.USERNAME} within the ${scenario.spaceId} space`, + { + auth: { + username: scenario.userWithAllAtOtherSpace.USERNAME, + password: scenario.userWithAllAtOtherSpace.PASSWORD, }, - notSpaceAware: { - statusCode: 403, - response: expectNotSpaceAwareRbacForbidden, + spaceId: scenario.spaceId, + tests: { + spaceAware: { + statusCode: 403, + response: expectSpaceAwareRbacForbidden, + }, + notSpaceAware: { + statusCode: 403, + response: expectNotSpaceAwareRbacForbidden, + }, }, - }, - }); + } + ); }); }); } diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/delete.ts b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/delete.ts index 88031abf19311..39f5aff6ffe1f 100644 --- a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/delete.ts +++ b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/delete.ts @@ -28,45 +28,62 @@ export default function({ getService }: TestInvoker) { [ { spaceId: SPACES.DEFAULT.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, }, { - spaceId: SPACES.DEFAULT.spaceId, - userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, - userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, - userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, + spaceId: SPACES.SPACE_1.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithNoKibanaAccess: AUTHENTICATION.NOT_A_KIBANA_USER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, + userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, + userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_READ_USER, + userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, }, - ].forEach(({ spaceId, userWithAllAtSpace, userWithReadAtSpace, userWithAllAtOtherSpace }) => { - deleteTest(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, { + ].forEach(scenario => { + deleteTest(`${scenario.notAKibanaUser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, - password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD, + username: scenario.notAKibanaUser.USERNAME, + password: scenario.notAKibanaUser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + response: createExpectLegacyForbidden(scenario.notAKibanaUser.USERNAME), }, notSpaceAware: { statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + response: createExpectLegacyForbidden(scenario.notAKibanaUser.USERNAME), }, invalidId: { statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + response: createExpectLegacyForbidden(scenario.notAKibanaUser.USERNAME), }, }, }); - deleteTest(AUTHENTICATION.SUPERUSER.USERNAME, { + deleteTest(`${scenario.superuser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.SUPERUSER.USERNAME, - password: AUTHENTICATION.SUPERUSER.PASSWORD, + username: scenario.superuser.USERNAME, + password: scenario.superuser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -78,17 +95,17 @@ export default function({ getService }: TestInvoker) { }, invalidId: { statusCode: 404, - response: createExpectUnknownDocNotFound(), + response: createExpectUnknownDocNotFound(scenario.spaceId), }, }, }); - deleteTest(AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, { + deleteTest(`${scenario.userWithLegacyAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD, + username: scenario.userWithLegacyAll.USERNAME, + password: scenario.userWithLegacyAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -100,45 +117,39 @@ export default function({ getService }: TestInvoker) { }, invalidId: { statusCode: 404, - response: createExpectUnknownDocNotFound(), + response: createExpectUnknownDocNotFound(scenario.spaceId), }, }, }); - deleteTest(AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, { + deleteTest(`${scenario.userWithLegacyRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithLegacyRead.USERNAME, + password: scenario.userWithLegacyRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, - response: createExpectLegacyForbidden( - AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME - ), + response: createExpectLegacyForbidden(scenario.userWithLegacyRead.USERNAME), }, notSpaceAware: { statusCode: 403, - response: createExpectLegacyForbidden( - AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME - ), + response: createExpectLegacyForbidden(scenario.userWithLegacyRead.USERNAME), }, invalidId: { statusCode: 403, - response: createExpectLegacyForbidden( - AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME - ), + response: createExpectLegacyForbidden(scenario.userWithLegacyRead.USERNAME), }, }, }); - deleteTest(AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, { + deleteTest(`${scenario.userWithDualAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD, + username: scenario.userWithDualAll.USERNAME, + password: scenario.userWithDualAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -150,17 +161,17 @@ export default function({ getService }: TestInvoker) { }, invalidId: { statusCode: 404, - response: createExpectUnknownDocNotFound(), + response: createExpectUnknownDocNotFound(scenario.spaceId), }, }, }); - deleteTest(AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, { + deleteTest(`${scenario.userWithDualRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithDualRead.USERNAME, + password: scenario.userWithDualRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -177,12 +188,12 @@ export default function({ getService }: