[Security Solution] Supports custom roles in serverless for Cypress tests#206129
Merged
MadameSheema merged 9 commits intoelastic:mainfrom Jan 13, 2025
Merged
[Security Solution] Supports custom roles in serverless for Cypress tests#206129MadameSheema merged 9 commits intoelastic:mainfrom
MadameSheema merged 9 commits intoelastic:mainfrom
Conversation
Contributor
Author
|
/ci |
MadameSheema
changed the title
MadameSheema
added
release_note:skip
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
janmonschke
approved these changes
Jan 10, 2025
Contributor
janmonschke
left a comment
janmonschke
left a comment
There was a problem hiding this comment.
thanks for adding this functionality!
cavokz
approved these changes
Jan 10, 2025
Contributor
cavokz
left a comment
cavokz
left a comment
There was a problem hiding this comment.
It makes sense and looks good.
I've a comment on a name though, feel free to ignore it :)
cavokz
approved these changes
Jan 10, 2025
vitaliidm
reviewed
Jan 10, 2025
x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts
Outdated
Show resolved
Hide resolved
x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts
Outdated
Show resolved
Hide resolved
vitaliidm
approved these changes
Jan 13, 2025
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
|
Contributor
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/12749350914 |
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 13, 2025
…ests (elastic#206129) ## Summary Solves: elastic/security-team#11464 In this PR we are adding the capability to use custom roles for serverless Cypress tests. To do so, we are leveraging the solution proposed in: elastic#194677, meaning that currently we have the same restrictions, therefore, custom roles cannot be used yet in MKI environments. ### Creating a Custom Role To create a custom role, use the Cypress task `createServerlessCustomRole`. This task requires two parameters: - **`roleDescriptor`**: Defines the permissions and access for the role. - **`roleName`**: A unique name for the custom role. Example: ```typescript const roleDescriptor = { elasticsearch: { cluster: ['monitor'], indices: [{ names: ['*'], privileges: ['read'] }], }, kibana: [ { base: ['all'], feature: {}, spaces: ['*'], }, ], }; cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' }); ``` ### Using a Custom Role Once the custom role is created, you can log in to the application using your regular `login`` method and passing the name of the role. ```typescript login('customRole'); ``` ### Deleting a Custom Role After your tests, always delete the custom role to ensure a clean environment. Use the `deleteServerlessCustomRole` task and provide the name of the role as the parameter. ```typescript cy.task('deleteServerlessCustomRole', 'customRole'); ``` ### Full workflow Here’s the complete workflow for creating, using, and deleting a custom role: ```typescript const roleDescriptor = { elasticsearch: { cluster: ['monitor'], indices: [{ names: ['*'], privileges: ['read'] }], }, kibana: [ { base: ['all'], feature: {}, spaces: ['*'], }, ], }; before(() => { cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' }); }); beforeEach(() => { login('customRole'); }); after(() => { cy.task('deleteServerlessCustomRole', 'customRole'); }); ``` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 255aea7)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jan 13, 2025
…ress tests (#206129) (#206451) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Supports custom roles in serverless for Cypress tests (#206129)](#206129) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Gloria Hornero","email":"gloria.hornero@elastic.co"},"sourceCommit":{"committedDate":"2025-01-13T14:28:30Z","message":"[Security Solution] Supports custom roles in serverless for Cypress tests (#206129)\n\n## Summary\r\n\r\nSolves: https://github.com/elastic/security-team/issues/11464\r\n\r\nIn this PR we are adding the capability to use custom roles for\r\nserverless Cypress tests. To do so, we are leveraging the solution\r\nproposed in: #194677, meaning that\r\ncurrently we have the same restrictions, therefore, custom roles cannot\r\nbe used yet in MKI environments.\r\n\r\n\r\n### Creating a Custom Role\r\n\r\nTo create a custom role, use the Cypress task\r\n`createServerlessCustomRole`. This task requires two parameters:\r\n- **`roleDescriptor`**: Defines the permissions and access for the role.\r\n- **`roleName`**: A unique name for the custom role.\r\n\r\nExample:\r\n\r\n```typescript\r\nconst roleDescriptor = {\r\n elasticsearch: {\r\n cluster: ['monitor'],\r\n indices: [{ names: ['*'], privileges: ['read'] }],\r\n },\r\n kibana: [\r\n {\r\n base: ['all'],\r\n feature: {},\r\n spaces: ['*'],\r\n },\r\n ],\r\n};\r\n\r\ncy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' });\r\n```\r\n\r\n### Using a Custom Role\r\n\r\nOnce the custom role is created, you can log in to the application using\r\nyour regular `login`` method and passing the name of the role.\r\n\r\n```typescript\r\nlogin('customRole');\r\n```\r\n\r\n\r\n### Deleting a Custom Role\r\n\r\nAfter your tests, always delete the custom role to ensure a clean\r\nenvironment. Use the `deleteServerlessCustomRole` task and provide the\r\nname of the role as the parameter.\r\n\r\n```typescript\r\ncy.task('deleteServerlessCustomRole', 'customRole');\r\n```\r\n\r\n### Full workflow\r\n\r\nHere’s the complete workflow for creating, using, and deleting a custom\r\nrole:\r\n\r\n```typescript\r\nconst roleDescriptor = {\r\n elasticsearch: {\r\n cluster: ['monitor'],\r\n indices: [{ names: ['*'], privileges: ['read'] }],\r\n },\r\n kibana: [\r\n {\r\n base: ['all'],\r\n feature: {},\r\n spaces: ['*'],\r\n },\r\n ],\r\n};\r\n\r\nbefore(() => {\r\n cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' });\r\n});\r\n\r\nbeforeEach(() => {\r\n login('customRole');\r\n});\r\n\r\nafter(() => {\r\n cy.task('deleteServerlessCustomRole', 'customRole');\r\n});\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"255aea7adcf196564532df76573814f93097cce6","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team: SecuritySolution","backport:version","v8.18.0"],"title":"[Security Solution] Supports custom roles in serverless for Cypress tests","number":206129,"url":"https://github.com/elastic/kibana/pull/206129","mergeCommit":{"message":"[Security Solution] Supports custom roles in serverless for Cypress tests (#206129)\n\n## Summary\r\n\r\nSolves: https://github.com/elastic/security-team/issues/11464\r\n\r\nIn this PR we are adding the capability to use custom roles for\r\nserverless Cypress tests. To do so, we are leveraging the solution\r\nproposed in: #194677, meaning that\r\ncurrently we have the same restrictions, therefore, custom roles cannot\r\nbe used yet in MKI environments.\r\n\r\n\r\n### Creating a Custom Role\r\n\r\nTo create a custom role, use the Cypress task\r\n`createServerlessCustomRole`. This task requires two parameters:\r\n- **`roleDescriptor`**: Defines the permissions and access for the role.\r\n- **`roleName`**: A unique name for the custom role.\r\n\r\nExample:\r\n\r\n```typescript\r\nconst roleDescriptor = {\r\n elasticsearch: {\r\n cluster: ['monitor'],\r\n indices: [{ names: ['*'], privileges: ['read'] }],\r\n },\r\n kibana: [\r\n {\r\n base: ['all'],\r\n feature: {},\r\n spaces: ['*'],\r\n },\r\n ],\r\n};\r\n\r\ncy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' });\r\n```\r\n\r\n### Using a Custom Role\r\n\r\nOnce the custom role is created, you can log in to the application using\r\nyour regular `login`` method and passing the name of the role.\r\n\r\n```typescript\r\nlogin('customRole');\r\n```\r\n\r\n\r\n### Deleting a Custom Role\r\n\r\nAfter your tests, always delete the custom role to ensure a clean\r\nenvironment. Use the `deleteServerlessCustomRole` task and provide the\r\nname of the role as the parameter.\r\n\r\n```typescript\r\ncy.task('deleteServerlessCustomRole', 'customRole');\r\n```\r\n\r\n### Full workflow\r\n\r\nHere’s the complete workflow for creating, using, and deleting a custom\r\nrole:\r\n\r\n```typescript\r\nconst roleDescriptor = {\r\n elasticsearch: {\r\n cluster: ['monitor'],\r\n indices: [{ names: ['*'], privileges: ['read'] }],\r\n },\r\n kibana: [\r\n {\r\n base: ['all'],\r\n feature: {},\r\n spaces: ['*'],\r\n },\r\n ],\r\n};\r\n\r\nbefore(() => {\r\n cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' });\r\n});\r\n\r\nbeforeEach(() => {\r\n login('customRole');\r\n});\r\n\r\nafter(() => {\r\n cy.task('deleteServerlessCustomRole', 'customRole');\r\n});\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"255aea7adcf196564532df76573814f93097cce6"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/206129","number":206129,"mergeCommit":{"message":"[Security Solution] Supports custom roles in serverless for Cypress tests (#206129)\n\n## Summary\r\n\r\nSolves: https://github.com/elastic/security-team/issues/11464\r\n\r\nIn this PR we are adding the capability to use custom roles for\r\nserverless Cypress tests. To do so, we are leveraging the solution\r\nproposed in: #194677, meaning that\r\ncurrently we have the same restrictions, therefore, custom roles cannot\r\nbe used yet in MKI environments.\r\n\r\n\r\n### Creating a Custom Role\r\n\r\nTo create a custom role, use the Cypress task\r\n`createServerlessCustomRole`. This task requires two parameters:\r\n- **`roleDescriptor`**: Defines the permissions and access for the role.\r\n- **`roleName`**: A unique name for the custom role.\r\n\r\nExample:\r\n\r\n```typescript\r\nconst roleDescriptor = {\r\n elasticsearch: {\r\n cluster: ['monitor'],\r\n indices: [{ names: ['*'], privileges: ['read'] }],\r\n },\r\n kibana: [\r\n {\r\n base: ['all'],\r\n feature: {},\r\n spaces: ['*'],\r\n },\r\n ],\r\n};\r\n\r\ncy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' });\r\n```\r\n\r\n### Using a Custom Role\r\n\r\nOnce the custom role is created, you can log in to the application using\r\nyour regular `login`` method and passing the name of the role.\r\n\r\n```typescript\r\nlogin('customRole');\r\n```\r\n\r\n\r\n### Deleting a Custom Role\r\n\r\nAfter your tests, always delete the custom role to ensure a clean\r\nenvironment. Use the `deleteServerlessCustomRole` task and provide the\r\nname of the role as the parameter.\r\n\r\n```typescript\r\ncy.task('deleteServerlessCustomRole', 'customRole');\r\n```\r\n\r\n### Full workflow\r\n\r\nHere’s the complete workflow for creating, using, and deleting a custom\r\nrole:\r\n\r\n```typescript\r\nconst roleDescriptor = {\r\n elasticsearch: {\r\n cluster: ['monitor'],\r\n indices: [{ names: ['*'], privileges: ['read'] }],\r\n },\r\n kibana: [\r\n {\r\n base: ['all'],\r\n feature: {},\r\n spaces: ['*'],\r\n },\r\n ],\r\n};\r\n\r\nbefore(() => {\r\n cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' });\r\n});\r\n\r\nbeforeEach(() => {\r\n login('customRole');\r\n});\r\n\r\nafter(() => {\r\n cy.task('deleteServerlessCustomRole', 'customRole');\r\n});\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"255aea7adcf196564532df76573814f93097cce6"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Gloria Hornero <gloria.hornero@elastic.co>
viduni94
pushed a commit
to viduni94/kibana
that referenced
this pull request
Jan 23, 2025
…ests (elastic#206129) ## Summary Solves: elastic/security-team#11464 In this PR we are adding the capability to use custom roles for serverless Cypress tests. To do so, we are leveraging the solution proposed in: elastic#194677, meaning that currently we have the same restrictions, therefore, custom roles cannot be used yet in MKI environments. ### Creating a Custom Role To create a custom role, use the Cypress task `createServerlessCustomRole`. This task requires two parameters: - **`roleDescriptor`**: Defines the permissions and access for the role. - **`roleName`**: A unique name for the custom role. Example: ```typescript const roleDescriptor = { elasticsearch: { cluster: ['monitor'], indices: [{ names: ['*'], privileges: ['read'] }], }, kibana: [ { base: ['all'], feature: {}, spaces: ['*'], }, ], }; cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' }); ``` ### Using a Custom Role Once the custom role is created, you can log in to the application using your regular `login`` method and passing the name of the role. ```typescript login('customRole'); ``` ### Deleting a Custom Role After your tests, always delete the custom role to ensure a clean environment. Use the `deleteServerlessCustomRole` task and provide the name of the role as the parameter. ```typescript cy.task('deleteServerlessCustomRole', 'customRole'); ``` ### Full workflow Here’s the complete workflow for creating, using, and deleting a custom role: ```typescript const roleDescriptor = { elasticsearch: { cluster: ['monitor'], indices: [{ names: ['*'], privileges: ['read'] }], }, kibana: [ { base: ['all'], feature: {}, spaces: ['*'], }, ], }; before(() => { cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' }); }); beforeEach(() => { login('customRole'); }); after(() => { cy.task('deleteServerlessCustomRole', 'customRole'); }); ``` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Solves: https://github.com/elastic/security-team/issues/11464
In this PR we are adding the capability to use custom roles for serverless Cypress tests. To do so, we are leveraging the solution proposed in: #194677, meaning that currently we have the same restrictions, therefore, custom roles cannot be used yet in MKI environments.
Creating a Custom Role
To create a custom role, use the Cypress task
createServerlessCustomRole. This task requires two parameters:roleDescriptor: Defines the permissions and access for the role.roleName: A unique name for the custom role.Example:
Using a Custom Role
Once the custom role is created, you can log in to the application using your regular `login`` method and passing the name of the role.
Deleting a Custom Role
After your tests, always delete the custom role to ensure a clean environment. Use the
deleteServerlessCustomRoletask and provide the name of the role as the parameter.Full workflow
Here’s the complete workflow for creating, using, and deleting a custom role: