[Data Usage] add functional tests for privileges (elastic#199377)

## Summary

functional tests for data usage plugin privileges and roles

(cherry picked from commit 0ab841f)

x-pack/test_serverless/functional/page_objects/svl_common_page.ts

@@ -134,6 +134,21 @@ export function SvlCommonPageProvider({ getService, getPageObjects }: FtrProvide
       await this.loginWithRole('viewer');
     },
 
+    /**
+     *
+     * Login to Kibana using SAML authentication with Editor role (observability, security)
+     */
+    async loginAsEditor() {
+      await this.loginWithRole('editor');
+    },
+
+    /**
+     * Login to Kibana using SAML authentication with Developer role (search)
+     */
+    async loginAsDeveloper() {
+      await this.loginWithRole('developer');
+    },
+
     /**
      * Login to Kibana using SAML authentication with Editor/Developer role
      */

x-pack/test_serverless/functional/page_objects/svl_management_page.ts

@@ -64,6 +64,9 @@ export function SvlManagementPageProvider({ getService }: FtrProviderContext) {
     async assertDataUsageManagementCardExists() {
       await testSubjects.existOrFail('app-card-data_usage');
     },
+    async assertDataUsageManagementCardDoesNotExist() {
+      await testSubjects.missingOrFail('app-card-data_usage');
+    },
     async clickDataUsageManagementCard() {
       await testSubjects.click('app-card-data_usage');
     },

x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts

@@ -10,5 +10,6 @@ import { FtrProviderContext } from '../../../ftr_provider_context';
 export default ({ loadTestFile }: FtrProviderContext) => {
   describe('Data Usage', function () {
     loadTestFile(require.resolve('./main'));
+    loadTestFile(require.resolve('./privileges'));
   });
 };

x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts

@@ -0,0 +1,105 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../ftr_provider_context';
+
+export default ({ getPageObjects, getService }: FtrProviderContext) => {
+  const pageObjects = getPageObjects(['svlCommonPage', 'svlManagementPage', 'common']);
+  const testSubjects = getService('testSubjects');
+  const samlAuth = getService('samlAuth');
+  const retry = getService('retry');
+  const dataUsageAppUrl = 'management/data/data_usage';
+
+  const navigateAndVerify = async (expectedVisible: boolean) => {
+    await pageObjects.common.navigateToApp('management');
+    await retry.waitFor('page to be visible', async () =>
+      testSubjects.exists('cards-navigation-page')
+    );
+
+    if (expectedVisible) {
+      await pageObjects.svlManagementPage.assertDataUsageManagementCardExists();
+      await pageObjects.common.navigateToApp(dataUsageAppUrl);
+      await testSubjects.exists('DataUsagePage');
+    } else {
+      await pageObjects.svlManagementPage.assertDataUsageManagementCardDoesNotExist();
+      await pageObjects.common.navigateToApp(dataUsageAppUrl);
+      await testSubjects.missingOrFail('DataUsagePage');
+    }
+  };
+
+  describe('privileges', function () {
+    // plugin needs to be enabled in serverless
+    this.tags(['skipMKI']);
+
+    it('renders for the admin role', async () => {
+      await pageObjects.svlCommonPage.loginAsAdmin();
+      await navigateAndVerify(true);
+    });
+
+    it('does not render for viewer', async () => {
+      await pageObjects.svlCommonPage.loginAsViewer();
+      await navigateAndVerify(false);
+    });
+    describe('with editor role', function () {
+      // editor role does not exist in search solution
+      this.tags(['skipSvlSearch']);
+      it('does not render for default (editor) role', async () => {
+        await pageObjects.svlCommonPage.loginAsEditor();
+        await navigateAndVerify(false);
+      });
+    });
+    describe('with developer role', function () {
+      // developer role only exists in ecs solution
+      this.tags(['skipSvlOblt', 'skipSvlSec']);
+      it('renders for developer role', async () => {
+        await pageObjects.svlCommonPage.loginAsDeveloper();
+        await navigateAndVerify(true);
+      });
+    });
+    describe('with custom role', function () {
+      // custom roles aren't available in observability yet
+      this.tags(['skipSvlOblt']);
+      afterEach(async () => {
+        await samlAuth.deleteCustomRole();
+      });
+      it('renders with a custom role that has the monitor cluster privilege', async () => {
+        await samlAuth.setCustomRole({
+          elasticsearch: {
+            cluster: ['monitor'],
+            indices: [{ names: ['*'], privileges: ['all'] }],
+          },
+          kibana: [
+            {
+              base: ['all'],
+              feature: {},
+              spaces: ['*'],
+            },
+          ],
+        });
+        await pageObjects.svlCommonPage.loginWithCustomRole();
+        await navigateAndVerify(true);
+      });
+
+      it('does not render with a custom role that does not have the monitor cluster privilege', async () => {
+        await samlAuth.setCustomRole({
+          elasticsearch: {
+            indices: [{ names: ['*'], privileges: ['all'] }],
+          },
+          kibana: [
+            {
+              base: ['all'],
+              feature: {},
+              spaces: ['*'],
+            },
+          ],
+        });
+        await pageObjects.svlCommonPage.loginWithCustomRole();
+        await navigateAndVerify(false);
+      });
+    });
+  });
+};