Adding get security and spaces tests

kobelb · Sep 7, 2018 · 94682e5 · 94682e5
1 parent 481943f
commit 94682e5
Show file tree

Hide file tree

Showing 3 changed files with 204 additions and 0 deletions.
diff --git a/x-pack/test/saved_object_api_integration/common/suites/saved_objects/bulk_get.ts b/x-pack/test/saved_object_api_integration/common/suites/saved_objects/bulk_get.ts
@@ -87,6 +87,14 @@ export function bulkGetTestSuiteFactory(esArchiver: any, supertest: any) {
     });
   };
 
+  const expectRbacForbidden = (resp: any) => {
+    expect(resp.body).to.eql({
+      statusCode: 403,
+      error: 'Forbidden',
+      message: `Unable to bulk_get dashboard,visualization, missing action:saved_objects/dashboard/bulk_get,action:saved_objects/visualization/bulk_get`,
+    });
+  };
+
   const createExpectNotFoundResults = (spaceId: string) => (resp: any) => {
     expect(resp.body).to.eql({
       saved_objects: [
@@ -148,5 +156,6 @@ export function bulkGetTestSuiteFactory(esArchiver: any, supertest: any) {
     createExpectLegacyForbidden,
     createExpectNotFoundResults,
     createExpectResults,
+    expectRbacForbidden,
   };
 }
diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/saved_objects/bulk_get.ts b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/saved_objects/bulk_get.ts
@@ -0,0 +1,194 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { AUTHENTICATION } from '../../../common/lib/authentication';
+import { SPACES } from '../../../common/lib/spaces';
+import { TestInvoker } from '../../../common/lib/types';
+import { bulkGetTestSuiteFactory } from '../../../common/suites/saved_objects/bulk_get';
+
+// tslint:disable:no-default-export
+export default function({ getService }: TestInvoker) {
+  const supertest = getService('supertestWithoutAuth');
+  const esArchiver = getService('esArchiver');
+
+  const {
+    bulkGetTest,
+    createExpectLegacyForbidden,
+    createExpectResults,
+    expectRbacForbidden,
+  } = bulkGetTestSuiteFactory(esArchiver, supertest);
+
+  describe.only('_bulk_get', () => {
+    [
+      {
+        spaceId: SPACES.DEFAULT.spaceId,
+        userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER,
+        userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER,
+        userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER,
+      },
+      {
+        spaceId: SPACES.DEFAULT.spaceId,
+        userWithAllAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER,
+        userWithReadAtSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_READ_USER,
+        userWithAllAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_1_ALL_USER,
+      },
+    ].forEach(({ spaceId, userWithAllAtSpace, userWithReadAtSpace, userWithAllAtOtherSpace }) => {
+      bulkGetTest(`not a kibana user`, {
+        auth: {
+          username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME,
+          password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 403,
+            response: createExpectLegacyForbidden(AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME),
+          },
+        },
+      });
+
+      bulkGetTest(`superuser`, {
+        auth: {
+          username: AUTHENTICATION.SUPERUSER.USERNAME,
+          password: AUTHENTICATION.SUPERUSER.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(`kibana legacy user`, {
+        auth: {
+          username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME,
+          password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(`kibana legacy dashboard only user`, {
+        auth: {
+          username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME,
+          password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(`kibana dual-privileges user`, {
+        auth: {
+          username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
+          password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(`kibana dual-privileges dashboard only user`, {
+        auth: {
+          username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
+          password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(`kibana rbac user`, {
+        auth: {
+          username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
+          password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(`kibana rbac dashboard only user`, {
+        auth: {
+          username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME,
+          password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(userWithAllAtSpace.USERNAME, {
+        auth: {
+          username: userWithAllAtSpace.USERNAME,
+          password: userWithAllAtSpace.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(userWithReadAtSpace.USERNAME, {
+        auth: {
+          username: userWithReadAtSpace.USERNAME,
+          password: userWithReadAtSpace.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 200,
+            response: createExpectResults(spaceId),
+          },
+        },
+      });
+
+      bulkGetTest(userWithAllAtOtherSpace.USERNAME, {
+        auth: {
+          username: userWithAllAtOtherSpace.USERNAME,
+          password: userWithAllAtOtherSpace.PASSWORD,
+        },
+        spaceId,
+        tests: {
+          default: {
+            statusCode: 403,
+            response: expectRbacForbidden,
+          },
+        },
+      });
+    });
+  });
+}
diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/saved_objects/index.js b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/saved_objects/index.js
@@ -8,6 +8,7 @@
 
 export default function ({ loadTestFile }) {
   describe('saved_objects', () => {
+    loadTestFile(require.resolve('./bulk_get'));
     loadTestFile(require.resolve('./create'));
     loadTestFile(require.resolve('./find'));
     loadTestFile(require.resolve('./get'));