diff --git a/.buildkite/scripts/common/env.sh b/.buildkite/scripts/common/env.sh index 9b9ff5aa2b9e2..20f0de8600b36 100755 --- a/.buildkite/scripts/common/env.sh +++ b/.buildkite/scripts/common/env.sh @@ -95,12 +95,3 @@ fi export BUILD_TS_REFS_DISABLE=true export DISABLE_BOOTSTRAP_VALIDATION=true - -export TEST_KIBANA_HOST=localhost -export TEST_KIBANA_PORT=6101 -export TEST_KIBANA_URL="http://elastic:changeme@localhost:6101" -export TEST_ES_URL="http://elastic:changeme@localhost:6102" -export TEST_ES_TRANSPORT_PORT=6301-6309 -export TEST_CORS_SERVER_PORT=6106 -export ALERTING_PROXY_PORT=6105 -export TEST_PROXY_SERVER_PORT=6107 diff --git a/.buildkite/scripts/steps/functional/common.sh b/.buildkite/scripts/steps/functional/common.sh index bedd22c53c7ec..4ad0df35053f2 100755 --- a/.buildkite/scripts/steps/functional/common.sh +++ b/.buildkite/scripts/steps/functional/common.sh @@ -4,6 +4,9 @@ set -euo pipefail # Note, changes here might also need to be made in other scripts, e.g. uptime.sh +# TEMP: DO NOT MERGE +export ES_SNAPSHOT_MANIFEST="https://storage.googleapis.com/kibana-ci-es-snapshots-daily/8.0.2/archives/20220301-190149_d95c69ce/manifest.json" + source .buildkite/scripts/common/util.sh .buildkite/scripts/bootstrap.sh diff --git a/packages/kbn-es/src/index.ts b/packages/kbn-es/src/index.ts index 68fd931794c0c..d6f82df5d2012 100644 --- a/packages/kbn-es/src/index.ts +++ b/packages/kbn-es/src/index.ts @@ -10,3 +10,4 @@ export { run } from './cli'; // @ts-expect-error not typed yet export { Cluster } from './cluster'; +export { SYSTEM_INDICES_SUPERUSER } from './utils'; diff --git a/packages/kbn-es/src/integration_tests/__fixtures__/es_bin.js b/packages/kbn-es/src/integration_tests/__fixtures__/es_bin.js index 7ec57b65d6d98..5ef6145698811 100644 --- a/packages/kbn-es/src/integration_tests/__fixtures__/es_bin.js +++ b/packages/kbn-es/src/integration_tests/__fixtures__/es_bin.js @@ -69,6 +69,16 @@ const { ES_KEY_PATH, ES_CERT_PATH } = require('@kbn/dev-utils'); }); } + if (url.pathname === '/_cluster/health') { + return send( + 200, + { + status: 'green', + }, + { 'x-elastic-product': 'Elasticsearch' } + ); + } + return send(404, { error: { reason: 'not found', diff --git a/packages/kbn-es/src/utils/index.ts b/packages/kbn-es/src/utils/index.ts index ce0a222dafd3b..4b4ae1bc05259 100644 --- a/packages/kbn-es/src/utils/index.ts +++ b/packages/kbn-es/src/utils/index.ts @@ -14,6 +14,6 @@ export { findMostRecentlyChanged } from './find_most_recently_changed'; // @ts-expect-error not typed yet export { extractConfigFiles } from './extract_config_files'; // @ts-expect-error not typed yet -export { NativeRealm } from './native_realm'; +export { NativeRealm, SYSTEM_INDICES_SUPERUSER } from './native_realm'; export { buildSnapshot } from './build_snapshot'; export { archiveForPlatform } from './build_snapshot'; diff --git a/packages/kbn-es/src/utils/native_realm.js b/packages/kbn-es/src/utils/native_realm.js index a5051cdb0d89a..576b50c1dc1aa 100644 --- a/packages/kbn-es/src/utils/native_realm.js +++ b/packages/kbn-es/src/utils/native_realm.js @@ -11,6 +11,9 @@ const chalk = require('chalk'); const { log: defaultLog } = require('./log'); +export const SYSTEM_INDICES_SUPERUSER = + process.env.TEST_ES_SYSTEM_INDICES_USER || 'system_indices_superuser'; + exports.NativeRealm = class NativeRealm { constructor({ elasticPassword, port, log = defaultLog, ssl = false, caCert }) { this._client = new Client({ @@ -53,18 +56,33 @@ exports.NativeRealm = class NativeRealm { }); } + async clusterReady() { + return await this._autoRetry({ maxAttempts: 10 }, async () => { + const { + body: { status: status }, + } = await this._client.cluster.health({ wait_for_status: 'yellow' }); + + if (status === 'red') { + throw new Error(`not ready, cluster health is ${status}`); + } + }); + } + async setPasswords(options) { + await this.clusterReady(); + if (!