From 83e48f69040670d4b067ab02aec618d758019711 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Louv-Jansen?= Date: Tue, 24 May 2022 12:42:04 +0200 Subject: [PATCH 1/3] [APM] Remove mentions of `apm_user` --- docs/apm/apm-app-users.asciidoc | 6 +- x-pack/plugins/apm/dev_docs/local_setup.md | 17 ++-- x-pack/plugins/apm/dev_docs/testing.md | 44 +++++----- x-pack/plugins/apm/ftr_e2e/cypress_start.ts | 5 +- ...users_and_roles.js => create_apm_users.js} | 2 +- .../create_apm_users.ts} | 26 +----- .../create_apm_users_cli.ts} | 14 +--- .../helpers/call_kibana.ts | 2 +- .../helpers/create_or_update_user.ts | 2 +- .../helpers/get_version.ts | 2 +- .../helpers/create_role.ts | 84 ------------------- .../roles/power_user_role.ts | 76 ----------------- .../roles/read_only_user_role.ts | 77 ----------------- x-pack/plugins/apm/scripts/test/api.js | 31 +++++-- .../e2e/journeys/data_view_permissions.ts | 4 +- .../synthetics/e2e/playwright_start.ts | 6 +- .../common/authentication.ts | 22 +---- 17 files changed, 77 insertions(+), 343 deletions(-) rename x-pack/plugins/apm/scripts/{create_apm_users_and_roles.js => create_apm_users.js} (92%) rename x-pack/plugins/apm/scripts/{create_apm_users_and_roles/create_apm_users_and_roles.ts => create_apm_users/create_apm_users.ts} (67%) rename x-pack/plugins/apm/scripts/{create_apm_users_and_roles/create_apm_users_and_roles_cli.ts => create_apm_users/create_apm_users_cli.ts} (81%) rename x-pack/plugins/apm/scripts/{create_apm_users_and_roles => create_apm_users}/helpers/call_kibana.ts (95%) rename x-pack/plugins/apm/scripts/{create_apm_users_and_roles => create_apm_users}/helpers/create_or_update_user.ts (97%) rename x-pack/plugins/apm/scripts/{create_apm_users_and_roles => create_apm_users}/helpers/get_version.ts (94%) delete mode 100644 x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/create_role.ts delete mode 100644 x-pack/plugins/apm/scripts/create_apm_users_and_roles/roles/power_user_role.ts delete mode 100644 x-pack/plugins/apm/scripts/create_apm_users_and_roles/roles/read_only_user_role.ts diff --git a/docs/apm/apm-app-users.asciidoc b/docs/apm/apm-app-users.asciidoc index 41ad67b1696e6f..f5a74eb369dd12 100644 --- a/docs/apm/apm-app-users.asciidoc +++ b/docs/apm/apm-app-users.asciidoc @@ -125,9 +125,9 @@ Here are two examples: Create an annotation user ++++ -NOTE: By default, the `apm_user` built-in role provides access to Observability annotations. -You only need to create an annotation user if the default annotation index -defined in <> has been customized. +NOTE: By default, the `viewer` and `editor` built-in roles provide read access to Observability annotations. +You only need to create an annotation user to write to the annotations index +(<>). [[apm-app-annotation-user]] ==== Annotation user diff --git a/x-pack/plugins/apm/dev_docs/local_setup.md b/x-pack/plugins/apm/dev_docs/local_setup.md index 716cc8fb832bc3..499ab70d38559a 100644 --- a/x-pack/plugins/apm/dev_docs/local_setup.md +++ b/x-pack/plugins/apm/dev_docs/local_setup.md @@ -16,22 +16,25 @@ To access an Elasticsearch instance that has live data you have three options: **Start Elasticsearch & Kibana** Elasticsearch: + ``` yarn es snapshot ``` + Kibana: + ``` yarn start ``` - **Run Synthtrace** + ``` node packages/elastic-apm-synthtrace/src/scripts/run packages/elastic-apm-synthtrace/src/scripts/examples/01_simple_trace.ts \ --local ``` -The `--local` flag is a shortcut to specifying `--target` and `--kibana`. It autodiscovers the current kibana basepath and installs the appropiate APM package. +The `--local` flag is a shortcut to specifying `--target` and `--kibana`. It autodiscovers the current kibana basepath and installs the appropiate APM package. **Connect Kibana to ES** Update `config/kibana.dev.yml` with: @@ -61,7 +64,9 @@ node packages/elastic-apm-synthtrace/src/scripts/run packages/elastic-apm-syntht ## 3. Local ES Cluster ### Start Elasticsearch and APM data generators + _Docker Compose is required_ + ``` git clone git@github.com:elastic/apm-integration-testing.git cd apm-integration-testing/ @@ -80,16 +85,16 @@ elasticsearch.password: changeme # Setup default APM users -APM behaves differently depending on which the role and permissions a logged in user has. To create the users run: +APM behaves differently depending on which role and permissions a logged in user has. To create APM users run: ```sh -node x-pack/plugins/apm/scripts/create_apm_users_and_roles.js --username admin --password changeme --kibana-url http://localhost:5601 --role-suffix +node x-pack/plugins/apm/scripts/create_apm_users.js --username admin --password changeme --kibana-url http://localhost:5601 ``` This will create: - - **apm_read_user**: Read only user - - **apm_power_user**: Read+write user. +- **viewer_user**: User with `viewer` role (read-only) +- **editor_user**: User with `editor` role (read/write) # Debugging Elasticsearch queries diff --git a/x-pack/plugins/apm/dev_docs/testing.md b/x-pack/plugins/apm/dev_docs/testing.md index e1819875f58d80..8c2296bd066ace 100644 --- a/x-pack/plugins/apm/dev_docs/testing.md +++ b/x-pack/plugins/apm/dev_docs/testing.md @@ -18,47 +18,47 @@ open target/coverage/jest/index.html ## API Tests -API tests are separated in two suites: +| Option | Description | +| --------- | ----------------------------------------------- | +| --basic | Run tests with basic license | +| --trial | Run tests with trial license | +| --server | Only start ES and Kibana | +| --runner | Only run tests | +| --grep | Specify the spec files to run | +| --inspect | Add --inspect-brk flag to the ftr for debugging | +| --times | Repeat the test n number of times | -- a basic license test suite [default] -- a trial license test suite (the equivalent of gold+) +The API tests are located in [`x-pack/test/apm_api_integration/`](/x-pack/test/apm_api_integration/). -### Run tests with [--trial] license +### Start server and run test in a single process ``` -node scripts/test/api [--trial] [--help] +node scripts/test/api [--trial/--basic] [--help] ``` -The above command will initiate an Elasticsearch instance on http://localhost:9220 and a kibana instance on http://localhost:5620 and will run the api test against these environments. +The above command will start an ES instance on http://localhost:9220, a