[ska][x-pack] relocate spaces_api_integration tests

.buildkite/ftr_platform_stateful_configs.yml

@@ -2,6 +2,8 @@ disabled:
   # Stateful base config for deployment-agnostic tests
   - x-pack/test/api_integration/deployment_agnostic/default_configs/stateful.config.base.ts
   - x-pack/test/api_integration/deployment_agnostic/default_configs/feature_flag.stateful.config.base.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/default_configs/serverless.config.base.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/default_configs/stateful.config.base.ts
 
   # Base config files, only necessary to inform config finding script
   - src/platform/test/functional/config.base.js
@@ -51,7 +53,6 @@ disabled:
   # Gen AI suites, running with their own pipeline
   - x-pack/test/functional_gen_ai/inference/config.ts
 
-
 defaultQueue: 'n2-4-spot'
 enabled:
   - src/platform/test/accessibility/config.ts
@@ -327,9 +328,9 @@ enabled:
   - x-pack/test/security_functional/user_profiles.config.ts
   - x-pack/test/security_functional/expired_session.config.ts
   - x-pack/test/session_view/basic/config.ts
-  - x-pack/test/spaces_api_integration/security_and_spaces/config_basic.ts
-  - x-pack/test/spaces_api_integration/security_and_spaces/config_trial.ts
-  - x-pack/test/spaces_api_integration/spaces_only/config.ts
+  - x-pack/platform/test/spaces_api_integration/security_and_spaces/config_basic.ts
+  - x-pack/platform/test/spaces_api_integration/security_and_spaces/config_trial.ts
+  - x-pack/platform/test/spaces_api_integration/spaces_only/config.ts
   - x-pack/platform/test/task_manager_claimer_update_by_query/config.ts
   - x-pack/test/ui_capabilities/security_and_spaces/config.ts
   - x-pack/test/ui_capabilities/spaces_only/config.ts

.buildkite/ftr_security_serverless_configs.yml

@@ -132,5 +132,5 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/ai4dsoc/nlp_cleanup_task/search_ai_lake_tier/configs/serverless.config.ts
   # serverless config files that run deployment-agnostic tests
   - x-pack/test/api_integration/deployment_agnostic/configs/serverless/security.serverless.config.ts
-  - x-pack/test/spaces_api_integration/deployment_agnostic/security_and_spaces/serverless.config.ts
-  - x-pack/test/spaces_api_integration/deployment_agnostic/security_and_spaces/serverless.copy_to_space.config.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/security_and_spaces/serverless.config.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/security_and_spaces/serverless.copy_to_space.config.ts

.buildkite/ftr_security_stateful_configs.yml

@@ -115,11 +115,11 @@ enabled:
   - x-pack/solutions/security/test/cloud_security_posture_functional/config.ts
   - x-pack/solutions/security/test/cloud_security_posture_functional/config.agentless.ts
   - x-pack/solutions/security/test/cloud_security_posture_functional/data_views/config.ts
-  - x-pack/test/spaces_api_integration/deployment_agnostic/spaces_only/config.ts
-  - x-pack/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.config_basic.ts
-  - x-pack/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.config_trial.ts
-  - x-pack/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.copy_to_space.config_trial.ts
-  - x-pack/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.copy_to_space.config_basic.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/spaces_only/config.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.config_basic.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.config_trial.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.copy_to_space.config_trial.ts
+  - x-pack/platform/test/spaces_api_integration/deployment_agnostic/security_and_spaces/stateful.copy_to_space.config_basic.ts
   - x-pack/solutions/security/test/alerting_api_integration/security_and_spaces/group1/config.ts
   - x-pack/solutions/security/test/alerting_api_integration/security_and_spaces/group2/config.ts
   - x-pack/solutions/security/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts

.eslintrc.js

@@ -2113,7 +2113,7 @@ module.exports = {
         'x-pack/test/security_functional/**/*.{js,mjs,ts,tsx}',
 
         'x-pack/platform/plugins/shared/spaces/**/*.{js,mjs,ts,tsx}',
-        'x-pack/test/spaces_api_integration/**/*.{js,mjs,ts,tsx}',
+        'x-pack/platform/test/spaces_api_integration/**/*.{js,mjs,ts,tsx}',
       ],
       rules: {
         '@typescript-eslint/consistent-type-imports': 1,