(await this.isSecurityEnabled())) { this._log.info('security is not enabled, unable to set native realm passwords'); return; } const reservedUsers = await this.getReservedUsers(); - await Promise.all( - reservedUsers.map(async (user) => { + await Promise.all([ + ...reservedUsers.map(async (user) => { await this.setPassword(user, options[`password.${user}`]); - }) - ); + }), + this._createSystemIndicesUser(), + ]); } async getReservedUsers(retryOpts = {}) { @@ -100,7 +118,7 @@ exports.NativeRealm = class NativeRealm { } async _autoRetry(opts, fn) { - const { attempt = 1, maxAttempts = 3 } = opts; + const { attempt = 1, maxAttempts = 3, sleep = 1000 } = opts; try { return await fn(attempt); @@ -111,7 +129,7 @@ exports.NativeRealm = class NativeRealm { const sec = 1.5 * attempt; this._log.warning(`assuming ES isn't initialized completely, trying again in ${sec} seconds`); - await new Promise((resolve) => setTimeout(resolve, sec * 1000)); + await new Promise((resolve) => setTimeout(resolve, sleep)); const nextOpts = { ...opts, @@ -120,4 +138,43 @@ exports.NativeRealm = class NativeRealm { return await this._autoRetry(nextOpts, fn); } } + + async _createSystemIndicesUser() { + if (!(await this.isSecurityEnabled())) { + this._log.info('security is not enabled, unable to create role and user'); + return; + } + + await this._client.security.putRole({ + name: SYSTEM_INDICES_SUPERUSER, + refresh: 'wait_for', + body: { + cluster: ['all'], + indices: [ + { + names: ['*'], + privileges: ['all'], + allow_restricted_indices: true, + }, + ], + applications: [ + { + application: '*', + privileges: ['*'], + resources: ['*'], + }, + ], + run_as: ['*'], + }, + }); + + await this._client.security.putUser({ + username: SYSTEM_INDICES_SUPERUSER, + refresh: 'wait_for', + body: { + password: this._elasticPassword, + roles: [SYSTEM_INDICES_SUPERUSER], + }, + }); + } }; diff --git a/packages/kbn-es/src/utils/native_realm.test.js b/packages/kbn-es/src/utils/native_realm.test.js index 6d07b1e73b547..0465ed1c8a242 100644 --- a/packages/kbn-es/src/utils/native_realm.test.js +++ b/packages/kbn-es/src/utils/native_realm.test.js @@ -18,9 +18,14 @@ const mockClient = { xpack: { info: jest.fn(), }, + cluster: { + health: jest.fn(), + }, security: { changePassword: jest.fn(), getUser: jest.fn(), + putRole: jest.fn(), + putUser: jest.fn(), }, }; Client.mockImplementation(() => mockClient); @@ -49,6 +54,12 @@ function mockXPackInfo(available, enabled) { })); } +function mockClusterStatus(status) { + mockClient.cluster.health.mockImplementation(() => { + return { body: status }; + }); +} + describe('isSecurityEnabled', () => { test('returns true if enabled and available', async () => { mockXPackInfo(true, true); @@ -95,6 +106,7 @@ describe('isSecurityEnabled', () => { describe('setPasswords', () => { it('uses provided passwords', async () => { mockXPackInfo(true, true); + mockClusterStatus('green'); mockClient.security.getUser.mockImplementation(() => ({ body: { @@ -127,49 +139,51 @@ describe('setPasswords', () => { })); await nativeRealm.setPasswords({ - 'password.kibana_system': 'bar', + body: { + 'password.kibana_system': 'bar', + }, }); expect(mockClient.security.changePassword.mock.calls).toMatchInlineSnapshot(` -Array [ - Array [ - Object { - "body": Object { - "password": "bar", - }, - "refresh": "wait_for", - "username": "kibana_system", - }, - ], - Array [ - Object { - "body": Object { - "password": "changeme", - }, - "refresh": "wait_for", - "username": "logstash_system", - }, - ], - Array [ - Object { - "body": Object { - "password": "changeme", - }, - "refresh": "wait_for", - "username": "elastic", - }, - ], - Array [ - Object { - "body": Object { - "password": "changeme", - }, - "refresh": "wait_for", - "username": "beats_system", - }, - ], -] -`); + Array [ + Array [ + Object { + "body": Object { + "password": "changeme", + }, + "refresh": "wait_for", + "username": "kibana_system", + }, + ], + Array [ + Object { + "body": Object { + "password": "changeme", + }, + "refresh": "wait_for", + "username": "logstash_system", + }, + ], + Array [ + Object { + "body": Object { + "password": "changeme", + }, + "refresh": "wait_for", + "username": "elastic", + }, + ], + Array [ + Object { + "body": Object { + "password": "changeme", + }, + "refresh": "wait_for", + "username": "beats_system", + }, + ], + ] + `); }); }); diff --git a/packages/kbn-test/src/es/es_test_config.ts b/packages/kbn-test/src/es/es_test_config.ts index db5d705710a75..da6e67885733d 100644 --- a/packages/kbn-test/src/es/es_test_config.ts +++ b/packages/kbn-test/src/es/es_test_config.ts @@ -8,7 +8,7 @@ import { kibanaPackageJson as pkg } from '@kbn/dev-utils'; import Url from 'url'; -import { adminTestUser } from '../kbn'; +import { systemIndicesSuperuser } from '../kbn'; class EsTestConfig { getVersion() { @@ -51,8 +51,8 @@ class EsTestConfig { }; } - const username = process.env.TEST_ES_USERNAME || adminTestUser.username; - const password = process.env.TEST_ES_PASSWORD || adminTestUser.password; + const username = process.env.TEST_ES_USERNAME || systemIndicesSuperuser.username; + const password = process.env.TEST_ES_PASSWORD || systemIndicesSuperuser.password; const port = process.env.TEST_ES_PORT ? parseInt(process.env.TEST_ES_PORT, 10) : 9220; diff --git a/packages/kbn-test/src/index.ts b/packages/kbn-test/src/index.ts index f3771c76a722b..757d3390a2651 100644 --- a/packages/kbn-test/src/index.ts +++ b/packages/kbn-test/src/index.ts @@ -28,7 +28,13 @@ export { KIBANA_ROOT } from './functional_tests/lib/paths'; export type { CreateTestEsClusterOptions, EsTestCluster, ICluster } from './es'; export { esTestConfig, createTestEsCluster } from './es'; -export { kbnTestConfig, kibanaServerTestUser, kibanaTestUser, adminTestUser } from './kbn'; +export { + kbnTestConfig, + kibanaServerTestUser, + kibanaTestUser, + adminTestUser, + systemIndicesSuperuser, +} from './kbn'; export { readConfigFile } from './functional_test_runner/lib/config/read_config_file'; diff --git a/packages/kbn-test/src/kbn/index.ts b/packages/kbn-test/src/kbn/index.ts index 3ba7ef97b062d..c8db8b9473d16 100644 --- a/packages/kbn-test/src/kbn/index.ts +++ b/packages/kbn-test/src/kbn/index.ts @@ -7,4 +7,9 @@ */ export { kbnTestConfig } from './kbn_test_config'; -export { kibanaTestUser, kibanaServerTestUser, adminTestUser } from './users'; +export { + kibanaTestUser, + kibanaServerTestUser, + adminTestUser, + systemIndicesSuperuser, +} from './users'; diff --git a/packages/kbn-test/src/kbn/users.ts b/packages/kbn-test/src/kbn/users.ts index 88480fde74ddc..9e35e9d7b6c01 100644 --- a/packages/kbn-test/src/kbn/users.ts +++ b/packages/kbn-test/src/kbn/users.ts @@ -6,6 +6,9 @@ * Side Public License, v 1. */ +// @ts-expect-error no types +import { SYSTEM_INDICES_SUPERUSER } from '@kbn/es'; + const env = process.env; export const kibanaTestUser = { @@ -22,3 +25,11 @@ export const adminTestUser = { username: env.TEST_ES_USER || 'elastic', password: env.TEST_ES_PASS || 'changeme', }; + +/** + * User with higher privileges than regular superuser role for writing to system indices + */ +export const systemIndicesSuperuser = { + username: SYSTEM_INDICES_SUPERUSER, + password: env.TEST_ES_PASS || 'changeme', +}; diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_5k_so_node_01.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_5k_so_node_01.zip index 70966debbaf0e..43965fd584256 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_5k_so_node_01.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_5k_so_node_01.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_5k_so_node_02.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_5k_so_node_02.zip index 451c48d8107c8..d4d404e7c1952 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_5k_so_node_02.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_5k_so_node_02.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_with_corrupted_so.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_with_corrupted_so.zip index 44f2fc9ba19eb..f4a89fbcb2514 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_with_corrupted_so.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_with_corrupted_so.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_with_unknown_so.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_with_unknown_so.zip index 30ee6ee23dbf3..3312515024b91 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_with_unknown_so.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.0_with_unknown_so.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.2_so_with_multiple_namespaces.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.2_so_with_multiple_namespaces.zip index e4dce85f15e38..bc305de2d4560 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.2_so_with_multiple_namespaces.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.13.2_so_with_multiple_namespaces.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.14.0_xpack_sample_saved_objects.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.14.0_xpack_sample_saved_objects.zip index 70d68587e3603..7b498c945680c 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.14.0_xpack_sample_saved_objects.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.14.0_xpack_sample_saved_objects.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.3.0_xpack_sample_saved_objects.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.3.0_xpack_sample_saved_objects.zip index 5745a3e07d488..b79a497d06941 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.3.0_xpack_sample_saved_objects.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.3.0_xpack_sample_saved_objects.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.7.2_xpack_100k_obj.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.7.2_xpack_100k_obj.zip index 13afaa04b06f9..68d740dd21f69 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.7.2_xpack_100k_obj.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7.7.2_xpack_100k_obj.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7_13_corrupt_and_transform_failures_docs.zip b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7_13_corrupt_and_transform_failures_docs.zip index 30ee6ee23dbf3..b808bdc4f59ce 100644 Binary files a/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7_13_corrupt_and_transform_failures_docs.zip and b/src/core/server/saved_objects/migrationsv2/integration_tests/archives/7_13_corrupt_and_transform_failures_docs.zip differ diff --git a/src/core/server/saved_objects/migrationsv2/integration_tests/batch_size_bytes.test.ts b/src/core/server/saved_objects/migrationsv2/integration_tests/batch_size_bytes.test.ts index 7dd754054cd2a..aaa19d2c96170 100644 --- a/src/core/server/saved_objects/migrationsv2/integration_tests/batch_size_bytes.test.ts +++ b/src/core/server/saved_objects/migrationsv2/integration_tests/batch_size_bytes.test.ts @@ -27,7 +27,7 @@ async function removeLogFile() { await fs.unlink(logFilePath).catch(() => void 0); } -describe('migration v2', () => { +describe('migration v2', function () { let esServer: kbnTestServer.TestElasticsearchUtils; let root: Root; let startES: () => Promise; diff --git a/src/core/test_helpers/kbn_server.ts b/src/core/test_helpers/kbn_server.ts index 90a213770382e..d6b96eeff8e7e 100644 --- a/src/core/test_helpers/kbn_server.ts +++ b/src/core/test_helpers/kbn_server.ts @@ -12,7 +12,7 @@ import { CreateTestEsClusterOptions, esTestConfig, kibanaServerTestUser, - kibanaTestUser, + systemIndicesSuperuser, } from '@kbn/test'; import { defaultsDeep } from 'lodash'; import { resolve } from 'path'; @@ -73,7 +73,9 @@ export function createRootWithSettings( * @param path */ export function getSupertest(root: Root, method: HttpMethod, path: string) { - const testUserCredentials = Buffer.from(`${kibanaTestUser.username}:${kibanaTestUser.password}`); + const testUserCredentials = Buffer.from( + `${systemIndicesSuperuser.username}:${systemIndicesSuperuser.password}` + ); return supertest((root as any).server.http.httpServer.server.listener) [method](path) .set('Authorization', `Basic ${testUserCredentials.toString('base64')}`); diff --git a/test/api_integration/services/supertest.ts b/test/api_integration/services/supertest.ts index f8ac827b7a2ed..709b9ddd75c22 100644 --- a/test/api_integration/services/supertest.ts +++ b/test/api_integration/services/supertest.ts @@ -6,6 +6,8 @@ * Side Public License, v 1. */ +import { systemIndicesSuperuser } from '@kbn/test'; + import { FtrProviderContext } from 'test/functional/ftr_provider_context'; import { format as formatUrl } from 'url'; @@ -20,7 +22,11 @@ export function KibanaSupertestProvider({ getService }: FtrProviderContext) { export function ElasticsearchSupertestProvider({ getService }: FtrProviderContext) { const config = getService('config'); const esServerConfig = config.get('servers.elasticsearch'); - const elasticSearchServerUrl = formatUrl(esServerConfig); + const elasticSearchServerUrl = formatUrl({ + ...esServerConfig, + // Use system indices user so tests can write to system indices + auth: `${systemIndicesSuperuser.username}:${systemIndicesSuperuser.password}`, + }); let agentOptions = {}; if ('certificateAuthorities' in esServerConfig) { diff --git a/test/common/services/elasticsearch.ts b/test/common/services/elasticsearch.ts index 7b8ff6bd6c8f4..8cb6e48f93d6d 100644 --- a/test/common/services/elasticsearch.ts +++ b/test/common/services/elasticsearch.ts @@ -12,6 +12,7 @@ import { Client } from '@elastic/elasticsearch'; import { CA_CERT_PATH } from '@kbn/dev-utils'; import type { KibanaClient } from '@elastic/elasticsearch/api/kibana'; +import { systemIndicesSuperuser } from '@kbn/test'; import { FtrProviderContext } from '../ftr_provider_context'; /* @@ -20,9 +21,15 @@ import { FtrProviderContext } from '../ftr_provider_context'; export function ElasticsearchProvider({ getService }: FtrProviderContext): KibanaClient { const config = getService('config'); + const esUrl = formatUrl({ + ...config.get('servers.elasticsearch'), + // Use system indices user so tests can write to system indices + auth: `${systemIndicesSuperuser.username}:${systemIndicesSuperuser.password}`, + }); + if (process.env.TEST_CLOUD) { return new Client({ - nodes: [formatUrl(config.get('servers.elasticsearch'))], + nodes: [esUrl], requestTimeout: config.get('timeouts.esRequestTimeout'), }); } else { @@ -30,7 +37,7 @@ export function ElasticsearchProvider({ getService }: FtrProviderContext): Kiban ssl: { ca: fs.readFileSync(CA_CERT_PATH, 'utf-8'), }, - nodes: [formatUrl(config.get('servers.elasticsearch'))], + nodes: [esUrl], requestTimeout: config.get('timeouts.esRequestTimeout'), }); } diff --git a/x-pack/plugins/fleet/server/integration_tests/reset_preconfiguration.test.ts b/x-pack/plugins/fleet/server/integration_tests/reset_preconfiguration.test.ts index be51d0a392e7c..b5763a1cf0670 100644 --- a/x-pack/plugins/fleet/server/integration_tests/reset_preconfiguration.test.ts +++ b/x-pack/plugins/fleet/server/integration_tests/reset_preconfiguration.test.ts @@ -214,7 +214,8 @@ describe.skip('Fleet preconfiguration rest', () => { }); }); - describe('Reset one preconfigured policy', () => { + // SKIP: https://github.com/elastic/kibana/issues/123528 + describe.skip('Reset one preconfigured policy', () => { const POLICY_ID = 'test-12345'; it('Works and reset one preconfigured policies if the policy is already deleted (with a ghost package policy)', async () => { diff --git a/x-pack/test/cloud_integration/config.ts b/x-pack/test/cloud_integration/config.ts index a012dfd1ad34b..e96750e31d414 100644 --- a/x-pack/test/cloud_integration/config.ts +++ b/x-pack/test/cloud_integration/config.ts @@ -41,7 +41,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { from: 'snapshot', serverArgs: [ 'xpack.security.authc.token.enabled=true', - 'xpack.security.authc.realms.saml.saml1.order=0', + 'xpack.security.authc.realms.native.native1.order=0', + 'xpack.security.authc.realms.saml.saml1.order=1', `xpack.security.authc.realms.saml.saml1.idp.metadata.path=${idpPath}`, 'xpack.security.authc.realms.saml.saml1.idp.entity_id=http://www.elastic.co/saml1', `xpack.security.authc.realms.saml.saml1.sp.entity_id=http://localhost:${kibanaPort}`, diff --git a/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts b/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts index 8c6603a3e38b0..32ede683b1e36 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts +++ b/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts @@ -197,12 +197,17 @@ export default function (providerContext: FtrProviderContext) { for (const scenario of scenarios) { it(`Should write the correct event.agent_id_status for ${scenario.name}`, async () => { // Create an API key - const { body: apiKeyRes } = await es.security.createApiKey({ - body: { - name: `test api key`, - ...(scenario.apiKey || {}), + const { body: apiKeyRes } = await es.security.createApiKey( + { + body: { + name: `test api key`, + ...(scenario.apiKey || {}), + }, }, - }); + { + headers: { 'es-security-runas-user': 'elastic' }, // run as elastic suer + } + ); const res = await indexUsingApiKey( { diff --git a/x-pack/test/security_api_integration/kerberos.config.ts b/x-pack/test/security_api_integration/kerberos.config.ts index 7dba77e61999e..e8fc8d4cec85a 100644 --- a/x-pack/test/security_api_integration/kerberos.config.ts +++ b/x-pack/test/security_api_integration/kerberos.config.ts @@ -29,7 +29,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...xPackAPITestsConfig.get('esTestCluster.serverArgs'), 'xpack.security.authc.token.enabled=true', 'xpack.security.authc.token.timeout=15s', - 'xpack.security.authc.realms.kerberos.kerb1.order=0', + 'xpack.security.authc.realms.native.native1.order=0', + 'xpack.security.authc.realms.kerberos.kerb1.order=1', `xpack.security.authc.realms.kerberos.kerb1.keytab.path=${kerberosKeytabPath}`, ], diff --git a/x-pack/test/security_api_integration/oidc.config.ts b/x-pack/test/security_api_integration/oidc.config.ts index b2822a49b2042..5edf6fdc7bca6 100644 --- a/x-pack/test/security_api_integration/oidc.config.ts +++ b/x-pack/test/security_api_integration/oidc.config.ts @@ -30,7 +30,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...xPackAPITestsConfig.get('esTestCluster.serverArgs'), 'xpack.security.authc.token.enabled=true', 'xpack.security.authc.token.timeout=15s', - 'xpack.security.authc.realms.oidc.oidc1.order=0', + 'xpack.security.authc.realms.native.native1.order=0', + 'xpack.security.authc.realms.oidc.oidc1.order=1', `xpack.security.authc.realms.oidc.oidc1.rp.client_id=0oa8sqpov3TxMWJOt356`, `xpack.security.authc.realms.oidc.oidc1.rp.client_secret=0oa8sqpov3TxMWJOt356`, `xpack.security.authc.realms.oidc.oidc1.rp.response_type=code`, diff --git a/x-pack/test/security_api_integration/saml.config.ts b/x-pack/test/security_api_integration/saml.config.ts index 8874dd9228c01..d468a8fd002a2 100644 --- a/x-pack/test/security_api_integration/saml.config.ts +++ b/x-pack/test/security_api_integration/saml.config.ts @@ -30,7 +30,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...xPackAPITestsConfig.get('esTestCluster.serverArgs'), 'xpack.security.authc.token.enabled=true', 'xpack.security.authc.token.timeout=15s', - 'xpack.security.authc.realms.saml.saml1.order=0', + 'xpack.security.authc.realms.native.native1.order=0', + 'xpack.security.authc.realms.saml.saml1.order=1', `xpack.security.authc.realms.saml.saml1.idp.metadata.path=${idpPath}`, 'xpack.security.authc.realms.saml.saml1.idp.entity_id=http://www.elastic.co/saml1', `xpack.security.authc.realms.saml.saml1.sp.entity_id=http://localhost:${kibanaPort}`, diff --git a/x-pack/test/security_api_integration/session_idle.config.ts b/x-pack/test/security_api_integration/session_idle.config.ts