diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml index c6817a53b08a8..c817c9f8442e5 100644 --- a/.buildkite/ftr_configs.yml +++ b/.buildkite/ftr_configs.yml @@ -16,6 +16,7 @@ disabled: - x-pack/test/security_solution_api_integration/config/ess/config.base.ts - x-pack/test/security_solution_api_integration/config/serverless/config.base.ts - x-pack/test/security_solution_endpoint/config.base.ts + - x-pack/test/security_solution_endpoint_api_int/config.base.ts # QA suites that are run out-of-band - x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js @@ -385,6 +386,7 @@ enabled: - x-pack/test/security_functional/user_profiles.config.ts - x-pack/test/security_functional/expired_session.config.ts - x-pack/test/security_solution_endpoint_api_int/config.ts + - x-pack/test/security_solution_endpoint_api_int/serverless.config.ts - x-pack/test/security_solution_endpoint/endpoint.config.ts - x-pack/test/security_solution_endpoint/serverless.endpoint.config.ts - x-pack/test/security_solution_endpoint/integrations.config.ts diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/index.ts index b035f55bf1589..7861ee4d6e0d5 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/index.ts @@ -22,6 +22,7 @@ import { import { getDetectionsEngineer } from './detections_engineer'; import { getWithResponseActionsRole } from './with_response_actions_role'; import { getNoResponseActionsRole } from './without_response_actions_role'; +import { getWithArtifactReadPrivilegesRole } from './with_artifact_read_privileges_role'; export * from './with_response_actions_role'; export * from './without_response_actions_role'; @@ -74,6 +75,7 @@ export const ENDPOINT_SECURITY_ROLE_NAMES = Object.freeze({ endpoint_response_actions_access: 'endpoint_response_actions_access', endpoint_response_actions_no_access: 'endpoint_response_actions_no_access', endpoint_security_policy_management_read: 'endpoint_security_policy_management_read', + artifact_read_privileges: 'artifact_read_privileges', }); export const getAllEndpointSecurityRoles = (): EndpointSecurityRoleDefinitions => { @@ -135,5 +137,9 @@ export const getAllEndpointSecurityRoles = (): EndpointSecurityRoleDefinitions = ...getEndpointSecurityPolicyManagementReadRole(), name: 'endpoint_security_policy_management_read', }, + artifact_read_privileges: { + ...getWithArtifactReadPrivilegesRole(), + name: 'artifact_read_privileges', + }, }; }; diff --git a/x-pack/test/security_solution_endpoint/config.base.ts b/x-pack/test/security_solution_endpoint/config.base.ts index ebfce1ab4db0c..d75458a4c581d 100644 --- a/x-pack/test/security_solution_endpoint/config.base.ts +++ b/x-pack/test/security_solution_endpoint/config.base.ts @@ -14,7 +14,10 @@ import { } from '../security_solution_endpoint_api_int/registry'; import type { TargetTags } from './target_tags'; -const SUITE_TAGS: Record = { +export const SUITE_TAGS: Record< + 'ess' | 'serverless', + { include: TargetTags[]; exclude: TargetTags[] } +> = { ess: { include: ['@ess'], exclude: ['@skipInEss'], diff --git a/x-pack/test/security_solution_endpoint/services/index.ts b/x-pack/test/security_solution_endpoint/services/index.ts index b2c52ada028b0..5ba317dfaea3e 100644 --- a/x-pack/test/security_solution_endpoint/services/index.ts +++ b/x-pack/test/security_solution_endpoint/services/index.ts @@ -13,7 +13,10 @@ import { TimelineTestService } from '../../security_solution_ftr/services/timeli import { DetectionsTestService } from '../../security_solution_ftr/services/detections'; import { EndpointPolicyTestResourcesProvider } from './endpoint_policy'; import { EndpointArtifactsTestResources } from './endpoint_artifacts'; -import { KibanaSupertestWithCertProvider } from './supertest_with_cert'; +import { + KibanaSupertestWithCertProvider, + KibanaSupertestWithCertWithoutAuthProvider, +} from './supertest_with_cert'; export const services = { ...xPackFunctionalServices, @@ -31,4 +34,5 @@ export const svlServices = { ...services, supertest: KibanaSupertestWithCertProvider, + supertestWithoutAuth: KibanaSupertestWithCertWithoutAuthProvider, }; diff --git a/x-pack/test/security_solution_endpoint/services/supertest_with_cert.ts b/x-pack/test/security_solution_endpoint/services/supertest_with_cert.ts index e06e144a1667f..a23d850e3799b 100644 --- a/x-pack/test/security_solution_endpoint/services/supertest_with_cert.ts +++ b/x-pack/test/security_solution_endpoint/services/supertest_with_cert.ts @@ -15,3 +15,11 @@ export function KibanaSupertestWithCertProvider({ getService }: FtrProviderConte return supertest.agent(kibanaServerUrl, { ca }); } + +export function KibanaSupertestWithCertWithoutAuthProvider({ getService }: FtrProviderContext) { + const config = getService('config'); + const kibanaServerUrl = formatUrl({ ...config.get('servers.kibana'), auth: false }); + const ca = config.get('servers.kibana').certificateAuthorities; + + return supertest.agent(kibanaServerUrl, { ca }); +} diff --git a/x-pack/test/security_solution_endpoint/target_tags.ts b/x-pack/test/security_solution_endpoint/target_tags.ts index dd71736e95ee5..4fd76a0173e21 100644 --- a/x-pack/test/security_solution_endpoint/target_tags.ts +++ b/x-pack/test/security_solution_endpoint/target_tags.ts @@ -5,13 +5,44 @@ * 2.0. */ -export type TargetTags = - | '@ess' - | '@skipInEss' - | '@serverless' - | '@skipInServerless' - | '@brokenInServerless'; - -export const targetTags = (thisSuite: Mocha.Suite, tags: TargetTags[]) => { +import expect from '@kbn/expect'; + +const TARGET_TAGS = [ + '@ess', + '@skipInEss', + '@serverless', + '@skipInServerless', + '@brokenInServerless', +] as const; + +export type TargetTags = typeof TARGET_TAGS[number]; + +export function targetTags(thisSuite: Mocha.Suite, tags: TargetTags[]) { + // @ts-ignore: _tags is not publicly visible + const existingTags = (thisSuite._tags as string[]) ?? []; + const existingTargetTags = existingTags.filter((tag) => TARGET_TAGS.includes(tag as TargetTags)); + + if (existingTargetTags.length > 0) { + return expect().fail(` + + ⚠️ ERROR in \`${targetTags.name}()\`: the passed suite already has target tags. + + Suite name: ${thisSuite.title} + Existing tags: ${existingTargetTags.join(', ')} + New tags: ${tags.join(', ')} + + 💡 This can happen if you call \`${targetTags.name}()\` twice in the same block, or + → from the inside of an arrow function + → which is passed to a \`describe()\` block + → which is somewhere inside \`${thisSuite.title}\`. + + ☝️ Correct usage: + describe('must receive a regular function', function () { + ${targetTags.name}(this, ['@serverless']); + }) + + `); + } + thisSuite.tags(tags); -}; +} diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/blocklists.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/blocklists.ts index a5a5c109fe440..5351cc22f628a 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/blocklists.