Security and Spaces create tests

kobelb · Sep 5, 2018 · 9deec1b · 9deec1b
1 parent a8232dd
commit 9deec1b
Show file tree

Hide file tree

Showing 16 changed files with 782 additions and 187 deletions.
diff --git a/x-pack/test/saved_object_api_integration/common/config.js b/x-pack/test/saved_object_api_integration/common/config.js
@@ -62,7 +62,8 @@ export function createTestConfig(name, { license = 'trial', disabledPlugins = []
           ...config.xpack.api.get('kbnTestServer.serverArgs'),
           '--optimize.enabled=false',
           '--server.xsrf.disableProtection=true',
-          ...disabledPlugins.map(key => `--xpack.${key}.enabled=false`)
+          ...disabledPlugins.map(key => `--xpack.${key}.enabled=false`),
+          `--plugin-path=${path.join(__dirname, 'fixtures', 'namespace_agnostic_type_plugin')}`
         ],
       },
     };

diff --git a/...t/saved_object_api_integration/common/fixtures/es_archiver/saved_objects/spaces/data.json b/...t/saved_object_api_integration/common/fixtures/es_archiver/saved_objects/spaces/data.json
@@ -331,3 +331,19 @@
     }
   }
 }
+
+{
+  "type": "doc",
+  "value": {
+    "index": ".kibana",
+    "type": "doc",
+    "id": "chapo:8121a00-8efd-21e7-1cb3-34ab96643444",
+    "source": {
+      "type": "chapo",
+      "updated_at": "2017-09-21T18:59:16.270Z",
+      "chapo": {
+        "name": "El Chapo"
+      }
+    }
+  }
+}
diff --git a/...ved_object_api_integration/common/fixtures/es_archiver/saved_objects/spaces/mappings.json b/...ved_object_api_integration/common/fixtures/es_archiver/saved_objects/spaces/mappings.json
@@ -302,6 +302,19 @@
                 "type": "text"
               }
             }
+          },
+          "chapo": {
+            "properties": {
+              "name": {
+                "type": "text",
+                "fields": {
+                  "keyword": {
+                    "type": "keyword",
+                    "ignore_above": 2048
+                  }
+                }
+              }
+            }
           }
         }
       }

