Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Support Serverless Cypress tests with different roles #169017

Merged
merged 30 commits into from
Oct 31, 2023
Merged

[Security Solution] Support Serverless Cypress tests with different roles #169017

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
193eb2e
add support for role in serverless cypress security solution tests
maximpn Oct 17, 2023
8c2b5bc
get rid of reader role
maximpn Oct 17, 2023
a7e49ca
include json files
maximpn Oct 17, 2023
1fd9c16
fix typings
maximpn Oct 17, 2023
be5bbe1
add temporal t3_analyst role
maximpn Oct 18, 2023
c929d1f
support both ess and serverless roles
maximpn Oct 19, 2023
bede842
explicitly include JSON roles
maximpn Oct 20, 2023
e14ac51
create role and users before running tests
maximpn Oct 24, 2023
221d9e8
unskip missing privileges callout serverless cypress tests
maximpn Oct 24, 2023
5f4f5de
update readme
maximpn Oct 24, 2023
b7a75ef
add CLOUD_SERVERLESS to the config
maximpn Oct 24, 2023
568a355
remove unused functions
maximpn Oct 24, 2023
31d9de6
get rid of "reader" role
maximpn Oct 24, 2023
3d9a1f4
add missing @kbn/es dependency
maximpn Oct 24, 2023
2a9d884
fix endpoint roles related tests
maximpn Oct 24, 2023
f4be6c2
remove env type constants
maximpn Oct 25, 2023
a31d611
roll back renaming
maximpn Oct 25, 2023
19b333b
update readme
maximpn Oct 25, 2023
f5b399d
use only one support file
maximpn Oct 25, 2023
3cfcc40
add back reader role for ESS only tests
maximpn Oct 26, 2023
a29b160
fix a misprint
maximpn Oct 26, 2023
b88ad9b
reexport role definitions constants from security solution common folder
maximpn Oct 26, 2023
b589b10
use import type instead of import
maximpn Oct 26, 2023
88ef1c4
specify return types
maximpn Oct 26, 2023
878b6c5
remove unused package reference
maximpn Oct 26, 2023
a054d50
fix role creation functionality
maximpn Oct 26, 2023
0dfe598
fix tsconfig
maximpn Oct 26, 2023
284288a
roll back role type changes
maximpn Oct 26, 2023
416bfc8
update readme
maximpn Oct 30, 2023
ea8a0a5
[CI] Auto-commit changed files from 'node scripts/lint_ts_projects --…
kibanamachine Oct 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions packages/kbn-es/src/serverless_resources/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,15 @@

The resources in this directory are used for seeding Elasticsearch Serverless images with users, roles and tokens for SSL and authentication. Serverless requires file realm authentication, so we will bind mount them into the containers at `/usr/share/elasticsearch/config/`.

## Roles

Roles defined in `roles.yml` intended to mock a Serverless deployment. It must be in sync with `project-controller` defined roles and used in real (MKI) environments. In case of some differences tests may pass against Serverless snapshot environment but fail against MKI environments creating confusion.

### Why `security_roles.json` is here?

`security_roles.json` is a subset of defined in `roles.yml` roles in a JSON format and extended with necessary fields
to be compatible with `/api/security/role/{roleName}` endpoint. It's consumed by test environments like Cypress to be able to run different scenarios.