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/blocklists.ts @@ -13,6 +13,7 @@ import { GLOBAL_ARTIFACT_TAG, } from '@kbn/security-solution-plugin/common/endpoint/service/artifacts'; import { ExceptionsListItemGenerator } from '@kbn/security-solution-plugin/common/endpoint/data_generators/exceptions_list_item_generator'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; import { PolicyTestResourceInfo } from '../../../security_solution_endpoint/services/endpoint_policy'; import { ArtifactTestData } from '../../../security_solution_endpoint/services/endpoint_artifacts'; @@ -24,7 +25,9 @@ export default function ({ getService }: FtrProviderContext) { const endpointPolicyTestResources = getService('endpointPolicyTestResources'); const endpointArtifactTestResources = getService('endpointArtifactTestResources'); - describe('Endpoint artifacts (via lists plugin): Blocklists', () => { + describe('Endpoint artifacts (via lists plugin): Blocklists', function () { + targetTags(this, ['@ess', '@serverless']); + let fleetEndpointPolicy: PolicyTestResourceInfo; before(async () => { @@ -155,7 +158,7 @@ export default function ({ getService }: FtrProviderContext) { body.entries[0].field = 'some.invalid.field'; await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -176,7 +179,7 @@ export default function ({ getService }: FtrProviderContext) { ]; await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -197,7 +200,7 @@ export default function ({ getService }: FtrProviderContext) { ]; await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -224,7 +227,7 @@ export default function ({ getService }: FtrProviderContext) { ]; await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -258,7 +261,7 @@ export default function ({ getService }: FtrProviderContext) { ]; await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -272,7 +275,7 @@ export default function ({ getService }: FtrProviderContext) { body.os_types = ['linux', 'windows']; await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -297,7 +300,7 @@ export default function ({ getService }: FtrProviderContext) { for (const blocklistApiCall of [...needsWritePrivilege, ...needsReadPrivilege]) { it(`should not error on [${blocklistApiCall.method}] - [${blocklistApiCall.info}]`, async () => { await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(blocklistApiCall.getBody()) .expect(200); @@ -305,24 +308,23 @@ export default function ({ getService }: FtrProviderContext) { } }); - describe('and user has authorization to read blocklist', () => { + describe('and user has authorization to read blocklist', function () { + targetTags(this, ['@skipInServerless']); // no such role in serverless + for (const blocklistApiCall of [...blocklistApiCalls, ...needsWritePrivilege]) { it(`should error on [${blocklistApiCall.method}] - [${blocklistApiCall.info}]`, async () => { await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.artifact_read_role, 'changeme') + .auth(ROLE.artifact_read_privileges, 'changeme') .set('kbn-xsrf', 'true') .send(blocklistApiCall.getBody()) - .expect(403, { - status_code: 403, - message: 'EndpointArtifactError: Endpoint authorization failure', - }); + .expect(403); }); } for (const blocklistApiCall of needsReadPrivilege) { it(`should not error on [${blocklistApiCall.method}] - [${blocklistApiCall.info}]`, async () => { await supertestWithoutAuth[blocklistApiCall.method](blocklistApiCall.path) - .auth(ROLE.artifact_read_role, 'changeme') + .auth(ROLE.artifact_read_privileges, 'changeme') .set('kbn-xsrf', 'true') .send(blocklistApiCall.getBody()) .expect(200); @@ -341,10 +343,7 @@ export default function ({ getService }: FtrProviderContext) { .auth(ROLE.t1_analyst, 'changeme') .set('kbn-xsrf', 'true') .send(blocklistApiCall.getBody()) - .expect(403, { - status_code: 403, - message: 'EndpointArtifactError: Endpoint authorization failure', - }); + .expect(403); }); } }); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filters.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filters.ts index 8a00471665e04..5f5c75caa68f9 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filters.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/event_filters.ts @@ -14,6 +14,7 @@ import { getImportExceptionsListSchemaMock, toNdJsonString, } from '@kbn/lists-plugin/common/schemas/request/import_exceptions_schema.mock'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; import { PolicyTestResourceInfo } from '../../../security_solution_endpoint/services/endpoint_policy'; import { ArtifactTestData } from '../../../security_solution_endpoint/services/endpoint_artifacts'; @@ -25,7 +26,9 @@ export default function ({ getService }: FtrProviderContext) { const endpointPolicyTestResources = getService('endpointPolicyTestResources'); const endpointArtifactTestResources = getService('endpointArtifactTestResources'); - describe('Endpoint artifacts (via lists plugin): Event Filters', () => { + describe('Endpoint artifacts (via lists plugin): Event Filters', function () { + targetTags(this, ['@ess', '@serverless']); + let fleetEndpointPolicy: PolicyTestResourceInfo; before(async () => { @@ -182,7 +185,7 @@ export default function ({ getService }: FtrProviderContext) { const body = eventFilterApiCall.getBody({ os_types: ['linux', 'windows'] }); await supertestWithoutAuth[eventFilterApiCall.method](eventFilterApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -197,7 +200,7 @@ export default function ({ getService }: FtrProviderContext) { // Using superuser there as we need custom license for this action await supertest[eventFilterApiCall.method](eventFilterApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -210,7 +213,7 @@ export default function ({ getService }: FtrProviderContext) { // Using superuser here as we need custom license for this action await supertest[eventFilterApiCall.method](eventFilterApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(200); @@ -222,7 +225,7 @@ export default function ({ getService }: FtrProviderContext) { for (const eventFilterApiCall of [...needsWritePrivilege, ...needsReadPrivilege]) { it(`should not error on [${eventFilterApiCall.method}] - [${eventFilterApiCall.info}]`, async () => { await supertestWithoutAuth[eventFilterApiCall.method](eventFilterApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(eventFilterApiCall.getBody()) .expect(200); @@ -230,24 +233,23 @@ export default function ({ getService }: FtrProviderContext) { } }); - describe('and user has authorization to read event filters', () => { + describe('and user has authorization to read event filters', function () { + targetTags(this, ['@skipInServerless']); // no such role in serverless + for (const eventFilterApiCall of [...eventFilterCalls, ...needsWritePrivilege]) { it(`should error on [${eventFilterApiCall.method}] - [${eventFilterApiCall.info}]`, async () => { await supertestWithoutAuth[eventFilterApiCall.method](eventFilterApiCall.path) - .auth(ROLE.artifact_read_role, 'changeme') + .auth(ROLE.hunter, 'changeme') .set('kbn-xsrf', 'true') .send(eventFilterApiCall.getBody()) - .expect(403, { - status_code: 403, - message: 'EndpointArtifactError: Endpoint authorization failure', - }); + .expect(403); }); } for (const eventFilterApiCall of needsReadPrivilege) { it(`should not error on [${eventFilterApiCall.method}] - [${eventFilterApiCall.info}]`, async () => { await supertestWithoutAuth[eventFilterApiCall.method](eventFilterApiCall.path) - .auth(ROLE.artifact_read_role, 'changeme') + .auth(ROLE.hunter, 'changeme') .set('kbn-xsrf', 'true') .send(eventFilterApiCall.getBody()) .expect(200); @@ -266,10 +268,7 @@ export default function ({ getService }: FtrProviderContext) { .auth(ROLE.t1_analyst, 'changeme') .set('kbn-xsrf', 'true') .send(eventFilterApiCall.getBody()) - .expect(403, { - status_code: 403, - message: 'EndpointArtifactError: Endpoint authorization failure', - }); + .expect(403); }); } }); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/host_isolation_exceptions.