test deprecated siem versions in some cy tests

gergoabraham · gergoabraham · commit 4b4f49ea3dc5 · 2025-06-18T16:01:20.000+02:00
diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts
@@ -20,3 +20,19 @@ export const KIBANA_KNOWN_DEFAULT_ACCOUNTS = {
   system_indices_superuser: 'system_indices_superuser',
   admin: 'admin',
 } as const;
+
+/**
+ * Siem feature versions to test.
+ *
+ * When a new `siem` version is implemented, please update the list below.
+ */
+export const SIEM_VERSIONS = [
+  // deprecated siem versions
+  'siem',
+  'siemV2',
+
+  // actual version, should equal to SECURITY_FEATURE_ID
+  'siemV3',
+] as const;
+
+export type SiemVersion = (typeof SIEM_VERSIONS)[number];
diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { getRoleWithArtifactReadPrivilege } from '../../fixtures/role_with_artifact_read_privilege';
 import { login, ROLE } from '../../tasks/login';
 import { loadPage } from '../../tasks/common';
 
@@ -18,26 +17,59 @@ import {
 import { performUserActions } from '../../tasks/perform_user_actions';
 import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
 import type { ReturnTypeFromChainable } from '../../types';
-
-const loginWithWriteAccess = (url: string) => {
-  login(ROLE.endpoint_policy_manager);
-  loadPage(url);
-};
-
-const loginWithReadAccess = (privilegePrefix: string, url: string) => {
-  const roleWithArtifactReadPrivilege = getRoleWithArtifactReadPrivilege(privilegePrefix);
-  login.withCustomRole({ name: 'roleWithArtifactReadPrivilege', ...roleWithArtifactReadPrivilege });
-  loadPage(url);
-};
-
-const loginWithoutAccess = (url: string) => {
-  login(ROLE.t1_analyst);
-  loadPage(url);
+import { SIEM_VERSIONS, type SiemVersion } from '../../common/constants';
+import { SECURITY_FEATURE_ID } from '../../../../../common';
+import { getT1Analyst } from '../../../../../scripts/endpoint/common/roles_users';
+
+const loginWithArtifactAccess = (
+  siemVersion: SiemVersion,
+  privilegePrefix: string,
+  access: 'none' | 'read' | 'all'
+) => {
+  const base = getT1Analyst();
+
+  const customRole: typeof base = {
+    ...base,
+    kibana: [
+      {
+        ...base.kibana[0],
+        feature: {
+          [siemVersion]: [
+            // siemVX: read
+            'read',
+            // none/read/all for selected artifact
+            ...(access !== 'none' ? [`${privilegePrefix}${access}`] : []),
+          ],
+        },
+      },
+    ],
+  };
+
+  login.withCustomRole({ name: 'customRole', ...customRole });
 };
 
+/**
+ * Notes:
+ * ESS:
+ *  - testing NONE, READ, WRITE privileges with custom roles
+ *  - also, all SIEM feature versions are tested to check backward compatibility
+ *
+ * Serverless: a subset of tests.
+ *  - only NONE and WRITE privileges are tested with predefined roles
+ *  - and only the latest SIEM feature (SECURITY_FEATURE_ID)
+ *
+ * Possible improvement: use custom roles on serverless to test the same as on ESS.
+ */
 describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }, () => {
   let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts> | undefined;
 
+  const isServerless = Cypress.env('IS_SERVERLESS');
+  const siemVersionsToTest = isServerless ? [SECURITY_FEATURE_ID] : SIEM_VERSIONS;
+
+  let loginWithoutAccess: () => void;
+  let loginWithReadAccess: () => void;
+  let loginWithWriteAccess: () => void;
+
   before(() => {
     indexEndpointHosts().then((indexEndpoints) => {
       endpointData = indexEndpoints;
@@ -55,126 +87,158 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
     endpointData = undefined;
   });
 
-  for (const testData of getArtifactsListTestsData()) {
-    describe(`When on the ${testData.title} entries list`, () => {
-      describe('given there are no artifacts yet', () => {
-        it(`no access - should show no privileges callout`, () => {
-          loginWithoutAccess(`/app/security/administration/${testData.urlPath}`);
-          cy.getByTestSubj('noPrivilegesPage').should('exist');
-          cy.getByTestSubj('empty-page-feature-action').should('exist');
-          cy.getByTestSubj(testData.emptyState).should('not.exist');
-          cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
-        });
-
-        it(
-          `read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`,
-          // there is no such role in Serverless environment that only reads artifacts
-          { tags: ['@skipInServerless'] },
-          () => {
-            loginWithReadAccess(
-              testData.privilegePrefix,
-              `/app/security/administration/${testData.urlPath}`
+  for (const siemVersion of siemVersionsToTest) {
+    describe(siemVersion, () => {
+      for (const testData of getArtifactsListTestsData()) {
+        describe(`When on the ${testData.title} entries list`, () => {
+          beforeEach(() => {
+            const { privilegePrefix } = testData;
+
+            loginWithWriteAccess = () => {
+              if (isServerless) {
+                login(ROLE.endpoint_policy_manager);
+              } else {
+                loginWithArtifactAccess(siemVersion, privilegePrefix, 'all');
+              }
+            };
+
+            loginWithReadAccess = () => {
+              expect(isServerless, 'Testing read access is implemented only on ESS').to.equal(
+                false
+              );
+              loginWithArtifactAccess(siemVersion, privilegePrefix, 'read');
+            };
+
+            loginWithoutAccess = () => {
+              if (isServerless) {
+                login(ROLE.t1_analyst);
+              } else {
+                loginWithArtifactAccess(siemVersion, privilegePrefix, 'none');
+              }
+            };
+          });
+
+          describe('given there are no artifacts yet', () => {
+            it(`no access - should show no privileges callout`, () => {
+              loginWithoutAccess();
+              loadPage(`/app/security/administration/${testData.urlPath}`);
+              cy.getByTestSubj('noPrivilegesPage').should('exist');
+              cy.getByTestSubj('empty-page-feature-action').should('exist');
+              cy.getByTestSubj(testData.emptyState).should('not.exist');
+              cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
+            });
+
+            it(
+              `read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`,
+              // there is no such role in Serverless environment that only reads artifacts
+              { tags: ['@skipInServerless'] },
+              () => {
+                loginWithReadAccess();
+                loadPage(`/app/security/administration/${testData.urlPath}`);
+                cy.getByTestSubj(testData.emptyState).should('exist');
+                cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
+              }
             );
-            cy.getByTestSubj(testData.emptyState).should('exist');
-            cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
-          }
-        );
-
-        it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => {
-          loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
-          cy.getByTestSubj(testData.emptyState).should('exist');
-          cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('exist');
-        });
-
-        it(`write - should create new ${testData.title} entry`, () => {
-          loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
-          // Opens add flyout
-          cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).click();
-
-          performUserActions(testData.create.formActions);
-
-          // Submit create artifact form
-          cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
 