diff --git a/...test/saved_object_api_integration/common/fixtures/namespace_agnostic_type_plugin/index.js b/...test/saved_object_api_integration/common/fixtures/namespace_agnostic_type_plugin/index.js
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import mappings from './mappings.json';
+
+export default function (kibana) {
+  return new kibana.Plugin({
+    require: [],
+    name: 'namespace_agnostic_type_plugin',
+    uiExports: {
+      savedObjectsSchema: {
+        chapo: {
+          isNamespaceAgnostic: true
+        }
+      },
+      mappings,
+    },
+
+    config() {},
+  });
+}
diff --git a/...saved_object_api_integration/common/fixtures/namespace_agnostic_type_plugin/mappings.json b/...saved_object_api_integration/common/fixtures/namespace_agnostic_type_plugin/mappings.json
@@ -0,0 +1,15 @@
+{
+  "chapo": {
+    "properties": {
+      "name": {
+        "type": "text",
+        "fields": {
+          "keyword": {
+            "type": "keyword",
+            "ignore_above": 2048
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/.../saved_object_api_integration/common/fixtures/namespace_agnostic_type_plugin/package.json b/.../saved_object_api_integration/common/fixtures/namespace_agnostic_type_plugin/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "namespace_agnostic_type_plugin",
+  "version": "0.0.0",
+  "kibana": {
+    "version": "kibana"
+  }
+}
diff --git a/x-pack/test/saved_object_api_integration/common/lib/create_users_and_roles.js b/x-pack/test/saved_object_api_integration/common/lib/create_users_and_roles.js
@@ -0,0 +1,176 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { AUTHENTICATION } from './authentication';
+
+export const createUsersAndRoles = async (es, supertest) => {
+  await supertest.put('/api/security/role/kibana_legacy_user')
+    .send({
+      elasticsearch: {
+        indices: [{
+          names: ['.kibana'],
+          privileges: ['manage', 'read', 'index', 'delete']
+        }]
+      }
+    });
+
+  await supertest.put('/api/security/role/kibana_legacy_dashboard_only_user')
+    .send({
+      elasticsearch: {
+        indices: [{
+          names: ['.kibana'],
+          privileges: ['read', 'view_index_metadata']
+        }]
+      }
+    });
+
+  await supertest.put('/api/security/role/kibana_dual_privileges_user')
+    .send({
+      elasticsearch: {
+        indices: [{
+          names: ['.kibana'],
+          privileges: ['manage', 'read', 'index', 'delete']
+        }]
+      },
+      kibana: {
+        global: ['all']
+      }
+    });
+
+  await supertest.put('/api/security/role/kibana_dual_privileges_dashboard_only_user')
+    .send({
+      elasticsearch: {
+        indices: [{
+          names: ['.kibana'],
+          privileges: ['read', 'view_index_metadata']
+        }]
+      },
+      kibana: {
+        global: ['read']
+      }
+    });
+
+  await supertest.put('/api/security/role/kibana_rbac_user')
+    .send({
+      kibana: {
+        global: ['all']
+      }
+    });
+
+  await supertest.put('/api/security/role/kibana_rbac_dashboard_only_user')
+    .send({
+      kibana: {
+        global: ['read']
+      }
+    });
+
+  await supertest.put('/api/security/role/kibana_rbac_default_space_user')
+    .send({
+      kibana: {
+        space: {
+          default: ['all']
+        }
+      }
+    });
+
+  await supertest.put('/api/security/role/kibana_rbac_space_1_read_user')
+    .send({
+      kibana: {
+        space: {
+          space_1: ['read']
+        }
+      }
+    });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.NOT_A_KIBANA_USER.PASSWORD,
+      roles: [],
+      full_name: 'not a kibana user',
+      email: 'not_a_kibana_user@elastic.co',
+    }
+  });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.KIBANA_LEGACY_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.KIBANA_LEGACY_USER.PASSWORD,
+      roles: ['kibana_legacy_user'],
+      full_name: 'a kibana legacy user',
+      email: 'a_kibana_legacy_user@elastic.co',
+    }
+  });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.KIBANA_LEGACY_DASHBOARD_ONLY_USER.PASSWORD,
+      roles: ["kibana_legacy_dashboard_only_user"],
+      full_name: 'a kibana legacy dashboard only user',
+      email: 'a_kibana_legacy_dashboard_only_user@elastic.co',
+    }
+  });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER.PASSWORD,
+      roles: ['kibana_dual_privileges_user'],
+      full_name: 'a kibana dual_privileges user',
+      email: 'a_kibana_dual_privileges_user@elastic.co',
+    }
+  });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER.PASSWORD,
+      roles: ["kibana_dual_privileges_dashboard_only_user"],
+      full_name: 'a kibana dual_privileges dashboard only user',
+      email: 'a_kibana_dual_privileges_dashboard_only_user@elastic.co',
+    }
+  });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.KIBANA_RBAC_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.KIBANA_RBAC_USER.PASSWORD,
+      roles: ['kibana_rbac_user'],
+      full_name: 'a kibana user',
+      email: 'a_kibana_rbac_user@elastic.co',
+    }
+  });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER.PASSWORD,
+      roles: ["kibana_rbac_dashboard_only_user"],
+      full_name: 'a kibana dashboard only user',
+      email: 'a_kibana_rbac_dashboard_only_user@elastic.co',
+    }
+  });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_USER.PASSWORD,
+      roles: ['kibana_rbac_default_space_user'],
+      full_name: 'a kibana default space user',
+      email: 'a_kibana_rbac_default_space_user@elastic.co',
+    }
+  });
+
+  await es.shield.putUser({
+    username: AUTHENTICATION.KIBANA_RBAC_SPACE_1_READONLY_USER.USERNAME,
+    body: {
+      password: AUTHENTICATION.KIBANA_RBAC_SPACE_1_READONLY_USER.PASSWORD,
+      roles: ['kibana_rbac_space_1_read_user'],
+      full_name: 'a kibana rbac space 1 read-only user',
+      email: 'a_kibana_rbac_space_1_readonly_user@elastic.co',
+    }
+  });
+};
diff --git a/x-pack/test/saved_object_api_integration/common/suites/saved_objects/create.js b/x-pack/test/saved_object_api_integration/common/suites/saved_objects/create.js
@@ -8,20 +8,23 @@ import { getUrlPrefix } from '../../lib/space_test_utils';
 import { DEFAULT_SPACE_ID } from '../../../../../plugins/spaces/common/constants';
 
