[FTR] add service to test user roles on serverless #170417
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmlemeshko
force-pushed
the
ftr/serverless-user-manager
branch
from
3ffb013
to
64f5beb
Compare
dmlemeshko
added
v8.12.1
release_note:skip
…ibana into ftr/serverless-user-manager
…ibana into ftr/serverless-user-manager
…ibana into ftr/serverless-user-manager
…ibana into ftr/serverless-user-manager
…ibana into ftr/serverless-user-manager
jbudz
reviewed
Nov 30, 2023
x-pack/test_serverless/shared/services/user_manager/saml_auth.ts
Outdated
Show resolved
Hide resolved
pheyos
approved these changes
Nov 30, 2023
jbudz
approved these changes
Nov 30, 2023
|
Within @elastic/appex-qa we agreed to merge it on Monday morning. |
|
Flaky test runner spotted instability with 28/150 failures, all with the same issue: cookie was set, user profile still displaying old |
|
Another flaky-test-runner to validate the last commit https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4159 |
pheyos
approved these changes
Dec 4, 2023
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]
History
To update your PR or re-run it, just comment with: cc @dmlemeshko |
MadameSheema
added a commit
that referenced
this pull request
Dec 13, 2023
…ing (#172655) Relates to: * #166340 * #170852 * #170417 * #172678 ## Summary In this PR we are using the code implemented on #170417 and #172678 to allow SAML and role testing inside Cypress. * We are creating a Cypress task to use the above-developed code and be able to retrieve a session cookie given a role. * We updated the login task to know how we should perform the login depending if we are in Serverless (MKI or serverless FTR) or ESS * In the parallel serverless script: * We are updating the `BASE_ENV_URL` variable to use the proper QA environment (pending to be done in follow-up PRs, to extract this value so it is not hardcoded cc @dkirchan ) * We are adding the `IS_SERVERLESS` environment variable needed for the logic on the login task. This changed implied to update the `es_archiver` file to continue work as expected. * We have added the `TEST_CLOUD_HOST_NAME` environment variable needed for the code we are reusing to retrieve the session cookie for MKI. * We have updated the Security Solution quality gate script to set the `role_users.json` file needed by the code we are reusing to get the different session cookies on MKI * We have adjusted the tests because the username now follows the pattern `test <role>` (@dmlemeshko is it possible to have as username just the role? Is this something that can impact other tests and teams?) * We have [skipped](#173168) a test that got unstable after the changes. ## How to test it in your machine ### Serverless FTR 1. Navigate to `x-pack/test/security_solution_cypress` 2. Execute `yarn cypress:open:qa:serverless` 3. Click on `E2E testing` 4. Click on any test to execute it ### Serverless MKI Setup a valid Elastic Cloud API key for QA environment: 1. Navigate to QA environment. 2. Click on the `User menu button` located on the top right of the header. 3. Click on `Organization`. 5. Click on the `API keys` tab. 6. Click on `Create API key` button. 7. Add a name, set an expiration date, assign an organization owner role. 8. Click on `Create API key` 9. Save the value of the key Store the saved key on `~/.elastic/cloud.json` using the following format: ```json { "api_key": { "qa": "<API_KEY>" } } ``` Store the email and password of the account you used to login in the QA Environment at the root directory of your Kibana project on `.ftr/role_users.json`, using the following format: ```json { "admin": { "email": "<email>", "password": "<password>" } } ``` If you want to execute a test with a role different from the default one, make sure you have created the user under your organization and is added to the above json following the format: ```json { "admin": { "email": "<email>", "password": "<password>" }, "<roleName>": { "email": "<email>", "password": "<password>" } } ``` 1. Navigate to `x-pack/test/security_solution_cypress` 2. Execute `yarn cypress:open:qa:serverless` 3. Click on `E2E testing` 4. Click on any test to execute it --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
9 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR enables user roles testing in FTR
We use SAML authentication to get session cookie for user with the specific role. The cookie is cached on FTR service side so we only make SAML auth one time per user within FTR config run. For Kibana CI service relies on changes coming in #170852
In order to run FTR tests locally against existing MKI project:
.ftr/role_users.jsonin Kibana root direxport TEST_CLOUD_HOST_NAME=console.qa.cld.elstc.coHow to use:
Flaky-test-runner:
#1 https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4081
#2 https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4114