[Security] tests for API keys app#48560
Conversation
alisonelizabeth
added
chore
Feature:Users/Roles/API Keys
v8.0.0
Team:Kibana Management
|
Pinging @elastic/es-ui (Team:Elasticsearch UI) |
💚 Build Succeeded
|
alisonelizabeth
force-pushed
the
api_keys_tests
branch
from
37d684e to
620c839
Compare
💔 Build Failed
|
alisonelizabeth
force-pushed
the
api_keys_tests
branch
from
620c839 to
8d4347e
Compare
💚 Build Succeeded |
|
@elasticmachine merge upstream |
💚 Build Succeeded |
|
@elasticmachine merge upstream |
💚 Build Succeeded |
|
@elasticmachine merge upstream |
💚 Build Succeeded |
|
Testing in progress. |
cuff-links
left a comment
cuff-links
left a comment
There was a problem hiding this comment.
LGTM. I ran the tests. Has pretty good coverage.
|
@elasticmachine merge upstream |
💚 Build Succeeded |
| import { initApiKeysApi } from '../api_keys'; | ||
| import * as ClientShield from '../../../../../../../server/lib/get_client_shield'; | ||
|
|
||
| describe('API Keys routes', () => { |
There was a problem hiding this comment.
We've generally tried to write all unit tests in jest as opposed to mocha and no longer rely on sinon. Can we change these to use jest without sinon?
|
|
||
| afterEach(() => sandbox.restore()); | ||
|
|
||
| describe('privileges', () => { |
There was a problem hiding this comment.
nit: These tests are missing the assertions to ensure that callWithRequest is invoked with the proper parameters... it's possible to change
callWithRequest(
request,
'shield.hasPrivileges',
{
body: {
cluster: [
'manage_security',
'manage_api_key',
],
},
}
)
to
callWithRequest(
request,
'shield.hasPrivileges',
{
body: {
foo: true,
},
}
)
and still have these tests pass.
|
|
||
| const { areApiKeysEnabled } = await privilegesRoute.handler(request); | ||
|
|
||
| expect(areApiKeysEnabled).to.be(true); |
There was a problem hiding this comment.
| expect(areApiKeysEnabled).to.be(true); | |
| expect(areApiKeysEnabled).to.be(false); |
| sinon.match.same(request), | ||
| 'shield.getAPIKeys', | ||
| ) | ||
| .resolves(apiKeysDisabledError); |
There was a problem hiding this comment.
| .resolves(apiKeysDisabledError); | |
| .rejects(apiKeysDisabledError); |
| expect(areApiKeysEnabled).to.be(true); | ||
| }); | ||
|
|
||
| it('sets isAdmin to true if a user has the manage_security or manage_api_key privilege', async () => { |
There was a problem hiding this comment.
nit: This isn't really testing whether or not the user has the manage_security cluster privilege or the manage_api_key privilege, it's testing what happens when they have both. We're already testing this with "returns areApiKeysEnabled and isAdmin"
| expect(errors).to.have.length(0); | ||
| }); | ||
|
|
||
| it('returns a list of errors encountered when trying to invalidate each key', async () => { |
There was a problem hiding this comment.
Can we change this test to only throw an error when invalidating the first api key, and ensure the second api key is still invalidated?
| }); | ||
| }); | ||
|
|
||
| it('only returns valid keys', async () => { |
There was a problem hiding this comment.
nit: This test is also missing the assertions to ensure that callWithRequest is invoked with the proper parameters...
| .resolves(MOCK_API_KEYS_WITH_INVALIDATED_RESPONSE); | ||
|
|
||
| const { apiKeys } = await getRoute.handler(request); | ||
| expect(apiKeys).to.have.length(1); |
There was a problem hiding this comment.
| expect(apiKeys).to.have.length(1); | |
| expect(apiKeys).to.have.length(1); | |
| expect(apiKeys[0]).to.equal(MOCK_API_KEYS_WITH_INVALIDATED_RESPONSE.api_keys[0]); |
|
|
||
| const { itemsInvalidated, errors } = await invalidateRoute.handler(request); | ||
|
|
||
| expect(itemsInvalidated).to.have.length(MOCK_INVALIDATE_API_KEYS.length); |
There was a problem hiding this comment.
| expect(itemsInvalidated).to.have.length(MOCK_INVALIDATE_API_KEYS.length); | |
| expect(itemsInvalidated).to.have.length(MOCK_INVALIDATE_API_KEYS.length); | |
| expect(itemsInvalidated).to.equal(MOCK_INVALIDATE_API_KEYS); |
| it('renders a loading state when fetching API keys', async () => { | ||
| const wrapper = mountWithIntl(<ApiKeysGridPage />); | ||
|
|
||
| expect(wrapper.find(SectionLoading)).toHaveLength(1); |
There was a problem hiding this comment.
Would using a data-test-subj here let us get away from having to use // eslint-disable-next-line @kbn/eslint/no-restricted-paths above?
|
Thanks so much for adding these @alisonelizabeth! |
|
@elasticmachine merge upstream |
|
@kobelb thanks for the review! I finally got around to addressing your feedback. I converted the API tests to jest and removed sinon. Do you think you could take another look? |
💚 Build Succeeded |
|
@elasticmachine merge upstream |
💚 Build Succeeded |
4 participants
This PR adds tests for the new API keys app added via #45740.
Fixes #47869