Kibana instance on http://localhost:5620 and run the api tests. Once the tests finish, the instances will be terminated. -### Start test server - -``` -node scripts/test/api --server -``` +### Start server and run test in separate processes -Start Elasticsearch and Kibana instances. +```sh -### Run all tests +# start server +node scripts/test/api --server --basic +# run tests +node scripts/test/api --runner --basic ``` -node scripts/test/api --runner -``` - -Run all tests. The test server needs to be running, see [Start Test Server](#start-test-server). ### Update snapshots (from Kibana root) -To update snapshots append `--updateSnapshots` to the `functional_test_runner` command +To update snapshots append `--updateSnapshots` to the `--runner` command: ``` -node scripts/functional_test_runner --config x-pack/test/apm_api_integration/[basic | trial]/config.ts --quiet --updateSnapshots +node scripts/test/api --runner --basic --updateSnapshots ``` -The test server needs to be running, see [Start Test Server](#start-test-server). - -The API tests are located in [`x-pack/test/apm_api_integration/`](/x-pack/test/apm_api_integration/). +(The test server needs to be running) **API Test tips** diff --git a/x-pack/plugins/apm/ftr_e2e/cypress_start.ts b/x-pack/plugins/apm/ftr_e2e/cypress_start.ts index d65e428456b9d2..2db57398a05b51 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress_start.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress_start.ts @@ -11,7 +11,7 @@ import { argv } from 'yargs'; import Url from 'url'; import cypress from 'cypress'; import { FtrProviderContext } from './ftr_provider_context'; -import { createApmAndObsUsersAndRoles } from '../scripts/create_apm_users_and_roles/create_apm_users_and_roles'; +import { createApmUsers } from '../scripts/create_apm_users/create_apm_users'; import { esArchiverLoad, esArchiverUnload } from './cypress/tasks/es_archiver'; export async function cypressStart( @@ -27,14 +27,13 @@ export async function cypressStart( }); // Creates APM users - await createApmAndObsUsersAndRoles({ + await createApmUsers({ elasticsearch: { username: config.get('servers.elasticsearch.username'), password: config.get('servers.elasticsearch.password'), }, kibana: { hostname: kibanaUrl, - roleSuffix: 'e2e_tests', }, }); diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles.js b/x-pack/plugins/apm/scripts/create_apm_users.js similarity index 92% rename from x-pack/plugins/apm/scripts/create_apm_users_and_roles.js rename to x-pack/plugins/apm/scripts/create_apm_users.js index 25bbe25e74a3fb..682c1d9ce942c3 100644 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles.js +++ b/x-pack/plugins/apm/scripts/create_apm_users.js @@ -20,4 +20,4 @@ // eslint-disable-next-line import/no-extraneous-dependencies require('@kbn/optimizer').registerNodeAutoTranspilation(); -require('./create_apm_users_and_roles/create_apm_users_and_roles_cli'); +require('./create_apm_users/create_apm_users_cli'); diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/create_apm_users_and_roles.ts b/x-pack/plugins/apm/scripts/create_apm_users/create_apm_users.ts similarity index 67% rename from x-pack/plugins/apm/scripts/create_apm_users_and_roles/create_apm_users_and_roles.ts rename to x-pack/plugins/apm/scripts/create_apm_users/create_apm_users.ts index 95d67301db2cea..f7d0ea2e78ed88 100644 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/create_apm_users_and_roles.ts +++ b/x-pack/plugins/apm/scripts/create_apm_users/create_apm_users.ts @@ -6,9 +6,6 @@ */ import { AbortError, callKibana } from './helpers/call_kibana'; -import { createRole } from './helpers/create_role'; -import { powerUserRole } from './roles/power_user_role'; -import { readOnlyUserRole } from './roles/read_only_user_role'; import { createOrUpdateUser } from './helpers/create_or_update_user'; export interface Elasticsearch { @@ -17,11 +14,10 @@ export interface Elasticsearch { } export interface Kibana { - roleSuffix: string; hostname: string; } -export async function createApmAndObsUsersAndRoles({ +export async function createApmUsers({ kibana, elasticsearch, }: { @@ -44,26 +40,10 @@ export async function createApmAndObsUsersAndRoles({ throw new AbortError('Security must be enabled!'); } - const KIBANA_READ_ROLE = `kibana_read_${kibana.roleSuffix}`; - const KIBANA_POWER_ROLE = `kibana_power_${kibana.roleSuffix}`; - - // roles definition - const roles = [ - { roleName: KIBANA_READ_ROLE, role: readOnlyUserRole }, - { roleName: KIBANA_POWER_ROLE, role: powerUserRole }, - ]; - - // create roles - await Promise.all( - roles.map(async (role) => createRole({ elasticsearch, kibana, ...role })) - ); - // user definitions const users = [ - { username: 'apm_read_user', roles: [KIBANA_READ_ROLE] }, - { username: 'apm_power_user', roles: [KIBANA_POWER_ROLE] }, - { username: 'obs_read_user', roles: [KIBANA_READ_ROLE] }, - { username: 'obs_admin_user', roles: [KIBANA_POWER_ROLE] }, + { username: 'viewer_user', roles: ['viewer'] }, + { username: 'editor_user', roles: ['editor'] }, ]; // create users diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/create_apm_users_and_roles_cli.ts b/x-pack/plugins/apm/scripts/create_apm_users/create_apm_users_cli.ts similarity index 81% rename from x-pack/plugins/apm/scripts/create_apm_users_and_roles/create_apm_users_and_roles_cli.ts rename to x-pack/plugins/apm/scripts/create_apm_users/create_apm_users_cli.ts index e8884cca3d7b04..194639128b4cf7 100644 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/create_apm_users_and_roles_cli.ts +++ b/x-pack/plugins/apm/scripts/create_apm_users/create_apm_users_cli.ts @@ -9,14 +9,13 @@ import { argv } from 'yargs'; import { AbortError, isAxiosError } from './helpers/call_kibana'; -import { createApmAndObsUsersAndRoles } from './create_apm_users_and_roles'; +import { createApmUsers } from './create_apm_users'; import { getKibanaVersion } from './helpers/get_version'; async function init() { const esUserName = (argv.username as string) || 'elastic'; const esPassword = argv.password as string | undefined; const kibanaBaseUrl = argv.kibanaUrl as string | undefined; - const kibanaRoleSuffix = argv.roleSuffix as string | undefined; if (!esPassword) { console.error( @@ -42,14 +41,7 @@ async function init() { process.exit(); } - if (!kibanaRoleSuffix) { - console.error( - 'Please specify a unique suffix that will be added to your roles with `--role-suffix ` ' - ); - process.exit(); - } - - const kibana = { roleSuffix: kibanaRoleSuffix, hostname: kibanaBaseUrl }; + const kibana = { hostname: kibanaBaseUrl }; const elasticsearch = { username: esUserName, password: esPassword }; console.log({ kibana, elasticsearch }); @@ -57,7 +49,7 @@ async function init() { const version = await getKibanaVersion({ elasticsearch, kibana }); console.log(`Connected to Kibana ${version}`); - const users = await createApmAndObsUsersAndRoles({ elasticsearch, kibana }); + const users = await createApmUsers({ elasticsearch, kibana }); const credentials = users .map((u) => ` - ${u.username} / ${esPassword}`) .join('\n'); diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/call_kibana.ts b/x-pack/plugins/apm/scripts/create_apm_users/helpers/call_kibana.ts similarity index 95% rename from x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/call_kibana.ts rename to x-pack/plugins/apm/scripts/create_apm_users/helpers/call_kibana.ts index 00ca3506a42814..1e6bd2e02c416f 100644 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/call_kibana.ts +++ b/x-pack/plugins/apm/scripts/create_apm_users/helpers/call_kibana.ts @@ -6,7 +6,7 @@ */ import axios, { AxiosRequestConfig, AxiosError } from 'axios'; import { once } from 'lodash'; -import { Elasticsearch, Kibana } from '../create_apm_users_and_roles'; +import { Elasticsearch, Kibana } from '../create_apm_users'; export async function callKibana({ elasticsearch, diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/create_or_update_user.ts b/x-pack/plugins/apm/scripts/create_apm_users/helpers/create_or_update_user.ts similarity index 97% rename from x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/create_or_update_user.ts rename to x-pack/plugins/apm/scripts/create_apm_users/helpers/create_or_update_user.ts index 077e5193d6936a..78c826404a33b1 100644 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/create_or_update_user.ts +++ b/x-pack/plugins/apm/scripts/create_apm_users/helpers/create_or_update_user.ts @@ -8,7 +8,7 @@ /* eslint-disable no-console */ import { difference, union } from 'lodash'; -import { Elasticsearch, Kibana } from '../create_apm_users_and_roles'; +import { Elasticsearch, Kibana } from '../create_apm_users'; import { callKibana, isAxiosError } from './call_kibana'; interface User { diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/get_version.ts b/x-pack/plugins/apm/scripts/create_apm_users/helpers/get_version.ts similarity index 94% rename from x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/get_version.ts rename to x-pack/plugins/apm/scripts/create_apm_users/helpers/get_version.ts index 5b640438e88512..a809efe7402ea6 100644 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/get_version.ts +++ b/x-pack/plugins/apm/scripts/create_apm_users/helpers/get_version.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { Elasticsearch, Kibana } from '../create_apm_users_and_roles'; +import { Elasticsearch, Kibana } from '../create_apm_users'; import { AbortError } from './call_kibana'; import { callKibana, isAxiosError } from './call_kibana'; diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/create_role.ts b/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/create_role.ts deleted file mode 100644 index 71aa4184e983a9..00000000000000 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/helpers/create_role.ts +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -/* eslint-disable no-console */ - -import { Role } from '@kbn/security-plugin/common/model'; -import { callKibana, isAxiosError } from './call_kibana'; -import { Elasticsearch, Kibana } from '../create_apm_users_and_roles'; - -type Privilege = [] | ['read'] | ['all']; -export interface KibanaPrivileges { - base?: Privilege; - feature?: Record; -} - -export type RoleType = Omit; - -export async function createRole({ - elasticsearch, - kibana, - roleName, - role, -}: { - elasticsearch: Elasticsearch; - kibana: Kibana; - roleName: string; - role: RoleType; -}) { - const roleFound = await getRole({ - elasticsearch, - kibana, - roleName, - }); - if (roleFound) { - console.log(`Skipping: Role "${roleName}" already exists`); - return Promise.resolve(); - } - - await callKibana({ - elasticsearch, - kibana, - options: { - method: 'PUT', - url: `/api/security/role/${roleName}`, - data: { - metadata: { version: 1 }, - ...role, - }, - }, - }); - - console.log(`Created role "${roleName}"`); -} - -async function getRole({ - elasticsearch, - kibana, - roleName, -}: { - elasticsearch: Elasticsearch; - kibana: Kibana; - roleName: string; -}): Promise { - try { - return await callKibana({ - elasticsearch, - kibana, - options: { - method: 'GET', - url: `/api/security/role/${roleName}`, - }, - }); - } catch (e) { - // return empty if role doesn't exist - if (isAxiosError(e) && e.response?.status === 404) { - return null; - } - - throw e; - } -} diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/roles/power_user_role.ts b/x-pack/plugins/apm/scripts/create_apm_users_and_roles/roles/power_user_role.ts deleted file mode 100644 index fec628bf042334..00000000000000 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/roles/power_user_role.ts +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { RoleType } from '../helpers/create_role'; - -export const powerUserRole: RoleType = { - elasticsearch: { - run_as: [], - cluster: [], - indices: [ - // apm - { - names: ['apm-*', 'logs-apm*', 'metrics-apm*', 'traces-apm*'], - privileges: ['read', 'view_index_metadata'], - }, - { - names: ['observability-annotations'], - privileges: ['read', 'write', 'view_index_metadata'], - }, - // logs - { - names: ['logs-*', 'filebeat-*', 'kibana_sample_data_logs*'], - privileges: ['read', 'view_index_metadata'], - }, - // metrics - { - names: ['metrics-*', 'metricbeat-*'], - privileges: ['read', 'view_index_metadata'], - }, - // uptime - { - names: ['heartbeat-*', 'synthetics-*'], - privileges: ['read', 'view_index_metadata'], - }, - ], - }, - kibana: [ - { - base: [], - feature: { - // core - discover: ['all'], - dashboard: ['all'], - canvas: ['all'], - ml: ['all'], - maps: ['all'], - graph: ['all'], - visualize: ['all'], - - // observability - logs: ['all'], - infrastructure: ['all'], - apm: ['all'], - uptime: ['all'], - - // security - siem: ['all'], - - // management - dev_tools: ['all'], - advancedSettings: ['all'], - indexPatterns: ['all'], - savedObjectsManagement: ['all'], - stackAlerts: ['all'], - fleet: ['all'], - fleetv2: ['all'], - actions: ['all'], - }, - spaces: ['*'], - }, - ], -}; diff --git a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/roles/read_only_user_role.ts b/x-pack/plugins/apm/scripts/create_apm_users_and_roles/roles/read_only_user_role.ts deleted file mode 100644 index fed9147b3213d3..00000000000000 --- a/x-pack/plugins/apm/scripts/create_apm_users_and_roles/roles/read_only_user_role.ts +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { RoleType } from '../helpers/create_role'; - -export const readOnlyUserRole: RoleType = { - elasticsearch: { - run_as: [], - cluster: [], - indices: [ - // apm - { - names: [ - 'apm-*', - 'logs-apm*', - 'metrics-apm*', - 'traces-apm*', - 'observability-annotations', - ], - privileges: ['read', 'view_index_metadata'], - }, - // logs - { - names: ['logs-*', 'filebeat-*', 'kibana_sample_data_logs*'], - privileges: ['read', 'view_index_metadata'], - }, - // metrics - { - names: ['metrics-*', 'metricbeat-*'], - privileges: ['read', 'view_index_metadata'], - }, - // uptime - { - names: ['heartbeat-*', 'synthetics-*'], - privileges: ['read', 'view_index_metadata'], - }, - ], - }, - kibana: [ - { - base: [], - feature: { - // core - discover: ['read'], - dashboard: ['read'], - canvas: ['read'], - ml: ['read'], - maps: ['read'], - graph: ['read'], - visualize: ['read'], - - // observability - logs: ['read'], - infrastructure: ['read'], - apm: ['read'], - uptime: ['read'], - - // security - siem: ['read'], - - // management - dev_tools: ['read'], - advancedSettings: ['read'], - indexPatterns: ['read'], - savedObjectsManagement: ['read'], - stackAlerts: ['read'], - fleet: ['read'], - actions: ['read'], - }, - spaces: ['*'], - }, - ], -}; diff --git a/x-pack/plugins/apm/scripts/test/api.js b/x-pack/plugins/apm/scripts/test/api.js index 635257e084c84a..a4f467f3fea917 100644 --- a/x-pack/plugins/apm/scripts/test/api.js +++ b/x-pack/plugins/apm/scripts/test/api.js @@ -13,7 +13,7 @@ const childProcess = require('child_process'); const { argv } = yargs(process.argv.slice(2)) .option('basic', { - default: true, + default: false, type: 'boolean', description: 'Run tests with basic license', }) @@ -25,13 +25,12 @@ const { argv } = yargs(process.argv.slice(2)) .option('server', { default: false, type: 'boolean', - description: 'Start Elasticsearch and kibana', + description: 'Only start ES and Kibana', }) .option('runner', { default: false, type: 'boolean', - description: - 'Run all tests (an instance of Elasticsearch and kibana are needs to be available)', + description: 'Only run tests', }) .option('grep', { alias: 'spec', @@ -48,6 +47,11 @@ const { argv } = yargs(process.argv.slice(2)) type: 'number', description: 'Repeat the test n number of times', }) + .option('updateSnapshots', { + default: false, + type: 'boolean', + description: 'Update snapshots', + }) .check((argv) => { const { inspect, runner } = argv; if (inspect && !runner) { @@ -58,7 +62,11 @@ const { argv } = yargs(process.argv.slice(2)) }) .help(); -const { trial, server, runner, grep, inspect } = argv; +const { basic, trial, server, runner, grep, inspect, updateSnapshots } = argv; + +if (trial === false && basic === false) { + throw new Error('Please specify either --trial or --basic'); +} const license = trial ? 'trial' : 'basic'; @@ -71,11 +79,16 @@ if (server) { ftrScript = 'functional_test_runner'; } -const inspectArg = inspect ? '--inspect-brk' : ''; -const grepArg = grep ? `--grep "${grep}"` : ''; -const cmd = `node ${inspectArg} ../../../../scripts/${ftrScript} ${grepArg} --config ../../../../test/apm_api_integration/${license}/config.ts`; +const cmd = [ + 'node', + ...(inspect ? ['--inspect-brk'] : []), + `../../../../scripts/${ftrScript}`, + ...(grep ? [`--grep "${grep}"`] : []), + ...(updateSnapshots ? [`--updateSnapshots`] : []), + `--config ../../../../test/apm_api_integration/${license}/config.ts`, +].join(' '); -console.log(`Running ${cmd}`); +console.log(`Running: "${cmd}"`); function runTests() { childProcess.execSync(cmd, { cwd: path.join(__dirname), stdio: 'inherit' }); diff --git a/x-pack/plugins/synthetics/e2e/journeys/data_view_permissions.ts b/x-pack/plugins/synthetics/e2e/journeys/data_view_permissions.ts index 7267084c82dead..303cd5d40db43f 100644 --- a/x-pack/plugins/synthetics/e2e/journeys/data_view_permissions.ts +++ b/x-pack/plugins/synthetics/e2e/journeys/data_view_permissions.ts @@ -6,7 +6,7 @@ */ import { journey, step, expect, before } from '@elastic/synthetics'; -import { callKibana } from '@kbn/apm-plugin/scripts/create_apm_users_and_roles/helpers/call_kibana'; +import { callKibana } from '@kbn/apm-plugin/scripts/create_apm_users/helpers/call_kibana'; import { byTestId, waitForLoadingToFinish } from './utils'; import { loginPageProvider } from '../page_objects/login'; @@ -17,7 +17,7 @@ journey('DataViewPermissions', async ({ page, params }) => { try { await callKibana({ elasticsearch: { username: 'elastic', password: 'changeme' }, - kibana: { hostname: params.kibanaUrl, roleSuffix: '' }, + kibana: { hostname: params.kibanaUrl }, options: { method: 'DELETE', url: '/api/saved_objects/index-pattern/synthetics_static_index_pattern_id_heartbeat_?force=false', diff --git a/x-pack/plugins/synthetics/e2e/playwright_start.ts b/x-pack/plugins/synthetics/e2e/playwright_start.ts index 14d62c9632fa66..d387ce30fbf209 100644 --- a/x-pack/plugins/synthetics/e2e/playwright_start.ts +++ b/x-pack/plugins/synthetics/e2e/playwright_start.ts @@ -9,7 +9,7 @@ import Url from 'url'; import { run as playwrightRun } from '@elastic/synthetics'; -import { createApmAndObsUsersAndRoles } from '@kbn/apm-plugin/scripts/create_apm_users_and_roles/create_apm_users_and_roles'; +import { createApmUsers } from '@kbn/apm-plugin/scripts/create_apm_users/create_apm_users'; import { esArchiverLoad, esArchiverUnload } from './tasks/es_archiver'; import './journeys'; @@ -43,9 +43,9 @@ async function playwrightStart(getService: any, headless = true, match?: string) port: config.get('servers.kibana.port'), }); - await createApmAndObsUsersAndRoles({ + await createApmUsers({ elasticsearch: { username: 'elastic', password: 'changeme' }, - kibana: { roleSuffix: 'e2e', hostname: kibanaUrl }, + kibana: { hostname: kibanaUrl }, }); const res = await playwrightRun({ diff --git a/x-pack/test/apm_api_integration/common/authentication.ts b/x-pack/test/apm_api_integration/common/authentication.ts index 09390067ff4a9b..b59e5106f65c17 100644 --- a/x-pack/test/apm_api_integration/common/authentication.ts +++ b/x-pack/test/apm_api_integration/common/authentication.ts @@ -21,19 +21,9 @@ export enum ApmUser { apmManageOwnAndCreateAgentKeys = 'apm_manage_own_and_create_agent_keys', } -// TODO: Going forward we want to use the built-in roles `viewer` and `editor`. However ML privileges are not included in the built-in roles -// Until https://github.com/elastic/kibana/issues/71422 is closed we have to use the custom roles below const roles = { [ApmUser.noAccessUser]: {}, - [ApmUser.apmReadUser]: { - kibana: [ - { - base: [], - feature: { ml: ['read'] }, - spaces: ['*'], - }, - ], - }, + [ApmUser.apmReadUser]: {}, [ApmUser.apmReadUserWithoutMlAccess]: { elasticsearch: { cluster: [], @@ -52,15 +42,7 @@ const roles = { }, ], }, - [ApmUser.apmWriteUser]: { - kibana: [ - { - base: [], - feature: { ml: ['all'] }, - spaces: ['*'], - }, - ], - }, + [ApmUser.apmWriteUser]: {}, [ApmUser.apmAnnotationsWriteUser]: { elasticsearch: { cluster: [], From 4188a9d133a91500761c432bb82bad5e02d706f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Louv-Jansen?= Date: Tue, 24 May 2022 14:44:37 +0200 Subject: [PATCH 2/3] Remove `apm_power_user` --- .../cypress/integration/power_user/no_data_screen.ts | 4 ++-- .../plugins/apm/ftr_e2e/cypress/support/commands.ts | 4 ++-- x-pack/plugins/apm/scripts/create_apm_users.js | 11 ++++------- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/no_data_screen.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/no_data_screen.ts index 56704d63a42f16..fcf90aef61161b 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/no_data_screen.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/no_data_screen.ts @@ -29,7 +29,7 @@ describe('No data screen', () => { headers: { 'kbn-xsrf': true, }, - auth: { user: 'apm_power_user', pass: 'changeme' }, + auth: { user: 'editor_user', pass: 'changeme' }, }); }); @@ -57,7 +57,7 @@ describe('No data screen', () => { metric: '', }, headers: { 'kbn-xsrf': true }, - auth: { user: 'apm_power_user', pass: 'changeme' }, + auth: { user: 'editor_user', pass: 'changeme' }, }); }); }); diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.ts b/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.ts index 8e61908f56e0ea..030ad1fc27159f 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.ts @@ -11,11 +11,11 @@ import moment from 'moment'; import { AXE_CONFIG, AXE_OPTIONS } from '@kbn/axe-config'; Cypress.Commands.add('loginAsReadOnlyUser', () => { - cy.loginAs({ username: 'apm_read_user', password: 'changeme' }); + cy.loginAs({ username: 'viewer_user', password: 'changeme' }); }); Cypress.Commands.add('loginAsPowerUser', () => { - cy.loginAs({ username: 'apm_power_user', password: 'changeme' }); + cy.loginAs({ username: 'editor_user', password: 'changeme' }); }); Cypress.Commands.add( diff --git a/x-pack/plugins/apm/scripts/create_apm_users.js b/x-pack/plugins/apm/scripts/create_apm_users.js index 682c1d9ce942c3..37a70c70ef3b01 100644 --- a/x-pack/plugins/apm/scripts/create_apm_users.js +++ b/x-pack/plugins/apm/scripts/create_apm_users.js @@ -6,14 +6,11 @@ */ /* - * This script will create two roles - * - a read_only kibana role - * - a read/write kibana role + * This script will create two users + * - editor_user + * - viewer_user * - * The two roles will be assigned to the already existing users: `apm_read_user`, `apm_write_user`, `kibana_write_user` - * - * This makes it possible to use the existing cloud users locally - * Usage: node create-apm-users-and-roles.js --role-suffix + * Usage: node create-apm-users.js ******************************/ // compile typescript on the fly From 9012fed51bcfb084e3cc681b270a5ec6f7db9914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B8ren=20Louv-Jansen?= Date: Tue, 24 May 2022 14:52:48 +0200 Subject: [PATCH 3/3] Replace `apmReadUser` with `viewerUser` and `apmWriteUser` with `editorUser` --- .../power_user/feature_flag/comparison.ts | 2 +- .../feature_flag/infrastructure.spec.ts | 2 +- .../integration_policy.spec.ts | 2 +- .../integration/power_user/no_data_screen.ts | 2 +- .../power_user/rules/error_count.spec.ts | 4 ++-- .../settings/agent_configurations.spec.ts | 2 +- .../power_user/settings/custom_links.spec.ts | 2 +- .../read_only_user/deep_links.spec.ts | 2 +- .../read_only_user/dependencies.spec.ts | 2 +- .../errors/error_details.spec.ts | 2 +- .../read_only_user/errors/errors_page.spec.ts | 2 +- .../integration/read_only_user/home.spec.ts | 2 +- .../header_filters/header_filters.spec.ts | 2 +- .../service_inventory.spec.ts | 4 ++-- .../aws_lambda/aws_lamba.spec.ts | 2 +- .../service_overview/errors_table.spec.ts | 2 +- .../service_overview/header_filters.spec.ts | 4 ++-- .../service_overview/instances_table.spec.ts | 2 +- .../service_overview/service_overview.spec.ts | 8 ++++---- .../service_overview/time_comparison.spec.ts | 2 +- .../transaction_details/span_links.spec.ts | 2 +- .../transactions_overview.spec.ts | 2 +- .../apm/ftr_e2e/cypress/support/commands.ts | 4 ++-- .../apm/ftr_e2e/cypress/support/types.d.ts | 4 ++-- .../common/authentication.ts | 20 +++++++++---------- .../test/apm_api_integration/common/config.ts | 8 ++++---- .../anomaly_detection/read_user.spec.ts | 6 +++--- 27 files changed, 49 insertions(+), 49 deletions(-) diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/feature_flag/comparison.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/feature_flag/comparison.ts index d5a28b6d85bb41..198ac9d110556a 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/feature_flag/comparison.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/feature_flag/comparison.ts @@ -30,7 +30,7 @@ describe('Comparison feature flag', () => { }); beforeEach(() => { - cy.loginAsPowerUser(); + cy.loginAsEditorUser(); }); describe('when comparison feature is enabled', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/feature_flag/infrastructure.