 export function createTestSuiteFactory(es, esArchiver, supertest) {
-  const createTest = (description, {
+  const spaceAwareType = 'visualization';
+  const notSpaceAwareType = 'chapo';
+
+  const makeCreateTest = describeFn => (description, {
     auth = {
       username: undefined,
       password: undefined
     },
     spaceId,
     tests,
   }) => {
-    describe(description, () => {
+    describeFn(description, () => {
       before(() => esArchiver.load('saved_objects/spaces'));
       after(() => esArchiver.unload('saved_objects/spaces'));
       it(`should return ${tests.spaceAware.statusCode} for a space-aware type`, async () => {
         await supertest
-          .post(`${getUrlPrefix(spaceId)}/api/saved_objects/visualization`)
+          .post(`${getUrlPrefix(spaceId)}/api/saved_objects/${spaceAwareType}`)
           .auth(auth.username, auth.password)
           .send({
             attributes: {
@@ -34,11 +37,11 @@ export function createTestSuiteFactory(es, esArchiver, supertest) {
 
       it(`should return ${tests.notSpaceAware.statusCode} for a non space-aware type`, async () => {
         await supertest
-          .post(`${getUrlPrefix(spaceId)}/api/saved_objects/space`)
+          .post(`${getUrlPrefix(spaceId)}/api/saved_objects/${notSpaceAwareType}`)
           .auth(auth.username, auth.password)
           .send({
             attributes: {
-              name: 'My favorite space',
+              name: `Can't be contained to a space`,
             }
           })
           .expect(tests.notSpaceAware.statusCode)
@@ -48,6 +51,9 @@ export function createTestSuiteFactory(es, esArchiver, supertest) {
     });
   };
 
+  const createTest = makeCreateTest(describe);
+  createTest.only = makeCreateTest(describe.only);
+
   const createExpectSpaceAwareResults = (spaceId = DEFAULT_SPACE_ID) => async (resp) => {
     expect(resp.body).to.have.property('id').match(/^[0-9a-f-]{36}$/);
 
@@ -56,7 +62,7 @@ export function createTestSuiteFactory(es, esArchiver, supertest) {
 
     expect(resp.body).to.eql({
       id: resp.body.id,
-      type: 'visualization',
+      type: spaceAwareType,
       updated_at: resp.body.updated_at,
       version: 1,
       attributes: {
@@ -68,7 +74,7 @@ export function createTestSuiteFactory(es, esArchiver, supertest) {
 
     // query ES directory to ensure namespace was or wasn't specified
     const { _source } = await es.get({
-      id: `${expectedSpacePrefix}visualization:${resp.body.id}`,
+      id: `${expectedSpacePrefix}${spaceAwareType}:${resp.body.id}`,
       type: 'doc',
       index: '.kibana'
     });
@@ -92,17 +98,17 @@ export function createTestSuiteFactory(es, esArchiver, supertest) {
 
     expect(resp.body).to.eql({
       id: resp.body.id,
-      type: 'space',
+      type: notSpaceAwareType,
       updated_at: resp.body.updated_at,
       version: 1,
       attributes: {
-        name: 'My favorite space',
+        name: `Can't be contained to a space`,
       }
     });
 
     // query ES directory to ensure namespace wasn't specified
     const { _source } = await es.get({
-      id: `space:${resp.body.id}`,
+      id: `${notSpaceAwareType}:${resp.body.id}`,
       type: 'doc',
       index: '.kibana'
     });
@@ -114,10 +120,11 @@ export function createTestSuiteFactory(es, esArchiver, supertest) {
     expect(actualNamespace).to.eql(undefined);
   };
 
-
   return {
     createTest,
     createExpectSpaceAwareResults,
     expectNotSpaceAwareResults,
+    notSpaceAwareType,
+    spaceAwareType,
   };
 }
diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/index.js b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/index.js
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { createUsersAndRoles } from "../../common/lib/create_users_and_roles";
+
+export default function ({ loadTestFile, getService }) {
+  const es = getService('es');
+  const supertest = getService('supertest');
+
+  describe('security and spaces enabled', () => {
+    before(async () => {
+      await createUsersAndRoles(es, supertest);
+    });
+
+    loadTestFile(require.resolve('./saved_objects'));
+  });
+}