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/host_isolation_exceptions.ts index b22ff51ce8ed7..09616f57a68d0 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/host_isolation_exceptions.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/host_isolation_exceptions.ts @@ -17,6 +17,7 @@ import { toNdJsonString, } from '@kbn/lists-plugin/common/schemas/request/import_exceptions_schema.mock'; import { ExceptionsListItemGenerator } from '@kbn/security-solution-plugin/common/endpoint/data_generators/exceptions_list_item_generator'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; import { PolicyTestResourceInfo } from '../../../security_solution_endpoint/services/endpoint_policy'; import { ArtifactTestData } from '../../../security_solution_endpoint/services/endpoint_artifacts'; @@ -28,7 +29,9 @@ export default function ({ getService }: FtrProviderContext) { const endpointPolicyTestResources = getService('endpointPolicyTestResources'); const endpointArtifactTestResources = getService('endpointArtifactTestResources'); - describe('Endpoint Host Isolation Exceptions artifacts (via lists plugin)', () => { + describe('Endpoint Host Isolation Exceptions artifacts (via lists plugin)', function () { + targetTags(this, ['@ess', '@serverless']); + let fleetEndpointPolicy: PolicyTestResourceInfo; let hostIsolationExceptionData: ArtifactTestData; @@ -191,7 +194,7 @@ export default function ({ getService }: FtrProviderContext) { await supertestWithoutAuth[hostIsolationExceptionApiCall.method]( hostIsolationExceptionApiCall.path ) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -207,7 +210,7 @@ export default function ({ getService }: FtrProviderContext) { await supertestWithoutAuth[hostIsolationExceptionApiCall.method]( hostIsolationExceptionApiCall.path ) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -230,7 +233,7 @@ export default function ({ getService }: FtrProviderContext) { await supertestWithoutAuth[hostIsolationExceptionApiCall.method]( hostIsolationExceptionApiCall.path ) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -246,7 +249,7 @@ export default function ({ getService }: FtrProviderContext) { await supertestWithoutAuth[hostIsolationExceptionApiCall.method]( hostIsolationExceptionApiCall.path ) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -273,7 +276,7 @@ export default function ({ getService }: FtrProviderContext) { await supertestWithoutAuth[hostIsolationExceptionApiCall.method]( hostIsolationExceptionApiCall.path ) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(hostIsolationExceptionApiCall.getBody()) .expect(200); @@ -281,7 +284,9 @@ export default function ({ getService }: FtrProviderContext) { } }); - describe('and user has authorization to read host isolation exceptions', () => { + describe('and user has authorization to read host isolation exceptions', function () { + targetTags(this, ['@skipInServerless']); // no such role in serverless + for (const hostIsolationExceptionApiCall of [ ...hostIsolationExceptionCalls, ...needsWritePrivilege, @@ -290,13 +295,10 @@ export default function ({ getService }: FtrProviderContext) { await supertestWithoutAuth[hostIsolationExceptionApiCall.method]( hostIsolationExceptionApiCall.path ) - .auth(ROLE.artifact_read_role, 'changeme') + .auth(ROLE.hunter, 'changeme') .set('kbn-xsrf', 'true') .send(hostIsolationExceptionApiCall.getBody()) - .expect(403, { - status_code: 403, - message: 'EndpointArtifactError: Endpoint authorization failure', - }); + .expect(403); }); } @@ -305,7 +307,7 @@ export default function ({ getService }: FtrProviderContext) { await supertestWithoutAuth[hostIsolationExceptionApiCall.method]( hostIsolationExceptionApiCall.path ) - .auth(ROLE.artifact_read_role, 'changeme') + .auth(ROLE.hunter, 'changeme') .set('kbn-xsrf', 'true') .send(hostIsolationExceptionApiCall.getBody()) .expect(200); @@ -326,10 +328,7 @@ export default function ({ getService }: FtrProviderContext) { .auth(ROLE.t1_analyst, 'changeme') .set('kbn-xsrf', 'true') .send(hostIsolationExceptionApiCall.getBody()) - .expect(403, { - status_code: 403, - message: 'EndpointArtifactError: Endpoint authorization failure', - }); + .expect(403); }); } }); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/trusted_apps.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/trusted_apps.ts index 9841cf2adab9c..fb844f40a8fbf 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/trusted_apps.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_artifacts/trusted_apps.ts @@ -13,6 +13,7 @@ import { GLOBAL_ARTIFACT_TAG, } from '@kbn/security-solution-plugin/common/endpoint/service/artifacts'; import { ExceptionsListItemGenerator } from '@kbn/security-solution-plugin/common/endpoint/data_generators/exceptions_list_item_generator'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; import { PolicyTestResourceInfo } from '../../../security_solution_endpoint/services/endpoint_policy'; import { ArtifactTestData } from '../../../security_solution_endpoint/services/endpoint_artifacts'; @@ -24,7 +25,9 @@ export default function ({ getService }: FtrProviderContext) { const endpointPolicyTestResources = getService('endpointPolicyTestResources'); const endpointArtifactTestResources = getService('endpointArtifactTestResources'); - describe('Endpoint artifacts (via lists plugin): Trusted Applications', () => { + describe('Endpoint artifacts (via lists plugin): Trusted Applications', function () { + targetTags(this, ['@ess', '@serverless']); + let fleetEndpointPolicy: PolicyTestResourceInfo; before(async () => { @@ -155,7 +158,7 @@ export default function ({ getService }: FtrProviderContext) { body.entries[0].field = 'some.invalid.field'; await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -169,7 +172,7 @@ export default function ({ getService }: FtrProviderContext) { body.entries.push({ ...body.entries[0] }); await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -190,7 +193,7 @@ export default function ({ getService }: FtrProviderContext) { ]; await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -224,7 +227,7 @@ export default function ({ getService }: FtrProviderContext) { ]; await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -238,7 +241,7 @@ export default function ({ getService }: FtrProviderContext) { body.os_types = ['linux', 'windows']; await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -253,7 +256,7 @@ export default function ({ getService }: FtrProviderContext) { // Using superuser here as we need custom license for this action await supertest[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(body) .expect(400) @@ -264,7 +267,7 @@ export default function ({ getService }: FtrProviderContext) { for (const trustedAppApiCall of [...needsWritePrivilege, ...needsReadPrivilege]) { it(`should not error on [${trustedAppApiCall.method}] - [${trustedAppApiCall.info}]`, async () => { await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.endpoint_security_policy_manager, 'changeme') + .auth(ROLE.endpoint_policy_manager, 'changeme') .set('kbn-xsrf', 