added api integration test for authzd users

x-pack/plugins/reporting/common/constants.ts

@@ -92,7 +92,6 @@ export const API_LIST_URL = `${API_BASE_URL}/jobs`;
 export const API_DIAGNOSE_URL = `${API_BASE_URL}/diagnose`;
 
 export const API_GET_ILM_POLICY_STATUS = `${API_BASE_URL}/ilm_policy_status`;
-export const API_CREATE_ILM_POLICY_URL = `${API_BASE_URL}/ilm_policy`;
 export const API_MIGRATE_ILM_POLICY_URL = `${API_BASE_URL}/deprecations/migrate_ilm_policy`;
 
 export const ILM_POLICY_NAME = 'kibana-reporting';

x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts

@@ -16,7 +16,9 @@ export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const es = getService('es');
   const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
   const reportingAPI = getService('reportingAPI');
+  const security = getService('security');
 
   describe('ILM policy migration APIs', () => {
     before(async () => {
@@ -111,5 +113,32 @@ export default function ({ getService }: FtrProviderContext) {
 
       expect(policy).to.eql(customLifecycle.policy);
     });
+
+    it('is not available to unauthorized users', async () => {
+      const UNAUTHZD_TEST_USERNAME = 'UNAUTHZD_TEST_USERNAME';
+      const UNAUTHZD_TEST_USER_PASSWORD = 'UNAUTHZD_TEST_USER_PASSWORD';
+
+      await security.user.create(UNAUTHZD_TEST_USERNAME, {
+        password: UNAUTHZD_TEST_USER_PASSWORD,
+        roles: [],
+        full_name: 'an unauthzd user',
+      });
+
+      try {
+        await supertestWithoutAuth
+          .put(reportingAPI.routes.API_MIGRATE_ILM_POLICY_URL)
+          .auth(UNAUTHZD_TEST_USERNAME, UNAUTHZD_TEST_USER_PASSWORD)
+          .set('kbn-xsrf', 'xxx')
+          .expect(404);
+
+        await supertestWithoutAuth
+          .get(reportingAPI.routes.API_GET_ILM_POLICY_STATUS)
+          .auth(UNAUTHZD_TEST_USERNAME, UNAUTHZD_TEST_USER_PASSWORD)
+          .set('kbn-xsrf', 'xxx')
+          .expect(404);
+      } finally {
+        await security.user.delete(UNAUTHZD_TEST_USERNAME);
+      }
+    });
   });
 }

x-pack/test/reporting_api_integration/services/scenarios.ts

@@ -6,6 +6,10 @@
  */
 
 import rison, { RisonValue } from 'rison-node';
+import {
+  API_GET_ILM_POLICY_STATUS,
+  API_MIGRATE_ILM_POLICY_URL,
+} from '../../../plugins/reporting/common/constants';
 import { JobParamsCSV } from '../../../plugins/reporting/server/export_types/csv_searchsource/types';
 import { JobParamsDownloadCSV } from '../../../plugins/reporting/server/export_types/csv_searchsource_immediate/types';
 import { JobParamsPNG } from '../../../plugins/reporting/server/export_types/png/types';
@@ -167,18 +171,15 @@ export function createScenarios({ getService }: Pick<FtrProviderContext, 'getSer
   const checkIlmMigrationStatus = async () => {
     log.debug('ReportingAPI.checkIlmMigrationStatus');
     const { body } = await supertest
-      .get('/api/reporting/ilm_policy_status')
+      .get(API_GET_ILM_POLICY_STATUS)
       .set('kbn-xsrf', 'xxx')
       .expect(200);
     return body.status;
   };
 
   const migrateReportingIndices = async () => {
     log.debug('ReportingAPI.migrateReportingIndices');
-    await supertest
-      .put('/api/reporting/deprecations/migrate_ilm_policy')
-      .set('kbn-xsrf', 'xxx')
-      .expect(200);
+    await supertest.put(API_MIGRATE_ILM_POLICY_URL).set('kbn-xsrf', 'xxx').expect(200);
   };
 
   const makeAllReportingIndicesUnmanaged = async () => {
@@ -201,6 +202,10 @@ export function createScenarios({ getService }: Pick<FtrProviderContext, 'getSer
     DATA_ANALYST_PASSWORD,
     REPORTING_USER_USERNAME,
     REPORTING_USER_PASSWORD,
+    routes: {
+      API_GET_ILM_POLICY_STATUS,
+      API_MIGRATE_ILM_POLICY_URL,
+    },
     createDataAnalystRole,
     createDataAnalyst,
     createTestReportingUserRole,