feat(security,tests): add basic UIAM Scout API tests by azasypkin · Pull Request #244518 · elastic/kibana

azasypkin · 2025-11-27T13:54:12Z

Summary

Add basic UIAM Scout API tests:

✅ It should be possible to login via UIAM flow
✅ It should be possible to invalidate UIAM session token
✅ It should be possible to refresh UIAM session token

Blocked By: #244306 and #243752

dmlemeshko · 2025-12-12T19:03:21Z

x-pack/platform/plugins/shared/security/test/scout_uiam_local/api/tests/uiam_session.spec.ts

+  });
+});
+
+apiTest.describe('[LOCAL-ONLY] Refresh UIAM session', { tag: ['@svlSecurity'] }, () => {


we restrict using 2 root describe blocks in spec file because our CI bot is limited to find the verify first one while running /skip command.

You have few options:

merge under the same describe block

move to the separate file (and maybe even run them in parallel?)

Ah, good to know, thanks! I've switched to separate files and parallel running (my tests don't need to access SOs, so I didn't use spaceTest helper) - let's see how it goes!

Btw, I see tests have passed, but I see this in the logs:

2025-12-13 12:12:08 UTC proc [playwright] Error in reporter Error: Invalid path: "scout" directory not found in /..../elastic/kibana-pull-request/kibana/x-pack/platform/plugins/shared/security/test/scout_uiam_local/api/parallel.playwright.config.ts. 2025-12-13 12:12:08 UTC proc [playwright] Ensure playwright configuration file is in the plugin directory: '/plugins/<plugin-name>/test/scout/ui/<config-file>'

Can this be ignored?

I think we need to fix reporter

azasypkin · 2025-12-30T16:13:15Z

.buildkite/scripts/steps/test/scout_uiam_tests.sh

+source .buildkite/scripts/steps/functional/common.sh
+
+echo '--- Running Scout UIAM Integration Tests'
+node scripts/scout.js run-tests --serverless security --config x-pack/platform/plugins/shared/security/test/scout_uiam_local/api/parallel.playwright.config.ts --kibana-install-dir "$KIBANA_BUILD_LOCATION"


note: we run these tests only against Security project type which is enough for the time being.

...ins/shared/security/test/scout_uiam_local/api/parallel_tests/uiam_invalidate_session.spec.ts

jbudz

.buildkite LGTM

azasypkin · 2026-01-01T12:56:48Z

@elasticmachine merge upstream

kc13greiner

LGTM!

src/platform/packages/shared/kbn-es/src/utils/docker_uiam.ts

dmlemeshko · 2026-01-05T08:42:25Z

...ck/platform/plugins/shared/security/test/scout_uiam_local/api/parallel_tests/global.setup.ts

+
+import { globalSetupHook } from '@kbn/scout';
+
+globalSetupHook('To make ESLint happy', async () => {});


With #247630 the hook can be moved to opt-in option, but it will require another PR to remove ESLint rule and update Scout test runner.

Thank you for pointing out the UX issue!

Good to know, thanks!

dmlemeshko

kbn/scout changes LGTM

csr · 2026-01-05T09:02:00Z

...plugins/shared/security/test/scout_uiam_local/api/parallel_tests/uiam_create_session.spec.ts

+    userSessionCookie = `sid=${await samlAuth.session.getInteractiveUserSessionCookieWithRoleScope(
+      'viewer'
+    )}`;


You should now be able to use the new samlAuth.asInteractiveUser() method to retrieve a cookie-based authc header (so you don't have to compute the sid= string yourself):

const { cookieHeader } = await samlAuth.asInteractiveUser('viewer'); const response = await apiClient.get('internal/endpoint', { headers: { ...cookieHeader } );

Ensure you pull changes from main. Thanks for your feedback with respect to naming / UX!

Nice, thanks! Switched to samlAuth.asInteractiveUser in a3b3c56

…th.asInteractiveUser` API

elasticmachine · 2026-01-05T17:33:37Z

💛 Build succeeded, but was flaky

Buildkite Build
Commit: a3b3c56

Failed CI Steps

Scout: [ platform / streams_app ] plugin

Test Failures

[job] [logs] Scout: [ platform / streams_app ] plugin / serverless-oblt - Discover integration - Classic Stream - Navigate to Stream processing from document flyout - should navigate to Stream processing page from Discover document flyout in ES|QL mode
[job] [logs] Scout: [ platform / streams_app ] plugin / should navigate to Stream processing page from Discover document flyout in ES|QL mode

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
`@kbn/mock-idp-utils`	27	38	+11