'true') .send(trustedAppApiCall.getBody()) .expect(200); @@ -272,24 +275,23 @@ export default function ({ getService }: FtrProviderContext) { } }); - describe('and user has authorization to read trusted apps', () => { + describe('and user has authorization to read trusted apps', function () { + targetTags(this, ['@skipInServerless']); // no such role in serverless + for (const trustedAppApiCall of [...trustedAppApiCalls, ...needsWritePrivilege]) { it(`should error on [${trustedAppApiCall.method}] - [${trustedAppApiCall.info}]`, async () => { await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.artifact_read_role, 'changeme') + .auth(ROLE.hunter, 'changeme') .set('kbn-xsrf', 'true') .send(trustedAppApiCall.getBody()) - .expect(403, { - status_code: 403, - message: 'EndpointArtifactError: Endpoint authorization failure', - }); + .expect(403); }); } for (const trustedAppApiCall of needsReadPrivilege) { it(`should not error on [${trustedAppApiCall.method}] - [${trustedAppApiCall.info}]`, async () => { await supertestWithoutAuth[trustedAppApiCall.method](trustedAppApiCall.path) - .auth(ROLE.artifact_read_role, 'changeme') + .auth(ROLE.hunter, 'changeme') .set('kbn-xsrf', 'true') .send(trustedAppApiCall.getBody()) .expect(200); @@ -308,10 +310,7 @@ export default function ({ getService }: FtrProviderContext) { .auth(ROLE.t1_analyst, 'changeme') .set('kbn-xsrf', 'true') .send(trustedAppApiCall.getBody()) - .expect(403, { - status_code: 403, - message: 'EndpointArtifactError: Endpoint authorization failure', - }); + .expect(403); }); } }); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts index ef242d887496f..7434f46ca35be 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts @@ -24,6 +24,7 @@ import { EXECUTE_ROUTE, } from '@kbn/security-solution-plugin/common/endpoint/constants'; import { IndexedHostsAndAlertsResponse } from '@kbn/security-solution-plugin/common/endpoint/index_data'; +import { targetTags } from '../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../ftr_provider_context'; import { ROLE } from '../services/roles_users'; @@ -39,7 +40,9 @@ export default function ({ getService }: FtrProviderContext) { body: Record | undefined; } - describe('When attempting to call an endpoint api', () => { + describe('When attempting to call an endpoint api', function () { + targetTags(this, ['@ess', '@serverless']); + let indexedData: IndexedHostsAndAlertsResponse; let actionId = ''; let agentId = ''; @@ -246,7 +249,7 @@ export default function ({ getService }: FtrProviderContext) { apiListItem.path }]`, async () => { await supertestWithoutAuth[apiListItem.method](replacePathIds(apiListItem.path)) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'xxx') .send(apiListItem.body) .expect(403, { @@ -268,7 +271,7 @@ export default function ({ getService }: FtrProviderContext) { apiListItem.path }]`, async () => { await supertestWithoutAuth[apiListItem.method](replacePathIds(apiListItem.path)) - .auth(ROLE.analyst_hunter, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'xxx') .send(apiListItem.body) .expect(200); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_response_actions/execute.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_response_actions/execute.ts index 9efd670c55db8..f904539dae231 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_response_actions/execute.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_response_actions/execute.ts @@ -8,6 +8,7 @@ import { wrapErrorAndRejectPromise } from '@kbn/security-solution-plugin/common/ import expect from '@kbn/expect'; import { EXECUTE_ROUTE } from '@kbn/security-solution-plugin/common/endpoint/constants'; import { IndexedHostsAndAlertsResponse } from '@kbn/security-solution-plugin/common/endpoint/index_data'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; import { ROLE } from '../../services/roles_users'; @@ -15,7 +16,9 @@ export default function ({ getService }: FtrProviderContext) { const supertestWithoutAuth = getService('supertestWithoutAuth'); const endpointTestResources = getService('endpointTestResources'); - describe('Endpoint `execute` response action', () => { + describe('Endpoint `execute` response action', function () { + targetTags(this, ['@ess', '@serverless']); + let indexedData: IndexedHostsAndAlertsResponse; let agentId = ''; @@ -46,7 +49,7 @@ export default function ({ getService }: FtrProviderContext) { it('should error on invalid endpoint id', async () => { await supertestWithoutAuth .post(EXECUTE_ROUTE) - .auth(ROLE.response_actions_role, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'true') .set('Elastic-Api-Version', '2023-10-31') .send({ endpoint_ids: [' '], parameters: { command: 'ls -la' } }) @@ -60,7 +63,7 @@ export default function ({ getService }: FtrProviderContext) { it('should error on missing endpoint id', async () => { await supertestWithoutAuth .post(EXECUTE_ROUTE) - .auth(ROLE.response_actions_role, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'true') .set('Elastic-Api-Version', '2023-10-31') .send({ parameters: { command: 'ls -la' } }) @@ -75,7 +78,7 @@ export default function ({ getService }: FtrProviderContext) { it('should error on invalid `command` parameter', async () => { await supertestWithoutAuth .post(EXECUTE_ROUTE) - .auth(ROLE.response_actions_role, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'true') .set('Elastic-Api-Version', '2023-10-31') .send({ endpoint_ids: [agentId], parameters: { command: ' ' } }) @@ -89,7 +92,7 @@ export default function ({ getService }: FtrProviderContext) { it('should error on missing `command` parameter', async () => { await supertestWithoutAuth .post(EXECUTE_ROUTE) - .auth(ROLE.response_actions_role, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'true') .set('Elastic-Api-Version', '2023-10-31') .send({ endpoint_ids: [agentId] }) @@ -104,7 +107,7 @@ export default function ({ getService }: FtrProviderContext) { it('should error on invalid `timeout` parameter', async () => { await supertestWithoutAuth .post(EXECUTE_ROUTE) - .auth(ROLE.response_actions_role, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'true') .set('Elastic-Api-Version', '2023-10-31') .send({ endpoint_ids: [agentId], parameters: { command: 'ls -la', timeout: 'too' } }) @@ -121,7 +124,7 @@ export default function ({ getService }: FtrProviderContext) { body: { data }, } = await supertestWithoutAuth .post(EXECUTE_ROUTE) - .auth(ROLE.response_actions_role, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'true') .set('Elastic-Api-Version', '2023-10-31') .send({ endpoint_ids: [agentId], parameters: { command: 'ls -la' } }) @@ -137,7 +140,7 @@ export default function ({ getService }: FtrProviderContext) { body: { data }, } = await supertestWithoutAuth .post(EXECUTE_ROUTE) - .auth(ROLE.response_actions_role, 'changeme') + .auth(ROLE.endpoint_operations_analyst, 'changeme') .set('kbn-xsrf', 'true') .set('Elastic-Api-Version', '2023-10-31') .send({ endpoint_ids: [agentId], parameters: { command: 'ls -la', timeout: 2000 } }) diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts index 06d54f0aaac45..c0668612907a7 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts @@ -4,8 +4,8 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ - import { getRegistryUrl as getRegistryUrlFromIngest } from '@kbn/fleet-plugin/server'; +import { isServerlessKibanaFlavor } from '@kbn/security-solution-plugin/scripts/endpoint/common/stack_services'; import { FtrProviderContext } from '../ftr_provider_context'; import { getRegistryUrlFromTestEnv, isRegistryEnabled } from '../registry'; import { ROLE } from '../services/roles_users'; @@ -16,7 +16,7 @@ export default function endpointAPIIntegrationTests(providerContext: FtrProvider describe('Endpoint plugin', function () { const ingestManager = getService('ingestManager'); const rolesUsersProvider = getService('rolesUsersProvider'); - + const kbnClient = getService('kibanaServer'); const log = getService('log'); if (!isRegistryEnabled()) { @@ -34,16 +34,21 @@ export default function endpointAPIIntegrationTests(providerContext: FtrProvider log.warning(`Error setting up ingestManager: ${err}`); } - // create role/user - for (const role of roles) { - await rolesUsersProvider.createRole({ predefinedRole: role }); - await rolesUsersProvider.createUser({ name: role, roles: [role] }); + if (!