From df3715da8e249429d893cb2efa86505b5578c2af Mon Sep 17 00:00:00 2001 From: Viduni Wickramarachchi Date: Mon, 30 Dec 2024 09:17:41 -0500 Subject: [PATCH] [Obs AI Assistant] Address PR comments (#204884) --- .../common/forbidden_api_error.ts | 16 ----- .../observability_ai_assistant_api_client.ts | 4 +- .../ai_assistant/tests/chat/chat.spec.ts | 12 ++-- .../tests/complete/complete.spec.ts | 12 ++-- .../tests/connectors/connectors.spec.ts | 12 ++-- .../tests/conversations/conversations.spec.ts | 66 ++++++------------- .../knowledge_base/knowledge_base.spec.ts | 40 ++++------- .../knowledge_base_setup.spec.ts | 12 ++-- .../knowledge_base_status.spec.ts | 12 ++-- .../knowledge_base_user_instructions.spec.ts | 27 +++----- 10 files changed, 62 insertions(+), 151 deletions(-) delete mode 100644 x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/common/forbidden_api_error.ts diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/common/forbidden_api_error.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/common/forbidden_api_error.ts deleted file mode 100644 index c404920bc55e9..0000000000000 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/common/forbidden_api_error.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export class ForbiddenApiError extends Error { - status: number; - - constructor(message: string = 'Forbidden') { - super(message); - this.name = 'ForbiddenApiError'; - this.status = 403; - } -} diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/common/observability_ai_assistant_api_client.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/common/observability_ai_assistant_api_client.ts index d8ca8661b90b4..566d06702872f 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/common/observability_ai_assistant_api_client.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/common/observability_ai_assistant_api_client.ts @@ -216,8 +216,8 @@ export async function getObservabilityAIAssistantApiClientService({ // unauthorized user const supertestUnauthorizedWithCookieCredentials: SupertestWithRoleScope = await roleScopedSupertest.getSupertestWithRoleScope('viewer', { - useCookieHeader: true, - withInternalHeaders: false, // No internal headers for unauthorized users + useCookieHeader: false, + withInternalHeaders: true, }); return { diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/chat/chat.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/chat/chat.spec.ts index 0ad911f792a7d..40f3db279135e 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/chat/chat.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/chat/chat.spec.ts @@ -16,7 +16,6 @@ import { SupertestWithRoleScope } from '@kbn/test-suites-xpack/api_integration/d import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createProxyActionConnector, deleteActionConnector } from '../../common/action_connectors'; import type { InternalRequestHeader, RoleCredentials } from '../../../../../../shared/services'; -import { ForbiddenApiError } from '../../common/forbidden_api_error'; export default function ApiTest({ getService }: FtrProviderContext) { const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -174,8 +173,8 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('security roles and access privileges', () => { it('should deny access for users without the ai_assistant privilege', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: `POST ${CHAT_API_URL}`, params: { body: { @@ -186,11 +185,8 @@ export default function ApiTest({ getService }: FtrProviderContext) { scopes: ['all'], }, }, - }); - throw new ForbiddenApiError('Expected slsUnauthorized() to throw a 403 Forbidden error'); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/complete.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/complete.spec.ts index 94024c78baf50..31544418c2247 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/complete.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/complete/complete.spec.ts @@ -34,7 +34,6 @@ import { } from '../conversations/helpers'; import { createProxyActionConnector, deleteActionConnector } from '../../common/action_connectors'; import type { InternalRequestHeader, RoleCredentials } from '../../../../../../shared/services'; -import { ForbiddenApiError } from '../../common/forbidden_api_error'; export default function ApiTest({ getService }: FtrProviderContext) { const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -551,8 +550,8 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('security roles and access privileges', () => { it('should deny access for users without the ai_assistant privilege', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'POST /internal/observability_ai_assistant/chat/complete', params: { body: { @@ -563,11 +562,8 @@ export default function ApiTest({ getService }: FtrProviderContext) { scopes: ['all'], }, }, - }); - throw new ForbiddenApiError('Expected slsUnauthorized() to throw a 403 Forbidden error'); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/connectors/connectors.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/connectors/connectors.spec.ts index b133b2d56aa1e..5ea2ad9e873bb 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/connectors/connectors.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/connectors/connectors.spec.ts @@ -13,7 +13,6 @@ import type { RoleCredentials, SupertestWithoutAuthProviderType, } from '../../../../../../shared/services'; -import { ForbiddenApiError } from '../../common/forbidden_api_error'; const CONNECTOR_API_URL = '/internal/observability_ai_assistant/connectors'; @@ -89,14 +88,11 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('security roles and access privileges', () => { it('should deny access for users without the ai_assistant privilege', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: `GET ${CONNECTOR_API_URL}`, - }); - throw new ForbiddenApiError('Expected slsUnauthorized() to throw a 403 Forbidden error'); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/conversations/conversations.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/conversations/conversations.spec.ts index 88c386cbbdb27..6656ea0407817 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/conversations/conversations.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/conversations/conversations.spec.ts @@ -14,7 +14,6 @@ import { } from '@kbn/observability-ai-assistant-plugin/common/types'; import type { FtrProviderContext } from '../../common/ftr_provider_context'; import type { SupertestReturnType } from '../../common/observability_ai_assistant_api_client'; -import { ForbiddenApiError } from '../../common/forbidden_api_error'; export default function ApiTest({ getService }: FtrProviderContext) { const observabilityAIAssistantAPIClient = getService('observabilityAIAssistantAPIClient'); @@ -287,39 +286,29 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); it('POST /internal/observability_ai_assistant/conversation', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'POST /internal/observability_ai_assistant/conversation', params: { body: { conversation: conversationCreate, }, }, - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); it('POST /internal/observability_ai_assistant/conversations', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'POST /internal/observability_ai_assistant/conversations', - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); it('PUT /internal/observability_ai_assistant/conversation/{conversationId}', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'PUT /internal/observability_ai_assistant/conversation/{conversationId}', params: { path: { @@ -331,49 +320,34 @@ export default function ApiTest({ getService }: FtrProviderContext) { }), }, }, - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); it('GET /internal/observability_ai_assistant/conversation/{conversationId}', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'GET /internal/observability_ai_assistant/conversation/{conversationId}', params: { path: { conversationId: createResponse.body.conversation.id, }, }, - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); it('DELETE /internal/observability_ai_assistant/conversation/{conversationId}', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'DELETE /internal/observability_ai_assistant/conversation/{conversationId}', params: { path: { conversationId: createResponse.body.conversation.id, }, }, - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base.spec.ts index 8f29716ae3eda..f5413de3f3ff5 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base.spec.ts @@ -15,7 +15,6 @@ import { } from '@kbn/test-suites-xpack/observability_ai_assistant_api_integration/tests/knowledge_base/helpers'; import { type KnowledgeBaseEntry } from '@kbn/observability-ai-assistant-plugin/common'; import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { ForbiddenApiError } from '../../common/forbidden_api_error'; export default function ApiTest({ getService }: FtrProviderContext) { const ml = getService('ml'); @@ -217,8 +216,8 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('security roles and access privileges', () => { describe('should deny access for users without the ai_assistant privilege', () => { it('POST /internal/observability_ai_assistant/kb/entries/save', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'POST /internal/observability_ai_assistant/kb/entries/save', params: { body: { @@ -227,45 +226,30 @@ export default function ApiTest({ getService }: FtrProviderContext) { text: 'My content', }, }, - }); - throw new ForbiddenApiError( - 'Expected unauthorizedUser() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); it('GET /internal/observability_ai_assistant/kb/entries', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'GET /internal/observability_ai_assistant/kb/entries', params: { query: { query: '', sortBy: 'title', sortDirection: 'asc' }, }, - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); it('DELETE /internal/observability_ai_assistant/kb/entries/{entryId}', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'DELETE /internal/observability_ai_assistant/kb/entries/{entryId}', params: { path: { entryId: 'my-doc-id-1' }, }, - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_setup.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_setup.spec.ts index 1899dbbb5daf1..6f99a841f4d9f 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_setup.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_setup.spec.ts @@ -14,7 +14,6 @@ import { } from '@kbn/test-suites-xpack/observability_ai_assistant_api_integration/tests/knowledge_base/helpers'; import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { ForbiddenApiError } from '../../common/forbidden_api_error'; export const KNOWLEDGE_BASE_SETUP_API_URL = '/internal/observability_ai_assistant/kb/setup'; @@ -72,19 +71,16 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('security roles and access privileges', () => { it('should deny access for users without the ai_assistant privilege', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: `POST ${KNOWLEDGE_BASE_SETUP_API_URL}`, params: { query: { model_id: TINY_ELSER.id, }, }, - }); - throw new ForbiddenApiError('Expected slsUnauthorized() to throw a 403 Forbidden error'); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_status.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_status.spec.ts index 3058f90823546..458cff655d404 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_status.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_status.spec.ts @@ -14,7 +14,6 @@ import { } from '@kbn/test-suites-xpack/observability_ai_assistant_api_integration/tests/knowledge_base/helpers'; import { AI_ASSISTANT_KB_INFERENCE_ID } from '@kbn/observability-ai-assistant-plugin/server/service/inference_endpoint'; import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { ForbiddenApiError } from '../../common/forbidden_api_error'; import { KNOWLEDGE_BASE_SETUP_API_URL } from './knowledge_base_setup.spec'; const KNOWLEDGE_BASE_STATUS_API_URL = '/internal/observability_ai_assistant/kb/status'; @@ -73,14 +72,11 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('security roles and access privileges', () => { it('should deny access for users without the ai_assistant privilege', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: `GET ${KNOWLEDGE_BASE_STATUS_API_URL}`, - }); - throw new ForbiddenApiError('Expected unauthorizedUser() to throw a 403 Forbidden error'); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_user_instructions.spec.ts b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_user_instructions.spec.ts index 00f53e356a345..e6d954529d759 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_user_instructions.spec.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/ai_assistant/tests/knowledge_base/knowledge_base_user_instructions.spec.ts @@ -24,7 +24,6 @@ import { import { createProxyActionConnector, deleteActionConnector } from '../../common/action_connectors'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import type { InternalRequestHeader, RoleCredentials } from '../../../../../../shared/services'; -import { ForbiddenApiError } from '../../common/forbidden_api_error'; export default function ApiTest({ getService }: FtrProviderContext) { const observabilityAIAssistantAPIClient = getService('observabilityAIAssistantAPIClient'); @@ -334,8 +333,8 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('security roles and access privileges', () => { describe('should deny access for users without the ai_assistant privilege', () => { it('PUT /internal/observability_ai_assistant/kb/user_instructions', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'PUT /internal/observability_ai_assistant/kb/user_instructions', params: { body: { @@ -344,26 +343,16 @@ export default function ApiTest({ getService }: FtrProviderContext) { public: true, }, }, - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); it('GET /internal/observability_ai_assistant/kb/user_instructions', async () => { - try { - await observabilityAIAssistantAPIClient.slsUnauthorized({ + await observabilityAIAssistantAPIClient + .slsUnauthorized({ endpoint: 'GET /internal/observability_ai_assistant/kb/user_instructions', - }); - throw new ForbiddenApiError( - 'Expected slsUnauthorized() to throw a 403 Forbidden error' - ); - } catch (e) { - expect(e.status).to.be(403); - } + }) + .expect(403); }); }); });