.github/CODEOWNERS

@@ -997,6 +997,7 @@ x-pack/platform/test/plugin_api_integration/plugins/feature_usage_test @elastic/
 x-pack/platform/test/plugin_api_integration/plugins/sample_task_plugin @elastic/response-ops
 x-pack/platform/test/plugin_api_perf/plugins/task_manager_performance @elastic/response-ops
 x-pack/platform/test/saved_object_api_integration/common/plugins/saved_object_test_plugin @elastic/kibana-security
+x-pack/platform/test/spaces_api_integration/common/plugins/spaces_test_plugin @elastic/kibana-security
 x-pack/platform/test/task_manager_claimer_update_by_query/plugins/sample_task_plugin_mget @elastic/response-ops
 x-pack/solutions/chat/packages/wc-framework-types-browser @elastic/search-kibana @elastic/workchat-eng
 x-pack/solutions/chat/packages/wc-framework-types-common @elastic/search-kibana @elastic/workchat-eng
@@ -1124,7 +1125,6 @@ x-pack/test/security_api_integration/plugins/oidc_provider @elastic/kibana-secur
 x-pack/test/security_api_integration/plugins/saml_provider @elastic/kibana-security
 x-pack/test/security_api_integration/plugins/user_profiles_consumer @elastic/kibana-security
 x-pack/test/security_functional/plugins/test_endpoints @elastic/kibana-security
-x-pack/test/spaces_api_integration/common/plugins/spaces_test_plugin @elastic/kibana-security
 x-pack/test/ui_capabilities/common/plugins/foo_plugin @elastic/kibana-security
 x-pack/test/usage_collection/plugins/application_usage_test @elastic/kibana-core
 x-pack/test/usage_collection/plugins/stack_management_usage_test @elastic/kibana-management
@@ -1889,6 +1889,7 @@ x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security
 /x-pack/test/apm_api_integration  @elastic/appex-qa # temporarily due to SKA tests relocation
 /x-pack/test/common/utils/observability  @elastic/appex-qa # temporarily due to SKA tests relocation
 /x-pack/test/common/utils/uptime  @elastic/appex-qa # temporarily due to SKA tests relocation
+/x-pack/platform/test/serverless @elastic/appex-qa
 
 # Core
 /src/platform/test/api_integration/fixtures/kbn_archiver/management/saved_objects/relationships.json @elastic/kibana-core @elastic/kibana-data-discovery
@@ -2089,7 +2090,7 @@ x-pack/platform/plugins/private/cloud_integrations/cloud_full_story/server/confi
 /x-pack/platform/test/functional/apps/spaces/ @elastic/kibana-security
 /x-pack/test/security_api_integration/ @elastic/kibana-security
 /x-pack/test/security_functional/ @elastic/kibana-security
-/x-pack/test/spaces_api_integration/ @elastic/kibana-security
+/x-pack/platform/test/spaces_api_integration/ @elastic/kibana-security
 /x-pack/platform/test/saved_object_api_integration/ @elastic/kibana-security
 /x-pack/test_serverless/**/test_suites/common/platform_security/ @elastic/kibana-security
 /x-pack/test_serverless/**/test_suites/search/platform_security/ @elastic/kibana-security

package.json

@@ -966,7 +966,7 @@
     "@kbn/snapshot-restore-plugin": "link:x-pack/platform/plugins/private/snapshot_restore",
     "@kbn/sort-predicates": "link:src/platform/packages/shared/kbn-sort-predicates",
     "@kbn/spaces-plugin": "link:x-pack/platform/plugins/shared/spaces",
-    "@kbn/spaces-test-plugin": "link:x-pack/test/spaces_api_integration/common/plugins/spaces_test_plugin",
+    "@kbn/spaces-test-plugin": "link:x-pack/platform/test/spaces_api_integration/common/plugins/spaces_test_plugin",
     "@kbn/spaces-utils": "link:src/platform/packages/shared/kbn-spaces-utils",
     "@kbn/sse-example-plugin": "link:examples/sse_example",
     "@kbn/sse-utils": "link:src/platform/packages/shared/kbn-sse-utils",

