Failing test: Jest Integration Tests.x-pack/plugins/security_solution/public/management/pages/policy/view/integration_tests - When on the policy list page and data exists should show an avatar and name for the Updated by column #169133
Assignees
Labels
failed-test
A test failure on a tracked branch, potentially flaky-test
Team:Defend Workflows
“EDR Workflows” sub-team of Security Solution
Comments
kibanamachine
added
the
failed-test
kibanamachine
added
the
Team:Defend Workflows
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
|
New failure: CI Build - main |
|
New failure: CI Build - main |
jbudz
added a commit
that referenced
this issue
Oct 17, 2023
|
Skipped main: 0554daa |
hop-dev
pushed a commit
to hop-dev/kibana
that referenced
this issue
Oct 18, 2023
2 tasks
gergoabraham
added a commit
to gergoabraham/kibana
that referenced
this issue
Nov 22, 2024
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Dec 10, 2024
## Summary This PR fixes multiple Endpoint list privilege issues. It can be reviewed commit-by-commit so the fixes are mostly separated (although some solutions and tests are reused, hence the reason to have them in one pr): - a3311ad fixes issue when during onboarding (no hosts, policies are indiferent) calls are made to `GET api/fleet/package_policies` without correct privilege (needs policy management READ or fleet:READ+integration:READ), and causes `Forbidden` page. ([issue](elastic/security-team#10581)) _UI_: we display the usual 'onboarding without correct privileges' UI for users <img width="1958" alt="image" src="https://github.com/user-attachments/assets/9e1701cc-9c3d-4a80-9c7a-df792d88dab3"> - 63ca011 fixes issue when during onboarding (no hosts, no policies) the `Add Elastic Defend` button was shown when user had `Fleet:ALL` and `Integrations:READ` privilege, while both should be `ALL` in order to be able to create an integration policy ([issue](elastic/security-team#10765)) _UI_: the 'Add Elastic Defend' button is hidden, so the result is the same as above https://github.com/user-attachments/assets/87fe3a95-131d-484b-8ca0-d06c4caafee1 - ffafa14 fixes issue when after having hosts in Endpoint list and we're calling `POST api/fleet/package_policies/_bulk_get` without privilege (needs policy management READ or fleet:READ+integration:READ), which does not cause any visible issue, but is logged to dev console ([issue](elastic/security-team#10580)) some additions: - c7021b3 adds an acceptance test for all 3 issues above, with failing test run [here](https://buildkite.com/elastic/kibana-pull-request/builds/250428#019320cf-c433-4979-a998-d0f8b8f7be16). - 8e10847 enables policy list integration test, this closes elastic#169133 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit 2fa8f47)
kibanamachine
added a commit
that referenced
this issue
Dec 10, 2024
) # Backport This will backport the following commits from `main` to `8.x`: - [[EDR Workflows] Fix Endpoint list RBAC problems (#199803)](#199803) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Gergő Ábrahám","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-10T10:46:03Z","message":"[EDR Workflows] Fix Endpoint list RBAC problems (#199803)\n\n## Summary\r\n\r\nThis PR fixes multiple Endpoint list privilege issues. It can be\r\nreviewed commit-by-commit so the fixes are mostly separated (although\r\nsome solutions and tests are reused, hence the reason to have them in\r\none pr):\r\n- a3311ad fixes issue when during\r\nonboarding (no hosts, policies are indiferent) calls are made to `GET\r\napi/fleet/package_policies` without correct privilege (needs policy\r\nmanagement READ or fleet:READ+integration:READ), and causes `Forbidden`\r\npage. ([issue](https://github.com/elastic/security-team/issues/10581))\r\n_UI_: we display the usual 'onboarding without correct privileges' UI\r\nfor users\r\n<img width=\"1958\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/9e1701cc-9c3d-4a80-9c7a-df792d88dab3\">\r\n\r\n\r\n- 