Test config settings that are exposed to the browser #129438
Conversation
jportner
added
release_note:skip
jportner
force-pushed
the
test-plugin-browser-config-exposure
branch
from
ff0d30f to
a4738c4
Compare
| public getSchemaStructure() { | ||
| return recursiveGetSchemaStructure(this.internalSchema); | ||
| } |
There was a problem hiding this comment.
We need to expose the schema structure to the rendering service so it can traverse the schema config key paths.
Seems that the cleanest way to do this is to add a getSchemaStructure API to the root schema type like this.
| // @ts-expect-error Type 'undefined' is not assignable to type 'ExposedToBrowserDescriptor<T>' | ||
| descriptor = exposedConfig; |
There was a problem hiding this comment.
🤷♂️
@pgayvallet any ideas?
| // Talked to @dover, he aggreed we can skip these tests that are unexpectedly flaky | ||
| describe.skip('rendering service', () => { |
There was a problem hiding this comment.
😬
I had to unskip the suite itself, but I skipped the individual tests below because I am not sure if they are still flaky or not.
| // notExposed4 is not present | ||
| }, | ||
| exposedConfigKeys: { | ||
| exposed1: 'any', // 'any' is the Joi schema type for strings |
There was a problem hiding this comment.
Do we really need to implement this logic trying to infer the type of each key from the schema?
If we only need the list of keys for the purpose of this PR, I'd rather just use and return that, the list of underlying keys, rather than having an half-working type detection.
WDYT?
There was a problem hiding this comment.
The motivation behind this is:
In test/plugin_functional/test_suites/core_plugins/rendering.ts, we can clearly see what config keys are exposed and we can identify which ones are definitely harmless to expose (boolean, number, etc.):
const expectedExposedConfigKeys = [
// NOTE: each exposed config key has its schema type at the end in "(parentheses)".
// The schema type comes from Joi; in particular, "(any)" can mean a string or a few other data types.
// When plugin owners make a change that exposes additional config values, the changes will be reflected in this test assertion.
// Ensure that your change does not unintentionally expose any sensitive values!
'console.ui.enabled (boolean)',
'dashboard.allowByValueEmbeddables (boolean)',
'data.autocomplete.querySuggestions.enabled (boolean)',
'data.autocomplete.valueSuggestions.enabled (boolean)',
'data.autocomplete.valueSuggestions.terminateAfter (duration)',This isn't intended to be the "source of truth" for these config keys, just a bit of assistance for reviewers in the future that have to maintain that integration test.
Some Fleet config keys are no longer exposed.
The only time we need to include exposedConfigKeys in injected metadata is for integration test assertions. This commit changes the approach so that these are omitted in normal operation.
| @@ -327,6 +327,7 @@ | |||
| /src/plugins/interactive_setup/ @elastic/kibana-security | |||
| /test/interactive_setup_api_integration/ @elastic/kibana-security | |||
| /test/interactive_setup_functional/ @elastic/kibana-security | |||
| /test/plugin_functional/test_suites/core_plugins/rendering.ts @elastic/kibana-security | |||
There was a problem hiding this comment.
Added the integration test to my team in CODEOWNERS so we get pinged when this test is changed 👍
There was a problem hiding this comment.
This LGTM. I also don't love the workaround of relying on Joi's internals to attempt to guess the schema type. However, since the security team will be doing CODEOWNERS reviews on these, I see how this should make your life much easier -- so I don't feel too strongly about it overall.
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Public APIs missing comments
Async chunks
History
To update your PR or re-run it, just comment with: |
(cherry picked from commit 27ff7d3) # Conflicts: # .github/CODEOWNERS # packages/kbn-config-schema/src/index.ts
…#129857) * Test config settings that are exposed to the browser (#129438) (cherry picked from commit 27ff7d3) # Conflicts: # .github/CODEOWNERS # packages/kbn-config-schema/src/index.ts * Enable security plugin in OSS tests This is a partial backport of #111681, so the Kibana security plugin is enabled but Elasticsearch security is still disabled. * Fix exposed config key tests The exposed config keys are slightly different in the 7.17 branch. * Fix UI Capabilities tests The enterpriseSearch plugin does not have a required dependency on the security plugin in the 7.17 branch, so our bacported assertions for these tests needed to change accordingly.
Related: #123201
This PR adds integration tests that assert which config settings are exposed to the browser (both for authenticated and unauthenticated users).
It changes the Core rendering service to detect all config keys that could be exposed to the browser (via
exposeToBrowser) and it returns those config keys inkbn-injected-metadata.Note, these config keys are only injected for integration tests.
Test failures
Here are the three different types of failures you can encounter:
If you stop exposing a config setting to the browser, the test will fail.
If you expose a new config setting to the browser, the test will fail.
If you do both, the test will fail.