scripts/archive_migration_functions.sh

@@ -379,7 +379,7 @@ save_kbn() {
   set -x
   node scripts/kbn_archiver.js --config "$test_config" save "$new_archive" --type $standard_list --space "$space"
   set +x
-  #  node scripts/kbn_archiver.js --config x-pack/test/spaces_api_integration/security_and_spaces/config_basic.ts save x-pack/test/functional/fixtures/kbn_archiver/saved_objects/default_space --type search,index-pattern,visualization,dashboard,lens,map,graph-workspace,query,tag,url,canvas-workpad
+  #  node scripts/kbn_archiver.js --config x-pack/platform/test/spaces_api_integration/security_and_spaces/config_basic.ts save x-pack/test/functional/fixtures/kbn_archiver/saved_objects/default_space --type search,index-pattern,visualization,dashboard,lens,map,graph-workspace,query,tag,url,canvas-workpad
 }
 
 load_kbn() {

tsconfig.base.json

@@ -1956,8 +1956,8 @@
       "@kbn/sort-predicates/*": ["src/platform/packages/shared/kbn-sort-predicates/*"],
       "@kbn/spaces-plugin": ["x-pack/platform/plugins/shared/spaces"],
       "@kbn/spaces-plugin/*": ["x-pack/platform/plugins/shared/spaces/*"],
-      "@kbn/spaces-test-plugin": ["x-pack/test/spaces_api_integration/common/plugins/spaces_test_plugin"],
-      "@kbn/spaces-test-plugin/*": ["x-pack/test/spaces_api_integration/common/plugins/spaces_test_plugin/*"],
+      "@kbn/spaces-test-plugin": ["x-pack/platform/test/spaces_api_integration/common/plugins/spaces_test_plugin"],
+      "@kbn/spaces-test-plugin/*": ["x-pack/platform/test/spaces_api_integration/common/plugins/spaces_test_plugin/*"],
       "@kbn/spaces-utils": ["src/platform/packages/shared/kbn-spaces-utils"],
       "@kbn/spaces-utils/*": ["src/platform/packages/shared/kbn-spaces-utils/*"],
       "@kbn/sse-example-plugin": ["examples/sse_example"],

x-pack/platform/test/api_integration/config.ts

@@ -11,7 +11,7 @@ import { services } from './services';
 
 export async function getApiIntegrationConfig({ readConfigFile }: FtrConfigProviderContext) {
   const xPackFunctionalTestsConfig = await readConfigFile(
-    require.resolve('@kbn/test-suites-xpack/functional/config.base')
+    require.resolve('../functional/config.base.ts')
   );
 
   return {

x-pack/platform/test/fleet_multi_cluster/config.ts

@@ -12,7 +12,7 @@ import { RemoteEsProvider } from './services/remote_es/remote_es';
 
 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
   const xpackFunctionalConfig = await readConfigFile(
-    require.resolve('@kbn/test-suites-xpack/functional/config.base')
+    require.resolve('../api_integration/config.ts')
   );
 
   return {

x-pack/platform/test/serverless/common/package_registry_config.yml

@@ -0,0 +1,2 @@
+package_paths:
+  - /packages/package-storage

x-pack/platform/test/serverless/config.base.ts

@@ -0,0 +1,205 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { resolve } from 'path';
+import { format as formatUrl } from 'url';
+import Fs from 'fs';
+
+import { REPO_ROOT } from '@kbn/repo-info';
+import {
+  esTestConfig,
+  kbnTestConfig,
+  kibanaTestSuperuserServerless,
+  getDockerFileMountPath,
+} from '@kbn/test';
+import { CA_CERT_PATH, kibanaDevServiceAccount } from '@kbn/dev-utils';
+import { MOCK_IDP_REALM_NAME } from '@kbn/mock-idp-utils';
+import path from 'path';
+import { fleetPackageRegistryDockerImage, defineDockerServersConfig } from '@kbn/test';
+
+export default async () => {
+  const packageRegistryConfig = path.join(__dirname, './common/package_registry_config.yml');
+  const dockerArgs: string[] = ['-v', `${packageRegistryConfig}:/package-registry/config.yml`];
+
+  /**
+   * This is used by CI to set the docker registry port
+   * you can also define this environment variable locally when running tests which
+   * will spin up a local docker package registry locally for you
+   * if this is defined it takes precedence over the `packageRegistryOverride` variable
+   */
+  const dockerRegistryPort: string | undefined = process.env.FLEET_PACKAGE_REGISTRY_PORT;
+
+  const servers = {
+    kibana: {
+      ...kbnTestConfig.getUrlParts(kibanaTestSuperuserServerless),
+      protocol: process.env.TEST_CLOUD ? 'https' : 'http',
+      certificateAuthorities: process.env.TEST_CLOUD ? undefined : [Fs.readFileSync(CA_CERT_PATH)],
+    },
+    elasticsearch: {
+      ...esTestConfig.getUrlParts(),
+      protocol: 'https',
+      certificateAuthorities: process.env.TEST_CLOUD ? undefined : [Fs.readFileSync(CA_CERT_PATH)],
+    },
+  };
+
+  // "Fake" SAML provider
+  const idpPath = resolve(
+    __dirname,
+    '../../../test/security_api_integration/plugins/saml_provider/metadata.xml'
+  );
+  const samlIdPPlugin = resolve(
+    __dirname,
+    '../../../test/security_api_integration/plugins/saml_provider'
+  );
+
+  const jwksPath = require.resolve('@kbn/security-api-integration-helpers/oidc/jwks.json');
+
+  return {
+    servers,
+    dockerServers: defineDockerServersConfig({
+      registry: {
+        enabled: !!dockerRegistryPort,
+        image: fleetPackageRegistryDockerImage,
+        portInContainer: 8080,
+        port: dockerRegistryPort,
+        args: dockerArgs,
+        waitForLogLine: 'package manifests loaded',
+        waitForLogLineTimeoutMs: 60 * 4 * 1000, // 4 minutes
+      },
+    }),
+    browser: {
+      acceptInsecureCerts: true,
+    },
+    esTestCluster: {
+      from: 'serverless',
+      files: [idpPath, jwksPath],
+      serverArgs: [
+        'xpack.security.authc.realms.file.file1.order=-100',
+        `xpack.security.authc.realms.native.native1.enabled=false`,
+        `xpack.security.authc.realms.native.native1.order=-97`,
+
+        'xpack.security.authc.realms.jwt.jwt1.allowed_audiences=elasticsearch',
+        `xpack.security.authc.realms.jwt.jwt1.allowed_issuer=https://kibana.elastic.co/jwt/`,
+        `xpack.security.authc.realms.jwt.jwt1.allowed_signature_algorithms=[RS256]`,
+        `xpack.security.authc.realms.jwt.jwt1.allowed_subjects=elastic-agent`,
+        `xpack.security.authc.realms.jwt.jwt1.claims.principal=sub`,
+        'xpack.security.authc.realms.jwt.jwt1.client_authentication.type=shared_secret',
+        'xpack.security.authc.realms.jwt.jwt1.order=-98',
+        `xpack.security.authc.realms.jwt.jwt1.pkc_jwkset_path=${getDockerFileMountPath(jwksPath)}`,
+        `xpack.security.authc.realms.jwt.jwt1.token_type=access_token`,
+        'serverless.indices.validate_dot_prefixes=true',
+        // controller cluster-settings
+        `cluster.service.slow_task_logging_threshold=15s`,
+        `cluster.service.slow_task_thread_dump_timeout=5s`,
+        `serverless.search.enable_replicas_for_instant_failover=true`,
+      ],
+      ssl: true, // SSL is required for SAML realm
+    },
+
+    kbnTestServer: {
+      buildArgs: [],
+      env: {
+        KBN_PATH_CONF: resolve(REPO_ROOT, 'config'),
+      },
+      sourceArgs: ['--no-base-path', '--env.name=development'],
+      serverArgs: [
+        `--server.restrictInternalApis=true`,
+        `--server.port=${servers.kibana.port}`,
+        `--server.prototypeHardening=true`,
+        '--status.allowAnonymous=true',
+        `--migrations.zdt.runOnRoles=${JSON.stringify(['ui'])}`,
+        // We shouldn't embed credentials into the URL since Kibana requests to Elasticsearch should