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/feature_flag/infrastructure.spec.ts index 250247464eed18..6e0fb4efbd8d2e 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/feature_flag/infrastructure.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/feature_flag/infrastructure.spec.ts @@ -32,7 +32,7 @@ describe('Infrastracture feature flag', () => { }); beforeEach(() => { - cy.loginAsPowerUser(); + cy.loginAsEditorUser(); }); describe('when infrastracture feature is disabled', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/integration_settings/integration_policy.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/integration_settings/integration_policy.spec.ts index 5cdf21d7ca9de1..5072c85affe23a 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/integration_settings/integration_policy.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/integration_settings/integration_policy.spec.ts @@ -56,7 +56,7 @@ describe('when navigating to integration page', () => { beforeEach(() => { const integrationsPath = '/app/integrations/browse'; - cy.loginAsPowerUser(); + cy.loginAsEditorUser(); cy.visit(integrationsPath); // open integration policy form diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/no_data_screen.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/no_data_screen.ts index fcf90aef61161b..65591bf991ab8f 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/no_data_screen.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/no_data_screen.ts @@ -10,7 +10,7 @@ const apmIndicesSaveURL = '/internal/apm/settings/apm-indices/save'; describe('No data screen', () => { describe('bypass no data screen on settings pages', () => { beforeEach(() => { - cy.loginAsPowerUser(); + cy.loginAsEditorUser(); }); before(() => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/rules/error_count.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/rules/error_count.spec.ts index 27830a4f74892b..a9ad367e566199 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/rules/error_count.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/rules/error_count.spec.ts @@ -37,7 +37,7 @@ describe('Rules', () => { describe('when created from APM', () => { describe('when created from Service Inventory', () => { before(() => { - cy.loginAsPowerUser(); + cy.loginAsEditorUser(); deleteAllRules(); }); @@ -68,7 +68,7 @@ describe('Rules', () => { describe('when created from Stack management', () => { before(() => { - cy.loginAsPowerUser(); + cy.loginAsEditorUser(); deleteAllRules(); }); diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/settings/agent_configurations.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/settings/agent_configurations.spec.ts index ffe036b03a50b8..1314b757c66fb5 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/settings/agent_configurations.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/settings/agent_configurations.spec.ts @@ -72,7 +72,7 @@ describe('Agent configuration', () => { }); beforeEach(() => { - cy.loginAsPowerUser(); + cy.loginAsEditorUser(); cy.visit(agentConfigHref); }); diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/settings/custom_links.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/settings/custom_links.spec.ts index df1ae6cf17a2db..6e72015ea93472 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/settings/custom_links.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/power_user/settings/custom_links.spec.ts @@ -9,7 +9,7 @@ const basePath = '/app/apm/settings/custom-links'; describe('Custom links', () => { beforeEach(() => { - cy.loginAsPowerUser(); + cy.loginAsEditorUser(); }); it('shows empty message and create button', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/deep_links.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/deep_links.spec.ts index 3ed6e01ce0c2a2..76c43ef03f3322 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/deep_links.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/deep_links.spec.ts @@ -7,7 +7,7 @@ describe('APM deep links', () => { before(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); it('navigates to apm links on search elastic', () => { cy.visit('/'); diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/dependencies.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/dependencies.spec.ts index 22ac5a72733e40..ff61f46abcc6b7 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/dependencies.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/dependencies.spec.ts @@ -31,7 +31,7 @@ describe('Dependencies', () => { }); beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); describe('top-level dependencies page', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/errors/error_details.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/errors/error_details.spec.ts index caec7a23115ff5..d4601623766bfc 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/errors/error_details.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/errors/error_details.spec.ts @@ -23,7 +23,7 @@ const errorDetailsPageHref = url.format({ describe('Error details', () => { beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); describe('when data is loaded', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/errors/errors_page.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/errors/errors_page.spec.ts index 6ff4795cbcb18b..d394c0b34dafb3 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/errors/errors_page.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/errors/errors_page.spec.ts @@ -25,7 +25,7 @@ const nodeServiceErrorsPageHref = url.format({ describe('Errors page', () => { beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); describe('when data is loaded', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/home.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/home.spec.ts index 50ac9fd81e2ecb..42ca9319b4ea34 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/home.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/home.spec.ts @@ -38,7 +38,7 @@ describe.skip('Home page', () => { }); beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); it('Redirects to service page with comparisonEnabled, environment, rangeFrom, rangeTo and offset added to the URL', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_inventory/header_filters/header_filters.