Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add different access level test cases in workspace update flow #1630

Merged
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"cluster_permissions": ["*"],
"index_permissions": [
{
"index_patterns": ["*"],
"fls": [],
"masked_fields": [],
"allowed_actions": ["*"]
}
],
"tenant_permissions": [
{
"tenant_patterns": ["*"],
"allowed_actions": ["kibana_all_write"]
}
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"users": ["workspace-test"]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"password": "testUserPassword123"
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,13 @@
*/

import { MiscUtils } from '@opensearch-dashboards-test/opensearch-dashboards-test-library';
import { ADMIN_AUTH } from '../../../../utils/commands';
import workspaceTestUser from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json';
import workspaceTestRole from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json';
import workspaceTestRoleMapping from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json';

const NONE_DASHBOARDS_ADMIN_USERNAME = 'workspace-test';
const WORKSPACE_TEST_ROLE_NAME = 'workspace-test-role';

const miscUtils = new MiscUtils(cy);
const workspaceName = 'test_workspace_320sdfouAz';
Expand All @@ -14,6 +21,17 @@ let workspaceFeatures = ['use-case-observability'];
if (Cypress.env('WORKSPACE_ENABLED')) {
describe('Workspace detail', () => {
before(() => {
if (Cypress.env('SECURITY_ENABLED')) {
cy.createInternalUser(
NONE_DASHBOARDS_ADMIN_USERNAME,
workspaceTestUser
);
cy.createRole(WORKSPACE_TEST_ROLE_NAME, workspaceTestRole);
cy.createRoleMapping(
WORKSPACE_TEST_ROLE_NAME,
workspaceTestRoleMapping
);
}
cy.deleteWorkspaceByName(workspaceName);
cy.createWorkspace({
name: workspaceName,
Expand All @@ -23,26 +41,29 @@ if (Cypress.env('WORKSPACE_ENABLED')) {
permissions: {
library_write: { users: ['%me%'] },
write: { users: ['%me%'] },
library_read: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] },
read: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] },
},
},
}).then((value) => (workspaceId = value));
});

beforeEach(() => {
// Visit workspace update page
miscUtils.visitPage(`w/${workspaceId}/app/workspace_detail`);

cy.intercept('PUT', `/w/${workspaceId}/api/workspaces/${workspaceId}`).as(
'updateWorkspaceRequest'
);
});

after(() => {
cy.deleteWorkspaceById(workspaceId);
if (Cypress.env('SECURITY_ENABLED')) {
cy.deleteInternalUser(NONE_DASHBOARDS_ADMIN_USERNAME);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we delete role and role mapping as well?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It won't fail when creating a role or mapping with the same name. Deleting a user is to protect the system. Will add the remove role logic.

}
});

describe('workspace details', () => {
beforeEach(() => {
// Visit workspace update page
miscUtils.visitPage(`w/${workspaceId}/app/workspace_detail`);

cy.intercept(
'PUT',
`/w/${workspaceId}/api/workspaces/${workspaceId}`
).as('updateWorkspaceRequest');
cy.getElementByTestId('workspaceForm-workspaceDetails-edit').click();
});

Expand Down Expand Up @@ -144,5 +165,118 @@ if (Cypress.env('WORKSPACE_ENABLED')) {
});
});
});

if (
Cypress.env('SAVED_OBJECTS_PERMISSION_ENABLED') &&
Cypress.env('SECURITY_ENABLED')
) {
describe('update with different workspace access level', () => {
const originalUser = ADMIN_AUTH.username;
const originalPassword = ADMIN_AUTH.password;
beforeEach(() => {
ADMIN_AUTH.username = originalUser;
ADMIN_AUTH.password = originalPassword;
});
after(() => {
ADMIN_AUTH.newUser = originalUser;
ADMIN_AUTH.newPassword = originalPassword;
});
it('should not able to update workspace meta for non workspace admin', () => {
ADMIN_AUTH.newUser = NONE_DASHBOARDS_ADMIN_USERNAME;
ADMIN_AUTH.newPassword = workspaceTestUser.password;

// Visit workspace list page
miscUtils.visitPage(`/app/workspace_list`);

cy.getElementByTestId('headerApplicationTitle')
.contains('Workspaces')
.should('be.exist');

cy.get('[role="main"]').contains(workspaceName).should('be.exist');

cy.get(`#${workspaceId}-actions`).click();
cy.getElementByTestId('workspace-list-edit-icon').click();

cy.getElementByTestId('workspaceForm-workspaceDetails-edit').click();

cy.getElementByTestId(
'workspaceForm-workspaceDetails-descriptionInputText'
).clear({
force: true,
});

cy.getElementByTestId('workspaceForm-bottomBar-updateButton').click({
force: true,
});
cy.getElementByTestId('globalToastList')
.contains('Invalid workspace permission')
.should('be.exist');
});

it('should able to update workspace meta for workspace admin', () => {
const kibanaServerAdminWorkspace = {
name: 'kibana-server-workspace-admin',
features: ['use-case-all'],
settings: {
permissions: {
library_write: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] },
write: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] },
},
},
};
cy.deleteWorkspaceByName(kibanaServerAdminWorkspace.name);
cy.createWorkspace(kibanaServerAdminWorkspace)
.as('adminWorkspaceId')
.then(() => {
ADMIN_AUTH.newUser = NONE_DASHBOARDS_ADMIN_USERNAME;
ADMIN_AUTH.newPassword = workspaceTestUser.password;
});

// Visit workspace list page
miscUtils.visitPage(`/app/workspace_list`);

cy.getElementByTestId('headerApplicationTitle')
.contains('Workspaces')
.should('be.exist');

cy.get('[role="main"]')
.contains(kibanaServerAdminWorkspace.name)
.should('be.exist');

cy.get('@adminWorkspaceId').then((adminWorkspaceId) => {
cy.get(`#${adminWorkspaceId}-actions`).click();
});
cy.getElementByTestId('workspace-list-edit-icon').click();

cy.getElementByTestId('workspaceForm-workspaceDetails-edit').click();

cy.getElementByTestId(
'workspaceForm-workspaceDetails-descriptionInputText'
).clear({
force: true,
});

cy.getElementByTestId(
'workspaceForm-workspaceDetails-descriptionInputText'
).type('This is a new workspace description.');

cy.getElementByTestId('workspaceForm-bottomBar-updateButton').click({
force: true,
});
cy.getElementByTestId('globalToastList')
.contains('Update workspace successfully')
.should('be.exist');

cy.get('@adminWorkspaceId').then((adminWorkspaceId) => {
const expectedWorkspace = {
...kibanaServerAdminWorkspace,
description: 'This is a new workspace description.',
};
cy.checkWorkspace(adminWorkspaceId, expectedWorkspace);
cy.deleteWorkspaceById(adminWorkspaceId);
});
});
});
}
});
}
8 changes: 8 additions & 0 deletions cypress/utils/plugins/security-dashboards-plugin/commands.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ Cypress.Commands.add('createInternalUser', (userID, userJson) => {
cy.wait(10000);
});

Cypress.Commands.add('deleteInternalUser', (userID) => {
cy.request(
'DELETE',
`${Cypress.env('openSearchUrl')}${SEC_API.INTERNALUSERS_BASE}/${userID}`
);
cy.wait(10000);
});

Cypress.Commands.add('createRole', (roleID, roleJson) => {
cy.request(
'PUT',
Expand Down
Loading