TestInvoker) { }, }); - deleteTest(AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, { + deleteTest(`${scenario.userWithAllGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD, + username: scenario.userWithAllGlobally.USERNAME, + password: scenario.userWithAllGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -194,17 +205,17 @@ export default function({ getService }: TestInvoker) { }, invalidId: { statusCode: 404, - response: createExpectUnknownDocNotFound(), + response: createExpectUnknownDocNotFound(scenario.spaceId), }, }, }); - deleteTest(AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, { + deleteTest(`${scenario.userWithReadGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithReadGlobally.USERNAME, + password: scenario.userWithReadGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -221,12 +232,12 @@ export default function({ getService }: TestInvoker) { }, }); - deleteTest(userWithAllAtSpace.USERNAME, { + deleteTest(`${scenario.userWithAllAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithAllAtSpace.USERNAME, - password: userWithAllAtSpace.PASSWORD, + username: scenario.userWithAllAtSpace.USERNAME, + password: scenario.userWithAllAtSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -238,17 +249,17 @@ export default function({ getService }: TestInvoker) { }, invalidId: { statusCode: 404, - response: createExpectUnknownDocNotFound(), + response: createExpectUnknownDocNotFound(scenario.spaceId), }, }, }); - deleteTest(userWithReadAtSpace.USERNAME, { + deleteTest(`${scenario.userWithReadAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithReadAtSpace.USERNAME, - password: userWithReadAtSpace.PASSWORD, + username: scenario.userWithReadAtSpace.USERNAME, + password: scenario.userWithReadAtSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -265,27 +276,30 @@ export default function({ getService }: TestInvoker) { }, }); - deleteTest(userWithAllAtOtherSpace.USERNAME, { - auth: { - username: userWithAllAtOtherSpace.USERNAME, - password: userWithAllAtOtherSpace.PASSWORD, - }, - spaceId, - tests: { - spaceAware: { - statusCode: 403, - response: expectRbacSpaceAwareForbidden, - }, - notSpaceAware: { - statusCode: 403, - response: expectRbacNotSpaceAwareForbidden, - }, - invalidId: { - statusCode: 403, - response: expectRbacInvalidIdForbidden, - }, - }, - }); + deleteTest( + `${scenario.userWithAllAtOtherSpace.USERNAME} within the ${scenario.spaceId} space`, + { + auth: { + username: scenario.userWithAllAtOtherSpace.USERNAME, + password: scenario.userWithAllAtOtherSpace.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + spaceAware: { + statusCode: 403, + response: expectRbacSpaceAwareForbidden, + }, + notSpaceAware: { + statusCode: 403, + response: expectRbacNotSpaceAwareForbidden, + }, + invalidId: { + statusCode: 403, + response: expectRbacInvalidIdForbidden, + }, + }, + } + ); }); }); } diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts index 0d984d629240d..41aa6fd28517a 100644 --- a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts +++ b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts @@ -14,7 +14,7 @@ export default function({ getService }: TestInvoker) { const supertest = getService('supertestWithoutAuth'); const esArchiver = getService('esArchiver'); - describe('find', () => { + describe.only('find', () => { const { createExpectEmpty, createExpectRbacForbidden, @@ -27,374 +27,392 @@ export default function({ getService }: TestInvoker) { [ { spaceId: SPACES.DEFAULT.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, }, { spaceId: SPACES.SPACE_1.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithNoKibanaAccess: AUTHENTICATION.NOT_A_KIBANA_USER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_READ_USER, userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, }, - ].forEach(({ spaceId, userWithAllAtSpace, userWithReadAtSpace, userWithAllAtOtherSpace }) => { - describe(`${spaceId} space`, () => { - findTest(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, { - auth: { - username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, - password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD, + ].forEach(scenario => { + findTest(`${scenario.notAKibanaUser.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, + password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'forbidden login and find visualization message', + statusCode: 403, + response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), }, - spaceId, - tests: { - normal: { - description: 'forbidden login and find visualization message', - statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), - }, - unknownType: { - description: 'forbidden login and find wigwags message', - statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), - }, - pageBeyondTotal: { - description: 'forbidden login and find visualization message', - statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), - }, - unknownSearchField: { - description: 'forbidden login and find wigwags message', - statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), - }, - noType: { - description: `forbidded can't find any types`, - statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), - }, + unknownType: { + description: 'forbidden login and find wigwags message', + statusCode: 403, + response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + }, + pageBeyondTotal: { + description: 'forbidden login and find visualization message', + statusCode: 403, + response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + }, + unknownSearchField: { + description: 'forbidden login and find wigwags message', + statusCode: 403, + response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), }, - }); + noType: { + description: `forbidded can't find any types`, + statusCode: 403, + response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + }, + }, + }); - findTest(AUTHENTICATION.SUPERUSER.USERNAME, { - auth: { - username: AUTHENTICATION.SUPERUSER.USERNAME, - password: AUTHENTICATION.SUPERUSER.PASSWORD, + findTest(`${scenario.superuser.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: AUTHENTICATION.SUPERUSER.USERNAME, + password: AUTHENTICATION.SUPERUSER.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), + }, + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), }, - }); + unknownSearchField: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), + }, + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + }); - findTest(AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, { - auth: { - username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD, + findTest(`${scenario.userWithLegacyAll.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, + password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), + }, + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), + }, + unknownSearchField: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), }, - }); + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + }); - findTest(AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, { - auth: { - username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD, + findTest(`${scenario.userWithLegacyRead.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, + password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), + }, + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), }, - }); + unknownSearchField: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), + }, + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + }); - findTest(AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, { - auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD, + findTest(`${scenario.userWithDualAll.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, + password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), + }, + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), + }, + unknownSearchField: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), + }, + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), }, - }); + }, + }); - findTest(AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, { - auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD, + findTest(`${scenario.userWithDualRead.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, + password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'forbidden find wigwags message', - statusCode: 403, - response: createExpectRbacForbidden('wigwags'), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'forbidden find wigwags message', - statusCode: 403, - response: createExpectRbacForbidden('wigwags'), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'forbidden find wigwags message', + statusCode: 403, + response: createExpectRbacForbidden('wigwags'), }, - }); + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), + }, + unknownSearchField: { + description: 'forbidden find wigwags message', + statusCode: 403, + response: createExpectRbacForbidden('wigwags'), + }, + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + }); - findTest(AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, { - auth: { - username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD, + findTest(`${scenario.userWithAllGlobally.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, + password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(1, 20, 0), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), + }, + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), + }, + unknownSearchField: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(1, 20, 0), }, - }); + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + }); - findTest(AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, { - auth: { - username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD, + findTest(`${scenario.userWithReadGlobally.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, + password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'forbidden find wigwags message', - statusCode: 403, - response: createExpectRbacForbidden('wigwags'), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'forbidden find wigwags message', - statusCode: 403, - response: createExpectRbacForbidden('wigwags'), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'forbidden find wigwags message', + statusCode: 403, + response: createExpectRbacForbidden('wigwags'), + }, + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), + }, + unknownSearchField: { + description: 'forbidden find wigwags message', + statusCode: 403, + response: createExpectRbacForbidden('wigwags'), }, - }); + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + }); - findTest(userWithAllAtSpace.USERNAME, { - auth: { - username: userWithAllAtSpace.USERNAME, - password: userWithAllAtSpace.PASSWORD, + findTest(`${scenario.userWithAllAtSpace.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: scenario.userWithAllAtSpace.USERNAME, + password: scenario.userWithAllAtSpace.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'forbidden and find wigwags message', - statusCode: 403, - response: createExpectRbacForbidden('wigwags'), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'forbidden and find wigwags message', - statusCode: 403, - response: createExpectRbacForbidden('wigwags'), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'forbidden and find wigwags message', + statusCode: 403, + response: createExpectRbacForbidden('wigwags'), + }, + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), + }, + unknownSearchField: { + description: 'forbidden and find wigwags message', + statusCode: 403, + response: createExpectRbacForbidden('wigwags'), }, - }); + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + }); - findTest(userWithReadAtSpace.USERNAME, { - auth: { - username: userWithReadAtSpace.USERNAME, - password: userWithReadAtSpace.PASSWORD, + findTest(`${scenario.userWithReadAtSpace.USERNAME} within the ${scenario.spaceId} space`, { + auth: { + username: scenario.userWithReadAtSpace.USERNAME, + password: scenario.userWithReadAtSpace.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + normal: { + description: 'only the visualization', + statusCode: 200, + response: createExpectVisualizationResults(scenario.spaceId), }, - spaceId, - tests: { - normal: { - description: 'only the visualization', - statusCode: 200, - response: createExpectVisualizationResults(spaceId), - }, - unknownType: { - description: 'forbidden and find wigwags message', - statusCode: 403, - response: createExpectRbacForbidden('wigwags'), - }, - pageBeyondTotal: { - description: 'empty result', - statusCode: 200, - response: createExpectEmpty(100, 100, 1), - }, - unknownSearchField: { - description: 'forbidden and find wigwags message', - statusCode: 403, - response: createExpectRbacForbidden('wigwags'), - }, - noType: { - description: 'all objects', - statusCode: 200, - response: createExpectResults(spaceId), - }, + unknownType: { + description: 'forbidden and find wigwags message', + statusCode: 403, + response: createExpectRbacForbidden('wigwags'), }, - }); + pageBeyondTotal: { + description: 'empty result', + statusCode: 200, + response: createExpectEmpty(100, 100, 1), + }, + unknownSearchField: { + description: 'forbidden and find wigwags message', + statusCode: 403, + response: createExpectRbacForbidden('wigwags'), + }, + noType: { + description: 'all objects', + statusCode: 200, + response: createExpectResults(scenario.spaceId), + }, + }, + }); - findTest(userWithAllAtOtherSpace.USERNAME, { + findTest( + `${scenario.userWithAllAtOtherSpace.USERNAME} within the ${scenario.spaceId} space`, + { auth: { - username: userWithAllAtOtherSpace.USERNAME, - password: userWithAllAtOtherSpace.PASSWORD, + username: scenario.userWithAllAtOtherSpace.USERNAME, + password: scenario.userWithAllAtOtherSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { normal: { description: 'forbidden login and find visualization message', @@ -422,8 +440,8 @@ export default function({ getService }: TestInvoker) { response: createExpectRbacForbidden(), }, }, - }); - }); + } + ); }); }); } diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/get.ts b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/get.ts index 96c2363aeff1b..284e8e7b447a2 100644 --- a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/get.ts +++ b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/get.ts @@ -26,203 +26,220 @@ export default function({ getService }: TestInvoker) { [ { spaceId: SPACES.DEFAULT.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, }, { spaceId: SPACES.SPACE_1.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithNoKibanaAccess: AUTHENTICATION.NOT_A_KIBANA_USER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_READ_USER, userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, }, - ].forEach(({ spaceId, userWithAllAtSpace, userWithReadAtSpace, userWithAllAtOtherSpace }) => { - getTest(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, { + ].forEach(scenario => { + getTest(`${scenario.notAKibanaUser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, - password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD, + username: scenario.notAKibanaUser.USERNAME, + password: scenario.notAKibanaUser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + response: createExpectLegacyForbidden(scenario.notAKibanaUser.USERNAME), }, doesntExist: { statusCode: 403, - response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME), + response: createExpectLegacyForbidden(scenario.notAKibanaUser.USERNAME), }, }, }); - getTest(AUTHENTICATION.SUPERUSER.USERNAME, { + getTest(`${scenario.superuser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.SUPERUSER.USERNAME, - password: AUTHENTICATION.SUPERUSER.PASSWORD, + username: scenario.superuser.USERNAME, + password: scenario.superuser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, { + getTest(`${scenario.userWithLegacyAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD, + username: scenario.userWithLegacyAll.USERNAME, + password: scenario.userWithLegacyAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, { + getTest(`${scenario.userWithLegacyRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithLegacyRead.USERNAME, + password: scenario.userWithLegacyRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, { + getTest(`${scenario.userWithDualAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD, + username: scenario.userWithDualAll.USERNAME, + password: scenario.userWithDualAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, { + getTest(`${scenario.userWithDualRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithDualRead.USERNAME, + password: scenario.userWithDualRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, { + getTest(`${scenario.userWithAllGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD, + username: scenario.userWithAllGlobally.USERNAME, + password: scenario.userWithAllGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, { + getTest(`${scenario.userWithReadGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithReadGlobally.USERNAME, + password: scenario.userWithReadGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(`${userWithAllAtSpace.USERNAME} user`, { + getTest(`${scenario.userWithAllAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithAllAtSpace.USERNAME, - password: userWithAllAtSpace.PASSWORD, + username: scenario.userWithAllAtSpace.USERNAME, + password: scenario.userWithAllAtSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(`${userWithReadAtSpace.USERNAME} user`, { + getTest(`${scenario.userWithReadAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithReadAtSpace.USERNAME, - password: userWithReadAtSpace.PASSWORD, + username: scenario.userWithReadAtSpace.USERNAME, + password: scenario.userWithReadAtSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 200, - response: createExpectResults(spaceId), + response: createExpectResults(scenario.spaceId), }, doesntExist: { statusCode: 404, - response: createExpectDoesntExistNotFound(spaceId), + response: createExpectDoesntExistNotFound(scenario.spaceId), }, }, }); - getTest(`${userWithAllAtOtherSpace.USERNAME} user`, { + getTest(`${scenario.userWithAllAtOtherSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithAllAtOtherSpace.USERNAME, - password: userWithAllAtOtherSpace.PASSWORD, + username: scenario.userWithAllAtOtherSpace.USERNAME, + password: scenario.userWithAllAtOtherSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { exists: { statusCode: 403, diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/update.ts b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/update.ts index 62fc3b562e4c3..ae6465fa91e28 100644 --- a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/update.ts +++ b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/update.ts @@ -29,23 +29,40 @@ export default function({ getService }: TestInvoker) { [ { spaceId: SPACES.DEFAULT.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, }, { - spaceId: SPACES.DEFAULT.spaceId, - userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, - userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER, - userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, + spaceId: SPACES.SPACE_1.spaceId, + notAKibanaUser: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + userWithNoKibanaAccess: AUTHENTICATION.NOT_A_KIBANA_USER, + userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, + userWithAllGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + userWithReadGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, + userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER, + userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_READ_USER, + userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, }, - ].forEach(({ spaceId, userWithAllAtSpace, userWithReadAtSpace, userWithAllAtOtherSpace }) => { - updateTest(`not a kibana user`, { + ].forEach(scenario => { + updateTest(`${scenario.notAKibanaUser.USERNAME} within the ${scenario.spaceId} space`, { auth: { username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME, password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -62,12 +79,12 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(`superuser`, { + updateTest(`${scenario.superuser.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.SUPERUSER.USERNAME, - password: AUTHENTICATION.SUPERUSER.PASSWORD, + username: scenario.superuser.USERNAME, + password: scenario.superuser.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -84,12 +101,12 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(`kibana legacy user`, { + updateTest(`${scenario.userWithLegacyAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD, + username: scenario.userWithLegacyAll.USERNAME, + password: scenario.userWithLegacyAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -106,40 +123,34 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(`kibana legacy dashboard only user`, { + updateTest(`${scenario.userWithLegacyRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithLegacyRead.USERNAME, + password: scenario.userWithLegacyRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, - response: createExpectLegacyForbidden( - AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME - ), + response: createExpectLegacyForbidden(scenario.userWithLegacyRead.USERNAME), }, notSpaceAware: { statusCode: 403, - response: createExpectLegacyForbidden( - AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME - ), + response: createExpectLegacyForbidden(scenario.userWithLegacyRead.USERNAME), }, doesntExist: { statusCode: 403, - response: createExpectLegacyForbidden( - AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME - ), + response: createExpectLegacyForbidden(scenario.userWithLegacyRead.USERNAME), }, }, }); - updateTest(`kibana dual-privileges user`, { + updateTest(`${scenario.userWithDualAll.