[Spaces] Moved tests to agnostic setup #200606
Conversation
|
/ci |
9 similar comments
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
elena-shostak
changed the title
elena-shostak
added
Team:Security
elena-shostak
force-pushed
the
space-deployment-agnostic
branch
from
8fedf64 to
f6def7f
Compare
|
/ci |
elena-shostak
force-pushed
the
space-deployment-agnostic
branch
2 times, most recently
from
2df08a0 to
1464f66
Compare
Flaky Test Runner Stats🟠 Some tests failed. - kibana-flaky-test-suite-runner#7634[❌] x-pack/test/spaces_api_integration/deployment_agnostic/stateful.config_trial.ts: 0/10 tests passed. |
Flaky Test Runner Stats🟠 Some tests failed. - kibana-flaky-test-suite-runner#7635[❌] x-pack/test/spaces_api_integration/deployment_agnostic/stateful.config_trial.ts: 0/1 tests passed. |
|
/ci |
|
/сi |
elena-shostak
force-pushed
the
space-deployment-agnostic
branch
from
efed4f7 to
585fcec
Compare
| ) { | ||
| const license = config.get('esTestCluster.license'); | ||
|
|
||
| if (!user || license !== 'trial') { |
There was a problem hiding this comment.
Important
We have a shared test suite for basic/trial licenses, which includes tests for both authorized and unauthorized users. Decoupling these tests is a complex and time-consuming task that requires careful consideration to avoid ending up with a significant amount of duplicated test code for different licenses.
Our custom service for RoleScopedSupertest takes it into account license and user passed/not passed to adjust needed supertest accordingly.
| @@ -139,7 +139,7 @@ | |||
| "id": "conflict_2_default", | |||
| "originId": "conflict_2", | |||
| "references": [], | |||
| "type": "sharedtype", | |||
There was a problem hiding this comment.
Note
sharedtype changed to event-annotation-group SO
isolatedtype changed to url SO
I failed to change sharedtype to index-pattern SO type since I was getting a lot of missing references errors, probably it was due to the fact that index-pattern was migrated to the multiple namespace from 8.0.0
| @@ -34,5 +34,11 @@ module.exports = { | |||
| '@typescript-eslint/no-floating-promises': 'error', | |||
| }, | |||
| }, | |||
| { | |||
| files: ['*spaces_api_integration/common/services/basic_auth_supertest.ts'], | |||
There was a problem hiding this comment.
agent.auth(this.user.username!, this.user.password!);Needed to suppress the eslint error for this line in our custom test service, the promise is awaited in the tests itself and adding a catch block breaks some of the test cases
eslint-disable line gets removed because this rule runs dynamically
| .join(', ')}` | ||
| ); | ||
|
|
||
| // _update_objects_spaces route is internal in serverless and public in stateful |
There was a problem hiding this comment.
Note
Decided to not add complexity to the custom roleScopedSupertest to accommodate this use case, so made it in place.
| includeAuthorizedPurposes: { | ||
| statusCode: 403, | ||
| response: expectRbacForbidden, | ||
| if (!isServerless) { |
There was a problem hiding this comment.
Note
There are no machine_learning_admin, machine_learning_user and monitoring_user roles in serverless.
We could rather move it to it's own test only for stateful or define custom roles, would like to have suggestions on this one 🙂
|
Pinging @elastic/kibana-security (Team:Security) |
|
@elasticmachine merge upstream |
| @@ -128,3 +128,65 @@ system_indices_superuser: | |||
| privileges: ['*'] | |||
| resources: ['*'] | |||
| run_as: ['*'] | |||
|
|
|||
| machine_learning_admin: | |||
There was a problem hiding this comment.
roles.yml is expected to list only default Cloud roles, we keep consistency with Cloud (both MKI and ESS) because we can't provision roles from this file to Cloud deployment. In order to make things work, we introduced custom roles support in FTR:
// First set privileges for custom role
await samlAuth.setCustomRole({
elasticsearch: {
indices: [{ names: ['logstash-*'], privileges: ['read', 'view_index_metadata'] }],
},
kibana: [
{
feature: {
discover: ['read'],
},
spaces: ['*'],
},
],
});
});
// Then you can login in browser as a user with newly defined privileges
await pageObjects.svlCommonPage.loginWithCustomRole()
There was a problem hiding this comment.
hmm, but in stateful they are built in already, isn't it? (screenshots are from cloud deployment)
Am I missing smth?
There was a problem hiding this comment.
These roles are built-in to stateful, but not serverless. The predefined serverless roles can be found in the roles.yml files in packages/kbn-es/src/serverless_resources/project_roles, nested under solution-specific folders.
Any tests that need a role other than these built-in serveless roles, will require a custom role, and will not be able to run on MKI from the FTR (at least for the time being, as it is not yet supported).
The stateful roles file is meant to mirror the serverless roles to keep the testing methodology the same.
There was a problem hiding this comment.
ok, I will move it to custom role
There was a problem hiding this comment.
UPD: we cannot use our api for custom roles or at least I don't see how. All those 3 roles rely on reserved built in privileges: ml_admin, ml_user, reserved_monitoring . I cannot pass those in, since we accept only read, all, none. Going one layer down to use es api to create those roles and adding other if/else statements seems not feasible.
I've moved those 3 tests to only stateful for now.
| @@ -104,3 +104,8 @@ enabled: | |||
| - x-pack/test/cloud_security_posture_functional/data_views/config.ts | |||
| - x-pack/test/automatic_import_api_integration/apis/config_basic.ts | |||
| - x-pack/test/automatic_import_api_integration/apis/config_graphs.ts | |||
| - x-pack/test/spaces_api_integration/deployment_agnostic/spaces_only/config.ts | |||
| - x-pack/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.config_basic.ts | |||
There was a problem hiding this comment.
I think we discussed it with @azasypkin and @jeramysoucy , that while basic license is stateful-only, these tests cannot be considered deployment-agnostic. wdyt?
There was a problem hiding this comment.
I can move them out of the deployment_agnostic folder to eliminate confusion, but all those tests still use the same test suite the serverless/trial config does
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
|
Summary
Moved space tests to deployment agnostic setup.
Checklist
Closes: #194584