(await isServerlessKibanaFlavor(kbnClient))) { + // create role/user + for (const role of roles) { + await rolesUsersProvider.createRole({ predefinedRole: role }); + await rolesUsersProvider.createUser({ name: role, roles: [role] }); + } } }); + after(async () => { - // delete role/user - await rolesUsersProvider.deleteUsers(roles); - await rolesUsersProvider.deleteRoles(roles); + if (!(await isServerlessKibanaFlavor(kbnClient))) { + // delete role/user + await rolesUsersProvider.deleteUsers(roles); + await rolesUsersProvider.deleteRoles(roles); + } }); loadTestFile(require.resolve('./resolver')); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/metadata.ts b/x-pack/test/security_solution_endpoint_api_int/apis/metadata.ts index 17cc5906d7ba8..3ac6c83938c14 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/metadata.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/metadata.ts @@ -29,6 +29,7 @@ import { EndpointSortableField, MetadataListResponse, } from '@kbn/security-solution-plugin/common/endpoint/types'; +import { targetTags } from '../../security_solution_endpoint/target_tags'; import { generateAgentDocs, generateMetadataDocs } from './metadata.fixtures'; import { bulkIndex, @@ -47,7 +48,9 @@ export default function ({ getService }: FtrProviderContext) { const log = getService('log'); // Failing: See https://github.com/elastic/kibana/issues/151854 - describe.skip('test metadata apis', () => { + describe.skip('test metadata apis', function () { + targetTags(this, ['@ess', '@serverless']); + describe('list endpoints GET route', () => { const numberOfHostsInFixture = 2; let agent1Timestamp: number; @@ -415,10 +418,14 @@ export default function ({ getService }: FtrProviderContext) { }); it('should respond forbidden if no fleet access', async () => { + const config = getService('config'); + const ca = config.get('servers.kibana').certificateAuthorities; + await getService('supertestWithoutAuth') .get(METADATA_TRANSFORMS_STATUS_ROUTE) .set('kbn-xsrf', 'xxx') .set('Elastic-Api-Version', '2023-10-31') + .ca(ca) .expect(401); }); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/package.ts b/x-pack/test/security_solution_endpoint_api_int/apis/package.ts index 9df605fa32a04..4b6fb578bbef8 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/package.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/package.ts @@ -15,6 +15,7 @@ import { EndpointDocGenerator, Event, } from '@kbn/security-solution-plugin/common/endpoint/generate_data'; +import { targetTags } from '../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../ftr_provider_context'; import { InsertedEvents, processEventsIndex } from '../services/resolver'; import { deleteEventsStream } from './data_stream_helper'; @@ -70,7 +71,9 @@ export default function ({ getService }: FtrProviderContext) { }; // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/114885 - describe.skip('Endpoint package', () => { + describe.skip('Endpoint package', function () { + targetTags(this, ['@ess']); + describe('network processors', () => { let networkIndexData: InsertedEvents; diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/policy.ts b/x-pack/test/security_solution_endpoint_api_int/apis/policy.ts index 8b72a6c21bfe5..1fe5fbda42f19 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/policy.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/policy.ts @@ -6,13 +6,16 @@ */ import expect from '@kbn/expect'; +import { targetTags } from '../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../ftr_provider_context'; import { deletePolicyStream } from './data_stream_helper'; export default function ({ getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); - describe('Endpoint policy api', () => { + describe('Endpoint policy api', function () { + targetTags(this, ['@ess', '@serverless']); + describe('GET /api/endpoint/policy_response', () => { before( async () => diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity.ts index 268f67a30a918..2a85d95f24c65 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity.ts @@ -8,13 +8,16 @@ import expect from '@kbn/expect'; import { eventsIndexPattern } from '@kbn/security-solution-plugin/common/endpoint/constants'; import { ResolverEntityIndex } from '@kbn/security-solution-plugin/common/endpoint/types'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); const esArchiver = getService('esArchiver'); - describe('Resolver tests for the entity route', () => { + describe('Resolver tests for the entity route', function () { + targetTags(this, ['@ess', '@serverless']); + describe('winlogbeat tests', () => { before(async () => { await esArchiver.load('x-pack/test/functional/es_archives/endpoint/resolver/winlogbeat'); @@ -27,9 +30,12 @@ export default function ({ getService }: FtrProviderContext) { it('returns a winlogbeat sysmon event when the event matches the schema correctly', async () => { // this id is from the es archive const _id = 'sysmon-event'; - const { body }: { body: ResolverEntityIndex } = await supertest.get( - `/api/endpoint/resolver/entity?_id=${_id}&indices=${eventsIndexPattern}&indices=winlogbeat-7.11.0-default` - ); + const { body }: { body: ResolverEntityIndex } = await supertest + .get( + `/api/endpoint/resolver/entity?_id=${_id}&indices=${eventsIndexPattern}&indices=winlogbeat-7.11.0-default` + ) + .set('x-elastic-internal-origin', 'xxx'); + expect(body).eql([ { name: 'winlogbeat', @@ -47,14 +53,20 @@ export default function ({ getService }: FtrProviderContext) { it('does not return a powershell event that has event.module set to powershell', async () => { // this id is from the es archive const _id = 'powershell-event'; - const { body }: { body: ResolverEntityIndex } = await supertest.get( - `/api/endpoint/resolver/entity?_id=${_id}&indices=${eventsIndexPattern}&indices=winlogbeat-7.11.0-default` - ); + const { body }: { body: ResolverEntityIndex } = await supertest + .get( + `/api/endpoint/resolver/entity?