diff --git a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json index 167afbb74..913c96425 100644 --- a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json +++ b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json @@ -1,17 +1,17 @@ { - "cluster_permissions": ["*"], - "index_permissions": [ - { - "index_patterns": ["*"], - "fls": [], - "masked_fields": [], - "allowed_actions": ["*"] - } - ], - "tenant_permissions": [ - { - "tenant_patterns": ["*"], - "allowed_actions": ["kibana_all_write"] - } - ] - } \ No newline at end of file + "cluster_permissions": ["*"], + "index_permissions": [ + { + "index_patterns": ["*"], + "fls": [], + "masked_fields": [], + "allowed_actions": ["*"] + } + ], + "tenant_permissions": [ + { + "tenant_patterns": ["*"], + "allowed_actions": ["kibana_all_write"] + } + ] +} diff --git a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json index 95ddce0da..5d3698510 100644 --- a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json +++ b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json @@ -1,3 +1,3 @@ { - "users": ["workspace-test"] - } \ No newline at end of file + "users": ["workspace-test"] +} diff --git a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json index 6e9ccf873..ab42fc30d 100644 --- a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json +++ b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json @@ -1,3 +1,3 @@ { - "password": "testUserPassword123" - } \ No newline at end of file + "password": "testUserPassword123" +} diff --git a/cypress/integration/core-opensearch-dashboards/opensearch-dashboards/workspace-plugin/mds_workspace_detail.spec.js b/cypress/integration/core-opensearch-dashboards/opensearch-dashboards/workspace-plugin/mds_workspace_detail.spec.js index 3475f612e..911f5cc15 100644 --- a/cypress/integration/core-opensearch-dashboards/opensearch-dashboards/workspace-plugin/mds_workspace_detail.spec.js +++ b/cypress/integration/core-opensearch-dashboards/opensearch-dashboards/workspace-plugin/mds_workspace_detail.spec.js @@ -4,6 +4,13 @@ */ import { MiscUtils } from '@opensearch-dashboards-test/opensearch-dashboards-test-library'; +import { ADMIN_AUTH } from '../../../../utils/commands'; +import workspaceTestUser from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json'; +import workspaceTestRole from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json'; +import workspaceTestRoleMapping from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json'; + +const NONE_DASHBOARDS_ADMIN_USERNAME = 'workspace-test'; +const WORKSPACE_TEST_ROLE_NAME = 'workspace-test-role'; const miscUtils = new MiscUtils(cy); const workspaceName = 'test_workspace_320sdfouAz'; @@ -14,6 +21,17 @@ let workspaceFeatures = ['use-case-observability']; if (Cypress.env('WORKSPACE_ENABLED')) { describe('Workspace detail', () => { before(() => { + if (Cypress.env('SECURITY_ENABLED')) { + cy.createInternalUser( + NONE_DASHBOARDS_ADMIN_USERNAME, + workspaceTestUser + ); + cy.createRole(WORKSPACE_TEST_ROLE_NAME, workspaceTestRole); + cy.createRoleMapping( + WORKSPACE_TEST_ROLE_NAME, + workspaceTestRoleMapping + ); + } cy.deleteWorkspaceByName(workspaceName); cy.createWorkspace({ name: workspaceName, @@ -23,26 +41,31 @@ if (Cypress.env('WORKSPACE_ENABLED')) { permissions: { library_write: { users: ['%me%'] }, write: { users: ['%me%'] }, + library_read: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] }, + read: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] }, }, }, }).then((value) => (workspaceId = value)); }); - beforeEach(() => { - // Visit workspace update page - miscUtils.visitPage(`w/${workspaceId}/app/workspace_detail`); - - cy.intercept('PUT', `/w/${workspaceId}/api/workspaces/${workspaceId}`).as( - 'updateWorkspaceRequest' - ); - }); - after(() => { cy.deleteWorkspaceById(workspaceId); + if (Cypress.env('SECURITY_ENABLED')) { + cy.deleteRoleMapping(WORKSPACE_TEST_ROLE_NAME); + cy.deleteInternalUser(NONE_DASHBOARDS_ADMIN_USERNAME); + cy.deleteRole(WORKSPACE_TEST_ROLE_NAME); + } }); describe('workspace details', () => { beforeEach(() => { + // Visit workspace update page + miscUtils.visitPage(`w/${workspaceId}/app/workspace_detail`); + + cy.intercept( + 'PUT', + `/w/${workspaceId}/api/workspaces/${workspaceId}` + ).as('updateWorkspaceRequest'); cy.getElementByTestId('workspaceForm-workspaceDetails-edit').click(); }); @@ -144,5 +167,118 @@ if (Cypress.env('WORKSPACE_ENABLED')) { }); }); }); + + if ( + Cypress.env('SAVED_OBJECTS_PERMISSION_ENABLED') && + Cypress.env('SECURITY_ENABLED') + ) { + describe('update with different workspace access level', () => { + const originalUser = ADMIN_AUTH.username; + const originalPassword = ADMIN_AUTH.password; + beforeEach(() => { + ADMIN_AUTH.username = originalUser; + ADMIN_AUTH.password = originalPassword; + }); + after(() => { + ADMIN_AUTH.newUser = originalUser; + ADMIN_AUTH.newPassword = originalPassword; + }); + it('should not able to update workspace meta for non workspace admin', () => { + ADMIN_AUTH.newUser = NONE_DASHBOARDS_ADMIN_USERNAME; + ADMIN_AUTH.newPassword = workspaceTestUser.password; + + // Visit workspace list page + miscUtils.visitPage(`/app/workspace_list`); + + cy.getElementByTestId('headerApplicationTitle') + .contains('Workspaces') + .should('be.exist'); + + cy.get('[role="main"]').contains(workspaceName).should('be.exist'); + + cy.get(`#${workspaceId}-actions`).click(); + cy.getElementByTestId('workspace-list-edit-icon').click(); + + cy.getElementByTestId('workspaceForm-workspaceDetails-edit').click(); + + cy.getElementByTestId( + 'workspaceForm-workspaceDetails-descriptionInputText' + ).clear({ + force: true, + }); + + cy.getElementByTestId('workspaceForm-bottomBar-updateButton').click({ + force: true, + }); + cy.getElementByTestId('globalToastList') + .contains('Invalid workspace permission') + .should('be.exist'); + }); + + it('should able to update workspace meta for workspace admin', () => { + const kibanaServerAdminWorkspace = { + name: 'kibana-server-workspace-admin', + features: ['use-case-all'], + settings: { + permissions: { + library_write: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] }, + write: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] }, + }, + }, + }; + cy.deleteWorkspaceByName(kibanaServerAdminWorkspace.name); + cy.createWorkspace(kibanaServerAdminWorkspace) + .as('adminWorkspaceId') + .then(() => { + ADMIN_AUTH.newUser = NONE_DASHBOARDS_ADMIN_USERNAME; + ADMIN_AUTH.newPassword = workspaceTestUser.password; + }); + + // Visit workspace list page + miscUtils.visitPage(`/app/workspace_list`); + + cy.getElementByTestId('headerApplicationTitle') + .contains('Workspaces') + .should('be.exist'); + + cy.get('[role="main"]') + .contains(kibanaServerAdminWorkspace.name) + .should('be.exist'); + + cy.get('@adminWorkspaceId').then((adminWorkspaceId) => { + cy.get(`#${adminWorkspaceId}-actions`).click(); + }); + cy.getElementByTestId('workspace-list-edit-icon').click(); + + cy.getElementByTestId('workspaceForm-workspaceDetails-edit').click(); + + cy.getElementByTestId( + 'workspaceForm-workspaceDetails-descriptionInputText' + ).clear({ + force: true, + }); + + cy.getElementByTestId( + 'workspaceForm-workspaceDetails-descriptionInputText' + ).type('This is a new workspace description.'); + + cy.getElementByTestId('workspaceForm-bottomBar-updateButton').click({ + force: true, + }); + cy.getElementByTestId('globalToastList') + .contains('Update workspace successfully') + .should('be.exist'); + + cy.get('@adminWorkspaceId').then((adminWorkspaceId) => { + const expectedWorkspace = { + ...kibanaServerAdminWorkspace, + description: 'This is a new workspace description.', + }; + cy.checkWorkspace(adminWorkspaceId, expectedWorkspace); + cy.deleteWorkspaceById(adminWorkspaceId); + }); + }); + }); + } }); }