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_inventory/header_filters/header_filters.spec.ts index 2fa8b1588a6306..03972eb0d0f207 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_inventory/header_filters/header_filters.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_inventory/header_filters/header_filters.spec.ts @@ -35,7 +35,7 @@ describe('Service inventory - header filters', () => { }); beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); describe('Filtering by kuerybar', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_inventory/service_inventory.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_inventory/service_inventory.spec.ts index 216a9c87d6db8f..54920596733b53 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_inventory/service_inventory.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_inventory/service_inventory.spec.ts @@ -44,7 +44,7 @@ const mainAliasNames = mainApiRequestsToIntercept.map( describe('When navigating to the service inventory', () => { before(async () => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); cy.visit(serviceInventoryHref); const { rangeFrom, rangeTo } = timeRange; @@ -90,7 +90,7 @@ describe('When navigating to the service inventory', () => { } ); - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); cy.visit(serviceInventoryHref); }); diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/aws_lambda/aws_lamba.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/aws_lambda/aws_lamba.spec.ts index 518cfefde2fb1e..a2674d056e317c 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/aws_lambda/aws_lamba.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/aws_lambda/aws_lamba.spec.ts @@ -37,7 +37,7 @@ describe('Service overview - aws lambda', () => { }); beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); it('displays a cold start rate chart and not a transaction breakdown chart', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/errors_table.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/errors_table.spec.ts index efeeec72941a28..8d7cfd4e65288a 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/errors_table.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/errors_table.spec.ts @@ -32,7 +32,7 @@ describe('Errors table', () => { }); beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); it('errors table is populated', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/header_filters.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/header_filters.spec.ts index e989d5470c4c6e..a8aa736bd53db6 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/header_filters.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/header_filters.spec.ts @@ -71,7 +71,7 @@ describe('Service overview - header filters', () => { describe('Filtering by transaction type', () => { beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); it('changes url when selecting different value', () => { cy.visit(serviceOverviewHref); @@ -119,7 +119,7 @@ describe('Service overview - header filters', () => { describe('Filtering by kuerybar', () => { beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); it('filters by transaction.name', () => { cy.visit( diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/instances_table.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/instances_table.spec.ts index dad92b83349818..affb5a22ebcffe 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/instances_table.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/instances_table.spec.ts @@ -38,7 +38,7 @@ const apisToIntercept = [ describe('Instances table', () => { beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); // describe('when data is not loaded', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/service_overview.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/service_overview.spec.ts index caeac36b7cba84..b206f8df08807b 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/service_overview.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/service_overview.spec.ts @@ -101,7 +101,7 @@ describe('Service Overview', () => { describe('renders', () => { before(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); cy.visit(baseUrl); }); @@ -121,7 +121,7 @@ describe('Service Overview', () => { describe('transactions', () => { beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); cy.visit(baseUrl); }); @@ -174,7 +174,7 @@ describe('Service Overview', () => { describe('when RUM service', () => { before(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); cy.visit( url.format({ pathname: '/app/apm/services/opbeans-rum/overview', @@ -203,7 +203,7 @@ describe('Service Overview', () => { describe('Calls APIs', () => { beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); cy.visit(baseUrl); apiRequestsToIntercept.map(({ endpoint, aliasName }) => { cy.intercept('GET', endpoint).as(aliasName); diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/time_comparison.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/time_comparison.spec.ts index cd2d2c064bdc66..900e29b8850026 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/time_comparison.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/service_overview/time_comparison.spec.ts @@ -65,7 +65,7 @@ describe.skip('Service overview: Time Comparison', () => { }); beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); it('enables by default the time comparison feature with Last 24 hours selected', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/transaction_details/span_links.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/transaction_details/span_links.spec.ts index 99efb7b6a2b6be..3dff8f075f187c 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/transaction_details/span_links.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/transaction_details/span_links.spec.ts @@ -30,7 +30,7 @@ function getServiceInventoryUrl({ serviceName }: { serviceName: string }) { describe('Span links', () => { beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); describe('when data is loaded', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/transactions_overview/transactions_overview.spec.ts b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/transactions_overview/transactions_overview.spec.ts index c5676dfb9c5322..671b35741f91b3 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/transactions_overview/transactions_overview.spec.