Unknown metric groups

API count

id	before	after	diff
`@kbn/mock-idp-utils`	33	44	+11

History

💛 Build #377776 was flaky 5538c36

cc @azasypkin

## Summary Add basic UIAM Scout API tests: * ✅ It should be possible to login via UIAM flow * ✅ It should be possible to invalidate UIAM session token * ✅ It should be possible to refresh UIAM session token ~~__Blocked By:__ elastic#244306 and elastic#243752 --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Dzmitry Lemechko <dzmitry.lemechko@elastic.co>

azasypkin added test blocked release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting labels Nov 27, 2025

azasypkin force-pushed the issue-xxx-uiam-add-scout-tests branch from 191b3c4 to cd7e0ac Compare November 27, 2025 14:21

azasypkin self-assigned this Nov 27, 2025

azasypkin force-pushed the issue-xxx-uiam-add-scout-tests branch 4 times, most recently from 9cfdbde to cf76cb7 Compare November 28, 2025 00:00

azasypkin mentioned this pull request Nov 28, 2025

feat(security, uiam): make @kbn\es to manage UIAM containers when in UIAM mode #243752

Merged

azasypkin force-pushed the issue-xxx-uiam-add-scout-tests branch from cf76cb7 to 775e81f Compare November 28, 2025 13:36

dmlemeshko self-requested a review November 28, 2025 15:05

azasypkin force-pushed the issue-xxx-uiam-add-scout-tests branch 3 times, most recently from 1c81709 to 1d96295 Compare December 3, 2025 18:52

azasypkin force-pushed the issue-xxx-uiam-add-scout-tests branch 3 times, most recently from b2f6b45 to bdb6be8 Compare December 9, 2025 18:57

azasypkin removed the blocked label Dec 9, 2025

azasypkin force-pushed the issue-xxx-uiam-add-scout-tests branch 4 times, most recently from cd10a79 to b9f7149 Compare December 10, 2025 13:58

dmlemeshko reviewed Dec 12, 2025

View reviewed changes

azasypkin force-pushed the issue-xxx-uiam-add-scout-tests branch from b9f7149 to d25a721 Compare December 13, 2025 11:34

dmlemeshko mentioned this pull request Dec 16, 2025

[Cloud Security] Cloud connector E2E tests with Scout and Playwright #246395

Merged

4 tasks

azasypkin force-pushed the issue-xxx-uiam-add-scout-tests branch 2 times, most recently from 9be888d to 1ef38b0 Compare December 30, 2025 12:58

feat(security,tests): add basic UIAM Scout tests

3577d02

azasypkin commented Dec 30, 2025

View reviewed changes

...ins/shared/security/test/scout_uiam_local/api/parallel_tests/uiam_invalidate_session.spec.ts Outdated Show resolved Hide resolved

azasypkin marked this pull request as ready for review December 30, 2025 16:31

azasypkin requested review from a team as code owners December 30, 2025 16:31

azasypkin requested review from dmlemeshko and kc13greiner December 30, 2025 16:31

jbudz approved these changes Dec 30, 2025

View reviewed changes

azasypkin added 2 commits December 31, 2025 15:59

Merge branch 'main' into issue-xxx-uiam-add-scout-tests

2eea3ad

feat: add tests for concurrent session refresh

6bf05a3

Merge branch 'main' into issue-xxx-uiam-add-scout-tests

3ab1c07

elastic deleted a comment from elasticmachine Jan 1, 2026

kc13greiner approved these changes Jan 2, 2026

View reviewed changes

src/platform/packages/shared/kbn-es/src/utils/docker_uiam.ts Show resolved Hide resolved

Merge branch 'main' into issue-xxx-uiam-add-scout-tests

5538c36

dmlemeshko reviewed Jan 5, 2026

View reviewed changes

dmlemeshko approved these changes Jan 5, 2026

View reviewed changes

csr reviewed Jan 5, 2026

View reviewed changes

azasypkin added 2 commits January 5, 2026 15:52

Merge branch 'main' into issue-xxx-uiam-add-scout-tests

bd878d4

chore(review#1): switch Create new UIAM session test to new `samlAu…

a3b3c56

…th.asInteractiveUser` API

azasypkin enabled auto-merge (squash) January 5, 2026 15:06

azasypkin merged commit 6815f03 into elastic:main Jan 5, 2026
14 checks passed

kibanamachine added the v9.4.0 label Jan 5, 2026

azasypkin deleted the issue-xxx-uiam-add-scout-tests branch January 5, 2026 17:36

dmlemeshko mentioned this pull request Jan 8, 2026

[Fleet] Init scout tests for browse integration page #247959

Merged

1 task


		import { globalSetupHook } from '@kbn/scout';

		globalSetupHook('To make ESLint happy', async () => {});

Conversation

azasypkin commented Nov 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

jbudz left a comment

Choose a reason for hiding this comment

Uh oh!

azasypkin commented Jan 1, 2026

Uh oh!

kc13greiner left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

dmlemeshko left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

azasypkin Jan 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

elasticmachine commented Jan 5, 2026

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

Metrics [docs]

Public APIs missing comments

API count

History

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

azasypkin commented Nov 27, 2025 •

edited

Loading

azasypkin Jan 5, 2026 •

edited

Loading