+        // either include `kibanaServerTestUser` credentials, or credentials provided by the test
+        // user, or none at all in case anonymous access is used.
+        `--elasticsearch.hosts=${formatUrl(
+          Object.fromEntries(
+            Object.entries(servers.elasticsearch).filter(([key]) => key.toLowerCase() !== 'auth')
+          )
+        )}`,
+        `--elasticsearch.serviceAccountToken=${kibanaDevServiceAccount.token}`,
+        `--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`,
+        '--telemetry.sendUsageTo=staging',
+        `--logging.appenders.deprecation=${JSON.stringify({
+          type: 'console',
+          layout: {
+            type: 'json',
+          },
+        })}`,
+        `--logging.loggers=${JSON.stringify([
+          {
+            name: 'elasticsearch.deprecation',
+            level: 'all',
+            appenders: ['deprecation'],
+          },
+        ])}`,
+        // Add meta info to the logs so FTR logs are more actionable
+        `--logging.appenders.default=${JSON.stringify({
+          type: 'console',
+          layout: {
+            type: 'pattern',
+            pattern: '[%date][%level][%logger] %message %meta',
+          },
+        })}`,
+        `--logging.appenders.console=${JSON.stringify({
+          type: 'console',
+          layout: {
+            type: 'pattern',
+            pattern: '[%date][%level][%logger] %message %meta',
+          },
+        })}`,
+        // This ensures that we register the Security SAML API endpoints.
+        // In the real world the SAML config is injected by control plane.
+        `--plugin-path=${samlIdPPlugin}`,
+        // Ensure that SAML is used as the default authentication method whenever a user navigates to Kibana. In other
+        // words, Kibana should attempt to authenticate the user using the provider with the lowest order if the Login
+        // Selector is disabled (which is how Serverless Kibana is configured). By declaring `cloud-basic` with a higher
+        // order, we indicate that basic authentication can still be used, but only if explicitly requested when the
+        // user navigates to `/login` page directly and enters username and password in the login form.
+        '--xpack.security.authc.selector.enabled=false',
+        `--xpack.security.authc.providers=${JSON.stringify({
+          saml: { 'cloud-saml-kibana': { order: 0, realm: MOCK_IDP_REALM_NAME } },
+          basic: { 'cloud-basic': { order: 1 } },
+        })}`,
+        '--xpack.encryptedSavedObjects.encryptionKey="wuGNaIhoMpk5sO4UBxgr3NyW1sFcLgIf"',
+        `--server.publicBaseUrl=${servers.kibana.protocol}://${servers.kibana.hostname}:${servers.kibana.port}`,
+        // configure security reponse header report-to settings to mimic MKI configuration
+        `--csp.report_to=${JSON.stringify(['violations-endpoint'])}`,
+        `--permissionsPolicy.report_to=${JSON.stringify(['violations-endpoint'])}`,
+        // normally below is injected by control plane
+        '--xpack.cloud.id=ftr_fake_cloud_id',
+        `--xpack.cloud.serverless.project_id=fakeprojectid`,
+        `--xpack.cloud.base_url=https://fake-cloud.elastic.co`,
+        `--xpack.cloud.projects_url=/projects/`,
+        `--xpack.cloud.profile_url=/user/settings/`,
+        `--xpack.cloud.billing_url=/billing/overview/`,
+        `--xpack.cloud.deployments_url=/deployments`,
+        `--xpack.cloud.organization_url=/account/`,
+        `--xpack.cloud.users_and_roles_url=/account/members/`,
+      ],
+    },
+
+    security: { disableTestUser: true },
+
+    // Used by FTR to recognize serverless project and change its behavior accordingly
+    serverless: true,
+
+    services: {}, // define later
+
+    // overriding default timeouts from src/platform/packages/shared/kbn-test/src/functional_test_runner/lib/config/schema.ts
+    // so we can easily adjust them for serverless where needed
+    timeouts: {
+      find: 10 * 1000,
+      try: 120 * 1000,
+      waitFor: 20 * 1000,
+      esRequestTimeout: 30 * 1000,
+      kibanaReportCompletion: 600 * 1000,
+      kibanaStabilize: 15 * 1000,
+      navigateStatusPageCheck: 250,
+      waitForExists: 2500,
+    },
+  };
+};

x-pack/test/spaces_api_integration/common/plugins/spaces_test_plugin/tsconfig.json → x-pack/platform/test/spaces_api_integration/common/plugins/spaces_test_plugin/tsconfig.json

@@ -1,5 +1,5 @@
 {
-  "extends": "../../../../../../tsconfig.base.json",
+  "extends": "../../../../../../../tsconfig.base.json",
   "compilerOptions": {
     "outDir": "target/types",
     "isolatedModules": true