63ca011 fixes issue when during\r\nonboarding (no hosts, no policies) the `Add Elastic Defend` button was\r\nshown when user had `Fleet:ALL` and `Integrations:READ` privilege, while\r\nboth should be `ALL` in order to be able to create an integration policy\r\n([issue](https://github.com/elastic/security-team/issues/10765))\r\n_UI_: the 'Add Elastic Defend' button is hidden, so the result is the\r\nsame as above\r\n\r\n\r\nhttps://github.com/user-attachments/assets/87fe3a95-131d-484b-8ca0-d06c4caafee1\r\n\r\n\r\n- ffafa14 fixes issue when after having\r\nhosts in Endpoint list and we're calling `POST\r\napi/fleet/package_policies/_bulk_get` without privilege (needs policy\r\nmanagement READ or fleet:READ+integration:READ), which does not cause\r\nany visible issue, but is logged to dev console\r\n([issue](https://github.com/elastic/security-team/issues/10580))\r\n\r\nsome additions:\r\n- c7021b3 adds an acceptance test for\r\nall 3 issues above, with failing test run\r\n[here](https://buildkite.com/elastic/kibana-pull-request/builds/250428#019320cf-c433-4979-a998-d0f8b8f7be16).\r\n- 8e10847 enables policy list\r\nintegration test, this closes #169133\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"2fa8f47064c9aeac378f9c547dc13482de7cb566","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend Workflows","backport:prev-minor"],"title":"[EDR Workflows] Fix Endpoint list RBAC problems","number":199803,"url":"https://github.com/elastic/kibana/pull/199803","mergeCommit":{"message":"[EDR Workflows] Fix Endpoint list RBAC problems (#199803)\n\n## Summary\r\n\r\nThis PR fixes multiple Endpoint list privilege issues. It can be\r\nreviewed commit-by-commit so the fixes are mostly separated (although\r\nsome solutions and tests are reused, hence the reason to have them in\r\none pr):\r\n- a3311ad fixes issue when during\r\nonboarding (no hosts, policies are indiferent) calls are made to `GET\r\napi/fleet/package_policies` without correct privilege (needs policy\r\nmanagement READ or fleet:READ+integration:READ), and causes `Forbidden`\r\npage. ([issue](https://github.com/elastic/security-team/issues/10581))\r\n_UI_: we display the usual 'onboarding without correct privileges' UI\r\nfor users\r\n<img width=\"1958\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/9e1701cc-9c3d-4a80-9c7a-df792d88dab3\">\r\n\r\n\r\n- 63ca011 fixes issue when during\r\nonboarding (no hosts, no policies) the `Add Elastic Defend` button was\r\nshown when user had `Fleet:ALL` and `Integrations:READ` privilege, while\r\nboth should be `ALL` in order to be able to create an integration policy\r\n([issue](https://github.com/elastic/security-team/issues/10765))\r\n_UI_: the 'Add Elastic Defend' button is hidden, so the result is the\r\nsame as above\r\n\r\n\r\nhttps://github.com/user-attachments/assets/87fe3a95-131d-484b-8ca0-d06c4caafee1\r\n\r\n\r\n- ffafa14 fixes issue when after having\r\nhosts in Endpoint list and we're calling `POST\r\napi/fleet/package_policies/_bulk_get` without privilege (needs policy\r\nmanagement READ or fleet:READ+integration:READ), which does not cause\r\nany visible issue, but is logged to dev console\r\n([issue](https://github.com/elastic/security-team/issues/10580))\r\n\r\nsome additions:\r\n- c7021b3 adds an acceptance test for\r\nall 3 issues above, with failing test run\r\n[here](https://buildkite.com/elastic/kibana-pull-request/builds/250428#019320cf-c433-4979-a998-d0f8b8f7be16).\r\n- 8e10847 enables policy list\r\nintegration test, this closes #169133\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"2fa8f47064c9aeac378f9c547dc13482de7cb566"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199803","number":199803,"mergeCommit":{"message":"[EDR Workflows] Fix Endpoint list RBAC problems (#199803)\n\n## Summary\r\n\r\nThis PR fixes multiple Endpoint list privilege issues. It can be\r\nreviewed commit-by-commit so the fixes are mostly separated (although\r\nsome solutions and tests are reused, hence the reason to have them in\r\none pr):\r\n- a3311ad fixes issue when during\r\nonboarding (no hosts, policies are indiferent) calls are made to `GET\r\napi/fleet/package_policies` without correct privilege (needs policy\r\nmanagement READ or fleet:READ+integration:READ), and causes `Forbidden`\r\npage. ([issue](https://github.com/elastic/security-team/issues/10581))\r\n_UI_: we display the usual 'onboarding without correct privileges' UI\r\nfor users\r\n<img width=\"1958\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/9e1701cc-9c3d-4a80-9c7a-df792d88dab3\">\r\n\r\n\r\n- 63ca011 fixes issue when during\r\nonboarding (no hosts, no policies) the `Add Elastic Defend` button was\r\nshown when user had `Fleet:ALL` and `Integrations:READ` privilege, while\r\nboth should be `ALL` in order to be able to create an integration policy\r\n([issue](https://github.com/elastic/security-team/issues/10765))\r\n_UI_: the 'Add Elastic Defend' button is hidden, so the result is the\r\nsame as above\r\n\r\n\r\nhttps://github.com/user-attachments/assets/87fe3a95-131d-484b-8ca0-d06c4caafee1\r\n\r\n\r\n- ffafa14 fixes issue when after having\r\nhosts in Endpoint list and we're calling `POST\r\napi/fleet/package_policies/_bulk_get` without privilege (needs policy\r\nmanagement READ or fleet:READ+integration:READ), which does not cause\r\nany visible issue, but is logged to dev console\r\n([issue](https://github.com/elastic/security-team/issues/10580))\r\n\r\nsome additions:\r\n- c7021b3 adds an acceptance test for\r\nall 3 issues above, with failing test run\r\n[here](https://buildkite.com/elastic/kibana-pull-request/builds/250428#019320cf-c433-4979-a998-d0f8b8f7be16).\r\n- 8e10847 enables policy list\r\nintegration test, this closes #169133\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"2fa8f47064c9aeac378f9c547dc13482de7cb566"}}]}] BACKPORT--> Co-authored-by: Gergő Ábrahám <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Dec 12, 2024
## Summary This PR fixes multiple Endpoint list privilege issues. It can be reviewed commit-by-commit so the fixes are mostly separated (although some solutions and tests are reused, hence the reason to have them in one pr): - a3311ad fixes issue when during onboarding (no hosts, policies are indiferent) calls are made to `GET api/fleet/package_policies` without correct privilege (needs policy management READ or fleet:READ+integration:READ), and causes `Forbidden` page. ([issue](elastic/security-team#10581)) _UI_: we display the usual 'onboarding without correct privileges' UI for users <img width="1958" alt="image" src="https://github.com/user-attachments/assets/9e1701cc-9c3d-4a80-9c7a-df792d88dab3"> - 63ca011 fixes issue when during onboarding (no hosts, no policies) the `Add Elastic Defend` button was shown when user had `Fleet:ALL` and `Integrations:READ` privilege, while both should be `ALL` in order to be able to create an integration policy ([issue](elastic/security-team#10765)) _UI_: the 'Add Elastic Defend' button is hidden, so the result is the same as above https://github.com/user-attachments/assets/87fe3a95-131d-484b-8ca0-d06c4caafee1 - ffafa14 fixes issue when after having hosts in Endpoint list and we're calling `POST api/fleet/package_policies/_bulk_get` without privilege (needs policy management READ or fleet:READ+integration:READ), which does not cause any visible issue, but is logged to dev console ([issue](elastic/security-team#10580)) some additions: - c7021b3 adds an acceptance test for all 3 issues above, with failing test run [here](https://buildkite.com/elastic/kibana-pull-request/builds/250428#019320cf-c433-4979-a998-d0f8b8f7be16). - 8e10847 enables policy list integration test, this closes elastic#169133 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A test failed on a tracked branch
First failure: CI Build - main
The text was updated successfully, but these errors were encountered: