[8.x] [Security Solution] Supports custom roles in serverless for Cypress tests (#206129)#206451
Merged
kibanamachine merged 1 commit intoelastic:8.xfrom Jan 13, 2025
Merged
Conversation
…ests (elastic#206129) ## Summary Solves: elastic/security-team#11464 In this PR we are adding the capability to use custom roles for serverless Cypress tests. To do so, we are leveraging the solution proposed in: elastic#194677, meaning that currently we have the same restrictions, therefore, custom roles cannot be used yet in MKI environments. ### Creating a Custom Role To create a custom role, use the Cypress task `createServerlessCustomRole`. This task requires two parameters: - **`roleDescriptor`**: Defines the permissions and access for the role. - **`roleName`**: A unique name for the custom role. Example: ```typescript const roleDescriptor = { elasticsearch: { cluster: ['monitor'], indices: [{ names: ['*'], privileges: ['read'] }], }, kibana: [ { base: ['all'], feature: {}, spaces: ['*'], }, ], }; cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' }); ``` ### Using a Custom Role Once the custom role is created, you can log in to the application using your regular `login`` method and passing the name of the role. ```typescript login('customRole'); ``` ### Deleting a Custom Role After your tests, always delete the custom role to ensure a clean environment. Use the `deleteServerlessCustomRole` task and provide the name of the role as the parameter. ```typescript cy.task('deleteServerlessCustomRole', 'customRole'); ``` ### Full workflow Here’s the complete workflow for creating, using, and deleting a custom role: ```typescript const roleDescriptor = { elasticsearch: { cluster: ['monitor'], indices: [{ names: ['*'], privileges: ['read'] }], }, kibana: [ { base: ['all'], feature: {}, spaces: ['*'], }, ], }; before(() => { cy.task('createServerlessCustomRole', { roleDescriptor, roleName: 'customRole' }); }); beforeEach(() => { login('customRole'); }); after(() => { cy.task('deleteServerlessCustomRole', 'customRole'); }); ``` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 255aea7)
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
💚 Build Succeeded
Metrics [docs]
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto8.x:Questions ?
Please refer to the Backport tool documentation