[ftr] enable mock-idp-plugin for stateful (deployment-agnostic) tests#192279
Merged
dmlemeshko merged 12 commits intoelastic:mainfrom Sep 13, 2024
Merged
Conversation
dmlemeshko
added
release_note:skip
dmlemeshko
commented
Sep 11, 2024
| serverArgs: [ | ||
| ...xPackAPITestsConfig.get('kbnTestServer.serverArgs'), | ||
| // if the config is run locally, explicitly enable mock-idp-plugin for UI role selector | ||
| ...(isRunOnCI ? [] : ['--mockIdpPlugin.enabled=true']), |
Contributor
Author
There was a problem hiding this comment.
this plugin is not part of CI build and FTR config failed to start:
2024-09-10 16:25:03 CEST proc [kibana] \u001b[37m\u001b[41m FATAL \u001b[49m\u001b[39m Error: Unknown configuration key(s): "mockIdpPlugin.enabled". Check for spelling errors and ensure that expected plugins are installed.
2024-09-10 16:25:03 CEST proc [kibana]
2024-09-10 16:25:03 CEST ERROR Error: [kibana] exited without matching pattern: /Kibana is now available/
2024-09-10 16:25:03 CEST at createFailError (dev_cli_errors.ts:28:24)
There is no such problem on serverless, because plugin is enabled in Kibana by default and we don't explicitly start it in FTR config. Since we can't and don't want to do the same for stateful, we disabled it by default and pass here only when config is executed locally
dmlemeshko
commented
Sep 11, 2024
| // words, Kibana should attempt to authenticate the user using the provider with the lowest order if the Login | ||
| // Selector is disabled (replicating Serverless configuration). By declaring `cloud-basic` with a higher | ||
| // order, we indicate that basic authentication can still be used, but only if explicitly requested when the | ||
| // user navigates to `/login` page directly and enters username and password in the login form. |
Contributor
Author
There was a problem hiding this comment.
This part is copied from serverless config and probably needed for security APIs testing in deployment-agnostic tests. If I'm wrong, we can remove it
Contributor
Author
There was a problem hiding this comment.
@jeramysoucy you added similar arguments to serverless FTR config in #162087, I copied it for the consistency but please confirm if we need that.
Contributor
There was a problem hiding this comment.
Are you referring specifically to xpack.cloud.id? For stateful I don't think we need xpack.cloud.id. In serverless, certain interfaces/capabilities will not be present unless there is a cloud ID.
Contributor
Author
There was a problem hiding this comment.
I was wondering about both xpack.cloud.id and loading security_api_integration/plugins/saml_provider plugin.
So it is safe to remove xpack.cloud.id, but plugin we still need to call specific APIs?
Contributor
There was a problem hiding this comment.
I think the mock IDP plugin is enough, but perhaps I am missing something. cc @azasypkin
Contributor
wayneseymour
left a comment
wayneseymour
left a comment
There was a problem hiding this comment.
I don't really know much about some of this, so some questions.
| // The plugin should only be enabled in Serverless. | ||
| enabled: offeringBasedSchema({ | ||
| serverless: schema.boolean({ defaultValue: true }), | ||
| traditional: schema.boolean({ defaultValue: false }), |
Contributor
Author
There was a problem hiding this comment.
it generally enables plugin in stateful: traditional stands for stateful in schema, I don't know why it was called like that. Default value is false because we need that plugin only when Kibana is configured with SAML auth and it is not always like that.
| "browser": true, | ||
| "configPath": [ | ||
| "mockIdpPlugin" | ||
| ], |
Contributor
There was a problem hiding this comment.
Is this some sort of pointer to smth?
Contributor
There was a problem hiding this comment.
Does this resolve to some path?
Contributor
Author
There was a problem hiding this comment.
yes, if you check kibana.jsonc for other plugins you will see a similar attribute.
It allows us to so do smth like --mockIdpPlugin.<attribute>=<value> in Kibana arguments.
pheyos
approved these changes
Sep 11, 2024
Member
pheyos
left a comment
pheyos
left a comment
There was a problem hiding this comment.