index ee1fe3782a42a..98b3322a3ffcb 100644 --- a/x-pack/test/security_api_integration/session_idle.config.ts +++ b/x-pack/test/security_api_integration/session_idle.config.ts @@ -27,7 +27,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...xPackAPITestsConfig.get('esTestCluster.serverArgs'), 'xpack.security.authc.token.enabled=true', 'xpack.security.authc.token.timeout=15s', - 'xpack.security.authc.realms.saml.saml1.order=0', + 'xpack.security.authc.realms.native.native1.order=0', + 'xpack.security.authc.realms.saml.saml1.order=1', `xpack.security.authc.realms.saml.saml1.idp.metadata.path=${idpPath}`, 'xpack.security.authc.realms.saml.saml1.idp.entity_id=http://www.elastic.co/saml1', `xpack.security.authc.realms.saml.saml1.sp.entity_id=http://localhost:${kibanaPort}`, diff --git a/x-pack/test/security_api_integration/session_lifespan.config.ts b/x-pack/test/security_api_integration/session_lifespan.config.ts index e236cbb8484d4..9f5c745ddfb8c 100644 --- a/x-pack/test/security_api_integration/session_lifespan.config.ts +++ b/x-pack/test/security_api_integration/session_lifespan.config.ts @@ -27,7 +27,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...xPackAPITestsConfig.get('esTestCluster.serverArgs'), 'xpack.security.authc.token.enabled=true', 'xpack.security.authc.token.timeout=15s', - 'xpack.security.authc.realms.saml.saml1.order=0', + 'xpack.security.authc.realms.native.native1.order=0', + 'xpack.security.authc.realms.saml.saml1.order=1', `xpack.security.authc.realms.saml.saml1.idp.metadata.path=${idpPath}`, 'xpack.security.authc.realms.saml.saml1.idp.entity_id=http://www.elastic.co/saml1', `xpack.security.authc.realms.saml.saml1.sp.entity_id=http://localhost:${kibanaPort}`, diff --git a/x-pack/test/security_functional/oidc.config.ts b/x-pack/test/security_functional/oidc.config.ts index 9c00960671e03..16561f014da07 100644 --- a/x-pack/test/security_functional/oidc.config.ts +++ b/x-pack/test/security_functional/oidc.config.ts @@ -42,7 +42,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { from: 'snapshot', serverArgs: [ 'xpack.security.authc.token.enabled=true', - 'xpack.security.authc.realms.oidc.oidc1.order=0', + 'xpack.security.authc.realms.native.native1.order=0', + 'xpack.security.authc.realms.oidc.oidc1.order=1', `xpack.security.authc.realms.oidc.oidc1.rp.client_id=0oa8sqpov3TxMWJOt356`, `xpack.security.authc.realms.oidc.oidc1.rp.client_secret=0oa8sqpov3TxMWJOt356`, `xpack.security.authc.realms.oidc.oidc1.rp.response_type=code`, diff --git a/x-pack/test/security_functional/saml.config.ts b/x-pack/test/security_functional/saml.config.ts index 264197c961123..b402df5d4e438 100644 --- a/x-pack/test/security_functional/saml.config.ts +++ b/x-pack/test/security_functional/saml.config.ts @@ -45,7 +45,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { from: 'snapshot', serverArgs: [ 'xpack.security.authc.token.enabled=true', - 'xpack.security.authc.realms.saml.saml1.order=0', + 'xpack.security.authc.realms.native.native1.order=0', + 'xpack.security.authc.realms.saml.saml1.order=1', `xpack.security.authc.realms.saml.saml1.idp.metadata.path=${idpPath}`, 'xpack.security.authc.realms.saml.saml1.idp.entity_id=http://www.elastic.co/saml1', `xpack.security.authc.realms.saml.saml1.sp.entity_id=http://localhost:${kibanaPort}`, diff --git a/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts b/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts index 3a49278bd21a8..ea19b789b6d07 100644 --- a/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts +++ b/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts @@ -73,6 +73,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }; describe('endpoint list', function () { + this.onlyEsVersion('<=7'); + const sleep = (ms = 100) => new Promise((resolve) => setTimeout(resolve, ms)); let indexedData: IndexedHostsAndAlertsResponse; describe('when initially navigating to page', () => {