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/integration/read_only_user/transactions_overview/transactions_overview.spec.ts @@ -33,7 +33,7 @@ describe('Transactions Overview', () => { }); beforeEach(() => { - cy.loginAsReadOnlyUser(); + cy.loginAsViewerUser(); }); it('has no detectable a11y violations on load', () => { diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.ts b/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.ts index 030ad1fc27159f..bf0be24353847b 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/support/commands.ts @@ -10,11 +10,11 @@ import 'cypress-axe'; import moment from 'moment'; import { AXE_CONFIG, AXE_OPTIONS } from '@kbn/axe-config'; -Cypress.Commands.add('loginAsReadOnlyUser', () => { +Cypress.Commands.add('loginAsViewerUser', () => { cy.loginAs({ username: 'viewer_user', password: 'changeme' }); }); -Cypress.Commands.add('loginAsPowerUser', () => { +Cypress.Commands.add('loginAsEditorUser', () => { cy.loginAs({ username: 'editor_user', password: 'changeme' }); }); diff --git a/x-pack/plugins/apm/ftr_e2e/cypress/support/types.d.ts b/x-pack/plugins/apm/ftr_e2e/cypress/support/types.d.ts index 413f38be892f13..0230ab1ef23a1d 100644 --- a/x-pack/plugins/apm/ftr_e2e/cypress/support/types.d.ts +++ b/x-pack/plugins/apm/ftr_e2e/cypress/support/types.d.ts @@ -7,8 +7,8 @@ declare namespace Cypress { interface Chainable { - loginAsReadOnlyUser(): void; - loginAsPowerUser(): void; + loginAsViewerUser(): void; + loginAsEditorUser(): void; loginAs(params: { username: string; password: string }): void; changeTimeRange(value: string): void; selectAbsoluteTimeRange(start: string, end: string): void; diff --git a/x-pack/test/apm_api_integration/common/authentication.ts b/x-pack/test/apm_api_integration/common/authentication.ts index b59e5106f65c17..288f483c8c0057 100644 --- a/x-pack/test/apm_api_integration/common/authentication.ts +++ b/x-pack/test/apm_api_integration/common/authentication.ts @@ -13,8 +13,8 @@ type SecurityService = Awaited>; export enum ApmUser { noAccessUser = 'no_access_user', - apmReadUser = 'apm_read_user', - apmWriteUser = 'apm_write_user', + viewerUser = 'viewer_user', + editorUser = 'editor_user', apmAnnotationsWriteUser = 'apm_annotations_write_user', apmReadUserWithoutMlAccess = 'apm_read_user_without_ml_access', apmManageOwnAgentKeys = 'apm_manage_own_agent_keys', @@ -23,7 +23,8 @@ export enum ApmUser { const roles = { [ApmUser.noAccessUser]: {}, - [ApmUser.apmReadUser]: {}, + [ApmUser.viewerUser]: {}, + [ApmUser.editorUser]: {}, [ApmUser.apmReadUserWithoutMlAccess]: { elasticsearch: { cluster: [], @@ -42,7 +43,6 @@ const roles = { }, ], }, - [ApmUser.apmWriteUser]: {}, [ApmUser.apmAnnotationsWriteUser]: { elasticsearch: { cluster: [], @@ -81,17 +81,17 @@ const users = { [ApmUser.noAccessUser]: { roles: [], }, - [ApmUser.apmReadUser]: { - roles: ['viewer', ApmUser.apmReadUser], + [ApmUser.viewerUser]: { + roles: ['viewer'], + }, + [ApmUser.editorUser]: { + roles: ['editor'], }, [ApmUser.apmReadUserWithoutMlAccess]: { roles: [ApmUser.apmReadUserWithoutMlAccess], }, - [ApmUser.apmWriteUser]: { - roles: ['editor', ApmUser.apmWriteUser], - }, [ApmUser.apmAnnotationsWriteUser]: { - roles: ['editor', ApmUser.apmWriteUser, ApmUser.apmAnnotationsWriteUser], + roles: ['editor', ApmUser.apmAnnotationsWriteUser], }, [ApmUser.apmManageOwnAgentKeys]: { roles: ['editor', ApmUser.apmManageOwnAgentKeys], diff --git a/x-pack/test/apm_api_integration/common/config.ts b/x-pack/test/apm_api_integration/common/config.ts index da483d3127ad96..4b56ad52c2e3f6 100644 --- a/x-pack/test/apm_api_integration/common/config.ts +++ b/x-pack/test/apm_api_integration/common/config.ts @@ -89,8 +89,8 @@ export function createTestConfig(config: ApmFtrConfig) { return { noAccessUser: await getApmApiClient(servers.kibana, security, ApmUser.noAccessUser, es), - readUser: await getApmApiClient(servers.kibana, security, ApmUser.apmReadUser, es), - writeUser: await getApmApiClient(servers.kibana, security, ApmUser.apmWriteUser, es), + readUser: await getApmApiClient(servers.kibana, security, ApmUser.viewerUser, es), + writeUser: await getApmApiClient(servers.kibana, security, ApmUser.editorUser, es), annotationWriterUser: await getApmApiClient( servers.kibana, security, @@ -120,8 +120,8 @@ export function createTestConfig(config: ApmFtrConfig) { ml: MachineLearningAPIProvider, // legacy clients legacySupertestAsNoAccessUser: getLegacySupertestClient(kibanaServer, ApmUser.noAccessUser), - legacySupertestAsApmReadUser: getLegacySupertestClient(kibanaServer, ApmUser.apmReadUser), - legacySupertestAsApmWriteUser: getLegacySupertestClient(kibanaServer, ApmUser.apmWriteUser), + legacySupertestAsApmReadUser: getLegacySupertestClient(kibanaServer, ApmUser.viewerUser), + legacySupertestAsApmWriteUser: getLegacySupertestClient(kibanaServer, ApmUser.editorUser), legacySupertestAsApmAnnotationsWriteUser: getLegacySupertestClient( kibanaServer, ApmUser.apmAnnotationsWriteUser diff --git a/x-pack/test/apm_api_integration/tests/settings/anomaly_detection/read_user.spec.ts b/x-pack/test/apm_api_integration/tests/settings/anomaly_detection/read_user.spec.ts index 75967dc9a8ff92..01349a503d2c51 100644 --- a/x-pack/test/apm_api_integration/tests/settings/anomaly_detection/read_user.spec.ts +++ b/x-pack/test/apm_api_integration/tests/settings/anomaly_detection/read_user.spec.ts @@ -10,14 +10,14 @@ import { FtrProviderContext } from '../../../common/ftr_provider_context'; export default function apiTest({ getService }: FtrProviderContext) { const registry = getService('registry'); - const apmReadUser = getService('legacySupertestAsApmReadUser'); + const viewerUser = getService('legacySupertestAsApmReadUser'); function getJobs() { - return apmReadUser.get(`/internal/apm/settings/anomaly-detection/jobs`).set('kbn-xsrf', 'foo'); + return viewerUser.get(`/internal/apm/settings/anomaly-detection/jobs`).set('kbn-xsrf', 'foo'); } function createJobs(environments: string[]) { - return apmReadUser + return viewerUser .post(`/internal/apm/settings/anomaly-detection/jobs`) .send({ environments }) .set('kbn-xsrf', 'foo');