elastic · iblancof · Nov 22, 2024 · Nov 21, 2024
@@ -12,33 +12,34 @@ export default function apmApiIntegrationTests({
 }: DeploymentAgnosticFtrProviderContext) {
   describe('APM', function () {
     loadTestFile(require.resolve('./agent_explorer'));
-    loadTestFile(require.resolve('./mobile'));
-    loadTestFile(require.resolve('./errors'));
     loadTestFile(require.resolve('./alerts'));
+    loadTestFile(require.resolve('./cold_start'));
+    loadTestFile(require.resolve('./correlations'));
     loadTestFile(require.resolve('./custom_dashboards'));
+    loadTestFile(require.resolve('./data_view'));
     loadTestFile(require.resolve('./dependencies'));
+    loadTestFile(require.resolve('./diagnostics'));
+    loadTestFile(require.resolve('./entities'));
     loadTestFile(require.resolve('./environment'));
     loadTestFile(require.resolve('./error_rate'));
-    loadTestFile(require.resolve('./data_view'));
-    loadTestFile(require.resolve('./correlations'));
-    loadTestFile(require.resolve('./entities'));
-    loadTestFile(require.resolve('./cold_start'));
-    loadTestFile(require.resolve('./metrics'));
-    loadTestFile(require.resolve('./services'));
+    loadTestFile(require.resolve('./errors'));
     loadTestFile(require.resolve('./historical_data'));
-    loadTestFile(require.resolve('./observability_overview'));
-    loadTestFile(require.resolve('./latency'));
     loadTestFile(require.resolve('./infrastructure'));
-    loadTestFile(require.resolve('./service_maps'));
     loadTestFile(require.resolve('./inspect'));
+    loadTestFile(require.resolve('./latency'));
+    loadTestFile(require.resolve('./metrics'));
+    loadTestFile(require.resolve('./mobile'));
+    loadTestFile(require.resolve('./observability_overview'));
     loadTestFile(require.resolve('./service_groups'));
-    loadTestFile(require.resolve('./time_range_metadata'));
-    loadTestFile(require.resolve('./diagnostics'));
+    loadTestFile(require.resolve('./service_maps'));
     loadTestFile(require.resolve('./service_nodes'));
+    loadTestFile(require.resolve('./service_overview'));
+    loadTestFile(require.resolve('./services'));
+    loadTestFile(require.resolve('./settings'));
     loadTestFile(require.resolve('./span_links'));
     loadTestFile(require.resolve('./suggestions'));
     loadTestFile(require.resolve('./throughput'));
+    loadTestFile(require.resolve('./time_range_metadata'));
     loadTestFile(require.resolve('./transactions'));
-    loadTestFile(require.resolve('./service_overview'));
   });
 }
@@ -118,7 +118,7 @@ export default function annotationApiTests({ getService }: DeploymentAgnosticFtr
         });
 
         response = (
-          await apmApiClient.readUser({
+          await apmApiClient.publicApi({
             endpoint: 'GET /api/apm/services/{serviceName}/annotation/search 2023-10-31',
             params: {
               path: {

@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import expect from '@kbn/expect';
+import { PrivilegeType, ClusterPrivilegeType } from '@kbn/apm-plugin/common/privilege_type';
+import type { RoleCredentials } from '../../../../../services';
+import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
+import { expectToReject } from '../../../../../../../apm_api_integration/common/utils/expect_to_reject';
+import type { ApmApiError } from '../../../../../services/apm_api';
+
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const samlAuth = getService('samlAuth');
+
+  const agentKeyName = 'test';
+  const allApplicationPrivileges = [PrivilegeType.AGENT_CONFIG, PrivilegeType.EVENT];
+  const clusterPrivileges = [ClusterPrivilegeType.MANAGE_OWN_API_KEY];
+
+  async function createAgentKey(roleAuthc: RoleCredentials) {
+    return await apmApiClient.publicApi({
+      endpoint: 'POST /api/apm/agent_keys 2023-10-31',
+      params: {
+        body: {
+          name: agentKeyName,
+          privileges: allApplicationPrivileges,
+        },
+      },
+      roleAuthc,
+    });
+  }
+
+  async function invalidateAgentKey(id: string) {
+    return await apmApiClient.writeUser({
+      endpoint: 'POST /internal/apm/api_key/invalidate',
+      params: {
+        body: { id },
+      },
+    });
+  }
+
+  async function getAgentKeys() {
+    return await apmApiClient.writeUser({ endpoint: 'GET /internal/apm/agent_keys' });
+  }
+
+  describe('When the user does not have the required privileges', () => {
+    let roleAuthc: RoleCredentials;
+
+    before(async () => {
+      roleAuthc = await samlAuth.createM2mApiKeyWithRoleScope('editor');
+    });
+
+    after(async () => {
+      await samlAuth.invalidateM2mApiKeyWithRoleScope(roleAuthc);
+    });
+
+    describe('When the user does not have the required cluster privileges', () => {
+      it('should return an error when creating an agent key', async () => {
+        const error = await expectToReject<ApmApiError>(() => createAgentKey(roleAuthc));
+        expect(error.res.status).to.be(403);
+        expect(error.res.body.message).contain('is missing the following requested privilege');
+        expect(error.res.body.attributes).to.eql({
+          _inspect: [],
+          data: {
+            missingPrivileges: allApplicationPrivileges,
+            missingClusterPrivileges: clusterPrivileges,
+          },
+        });
+      });
+
+      it('should return an error when invalidating an agent key', async () => {
+        const error = await expectToReject<ApmApiError>(() => invalidateAgentKey(agentKeyName));
+        expect(error.res.status).to.be(500);
+      });
+
+      it('should return an error when getting a list of agent keys', async () => {
+        const error = await expectToReject<ApmApiError>(() => getAgentKeys());
+        expect(error.res.status).to.be(500);
+      });
+    });
+  });
+}
@@ -6,17 +6,13 @@
  */
 
 import expect from '@kbn/expect';
-import { FtrProviderContext } from '../../../common/ftr_provider_context';
-import { ApmApiError } from '../../../common/apm_api_supertest';
+import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
+import type { ApmApiError } from '../../../../../services/apm_api';
 
-export default function apiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
+export default function apiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
 
-  type SupertestAsUser =
-    | typeof apmApiClient.readUser
-    | typeof apmApiClient.writeUser
-    | typeof apmApiClient.noAccessUser;
+  type SupertestAsUser = typeof apmApiClient.readUser | typeof apmApiClient.writeUser;
 
   function getJobs(user: SupertestAsUser) {
     return user({ endpoint: `GET /internal/apm/settings/anomaly-detection/jobs` });
@@ -34,28 +30,21 @@ export default function apiTest({ getService }: FtrProviderContext) {
   async function expectForbidden(user: SupertestAsUser) {
     try {
       await getJobs(user);
-      expect(true).to.be(false);
     } catch (e) {
       const err = e as ApmApiError;
       expect(err.res.status).to.be(403);
     }
 
     try {
       await createJobs(user, ['production', 'staging']);
-      expect(true).to.be(false);
     } catch (e) {
       const err = e as ApmApiError;
       expect(err.res.status).to.be(403);
     }
   }
 
-  registry.when('ML jobs return a 403 for', { config: 'basic', archives: [] }, () => {
+  describe('ML jobs return a 403 for', () => {
     describe('basic', function () {
-      this.tags('skipFIPS');
-      it('user without access', async () => {
-        await expectForbidden(apmApiClient.noAccessUser);
-      });
-
       it('read user', async () => {
         await expectForbidden(apmApiClient.readUser);
       });

@@ -0,0 +1,52 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
+import type { ApmApiError } from '../../../../../services/apm_api';
+
+export default function apiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+
+  function getJobs() {
+    return apmApiClient.readUser({ endpoint: `GET /internal/apm/settings/anomaly-detection/jobs` });
+  }
+
+  function createJobs(environments: string[]) {
+    return apmApiClient.readUser({
+      endpoint: `POST /internal/apm/settings/anomaly-detection/jobs`,
+      params: {
+        body: { environments },
+      },
+    });
+  }
+
+  describe('ML jobs', () => {
+    describe(`when readUser has read access to ML`, () => {
+      describe('when calling the endpoint for listing jobs', () => {
+        it('returns a list of jobs', async () => {
+          const { body } = await getJobs();
+
+          expect(body.jobs).not.to.be(undefined);
+          expect(body.hasLegacyJobs).to.be(false);
+        });
+      });
+
+      describe('when calling create endpoint', () => {
+        it('returns an error because the user does not have access', async () => {
+          try {
+            await createJobs(['production', 'staging']);
+            expect(true).to.be(false);
+          } catch (e) {
+            const err = e as ApmApiError;
+            expect(err.res.status).to.be(403);
+          }
+        });
+      });
+    });
+  });
+}
@@ -0,0 +1,75 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  APM_INDEX_SETTINGS_SAVED_OBJECT_ID,
+  APM_INDEX_SETTINGS_SAVED_OBJECT_TYPE,
+} from '@kbn/apm-data-access-plugin/server/saved_objects/apm_indices';
+import expect from '@kbn/expect';
+import type { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
+
+export default function apmIndicesTests({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const kibanaServer = getService('kibanaServer');
+  const apmApiClient = getService('apmApi');
+
+  async function deleteSavedObject() {
+    try {
+      return await kibanaServer.savedObjects.delete({
+        type: APM_INDEX_SETTINGS_SAVED_OBJECT_TYPE,
+        id: APM_INDEX_SETTINGS_SAVED_OBJECT_ID,
+      });
+    } catch (e) {
+      if (e.response.status !== 404) {
+        throw e;
+      }
+    }
+  }
+
+  describe('APM Indices', () => {
+    beforeEach(async () => {
+      await deleteSavedObject();
+    });
+
+    afterEach(async () => {
+      await deleteSavedObject();
+    });
+
+    it('returns APM Indices', async () => {
+      const response = await apmApiClient.readUser({
+        endpoint: 'GET /internal/apm/settings/apm-indices',
+      });
+      expect(response.status).to.be(200);
+      expect(response.body).to.eql({
+        transaction: 'traces-apm*,apm-*,traces-*.otel-*',
+        span: 'traces-apm*,apm-*,traces-*.otel-*',
+        error: 'logs-apm*,apm-*,logs-*.otel-*',
+        metric: 'metrics-apm*,apm-*,metrics-*.otel-*',
+        onboarding: 'apm-*',
+        sourcemap: 'apm-*',
+      });
+    });
+
+    it('updates apm indices', async () => {
+      const INDEX_VALUE = 'foo-*';
+
+      const writeResponse = await apmApiClient.writeUser({
+        endpoint: 'POST /internal/apm/settings/apm-indices/save',
+        params: {
+          body: { transaction: INDEX_VALUE },
+        },
+      });
+      expect(writeResponse.status).to.be(200);
+
+      const readResponse = await apmApiClient.readUser({
+        endpoint: 'GET /internal/apm/settings/apm-indices',
+      });
+
+      expect(readResponse.status).to.be(200);
+      expect(readResponse.body.transaction).to.eql(INDEX_VALUE);
+    });
+  });
+}