_id=${_id}&indices=${eventsIndexPattern}&indices=winlogbeat-7.11.0-default` + ) + .set('x-elastic-internal-origin', 'xxx'); + expect(body).to.be.empty(); }); }); - describe('signals index mapping tests', () => { + describe('signals index mapping tests', function () { + // illegal_argument_exception: unknown setting [index.lifecycle.name] in before + targetTags(this, ['@brokenInServerless']); + before(async () => { await esArchiver.load('x-pack/test/functional/es_archives/endpoint/resolver/signals'); }); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts index 6cf74092caf9e..bd5bd0aeca023 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts @@ -19,9 +19,11 @@ import { EndpointDocGenerator, Event, } from '@kbn/security-solution-plugin/common/endpoint/generate_data'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; import { InsertedEvents, processEventsIndex } from '../../services/resolver'; import { createAncestryArray, schemaWithAncestry } from './common'; +import { HEADERS } from '../../headers'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -34,7 +36,9 @@ export default function ({ getService }: FtrProviderContext) { } }; - describe('Resolver handling of entity ids', () => { + describe('Resolver handling of entity ids', function () { + targetTags(this, ['@ess', '@serverless']); + describe('entity api', () => { let origin: Event; let genData: InsertedEvents; @@ -52,11 +56,14 @@ export default function ({ getService }: FtrProviderContext) { }); it('excludes events that have an empty entity_id field', async () => { - const { body }: { body: ResolverEntityIndex } = await supertest.get( - // using the same indices value here twice to force the query parameter to be an array - // for some reason using supertest's query() function doesn't construct a parsable array - `/api/endpoint/resolver/entity?_id=${genData.eventsInfo[0]._id}&indices=${eventsIndexPattern}&indices=${eventsIndexPattern}` - ); + const { body }: { body: ResolverEntityIndex } = await supertest + .get( + // using the same indices value here twice to force the query parameter to be an array + // for some reason using supertest's query() function doesn't construct a parsable array + `/api/endpoint/resolver/entity?_id=${genData.eventsInfo[0]._id}&indices=${eventsIndexPattern}&indices=${eventsIndexPattern}` + ) + .set(HEADERS); + expect(body).to.be.empty(); }); }); @@ -100,7 +107,7 @@ export default function ({ getService }: FtrProviderContext) { it('does not find children without a process entity_id', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, ancestors: 0, @@ -172,7 +179,7 @@ export default function ({ getService }: FtrProviderContext) { }; const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, ancestors: 10, diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/events.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/events.ts index 10cac58533b24..2c1829d2d4501 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/events.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/events.ts @@ -18,9 +18,11 @@ import { Tree, RelatedEventCategory, } from '@kbn/security-solution-plugin/common/endpoint/generate_data'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; import { Options, GeneratedTrees } from '../../services/resolver'; import { compareArrays } from './common'; +import { HEADERS } from '../../headers'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -48,7 +50,9 @@ export default function ({ getService }: FtrProviderContext) { ancestryArraySize: 2, }; - describe('event route', () => { + describe('event route', function () { + targetTags(this, ['@ess', '@serverless']); + let entityIDFilterArray: JsonObject[] | undefined; let entityIDFilter: string | undefined; before(async () => { @@ -77,7 +81,7 @@ export default function ({ getService }: FtrProviderContext) { }); const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter, indexPatterns: [eventsIndexPattern], @@ -100,7 +104,7 @@ export default function ({ getService }: FtrProviderContext) { }); const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter, indexPatterns: [eventsIndexPattern], @@ -117,7 +121,7 @@ export default function ({ getService }: FtrProviderContext) { it('should return related events for the root node', async () => { const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: entityIDFilter, indexPatterns: [eventsIndexPattern], @@ -143,7 +147,7 @@ export default function ({ getService }: FtrProviderContext) { }); const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter, indexPatterns: [eventsIndexPattern], @@ -164,7 +168,7 @@ export default function ({ getService }: FtrProviderContext) { it('should return paginated results for the root node', async () => { let { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events?limit=2`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: entityIDFilter, indexPatterns: [eventsIndexPattern], @@ -180,7 +184,7 @@ export default function ({ getService }: FtrProviderContext) { ({ body } = await supertest .post(`/api/endpoint/resolver/events?limit=2&afterEvent=${body.nextEvent}`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: entityIDFilter, indexPatterns: [eventsIndexPattern], @@ -196,7 +200,7 @@ export default function ({ getService }: FtrProviderContext) { ({ body } = await supertest .post(`/api/endpoint/resolver/events?limit=2&afterEvent=${body.nextEvent}`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: entityIDFilter, indexPatterns: [eventsIndexPattern], @@ -213,7 +217,7 @@ export default function ({ getService }: FtrProviderContext) { it('should return the first page of information when the cursor is invalid', async () => { const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events?afterEvent=blah`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: entityIDFilter, indexPatterns: [eventsIndexPattern], @@ -231,7 +235,7 @@ export default function ({ getService }: FtrProviderContext) { it('should sort the events in descending order', async () => { const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: entityIDFilter, indexPatterns: [eventsIndexPattern], @@ -258,7 +262,7 @@ export default function ({ getService }: FtrProviderContext) { const to = from; const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: entityIDFilter, indexPatterns: [eventsIndexPattern], @@ -276,7 +280,7 @@ export default function ({ getService }: FtrProviderContext) { it('should not find events when using an incorrect index pattern', async () => { const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: entityIDFilter, indexPatterns: ['doesnotexist-*'], @@ -295,7 +299,7 @@ export default function ({ getService }: FtrProviderContext) { expect(originParentID).to.not.be(''); const { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: JSON.stringify({ bool: { @@ -323,7 +327,7 @@ export default function ({ getService }: FtrProviderContext) { let { body }: { body: ResolverPaginatedEvents } = await supertest .post(`/api/endpoint/resolver/events`) .query({ limit: 2 }) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: JSON.stringify({ bool: { @@ -346,7 +350,7 @@ export default function ({ getService }: FtrProviderContext) { ({ body } = await supertest .post(`/api/endpoint/resolver/events`) .query({ limit: 3, afterEvent: body.nextEvent }) - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ filter: JSON.stringify({ bool: { diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts index e4838b49f7ca1..c9602243e70e3 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts @@ -16,9 +16,11 @@ import { Tree, RelatedEventCategory, } from '@kbn/security-solution-plugin/common/endpoint/generate_data'; +import { targetTags } from '../../../security_solution_endpoint/target_tags'; import { FtrProviderContext } from '../../ftr_provider_context'; import { Options, GeneratedTrees } from '../../services/resolver'; import { schemaWithAncestry, schemaWithName, schemaWithoutAncestry, verifyTree } from './common'; +import { HEADERS } from '../../headers'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -45,7 +47,9 @@ export default function ({ getService }: FtrProviderContext) { ancestryArraySize: 2, }; - describe('Resolver tree', () => { + describe('Resolver tree', function () { + targetTags(this, ['@ess', '@serverless']); + before(async () => { resolverTrees = await resolver.createTrees(treeOptions); // we only requested a single alert so there's only 1 tree @@ -59,7 +63,7 @@ export default function ({ getService }: FtrProviderContext) { it('should return the correct ancestor nodes for the tree', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, @@ -84,7 +88,7 @@ export default function ({ getService }: FtrProviderContext) { it('should handle an invalid id', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, @@ -104,7 +108,7 @@ export default function ({ getService }: FtrProviderContext) { it('should return a subset of the ancestors', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, @@ -130,7 +134,7 @@ export default function ({ getService }: FtrProviderContext) { it('should return ancestors without the ancestry array', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, @@ -158,7 +162,7 @@ export default function ({ getService }: FtrProviderContext) { ).toISOString(); const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, @@ -185,7 +189,7 @@ export default function ({ getService }: FtrProviderContext) { const bottomMostDescendant = Array.from(tree.childrenLevels[1].values())[0].id; const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, @@ -221,7 +225,7 @@ export default function ({ getService }: FtrProviderContext) { const rightNode = level0Nodes[2].id; const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, @@ -252,7 +256,7 @@ export default function ({ getService }: FtrProviderContext) { it('should not return any nodes when the search index does not have any data', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, @@ -274,7 +278,7 @@ export default function ({ getService }: FtrProviderContext) { it('returns all descendants for the origin without using the ancestry field', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, descendantLevels: 2, @@ -303,7 +307,7 @@ export default function ({ getService }: FtrProviderContext) { it('returns all descendants for the origin using the ancestry field', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, // should be ignored when using the ancestry array @@ -333,7 +337,7 @@ export default function ({ getService }: FtrProviderContext) { it('should handle an invalid id', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, descendantLevels: 100, @@ -356,7 +360,7 @@ export default function ({ getService }: FtrProviderContext) { const childID = Array.from(tree.childrenLevels[0].values())[0].id; const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, descendantLevels: 1, @@ -389,7 +393,7 @@ export default function ({ getService }: FtrProviderContext) { const rightNodeID = level0Nodes[2].id; const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 6, descendantLevels: 0, @@ -422,7 +426,7 @@ export default function ({ getService }: FtrProviderContext) { expect(originGrandparent).to.not.be(''); const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 2, descendantLevels: 0, @@ -459,7 +463,7 @@ export default function ({ getService }: FtrProviderContext) { expect(originGrandparent).to.not.be(''); const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 6, descendantLevels: 1, @@ -495,7 +499,7 @@ export default function ({ getService }: FtrProviderContext) { ).toISOString(); const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, descendantLevels: 5, @@ -524,7 +528,7 @@ export default function ({ getService }: FtrProviderContext) { it('returns all descendants and ancestors without the ancestry field and they should have the name field', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, descendantLevels: 10, @@ -562,7 +566,7 @@ export default function ({ getService }: FtrProviderContext) { it('returns all descendants and ancestors without the ancestry field', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, descendantLevels: 10, @@ -600,7 +604,7 @@ export default function ({ getService }: FtrProviderContext) { it('returns all descendants and ancestors with the ancestry field', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 100, descendantLevels: 10, @@ -638,7 +642,7 @@ export default function ({ getService }: FtrProviderContext) { it('returns an empty response when limits are zero', async () => { const { body }: { body: ResolverNode[] } = await supertest .post('/api/endpoint/resolver/tree') - .set('kbn-xsrf', 'xxx') + .set(HEADERS) .send({ descendants: 0, descendantLevels: 0, diff --git a/x-pack/test/security_solution_endpoint_api_int/config.base.ts b/x-pack/test/security_solution_endpoint_api_int/config.base.ts new file mode 100644 index 0000000000000..039030e2a2230 --- /dev/null +++ b/x-pack/test/security_solution_endpoint_api_int/config.base.ts @@ -0,0 +1,56 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Config } from '@kbn/test'; +import { getRegistryUrlAsArray, createEndpointDockerConfig } from './registry'; +import { SUITE_TAGS } from '../security_solution_endpoint/config.base'; + +export const generateConfig = async ({ + baseConfig, + junitReportName, + kbnServerArgs = [], + target, + services, +}: { + baseConfig: Config; + junitReportName: string; + kbnServerArgs?: string[]; + target: keyof typeof SUITE_TAGS; + services: any; +}): Promise => { + return { + ...baseConfig.getAll(), + testFiles: [require.resolve('./apis')], + dockerServers: createEndpointDockerConfig(), + services, + junit: { + reportName: junitReportName, + }, + suiteTags: { + ...baseConfig.get('suiteTags'), + include: [...baseConfig.get('suiteTags.include'), ...SUITE_TAGS[target].include], + exclude: [...baseConfig.get('suiteTags.exclude'), ...SUITE_TAGS[target].exclude], + }, + kbnTestServer: { + ...baseConfig.get('kbnTestServer'), + serverArgs: [ + ...baseConfig.get('kbnTestServer.serverArgs'), + // if you return an empty string here the kibana server will not start properly but an empty array works + ...getRegistryUrlAsArray(), + // always install Endpoint package by default when Fleet sets up + `--xpack.fleet.packages.0.name=endpoint`, + `--xpack.fleet.packages.0.version=latest`, + // this will be removed in 8.7 when the file upload feature is released + `--xpack.fleet.enableExperimental.0=diagnosticFileUploadEnabled`, + // set any experimental feature flags for testing + `--xpack.securitySolution.enableExperimental=${JSON.stringify([])}`, + + ...kbnServerArgs, + ], + }, + }; +}; diff --git a/x-pack/test/security_solution_endpoint_api_int/config.ts b/x-pack/test/security_solution_endpoint_api_int/config.ts index 0f2f245378a3c..3789004aba497 100644 --- a/x-pack/test/security_solution_endpoint_api_int/config.ts +++ b/x-pack/test/security_solution_endpoint_api_int/config.ts @@ -6,34 +6,16 @@ */ import { FtrConfigProviderContext } from '@kbn/test'; -import { createEndpointDockerConfig, getRegistryUrlAsArray } from './registry'; +import { generateConfig } from './config.base'; import { services } from './services'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const xPackAPITestsConfig = await readConfigFile(require.resolve('../api_integration/config.ts')); - return { - ...xPackAPITestsConfig.getAll(), - testFiles: [require.resolve('./apis')], - dockerServers: createEndpointDockerConfig(), + return generateConfig({ + baseConfig: xPackAPITestsConfig, + junitReportName: 'X-Pack Endpoint API Integration Tests against ESS', + target: 'ess', services, - junit: { - reportName: 'X-Pack Endpoint API Integration Tests', - }, - kbnTestServer: { - ...xPackAPITestsConfig.get('kbnTestServer'), - serverArgs: [ - ...xPackAPITestsConfig.get('kbnTestServer.serverArgs'), - // if you return an empty string here the kibana server will not start properly but an empty array works - ...getRegistryUrlAsArray(), - // always install Endpoint package by default when Fleet sets up - `--xpack.fleet.packages.0.name=endpoint`, - `--xpack.fleet.packages.0.version=latest`, - // this will be removed in 8.7 when the file upload feature is released - `--xpack.fleet.enableExperimental.0=diagnosticFileUploadEnabled`, - // set any experimental feature flags for testing - `--xpack.securitySolution.enableExperimental=${JSON.stringify([])}`, - ], - }, - }; + }); } diff --git a/x-pack/test/security_solution_endpoint_api_int/headers.ts b/x-pack/test/security_solution_endpoint_api_int/headers.ts new file mode 100644 index 0000000000000..e4ca6acfbbc65 --- /dev/null +++ b/x-pack/test/security_solution_endpoint_api_int/headers.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const HEADERS = Object.freeze({ + 'kbn-xsrf': 'security_solution', + 'x-elastic-internal-origin': 'security_solution', +}); diff --git a/x-pack/test/security_solution_endpoint_api_int/serverless.config.ts b/x-pack/test/security_solution_endpoint_api_int/serverless.config.ts new file mode 100644 index 0000000000000..262bf4dafa2f7 --- /dev/null +++ b/x-pack/test/security_solution_endpoint_api_int/serverless.config.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; +import { generateConfig } from './config.base'; +import { svlServices } from './services'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const serverlessTestsConfig = await readConfigFile( + require.resolve('../../test_serverless/shared/config.base.ts') + ); + + return generateConfig({ + baseConfig: serverlessTestsConfig, + junitReportName: 'X-Pack Endpoint API Integration Tests against Serverless', + target: 'serverless', + kbnServerArgs: ['--serverless=security'], + services: svlServices, + }); +} diff --git a/x-pack/test/security_solution_endpoint_api_int/services/index.ts b/x-pack/test/security_solution_endpoint_api_int/services/index.ts index e94e41f37b922..44a4354d928f5 100644 --- a/x-pack/test/security_solution_endpoint_api_int/services/index.ts +++ b/x-pack/test/security_solution_endpoint_api_int/services/index.ts @@ -5,6 +5,10 @@ * 2.0. */ +import { + KibanaSupertestWithCertProvider, + KibanaSupertestWithCertWithoutAuthProvider, +} from '../../security_solution_endpoint/services/supertest_with_cert'; import { services as xPackAPIServices } from '../../api_integration/services'; import { ResolverGeneratorProvider } from './resolver'; import { RolesUsersProvider } from './roles_users'; @@ -20,3 +24,10 @@ export const services = { endpointArtifactTestResources: EndpointArtifactsTestResources, rolesUsersProvider: RolesUsersProvider, }; + +export const svlServices = { + ...services, + + supertest: KibanaSupertestWithCertProvider, + supertestWithoutAuth: KibanaSupertestWithCertWithoutAuthProvider, +}; diff --git a/x-pack/test/security_solution_endpoint_api_int/services/roles_users.ts b/x-pack/test/security_solution_endpoint_api_int/services/roles_users.ts index baac39815b488..1d9c2a353a1f6 100644 --- a/x-pack/test/security_solution_endpoint_api_int/services/roles_users.ts +++ b/x-pack/test/security_solution_endpoint_api_int/services/roles_users.ts @@ -5,49 +5,17 @@ * 2.0. */ -import type { Role } from '@kbn/security-plugin/common'; - -import { getT1Analyst } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/t1_analyst'; -import { getT2Analyst } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/t2_analyst'; -import { getHunter } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/hunter'; -import { getThreatIntelligenceAnalyst } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/threat_intelligence_analyst'; -import { getDetectionsEngineer } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/detections_engineer'; -import { getSocManager } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/soc_manager'; -import { getPlatformEngineer } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/platform_engineer'; -import { getEndpointOperationsAnalyst } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/endpoint_operations_analyst'; -import { getEndpointSecurityPolicyManager } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/endpoint_security_policy_manager'; -import { getWithResponseActionsRole } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/with_response_actions_role'; -import { getWithArtifactReadPrivilegesRole } from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users/with_artifact_read_privileges_role'; +import { + EndpointSecurityRoleNames, + ENDPOINT_SECURITY_ROLE_NAMES, + getAllEndpointSecurityRoles, +} from '@kbn/security-solution-plugin/scripts/endpoint/common/roles_users'; import { FtrProviderContext } from '../ftr_provider_context'; -export enum ROLE { - t1_analyst = 't1Analyst', - t2_analyst = 't2Analyst', - analyst_hunter = 'hunter', - threat_intelligence_analyst = 'threatIntelligenceAnalyst', - detections_engineer = 'detectionsEngineer', - soc_manager = 'socManager', - platform_engineer = 'platformEngineer', - endpoint_operations_analyst = 'endpointOperationsAnalyst', - endpoint_security_policy_manager = 'endpointSecurityPolicyManager', - response_actions_role = 'executeResponseActions', - artifact_read_role = 'artifactReadRole', -} +export const ROLE = ENDPOINT_SECURITY_ROLE_NAMES; -const rolesMapping: { [key in ROLE]: Omit } = { - t1Analyst: getT1Analyst(), - t2Analyst: getT2Analyst(), - hunter: getHunter(), - threatIntelligenceAnalyst: getThreatIntelligenceAnalyst(), - detectionsEngineer: getDetectionsEngineer(), - socManager: getSocManager(), - platformEngineer: getPlatformEngineer(), - endpointOperationsAnalyst: getEndpointOperationsAnalyst(), - endpointSecurityPolicyManager: getEndpointSecurityPolicyManager(), - executeResponseActions: getWithResponseActionsRole(), - artifactReadRole: getWithArtifactReadPrivilegesRole(), -}; +const rolesMapping = getAllEndpointSecurityRoles(); export function RolesUsersProvider({ getService }: FtrProviderContext) { const security = getService('security'); @@ -76,7 +44,7 @@ export function RolesUsersProvider({ getService }: FtrProviderContext) { * @param options */ async createRole(options: { - predefinedRole?: ROLE; + predefinedRole?: EndpointSecurityRoleNames; extraPrivileges?: string[]; customRole?: { roleName: string; extraPrivileges: string[] }; }): Promise {