## Users

### Default user
Expand Down
353 changes: 353 additions & 0 deletions packages/kbn-es/src/serverless_resources/security_roles.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,353 @@
{
"t1_analyst": {
"name": "t1_analyst",
"elasticsearch": {
"cluster": [],
"indices": [
{
"names": [".alerts-security*", ".siem-signals-*"],
"privileges": ["read", "write", "maintenance"]
},
{
"names": [
"apm-*-transaction*",
"traces-apm*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"winlogbeat-*",
"metrics-endpoint.metadata_current_*",
".fleet-agents*",
".fleet-actions*"
],
"privileges": ["read"]
}
],
"run_as": []
},
"kibana": [
{
"feature": {
"ml": ["read"],
"siem": ["read", "read_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionCases": ["read"],
"actions": ["read"],
"builtInAlerts": ["read"]
},
"spaces": ["*"],
"base": []
}
]
},
"t2_analyst": {
"name": "t2_analyst",
"elasticsearch": {
"cluster": [],
"indices": [
{
"names": [".alerts-security*", ".siem-signals-*"],
"privileges": ["read", "write", "maintenance"]
},
{
"names": [
".lists*",
".items*",
"apm-*-transaction*",
"traces-apm*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"winlogbeat-*",
"metrics-endpoint.metadata_current_*",
".fleet-agents*",
".fleet-actions*"
],
"privileges": ["read"]
}
],
"run_as": []
},
"kibana": [
{
"feature": {
"ml": ["read"],
"siem": ["read", "read_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionCases": ["read"],
"actions": ["read"],
"builtInAlerts": ["read"]
},
"spaces": ["*"],
"base": []
}
]
},
"t3_analyst": {
"name": "t3_analyst",
"elasticsearch": {
"cluster": [],
"indices": [
{
"names": [
"apm-*-transaction*",
"traces-apm*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"winlogbeat-*"
],
"privileges": ["read", "write"]
},
{
"names": [".alerts-security*", ".siem-signals-*"],
"privileges": ["read", "write"]
},
{
"names": [".lists*", ".items*"],
"privileges": ["read", "write"]
},
{
"names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*"],
"privileges": ["read"]
}
],
"run_as": []
},
"kibana": [
{
"feature": {
"ml": ["read"],
"siem": [
"all",
"read_alerts",
"crud_alerts",
"endpoint_list_all",
"trusted_applications_all",
"event_filters_all",
"host_isolation_exceptions_all",
"blocklist_all",
"policy_management_read",
"host_isolation_all",
"process_operations_all",
"actions_log_management_all",
"file_operations_all"
],
"securitySolutionCases": ["all"],
"actions": ["read"],
"builtInAlerts": ["all"],
"osquery": ["all"]
},
"spaces": ["*"],
"base": []
}
]
},
"rule_author": {
"name": "rule_author",
"elasticsearch": {
"cluster": [],
"indices": [
{
"names": [
"apm-*-transaction*",
"traces-apm*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"winlogbeat-*",
".lists*",
".items*"
],
"privileges": ["read", "write"]
},
{
"names": [
".alerts-security*",
".preview.alerts-security*",
".internal.preview.alerts-security*",
".siem-signals-*"
],
"privileges": ["read", "write", "maintenance", "view_index_metadata"]
},
{
"names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*"],
"privileges": ["read"]
}
],
"run_as": []
},
"kibana": [
{
"feature": {
"ml": ["read"],
"siem": ["all", "read_alerts", "crud_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionCases": ["all"],
"actions": ["read"],
"builtInAlerts": ["all"]
},
"spaces": ["*"],
"base": []
}
]
},
"soc_manager": {
"name": "soc_manager",
"elasticsearch": {
"cluster": [],
"indices": [
{
"names": [
"apm-*-transaction*",
"traces-apm*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"winlogbeat-*",
".lists*",
".items*"
],
"privileges": ["read", "write"]
},
{
"names": [
".alerts-security*",
".preview.alerts-security*",
".internal.preview.alerts-security*",
".siem-signals-*"
],
"privileges": ["read", "write", "manage"]
},
{
"names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*"],
"privileges": ["read"]
}
],
"run_as": []
},
"kibana": [
{
"feature": {
"ml": ["read"],
"siem": ["all", "read_alerts", "crud_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionCases": ["all"],
"actions": ["all"],
"builtInAlerts": ["all"]
},
"spaces": ["*"],
"base": []
}
]
},
"detections_admin": {
"name": "detections_admin",
"elasticsearch": {
"cluster": ["manage"],
"indices": [
{
"names": [
".siem-signals-*",
".alerts-security*",
".preview.alerts-security*",
".internal.preview.alerts-security*",
".lists*",
".items*",
"apm-*-transaction*",
"traces-apm*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"winlogbeat-*"
],
"privileges": ["manage", "write", "read"]
},
{
"names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*"],
"privileges": ["read"]
}
],
"run_as": []
},
"kibana": [
{
"feature": {
"ml": ["all"],
"siem": ["all", "read_alerts", "crud_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionCases": ["all"],
"actions": ["read"],
"builtInAlerts": ["all"],
"dev_tools": ["all"]
},
"spaces": ["*"],
"base": []
}
]
},
"platform_engineer": {
"name": "platform_engineer",
"elasticsearch": {
"cluster": ["manage"],
"indices": [
{
"names": [".lists*", ".items*"],
"privileges": ["all"]
},
{
"names": [
"apm-*-transaction*",
"traces-apm*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"winlogbeat-*",
"metrics-endpoint.metadata_current_*",
".fleet-agents*",
".fleet-actions*"
],
"privileges": ["all"]
},
{
"names": [
".alerts-security*",
".preview.alerts-security*",
".internal.preview.alerts-security*",
".siem-signals-*"
],
"privileges": ["all"]
}
],
"run_as": []
},
"kibana": [
{
"feature": {
"ml": ["all"],
"siem": ["all", "read_alerts", "crud_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionCases": ["all"],
"actions": ["all"],
"builtInAlerts": ["all"]
},
"spaces": ["*"],
"base": []
}
]
}
}
11 changes: 3 additions & 8 deletions packages/kbn-es/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,14 @@
"compilerOptions": {
"outDir": "target/types"
},
"include": [
"**/*.ts",
"**/*.js"
],
"exclude": [
"target/**/*",
],
"include": ["**/*.ts", "**/*.js", "**/*.json"],
"exclude": ["target/**/*"],
"kbn_references": [
"@kbn/tooling-log",
"@kbn/dev-utils",
"@kbn/dev-proc-runner",
"@kbn/ci-stats-reporter",
"@kbn/jest-serializers",
"@kbn/repo-info",
"@kbn/repo-info"
]
}
Loading
Loading