Adding basic feature test

jonathan-buttner · jonathan-buttner · commit 145f17464467 · 2021-05-28T13:19:08.000-04:00
diff --git a/x-pack/test/api_integration_basic/apis/index.ts b/x-pack/test/api_integration_basic/apis/index.ts
@@ -13,5 +13,6 @@ export default function ({ loadTestFile }: FtrProviderContext) {
 
     loadTestFile(require.resolve('./ml'));
     loadTestFile(require.resolve('./transform'));
+    loadTestFile(require.resolve('./security_solution'));
   });
 }
diff --git a/x-pack/test/api_integration_basic/apis/security_solution/cases_privileges.ts b/x-pack/test/api_integration_basic/apis/security_solution/cases_privileges.ts
@@ -0,0 +1,183 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+import {
+  createUsersAndRoles,
+  deleteUsersAndRoles,
+} from '../../../case_api_integration/common/lib/authentication';
+
+import { Role, User } from '../../../case_api_integration/common/lib/authentication/types';
+import {
+  createCase,
+  deleteAllCaseItems,
+  getCase,
+} from '../../../case_api_integration/common/lib/utils';
+import { getPostCaseRequest } from '../../../case_api_integration/common/lib/mock';
+import { APP_ID } from '../../../../plugins/security_solution/common/constants';
+
+const secAll: Role = {
+  name: 'sec_all_role',
+  privileges: {
+    elasticsearch: {
+      indices: [
+        {
+          names: ['*'],
+          privileges: ['all'],
+        },
+      ],
+    },
+    kibana: [
+      {
+        feature: {
+          siem: ['all'],
+          actions: ['all'],
+          actionsSimulators: ['all'],
+        },
+        spaces: ['*'],
+      },
+    ],
+  },
+};
+
+const secAllUser: User = {
+  username: 'sec_all_user',
+  password: 'password',
+  roles: [secAll.name],
+};
+
+const secRead: Role = {
+  name: 'sec_read_role',
+  privileges: {
+    elasticsearch: {
+      indices: [
+        {
+          names: ['*'],
+          privileges: ['all'],
+        },
+      ],
+    },
+    kibana: [
+      {
+        feature: {
+          siem: ['read'],
+          actions: ['all'],
+          actionsSimulators: ['all'],
+        },
+        spaces: ['*'],
+      },
+    ],
+  },
+};
+
+const secReadUser: User = {
+  username: 'sec_read_user',
+  password: 'password',
+  roles: [secRead.name],
+};
+
+const secNone: Role = {
+  name: 'sec_none_role',
+  privileges: {
+    elasticsearch: {
+      indices: [
+        {
+          names: ['*'],
+          privileges: ['all'],
+        },
+      ],
+    },
+    kibana: [
+      {
+        feature: {
+          actions: ['all'],
+          actionsSimulators: ['all'],
+        },
+        spaces: ['*'],
+      },
+    ],
+  },
+};
+
+const secNoneUser: User = {
+  username: 'sec_none_user',
+  password: 'password',
+  roles: [secNone.name],
+};
+
+const roles = [secAll, secRead, secNone];
+
+const users = [secAllUser, secReadUser, secNoneUser];
+
+export default ({ getService }: FtrProviderContext): void => {
+  describe('cases feature privilege', () => {
+    const es = getService('es');
+    const supertestWithoutAuth = getService('supertestWithoutAuth');
+    const supertest = getService('supertest');
+
+    before(async () => {
+      await createUsersAndRoles(getService, users, roles);
+    });
+
+    after(async () => {
+      await deleteUsersAndRoles(getService, users, roles);
+    });
+
+    afterEach(async () => {
+      await deleteAllCaseItems(es);
+    });
+
+    it(`User ${
+      secAllUser.username
+    } with role(s) ${secAllUser.roles.join()} can create a case`, async () => {
+      await createCase(supertestWithoutAuth, getPostCaseRequest({ owner: APP_ID }), 200, {
+        user: secAllUser,
+        space: null,
+      });
+    });
+
+    it(`User ${
+      secReadUser.username
+    } with role(s) ${secReadUser.roles.join()} can get a case`, async () => {
+      const caseInfo = await createCase(supertest, getPostCaseRequest({ owner: APP_ID }));
+      const retrievedCase = await getCase({
+        supertest: supertestWithoutAuth,
+        caseId: caseInfo.id,
+        expectedHttpCode: 200,
+        auth: { user: secReadUser, space: null },
+      });
+
+      expect(caseInfo.owner).to.eql(retrievedCase.owner);
+    });
+
+    for (const user of [secReadUser, secNoneUser]) {
+      it(`User ${
+        user.username
+      } with role(s) ${user.roles.join()} cannot create a case`, async () => {
+        await createCase(supertestWithoutAuth, getPostCaseRequest({ owner: APP_ID }), 403, {
+          user,
+          space: null,
+        });
+      });
+    }
+
+    it(`User ${
+      secNoneUser.username
+    } with role(s) ${secNoneUser.roles.join()} cannot get a case`, async () => {
+      const caseInfo = await createCase(supertest, getPostCaseRequest({ owner: APP_ID }));
+
+      await getCase({
+        supertest: supertestWithoutAuth,
+        caseId: caseInfo.id,
+        expectedHttpCode: 403,
+        auth: { user: secNoneUser, space: null },
+      });
+    });
+  });
+};
diff --git a/x-pack/test/api_integration_basic/apis/security_solution/index.ts b/x-pack/test/api_integration_basic/apis/security_solution/index.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('SecuritySolution Endpoints basic licsense', () => {
+    loadTestFile(require.resolve('./cases_privileges'));
+  });
+}
diff --git a/x-pack/test/case_api_integration/security_only/tests/common/comments/delete_comment.ts b/x-pack/test/case_api_integration/security_only/tests/common/comments/delete_comment.ts
@@ -135,6 +135,7 @@ export default ({ getService }: FtrProviderContext): void => {
       secOnlyReadSpacesAll,
       obsOnlyReadSpacesAll,
       obsSecReadSpacesAll,
+      noKibanaPrivileges,
     ]) {
       it(`User ${
         user.username
@@ -170,38 +171,6 @@ export default ({ getService }: FtrProviderContext): void => {
       });
     }
 