LGTM
Also tested locally and it worked as expected.
jeramysoucy
approved these changes
Sep 13, 2024
| // words, Kibana should attempt to authenticate the user using the provider with the lowest order if the Login | ||
| // Selector is disabled (replicating Serverless configuration). By declaring `cloud-basic` with a higher | ||
| // order, we indicate that basic authentication can still be used, but only if explicitly requested when the | ||
| // user navigates to `/login` page directly and enters username and password in the login form. |
Contributor
There was a problem hiding this comment.
Are you referring specifically to xpack.cloud.id? For stateful I don't think we need xpack.cloud.id. In serverless, certain interfaces/capabilities will not be present unless there is a cloud ID.
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
Contributor
|
@dmlemeshko this pull request has an |
dmlemeshko
added
backport:version
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 23, 2024
…elastic#192279) ## Summary closes elastic#190221 This PR enables `mock-idp-plugin` when Kibana is started with stateful FTR config for deployment-agnostic tests: ``` node scripts/functional_tests_server --config=x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts ``` <img width="1574" alt="image" src="https://github.com/user-attachments/assets/494e89ee-cd65-4dde-86da-a5e2c28ec40d"> You can pick up one of the the role defined for stateful SAML authentication in https://github.com/elastic/kibana/blob/main/packages/kbn-es/src/stateful_resources/roles.yml Note: this plugin is only enabled locally for a better manual testing experience, it is **not loaded on CI** It is done to unify DevEx when folks work on deployment-agnostic tests and would like to confirm the functionality under the same role for both stateful and serverless deployments. Thanks @azasypkin for the help, again :) How to test: - start the servers using `x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts` config and go to `http://localhost:5620` - try to login with different roles, make sure valid role is applied in top right profile menu (cherry picked from commit a94a4db)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
dmlemeshko
added a commit
to dmlemeshko/kibana
that referenced
this pull request
Sep 23, 2024
…elastic#192279) ## Summary closes elastic#190221 This PR enables `mock-idp-plugin` when Kibana is started with stateful FTR config for deployment-agnostic tests: ``` node scripts/functional_tests_server --config=x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts ``` <img width="1574" alt="image" src="https://github.com/user-attachments/assets/494e89ee-cd65-4dde-86da-a5e2c28ec40d"> You can pick up one of the the role defined for stateful SAML authentication in https://github.com/elastic/kibana/blob/main/packages/kbn-es/src/stateful_resources/roles.yml Note: this plugin is only enabled locally for a better manual testing experience, it is **not loaded on CI** It is done to unify DevEx when folks work on deployment-agnostic tests and would like to confirm the functionality under the same role for both stateful and serverless deployments. Thanks @azasypkin for the help, again :) How to test: - start the servers using `x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts` config and go to `http://localhost:5620` - try to login with different roles, make sure valid role is applied in top right profile menu (cherry picked from commit a94a4db)
kibanamachine
added a commit
that referenced
this pull request
Sep 23, 2024
… tests (#192279) (#193677) # Backport This will backport the following commits from `main` to `8.x`: - [[ftr] enable mock-idp-plugin for stateful (deployment-agnostic) tests (#192279)](#192279) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Dzmitry Lemechko","email":"dzmitry.lemechko@elastic.co"},"sourceCommit":{"committedDate":"2024-09-13T10:24:08Z","message":"[ftr] enable mock-idp-plugin for stateful (deployment-agnostic) tests (#192279)\n\n## Summary\r\n\r\ncloses #190221\r\n\r\nThis PR enables `mock-idp-plugin` when Kibana is started with stateful\r\nFTR config for deployment-agnostic tests:\r\n\r\n```\r\n node scripts/functional_tests_server --config=x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts\r\n```\r\n\r\n<img width=\"1574\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/494e89ee-cd65-4dde-86da-a5e2c28ec40d\">\r\n\r\nYou can pick up one of the the role defined for stateful SAML\r\nauthentication in\r\nhttps://github.com/elastic/kibana/blob/main/packages/kbn-es/src/stateful_resources/roles.yml\r\n\r\nNote: this plugin is only enabled locally for a better manual testing\r\nexperience, it is **not loaded on CI**\r\n\r\nIt is done to unify DevEx when folks work on deployment-agnostic tests\r\nand would like to confirm the functionality under the same role for both\r\nstateful and serverless deployments.\r\n\r\nThanks @azasypkin for the help, again :)\r\n\r\nHow to test: \r\n- start the servers using\r\n`x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts`\r\nconfig and go to `http://localhost:5620`\r\n- try to login with different roles, make sure valid role is applied in\r\ntop right profile menu","sha":"a94a4db8bc9e9d923273beb5c31b2253172a8568","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","FTR","v8.16.0","backport:version"],"title":"[ftr] enable mock-idp-plugin for stateful (deployment-agnostic) tests","number":192279,"url":"https://github.com/elastic/kibana/pull/192279","mergeCommit":{"message":"[ftr] enable mock-idp-plugin for stateful (deployment-agnostic) tests (#192279)\n\n## Summary\r\n\r\ncloses #190221\r\n\r\nThis PR enables `mock-idp-plugin` when Kibana is started with stateful\r\nFTR config for deployment-agnostic tests:\r\n\r\n```\r\n node scripts/functional_tests_server --config=x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts\r\n```\r\n\r\n<img width=\"1574\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/494e89ee-cd65-4dde-86da-a5e2c28ec40d\">\r\n\r\nYou can pick up one of the the role defined for stateful SAML\r\nauthentication in\r\nhttps://github.com/elastic/kibana/blob/main/packages/kbn-es/src/stateful_resources/roles.yml\r\n\r\nNote: this plugin is only enabled locally for a better manual testing\r\nexperience, it is **not loaded on CI**\r\n\r\nIt is done to unify DevEx when folks work on deployment-agnostic tests\r\nand would like to confirm the functionality under the same role for both\r\nstateful and serverless deployments.\r\n\r\nThanks @azasypkin for the help, again :)\r\n\r\nHow to test: \r\n- start the servers using\r\n`x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts`\r\nconfig and go to `http://localhost:5620`\r\n- try to login with different roles, make sure valid role is applied in\r\ntop right profile menu","sha":"a94a4db8bc9e9d923273beb5c31b2253172a8568"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192279","number":192279,"mergeCommit":{"message":"[ftr] enable mock-idp-plugin for stateful (deployment-agnostic) tests (#192279)\n\n## Summary\r\n\r\ncloses #190221\r\n\r\nThis PR enables `mock-idp-plugin` when Kibana is started with stateful\r\nFTR config for deployment-agnostic tests:\r\n\r\n```\r\n node scripts/functional_tests_server --config=x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts\r\n```\r\n\r\n<img width=\"1574\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/494e89ee-cd65-4dde-86da-a5e2c28ec40d\">\r\n\r\nYou can pick up one of the the role defined for stateful SAML\r\nauthentication in\r\nhttps://github.com/elastic/kibana/blob/main/packages/kbn-es/src/stateful_resources/roles.yml\r\n\r\nNote: this plugin is only enabled locally for a better manual testing\r\nexperience, it is **not loaded on CI**\r\n\r\nIt is done to unify DevEx when folks work on deployment-agnostic tests\r\nand would like to confirm the functionality under the same role for both\r\nstateful and serverless deployments.\r\n\r\nThanks @azasypkin for the help, again :)\r\n\r\nHow to test: \r\n- start the servers using\r\n`x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.ts`\r\nconfig and go to `http://localhost:5620`\r\n- try to login with different roles, make sure valid role is applied in\r\ntop right profile menu","sha":"a94a4db8bc9e9d923273beb5c31b2253172a8568"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Dzmitry Lemechko <dzmitry.lemechko@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
closes #190221
This PR enables
mock-idp-pluginwhen Kibana is started with stateful FTR config for deployment-agnostic tests:You can pick up one of the the role defined for stateful SAML authentication in https://github.com/elastic/kibana/blob/main/packages/kbn-es/src/stateful_resources/roles.yml
Note: this plugin is only enabled locally for a better manual testing experience, it is not loaded on CI
It is done to unify DevEx when folks work on deployment-agnostic tests and would like to confirm the functionality under the same role for both stateful and serverless deployments.
Thanks @azasypkin for the help, again :)
How to test:
x-pack/test/api_integration/deployment_agnostic/configs/stateful/platform.stateful.config.tsconfig and go tohttp://localhost:5620