Skip to content

Commit 4b4f49e

Browse files
gergoabrahamgergoabraham
committed
test deprecated siem versions in some cy tests
1 parent 88d0605 commit 4b4f49e

3 files changed

Lines changed: 357 additions & 268 deletions

File tree

x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,3 +20,19 @@ export const KIBANA_KNOWN_DEFAULT_ACCOUNTS = {
2020
system_indices_superuser: 'system_indices_superuser',
2121
admin: 'admin',
2222
} as const;
23+
24+
/**
25+
* Siem feature versions to test.
26+
*
27+
* When a new `siem` version is implemented, please update the list below.
28+
*/
29+
export const SIEM_VERSIONS = [
30+
// deprecated siem versions
31+
'siem',
32+
'siemV2',
33+
34+
// actual version, should equal to SECURITY_FEATURE_ID
35+
'siemV3',
36+
] as const;
37+
38+
export type SiemVersion = (typeof SIEM_VERSIONS)[number];

x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data.cy.ts

Lines changed: 194 additions & 130 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
* 2.0.
66
*/
77

8-
import { getRoleWithArtifactReadPrivilege } from '../../fixtures/role_with_artifact_read_privilege';
98
import { login, ROLE } from '../../tasks/login';
109
import { loadPage } from '../../tasks/common';
1110

@@ -18,26 +17,59 @@ import {
1817
import { performUserActions } from '../../tasks/perform_user_actions';
1918
import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
2019
import type { ReturnTypeFromChainable } from '../../types';
21-
22-
const loginWithWriteAccess = (url: string) => {
23-
login(ROLE.endpoint_policy_manager);
24-
loadPage(url);
25-
};
26-
27-
const loginWithReadAccess = (privilegePrefix: string, url: string) => {
28-
const roleWithArtifactReadPrivilege = getRoleWithArtifactReadPrivilege(privilegePrefix);
29-
login.withCustomRole({ name: 'roleWithArtifactReadPrivilege', ...roleWithArtifactReadPrivilege });
30-
loadPage(url);
31-
};
32-
33-
const loginWithoutAccess = (url: string) => {
34-
login(ROLE.t1_analyst);
35-
loadPage(url);
20+
import { SIEM_VERSIONS, type SiemVersion } from '../../common/constants';
21+
import { SECURITY_FEATURE_ID } from '../../../../../common';
22+
import { getT1Analyst } from '../../../../../scripts/endpoint/common/roles_users';
23+
24+
const loginWithArtifactAccess = (
25+
siemVersion: SiemVersion,
26+
privilegePrefix: string,
27+
access: 'none' | 'read' | 'all'
28+
) => {
29+
const base = getT1Analyst();
30+
31+
const customRole: typeof base = {
32+
...base,
33+
kibana: [
34+
{
35+
...base.kibana[0],
36+
feature: {
37+
[siemVersion]: [
38+
// siemVX: read
39+
'read',
40+
// none/read/all for selected artifact
41+
...(access !== 'none' ? [`${privilegePrefix}${access}`] : []),
42+
],
43+
},
44+
},
45+
],
46+
};
47+
48+
login.withCustomRole({ name: 'customRole', ...customRole });
3649
};
3750

51+
/**
52+
* Notes:
53+
* ESS:
54+
* - testing NONE, READ, WRITE privileges with custom roles
55+
* - also, all SIEM feature versions are tested to check backward compatibility
56+
*
57+
* Serverless: a subset of tests.
58+
* - only NONE and WRITE privileges are tested with predefined roles
59+
* - and only the latest SIEM feature (SECURITY_FEATURE_ID)
60+
*
61+
* Possible improvement: use custom roles on serverless to test the same as on ESS.
62+
*/
3863
describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }, () => {
3964
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts> | undefined;
4065

66+
const isServerless = Cypress.env('IS_SERVERLESS');
67+
const siemVersionsToTest = isServerless ? [SECURITY_FEATURE_ID] : SIEM_VERSIONS;
68+
69+
let loginWithoutAccess: () => void;
70+
let loginWithReadAccess: () => void;
71+
let loginWithWriteAccess: () => void;
72+
4173
before(() => {
4274
indexEndpointHosts().then((indexEndpoints) => {
4375
endpointData = indexEndpoints;
@@ -55,126 +87,158 @@ describe('Artifacts pages', { tags: ['@ess', '@serverless', '@skipInServerlessMK
5587
endpointData = undefined;
5688
});
5789