-    it('should not delete a comment with no kibana privileges', async () => {
-      const postedCase = await createCase(
-        supertestWithoutAuth,
-        getPostCaseRequest(),
-        200,
-        superUserNoSpaceAuth
-      );
-
-      const commentResp = await createComment({
-        supertest: supertestWithoutAuth,
-        caseId: postedCase.id,
-        params: postCommentUserReq,
-        auth: superUserNoSpaceAuth,
-      });
-
-      await deleteComment({
-        supertest: supertestWithoutAuth,
-        caseId: postedCase.id,
-        commentId: commentResp.comments![0].id,
-        auth: { user: noKibanaPrivileges, space: null },
-        expectedHttpCode: 403,
-      });
-
-      await deleteAllComments({
-        supertest: supertestWithoutAuth,
-        caseId: postedCase.id,
-        auth: { user: noKibanaPrivileges, space: null },
-        // the find in the delete all will return no results
-        expectedHttpCode: 404,
-      });
-    });
-
     it('should return a 404 when attempting to access a space', async () => {
       const postedCase = await createCase(
         supertestWithoutAuth,
diff --git a/x-pack/test/case_api_integration/security_only/tests/trial/index.ts b/x-pack/test/case_api_integration/security_only/tests/trial/index.ts
@@ -12,7 +12,7 @@ import { createUsersAndRoles, deleteUsersAndRoles } from '../../../common/lib/au
 
 // eslint-disable-next-line import/no-default-export
 export default ({ loadTestFile, getService }: FtrProviderContext): void => {
-  describe('cases security and spaces enabled: trial', function () {
+  describe('cases security only enabled: trial', function () {
     // Fastest ciGroup for the moment.
     this.tags('ciGroup5');
 

Original file line number	Diff line number	Diff line change
`@@ -13,5 +13,6 @@ export default function ({ loadTestFile }: FtrProviderContext) {`
`13`	`13`
`14`	`14`	`loadTestFile(require.resolve('./ml'));`
`15`	`15`	`loadTestFile(require.resolve('./transform'));`
	`16`	`+ loadTestFile(require.resolve('./security_solution'));`
`16`	`17`	`});`
`17`	`18`	`}`