-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[kbn-test] Disable TLS for svl Kibana #171434
Changes from all commits
b0ba8d3
f201186
d3c69c3
e3bdfd3
39eeafd
f402c98
8c5970c
da2ad1c
33db15f
a662ccf
a8b8a31
2680564
7227fcd
1d50df5
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -171,17 +171,6 @@ export const getFTRConfig = ({ | |
} | ||
} | ||
|
||
// Serverless Specific | ||
if (vars.serverless) { | ||
log.info(`Serverless mode detected`); | ||
|
||
vars.esTestCluster.serverArgs.push( | ||
`xpack.security.authc.realms.saml.cloud-saml-kibana.sp.entity_id=http://host.docker.internal:${kibanaPort}`, | ||
`xpack.security.authc.realms.saml.cloud-saml-kibana.sp.logout=http://host.docker.internal:${kibanaPort}/logout`, | ||
`xpack.security.authc.realms.saml.cloud-saml-kibana.sp.acs=http://host.docker.internal:${kibanaPort}/api/security/saml/callback` | ||
); | ||
} | ||
Comment on lines
-174
to
-183
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It was the reason for Cypress tests to fail. Please avoid overriding SAML configuration for both Kibana & ES, we keep things up-to-date in x-pack/test_serverless/shared/config.base.ts There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @dmlemeshko if serverless ES is running in docker and Kibana is running locally, then https://github.com/elastic/kibana/blob/main/x-pack/test_serverless/shared/config.base.ts#L78-L80 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Just to confirm my understanding, why do you require Kibana to be accessible from the ES container? If you're referring to URLs in |
||
|
||
if (specFileFTRConfig?.productTypes) { | ||
if (vars.serverless) { | ||
vars.kbnTestServer.serverArgs.push( | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,33 +6,35 @@ | |
*/ | ||
|
||
import expect from '@kbn/expect'; | ||
// eslint-disable-next-line @kbn/imports/no_boundary_crossing | ||
import { getSAMLResponse } from '@kbn/security-api-integration-helpers/saml/saml_tools'; | ||
import { kbnTestConfig } from '@kbn/test'; | ||
|
||
import { parse as parseCookie } from 'tough-cookie'; | ||
import Url from 'url'; | ||
|
||
import { createSAMLResponse } from '@kbn/mock-idp-plugin/common'; | ||
import { FtrProviderContext } from '../ftr_provider_context'; | ||
|
||
export function SamlToolsProvider({ getService }: FtrProviderContext) { | ||
const supertestWithoutAuth = getService('supertestWithoutAuth'); | ||
const randomness = getService('randomness'); | ||
const svlCommonApi = getService('svlCommonApi'); | ||
|
||
function createSAMLResponse(options = {}) { | ||
return getSAMLResponse({ | ||
destination: `http://localhost:${kbnTestConfig.getPort()}/api/security/saml/callback`, | ||
sessionIndex: String(randomness.naturalNumber()), | ||
...options, | ||
}); | ||
} | ||
const config = getService('config'); | ||
|
||
return { | ||
async login(username: string) { | ||
const kibanaUrl = Url.format({ | ||
protocol: config.get('servers.kibana.protocol'), | ||
hostname: config.get('servers.kibana.hostname'), | ||
port: config.get('servers.kibana.port'), | ||
pathname: '/api/security/saml/callback', | ||
}); | ||
const samlAuthenticationResponse = await supertestWithoutAuth | ||
.post('/api/security/saml/callback') | ||
.set(svlCommonApi.getCommonRequestHeader()) | ||
.send({ SAMLResponse: await createSAMLResponse({ username }) }); | ||
.send({ | ||
SAMLResponse: await createSAMLResponse({ | ||
username, | ||
roles: [], | ||
kibanaUrl, | ||
}), | ||
}); | ||
Comment on lines
+32
to
+37
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Using |
||
expect(samlAuthenticationResponse.status).to.equal(302); | ||
expect(samlAuthenticationResponse.header.location).to.equal('/'); | ||
const sessionCookie = parseCookie(samlAuthenticationResponse.header['set-cookie'][0])!; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to pass kibanaUrl to ES arguments, as it is used to configure SAML.
See https://github.com/elastic/kibana/pull/170852/files#diff-8f7aba0b3396374d5da09418deddf4ae0c2e31881871e5b59a4c4f5e6b9bdec3R472-R517