58-
for (const testData of getArtifactsListTestsData()) {
59-
describe(`When on the ${testData.title} entries list`, () => {
60-
describe('given there are no artifacts yet', () => {
61-
it(`no access - should show no privileges callout`, () => {
62-
loginWithoutAccess(`/app/security/administration/${testData.urlPath}`);
63-
cy.getByTestSubj('noPrivilegesPage').should('exist');
64-
cy.getByTestSubj('empty-page-feature-action').should('exist');
65-
cy.getByTestSubj(testData.emptyState).should('not.exist');
66-
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
67-
});
68-
69-
it(
70-
`read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`,
71-
// there is no such role in Serverless environment that only reads artifacts
72-
{ tags: ['@skipInServerless'] },
73-
() => {
74-
loginWithReadAccess(
75-
testData.privilegePrefix,
76-
`/app/security/administration/${testData.urlPath}`
90+
for (const siemVersion of siemVersionsToTest) {
91+
describe(siemVersion, () => {
92+
for (const testData of getArtifactsListTestsData()) {
93+
describe(`When on the ${testData.title} entries list`, () => {
94+
beforeEach(() => {
95+
const { privilegePrefix } = testData;
96+
97+
loginWithWriteAccess = () => {
98+
if (isServerless) {
99+
login(ROLE.endpoint_policy_manager);
100+
} else {
101+
loginWithArtifactAccess(siemVersion, privilegePrefix, 'all');
102+
}
103+
};
104+
105+
loginWithReadAccess = () => {
106+
expect(isServerless, 'Testing read access is implemented only on ESS').to.equal(
107+
false
108+
);
109+
loginWithArtifactAccess(siemVersion, privilegePrefix, 'read');
110+
};
111+
112+
loginWithoutAccess = () => {
113+
if (isServerless) {
114+
login(ROLE.t1_analyst);
115+
} else {
116+
loginWithArtifactAccess(siemVersion, privilegePrefix, 'none');
117+
}
118+
};
119+
});
120+
121+
describe('given there are no artifacts yet', () => {
122+
it(`no access - should show no privileges callout`, () => {
123+
loginWithoutAccess();
124+
loadPage(`/app/security/administration/${testData.urlPath}`);
125+
cy.getByTestSubj('noPrivilegesPage').should('exist');
126+
cy.getByTestSubj('empty-page-feature-action').should('exist');
127+
cy.getByTestSubj(testData.emptyState).should('not.exist');
128+
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
129+
});
130+
131+
it(
132+
`read - should show empty state page if there is no ${testData.title} entry and the add button does not exist`,
133+
// there is no such role in Serverless environment that only reads artifacts
134+
{ tags: ['@skipInServerless'] },
135+
() => {
136+
loginWithReadAccess();
137+
loadPage(`/app/security/administration/${testData.urlPath}`);
138+
cy.getByTestSubj(testData.emptyState).should('exist');
139+
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
140+
}
77141
);
78-
cy.getByTestSubj(testData.emptyState).should('exist');
79-
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('not.exist');
80-
}
81-
);
82-
83-
it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => {
84-
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
85-
cy.getByTestSubj(testData.emptyState).should('exist');
86-
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('exist');
87-
});
88-
89-
it(`write - should create new ${testData.title} entry`, () => {
90-
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
91-
// Opens add flyout
92-
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).click();
93-
94-
performUserActions(testData.create.formActions);
95-
96-
// Submit create artifact form
97-
cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
98142

99-
// Check new artifact is in the list
100-
for (const checkResult of testData.create.checkResults) {
101-
cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
102-
}
103-
104-
// Title is shown after adding an item
105-
cy.getByTestSubj('header-page-title').contains(testData.title);
106-
});
107-
});
108-
109-
describe('given there is an existing artifact', () => {
110-
beforeEach(() => {
111-
createArtifactList(testData.createRequestBody.list_id);
112-
createPerPolicyArtifact(testData.artifactName, testData.createRequestBody);
113-
});
114-
115-
it(
116-
`read - should not be able to update/delete an existing ${testData.title} entry`,
117-
// there is no such role in Serverless environment that only reads artifacts
118-
{ tags: ['@skipInServerless'] },
119-
() => {
120-
loginWithReadAccess(
121-
testData.privilegePrefix,
122-
`/app/security/administration/${testData.urlPath}`
123-
);
124-
cy.getByTestSubj('header-page-title').contains(testData.title);
125-
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should(
126-
'not.exist'
127-
);
128-
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
129-
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should('not.exist');
130-
}
131-
);
132-
133-
it(
134-
`read - should not be able to create a new ${testData.title} entry`,
135-
// there is no such role in Serverless environment that only reads artifacts
136-
{ tags: ['@skipInServerless'] },
137-
() => {
138-
loginWithReadAccess(
139-
testData.privilegePrefix,
140-
`/app/security/administration/${testData.urlPath}`
143+
it(`write - should show empty state page if there is no ${testData.title} entry and the add button exists`, () => {
144+
loginWithWriteAccess();
145+
loadPage(`/app/security/administration/${testData.urlPath}`);
146+
cy.getByTestSubj(testData.emptyState).should('exist');
147+
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).should('exist');
148+
});
149+
150+
it(`write - should create new ${testData.title} entry`, () => {
151+
loginWithWriteAccess();
152+
loadPage(`/app/security/administration/${testData.urlPath}`);
153+
// Opens add flyout
154+
cy.getByTestSubj(`${testData.pagePrefix}-emptyState-addButton`).click();
155+
156+
performUserActions(testData.create.formActions);
157+
158+
// Submit create artifact form
159+
cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
160+
161+
// Check new artifact is in the list
162+
for (const checkResult of testData.create.checkResults) {
163+
cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
164+
}
165+
166+
// Title is shown after adding an item
167+
cy.getByTestSubj('header-page-title').contains(testData.title);
168+
});
169+
});
170+
171+
describe('given there is an existing artifact', () => {
172+
beforeEach(() => {
173+
createArtifactList(testData.createRequestBody.list_id);
174+
createPerPolicyArtifact(testData.artifactName, testData.createRequestBody);
175+
});
176+
177+
it(
178+
`read - should not be able to update/delete an existing ${testData.title} entry`,
179+
// there is no such role in Serverless environment that only reads artifacts
180+
{ tags: ['@skipInServerless'] },
181+
() => {
182+
loginWithReadAccess();
183+
loadPage(`/app/security/administration/${testData.urlPath}`);
184+
cy.getByTestSubj('header-page-title').contains(testData.title);
185+
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).should(
186+
'not.exist'
187+
);
188+
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).should('not.exist');
189+
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).should(
190+
'not.exist'
191+
);
192+
}
141193
);
142-
cy.getByTestSubj('header-page-title').contains(testData.title);
143-
cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
144-
}
145-
);
146194

147-
it(`write - should be able to update an existing ${testData.title} entry`, () => {
148-
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
149-
// Opens edit flyout
150-
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
151-
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).click();
152-
153-
performUserActions(testData.update.formActions);
154-
155-
// Submit edit artifact form
156-
cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
157-
158-
for (const checkResult of testData.update.checkResults) {
159-
cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
160-
}
161-
162-
// Title still shown after editing an item
163-
cy.getByTestSubj('header-page-title').contains(testData.title);
164-
});
195+
it(
196+
`read - should not be able to create a new ${testData.title} entry`,
197+
// there is no such role in Serverless environment that only reads artifacts
198+
{ tags: ['@skipInServerless'] },
199+
() => {
200+
loginWithReadAccess();
201+
loadPage(`/app/security/administration/${testData.urlPath}`);
202+
cy.getByTestSubj('header-page-title').contains(testData.title);
203+
cy.getByTestSubj(`${testData.pagePrefix}-pageAddButton`).should('not.exist');
204+
}
205+
);
165206

166-
it(`write - should be able to delete the existing ${testData.title} entry`, () => {
167-
loginWithWriteAccess(`/app/security/administration/${testData.urlPath}`);
168-
// Remove it
169-
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
170-
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).click();
171-
cy.getByTestSubj(`${testData.pagePrefix}-deleteModal-submitButton`).click();
172-
// No card visible after removing it
173-
cy.getByTestSubj(testData.delete.card).should('not.exist');
174-
// Empty state is displayed after removing last item
175-
cy.getByTestSubj(testData.emptyState).should('exist');
207+
it(`write - should be able to update an existing ${testData.title} entry`, () => {
208+
loginWithWriteAccess();
209+
loadPage(`/app/security/administration/${testData.urlPath}`);
210+
// Opens edit flyout
211+
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
212+
cy.getByTestSubj(`${testData.pagePrefix}-card-cardEditAction`).click();
213+
214+
performUserActions(testData.update.formActions);
215+
216+
// Submit edit artifact form
217+
cy.getByTestSubj(`${testData.pagePrefix}-flyout-submitButton`).click();
218+
219+
for (const checkResult of testData.update.checkResults) {
220+
cy.getByTestSubj(checkResult.selector).should('have.text', checkResult.value);
221+
}
222+
223+
// Title still shown after editing an item
224+
cy.getByTestSubj('header-page-title').contains(testData.title);
225+
});
226+
227+
it(`write - should be able to delete the existing ${testData.title} entry`, () => {
228+
loginWithWriteAccess();
229+
loadPage(`/app/security/administration/${testData.urlPath}`);
230+
// Remove it
231+
cy.getByTestSubj(`${testData.pagePrefix}-card-header-actions-button`).click();
232+
cy.getByTestSubj(`${testData.pagePrefix}-card-cardDeleteAction`).click();
233+
cy.getByTestSubj(`${testData.pagePrefix}-deleteModal-submitButton`).click();
234+
// No card visible after removing it
235+
cy.getByTestSubj(testData.delete.card).should('not.exist');
236+
// Empty state is displayed after removing last item
237+
cy.getByTestSubj(testData.emptyState).should('exist');
238+
});
239+
});
176240
});
177-
});
241+
}
178242
});
179243
}
180244
});

0 commit comments

Comments
 (0)