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD, + username: scenario.userWithDualAll.USERNAME, + password: scenario.userWithDualAll.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -156,12 +167,12 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(`kibana dual-privileges dashboard only user`, { + updateTest(`${scenario.userWithDualRead.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithDualRead.USERNAME, + password: scenario.userWithDualRead.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -178,12 +189,12 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(`kibana rbac user`, { + updateTest(`${scenario.userWithAllGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD, + username: scenario.userWithAllGlobally.USERNAME, + password: scenario.userWithAllGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -200,12 +211,12 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(`kibana rbac dashboard only user`, { + updateTest(`${scenario.userWithReadGlobally.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME, - password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD, + username: scenario.userWithReadGlobally.USERNAME, + password: scenario.userWithReadGlobally.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -222,12 +233,12 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(userWithAllAtSpace.USERNAME, { + updateTest(`${scenario.userWithAllAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithAllAtSpace.USERNAME, - password: userWithAllAtSpace.PASSWORD, + username: scenario.userWithAllAtSpace.USERNAME, + password: scenario.userWithAllAtSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 200, @@ -244,12 +255,12 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(userWithReadAtSpace.USERNAME, { + updateTest(`${scenario.userWithReadAtSpace.USERNAME} within the ${scenario.spaceId} space`, { auth: { - username: userWithReadAtSpace.USERNAME, - password: userWithReadAtSpace.PASSWORD, + username: scenario.userWithReadAtSpace.USERNAME, + password: scenario.userWithReadAtSpace.PASSWORD, }, - spaceId, + spaceId: scenario.spaceId, tests: { spaceAware: { statusCode: 403, @@ -266,27 +277,30 @@ export default function({ getService }: TestInvoker) { }, }); - updateTest(userWithAllAtOtherSpace.USERNAME, { - auth: { - username: userWithAllAtOtherSpace.USERNAME, - password: userWithAllAtOtherSpace.PASSWORD, - }, - spaceId, - tests: { - spaceAware: { - statusCode: 403, - response: expectSpaceAwareRbacForbidden, - }, - notSpaceAware: { - statusCode: 403, - response: expectNotSpaceAwareRbacForbidden, - }, - doesntExist: { - statusCode: 403, - response: expectDoesntExistRbacForbidden, - }, - }, - }); + updateTest( + `${scenario.userWithAllAtOtherSpace.USERNAME} within the ${scenario.spaceId} space`, + { + auth: { + username: scenario.userWithAllAtOtherSpace.USERNAME, + password: scenario.userWithAllAtOtherSpace.PASSWORD, + }, + spaceId: scenario.spaceId, + tests: { + spaceAware: { + statusCode: 403, + response: expectSpaceAwareRbacForbidden, + }, + notSpaceAware: { + statusCode: 403, + response: expectNotSpaceAwareRbacForbidden, + }, + doesntExist: { + statusCode: 403, + response: expectDoesntExistRbacForbidden, + }, + }, + } + ); }); }); } diff --git a/x-pack/test/spaces_api_integration/security_and_spaces/apis/create.ts b/x-pack/test/spaces_api_integration/security_and_spaces/apis/create.ts index 91b28d60bf19b..131eda9fec751 100644 --- a/x-pack/test/spaces_api_integration/security_and_spaces/apis/create.ts +++ b/x-pack/test/spaces_api_integration/security_and_spaces/apis/create.ts @@ -32,7 +32,7 @@ export default function createSpacesOnlySuite({ getService }: TestInvoker) { userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, - userwithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, }, { spaceId: SPACES.SPACE_1.spaceId, @@ -42,7 +42,7 @@ export default function createSpacesOnlySuite({ getService }: TestInvoker) { userWithLegacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, userWithLegacyRead: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER, userWithDualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, - userwithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, + userWithDualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, }, ].forEach(scenario => { createTest(`${scenario.userWithAllGlobally.USERNAME} within the ${scenario.spaceId} space`, { @@ -215,11 +215,11 @@ export default function createSpacesOnlySuite({ getService }: TestInvoker) { }, }); - createTest(`${scenario.userwithDualRead.USERNAME} within the ${scenario.spaceId} space`, { + createTest(`${scenario.userWithDualRead.USERNAME} within the ${scenario.spaceId} space`, { spaceId: scenario.spaceId, auth: { - username: scenario.userwithDualRead.USERNAME, - password: scenario.userwithDualRead.PASSWORD, + username: scenario.userWithDualRead.USERNAME, + password: scenario.userWithDualRead.PASSWORD, }, tests: { newSpace: {