-          // Check new artifact is in the list
-          for (const checkResult of testData.create.checkResults) {
-            cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
-          }
-
-          // Title is shown after adding an item
-          cy.getByTestSubj('header-page-title').contains(testData.title);
-        });
-      });
-
-      describe('given there is an existing artifact', () => {
-        beforeEach(() => {
-          createArtifactList(testData.createRequestBody.list_id);
-          createPerPolicyArtifact(testData.artifactName, testData.createRequestBody);
-        });
-
-        it(
-          `read - should not be able to update/delete an existing ${testData.title} entry`,
-          // there is no such role in Serverless environment that only reads artifacts
-          { tags: ['@skipInServerless'] },
-          () => {
-            loginWithReadAccess(
-              testData.privilegePrefix,
-              `/app/security/administration/${testData.urlPath}`
-            );
-            cy.getByTestSubj('header-page-title').contains(testData.title);
-            cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should(
-              'not.exist'
-            );
-            cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
-            cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should('not.exist');
-          }
-        );
-
-        it(
-          `read - should not be able to create a new ${testData.title} entry`,
-          // there is no such role in Serverless environment that only reads artifacts
-          { tags: ['@skipInServerless'] },
-          () => {
-            loginWithReadAccess(
-              testData.privilegePrefix,
-              `/app/security/administration/${testData.urlPath}`
+            it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => {
+              loginWithWriteAccess();
+              loadPage(`/app/security/administration/${testData.urlPath}`);
+              cy.getByTestSubj(testData.emptyState).should('exist');
+              cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('exist');
+            });
+
+            it(`write - should create new ${testData.title} entry`, () => {
+              loginWithWriteAccess();
+              loadPage(`/app/security/administration/${testData.urlPath}`);
+              // Opens add flyout
+              cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).click();
+
+              performUserActions(testData.create.formActions);
+
+              // Submit create artifact form
+              cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
+
+              // Check new artifact is in the list
+              for (const checkResult of testData.create.checkResults) {
+                cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
+              }
+
+              // Title is shown after adding an item
+              cy.getByTestSubj('header-page-title').contains(testData.title);
+            });
+          });
+
+          describe('given there is an existing artifact', () => {
+            beforeEach(() => {
+              createArtifactList(testData.createRequestBody.list_id);
+              createPerPolicyArtifact(testData.artifactName, testData.createRequestBody);
+            });
+
+            it(
+              `read - should not be able to update/delete an existing ${testData.title} entry`,
+              // there is no such role in Serverless environment that only reads artifacts
+              { tags: ['@skipInServerless'] },
+              () => {
+                loginWithReadAccess();
+                loadPage(`/app/security/administration/${testData.urlPath}`);
+                cy.getByTestSubj('header-page-title').contains(testData.title);
+                cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should(
+                  'not.exist'
+                );
+                cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
+                cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should(
+                  'not.exist'
+                );
+              }
             );
-            cy.getByTestSubj('header-page-title').contains(testData.title);
-            cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
-          }
-        );
 
-        it(`write - should be able to update an existing ${testData.title} entry`, () => {
-          loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
-          // Opens edit flyout
-          cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
-          cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).click();
-
-          performUserActions(testData.update.formActions);
-
-          // Submit edit artifact form
-          cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
-
-          for (const checkResult of testData.update.checkResults) {
-            cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
-          }
-
-          // Title still shown after editing an item
-          cy.getByTestSubj('header-page-title').contains(testData.title);
-        });
+            it(
+              `read - should not be able to create a new ${testData.title} entry`,
+              // there is no such role in Serverless environment that only reads artifacts
+              { tags: ['@skipInServerless'] },
+              () => {
+                loginWithReadAccess();
+                loadPage(`/app/security/administration/${testData.urlPath}`);
+                cy.getByTestSubj('header-page-title').contains(testData.title);
+                cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
+              }
+            );
 
-        it(`write - should be able to delete the existing ${testData.title} entry`, () => {
-          loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
-          // Remove it
-          cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
-          cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).click();
-          cy.getByTestSubj(`${testData.pagePrefix}-deleteModal-submitButton`).click();
-          // No card visible after removing it
-          cy.getByTestSubj(testData.delete.card).should('not.exist');
-          // Empty state is displayed after removing last item
-          cy.getByTestSubj(testData.emptyState).should('exist');
+            it(`write - should be able to update an existing ${testData.title} entry`, () => {
+              loginWithWriteAccess();
+              loadPage(`/app/security/administration/${testData.urlPath}`);
+              // Opens edit flyout
+              cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
+              cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).click();
+
+              performUserActions(testData.update.formActions);
+
+              // Submit edit artifact form
+              cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
+
+              for (const checkResult of testData.update.checkResults) {
+                cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
+              }
+
+              // Title still shown after editing an item
+              cy.getByTestSubj('header-page-title').contains(testData.title);
+            });
+
+            it(`write - should be able to delete the existing ${testData.title} entry`, () => {
+              loginWithWriteAccess();
+              loadPage(`/app/security/administration/${testData.urlPath}`);
+              // Remove it
+              cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
+              cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).click();
+              cy.getByTestSubj(`${testData.pagePrefix}-deleteModal-submitButton`).click();
+              // No card visible after removing it
+              cy.getByTestSubj(testData.delete.card).should('not.exist');
+              // Empty state is displayed after removing last item
+              cy.getByTestSubj(testData.emptyState).should('exist');
+            });
+          });
         });
-      });
+      }
     });
   }
 });
diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/endpoint_list/endpoints_rbac_mocked_data.cy.ts b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/endpoint_list/endpoints_rbac_mocked_data.cy.ts
