Skip to content

Commit

Permalink
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
Browse files Browse the repository at this point in the history
…e-actions-throttle
  • Loading branch information
patrykkopycinski committed Mar 17, 2020
2 parents 1e969a9 + 631d93d commit 2df113e
Show file tree
Hide file tree
Showing 134 changed files with 4,769 additions and 1,142 deletions.
13 changes: 6 additions & 7 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -29,33 +29,32 @@
/src/plugins/dashboard/ @elastic/kibana-app

# App Architecture
/examples/url_generators_examples/ @elastic/kibana-app-arch
/examples/url_generators_explorer/ @elastic/kibana-app-arch
/packages/kbn-interpreter/ @elastic/kibana-app-arch
/src/legacy/core_plugins/data/ @elastic/kibana-app-arch
/src/legacy/core_plugins/elasticsearch/lib/create_proxy.js @elastic/kibana-app-arch
/src/legacy/core_plugins/embeddable_api/ @elastic/kibana-app-arch
/src/legacy/core_plugins/interpreter/ @elastic/kibana-app-arch
/src/legacy/core_plugins/kibana_react/ @elastic/kibana-app-arch
/src/legacy/core_plugins/kibana/public/management/ @elastic/kibana-app-arch
/src/legacy/core_plugins/kibana/server/field_formats/ @elastic/kibana-app-arch
/src/legacy/core_plugins/kibana/server/routes/api/management/ @elastic/kibana-app-arch
/src/legacy/core_plugins/kibana/server/routes/api/suggestions/ @elastic/kibana-app-arch
/src/legacy/core_plugins/visualizations/ @elastic/kibana-app-arch
/src/legacy/server/index_patterns/ @elastic/kibana-app-arch
/src/plugins/advanced_settings/ @elastic/kibana-app-arch
/src/plugins/bfetch/ @elastic/kibana-app-arch
/src/plugins/data/ @elastic/kibana-app-arch
/src/plugins/embeddable/ @elastic/kibana-app-arch
/src/plugins/expressions/ @elastic/kibana-app-arch
/src/plugins/inspector/ @elastic/kibana-app-arch
/src/plugins/kibana_react/ @elastic/kibana-app-arch
/src/plugins/kibana_react/public/code_editor @elastic/kibana-canvas
/src/plugins/kibana_utils/ @elastic/kibana-app-arch
/src/plugins/management/ @elastic/kibana-app-arch
/src/plugins/navigation/ @elastic/kibana-app-arch
/src/plugins/share/ @elastic/kibana-app-arch
/src/plugins/ui_actions/ @elastic/kibana-app-arch
/src/plugins/visualizations/ @elastic/kibana-app-arch
/src/plugins/share/ @elastic/kibana-app-arch
/examples/url_generators_examples/ @elastic/kibana-app-arch
/examples/url_generators_explorer/ @elastic/kibana-app-arch
/x-pack/plugins/advanced_ui_actions/ @elastic/kibana-app-arch
/x-pack/plugins/data_enhanced/ @elastic/kibana-app-arch
/x-pack/plugins/drilldowns/ @elastic/kibana-app-arch

# APM
Expand Down
19 changes: 19 additions & 0 deletions docs/developer/core/development-functional-tests.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,25 @@ To run tests on Firefox locally, use `config.firefox.js`:
node scripts/functional_test_runner --config test/functional/config.firefox.js
-----------

[float]
===== Using the test_user service

Tests should run at the positive security boundry condition, meaning that they should be run with the mimimum privileges required (and documented) and not as the superuser.
This prevents the type of regression where additional privleges accidentally become required to perform the same action.

The functional UI tests now default to logging in with a user named `test_user` and the roles of this user can be changed dynamically without logging in and out.

In order to achieve this a new service was introduced called `createTestUserService` (see `test/common/services/security/test_user.ts`). The purpose of this test user service is to create roles defined in the test config files and setRoles() or restoreDefaults().

An example of how to set the role like how its defined below:

`await security.testUser.setRoles(['kibana_user', 'kibana_date_nanos']);`

Here we are setting the `test_user` to have the `kibana_user` role and also role access to a specific data index (`kibana_date_nanos`).

Tests should normally setRoles() in the before() and restoreDefaults() in the after().


[float]
===== Anatomy of a test file

Expand Down
4 changes: 1 addition & 3 deletions docs/settings/monitoring-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,7 @@ which support the same values as <<settings,{kib} configuration settings>>.
To control how data is collected from your {es} nodes, you configure
{ref}/monitoring-settings.html[`xpack.monitoring.collection`
settings] in `elasticsearch.yml`. To control how monitoring data is collected
from Logstash, you configure
{logstash-ref}/monitoring-internal-collection.html#monitoring-settings[`xpack.monitoring` settings]
in `logstash.yml`.
from Logstash, configure monitoring settings in `logstash.yml`.

For more information, see
{ref}/monitor-elasticsearch-cluster.html[Monitor a cluster].
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@
"@elastic/apm-rum": "^4.6.0",
"@elastic/charts": "^17.1.1",
"@elastic/datemath": "5.0.2",
"@elastic/ems-client": "7.6.0",
"@elastic/ems-client": "7.7.0",
"@elastic/eui": "20.0.2",
"@elastic/filesaver": "1.1.2",
"@elastic/good": "8.1.1-kibana2",
Expand Down
15 changes: 15 additions & 0 deletions packages/kbn-test/src/functional_test_runner/lib/config/schema.ts
Original file line number Diff line number Diff line change
Expand Up @@ -255,5 +255,20 @@ export const schema = Joi.object()
fixedHeaderHeight: Joi.number().default(50),
})
.default(),

// settings for the security service if there is no defaultRole defined, then default to superuser role.
security: Joi.object()
.keys({
roles: Joi.object().default(),
defaultRoles: Joi.array()
.items(Joi.string())
.when('$primary', {
is: true,
then: Joi.array().min(1),
})
.default(['superuser']),
disableTestUser: Joi.boolean(),
})
.default(),
})
.default();
3 changes: 2 additions & 1 deletion src/legacy/ui/public/vis/map/service_settings.js
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ uiModules
this._showZoomMessage = true;
this._emsClient = new EMSClient({
language: i18n.getLocale(),
kbnVersion: kbnVersion,
appVersion: kbnVersion,
appName: 'kibana',
fileApiUrl: mapConfig.emsFileApiUrl,
tileApiUrl: mapConfig.emsTileApiUrl,
htmlSanitizer: $sanitize,
Expand Down
2 changes: 0 additions & 2 deletions test/common/services/security/role.ts
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ export class Role {
`Expected status code of 204, received ${status} ${statusText}: ${util.inspect(data)}`
);
}
this.log.debug(`created role ${name}`);
}

public async delete(name: string) {
Expand All @@ -56,6 +55,5 @@ export class Role {
)}`
);
}
this.log.debug(`deleted role ${name}`);
}
}
12 changes: 9 additions & 3 deletions test/common/services/security/security.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,21 @@ import { Role } from './role';
import { User } from './user';
import { RoleMappings } from './role_mappings';
import { FtrProviderContext } from '../../ftr_provider_context';
import { createTestUserService } from './test_user';

export function SecurityServiceProvider({ getService }: FtrProviderContext) {
export async function SecurityServiceProvider(context: FtrProviderContext) {
const { getService } = context;
const log = getService('log');
const config = getService('config');
const url = formatUrl(config.get('servers.kibana'));
const role = new Role(url, log);
const user = new User(url, log);
const testUser = await createTestUserService(role, user, context);

return new (class SecurityService {
role = new Role(url, log);
roleMappings = new RoleMappings(url, log);
user = new User(url, log);
testUser = testUser;
role = role;
user = user;
})();
}
92 changes: 92 additions & 0 deletions test/common/services/security/test_user.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import { Role } from './role';
import { User } from './user';
import { FtrProviderContext } from '../../ftr_provider_context';
import { Browser } from '../../../functional/services/browser';
import { TestSubjects } from '../../../functional/services/test_subjects';

export async function createTestUserService(
role: Role,
user: User,
{ getService, hasService }: FtrProviderContext
) {
const log = getService('log');
const config = getService('config');
// @ts-ignore browser service is not normally available in common.
const browser: Browser | void = hasService('browser') && getService('browser');
const testSubjects: TestSubjects | void =
// @ts-ignore testSubject service is not normally available in common.
hasService('testSubjects') && getService('testSubjects');
const kibanaServer = getService('kibanaServer');

const enabledPlugins = config.get('security.disableTestUser')
? []
: await kibanaServer.plugins.getEnabledIds();
const isEnabled = () => {
return enabledPlugins.includes('security') && !config.get('security.disableTestUser');
};
if (isEnabled()) {
log.debug('===============creating roles and users===============');
for (const [name, definition] of Object.entries(config.get('security.roles'))) {
// create the defined roles (need to map array to create roles)
await role.create(name, definition);
}
try {
// delete the test_user if present (will it error if the user doesn't exist?)
await user.delete('test_user');
} catch (exception) {
log.debug('no test user to delete');
}

// create test_user with username and pwd
log.debug(`default roles = ${config.get('security.defaultRoles')}`);
await user.create('test_user', {
password: 'changeme',
roles: config.get('security.defaultRoles'),
full_name: 'test user',
});
}

return new (class TestUser {
async restoreDefaults() {
if (isEnabled()) {
await this.setRoles(config.get('security.defaultRoles'));
}
}

async setRoles(roles: string[]) {
if (isEnabled()) {
log.debug(`set roles = ${roles}`);
await user.create('test_user', {
password: 'changeme',
roles,
full_name: 'test user',
});

if (browser && testSubjects) {
if (await testSubjects.exists('kibanaChrome', { allowHidden: true })) {
await browser.refresh();
await testSubjects.find('kibanaChrome', config.get('timeouts.find') * 10);
}
}
}
}
})();
}
7 changes: 5 additions & 2 deletions test/functional/apps/context/_date_nanos.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,13 @@ const TEST_STEP_SIZE = 3;
export default function({ getService, getPageObjects }) {
const kibanaServer = getService('kibanaServer');
const docTable = getService('docTable');
const security = getService('security');
const PageObjects = getPageObjects(['common', 'context', 'timePicker', 'discover']);
const esArchiver = getService('esArchiver');

describe('context view for date_nanos', () => {
before(async function() {
await security.testUser.setRoles(['kibana_admin', 'kibana_date_nanos']);
await esArchiver.loadIfNeeded('date_nanos');
await kibanaServer.uiSettings.replace({ defaultIndex: TEST_INDEX_PATTERN });
await kibanaServer.uiSettings.update({
Expand All @@ -39,8 +41,9 @@ export default function({ getService, getPageObjects }) {
});
});

after(function unloadMakelogs() {
return esArchiver.unload('date_nanos');
after(async function unloadMakelogs() {
await security.testUser.restoreDefaults();
await esArchiver.unload('date_nanos');
});

it('displays predessors - anchor - successors in right order ', async function() {
Expand Down
11 changes: 7 additions & 4 deletions test/functional/apps/context/_date_nanos_custom_timestamp.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,14 @@ const TEST_STEP_SIZE = 3;
export default function({ getService, getPageObjects }) {
const kibanaServer = getService('kibanaServer');
const docTable = getService('docTable');
const security = getService('security');
const PageObjects = getPageObjects(['common', 'context', 'timePicker', 'discover']);
const esArchiver = getService('esArchiver');
// skipped due to a recent change in ES that caused search_after queries with data containing
// custom timestamp formats like in the testdata to fail
describe.skip('context view for date_nanos with custom timestamp', () => {
before(async function() {
await security.testUser.setRoles(['kibana_admin', 'kibana_date_nanos_custom']);
await esArchiver.loadIfNeeded('date_nanos_custom');
await kibanaServer.uiSettings.replace({ defaultIndex: TEST_INDEX_PATTERN });
await kibanaServer.uiSettings.update({
Expand All @@ -40,10 +42,6 @@ export default function({ getService, getPageObjects }) {
});
});

after(function unloadMakelogs() {
return esArchiver.unload('date_nanos_custom');
});

it('displays predessors - anchor - successors in right order ', async function() {
await PageObjects.context.navigateTo(TEST_INDEX_PATTERN, '1');
const actualRowsText = await docTable.getRowsText();
Expand All @@ -54,5 +52,10 @@ export default function({ getService, getPageObjects }) {
];
expect(actualRowsText).to.eql(expectedRowsText);
});

after(async function() {
await security.testUser.restoreDefaults();
await esArchiver.unload('date_nanos_custom');
});
});
}
6 changes: 6 additions & 0 deletions test/functional/apps/dashboard/dashboard_filtering.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ export default function({ getService, getPageObjects }) {
const filterBar = getService('filterBar');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const security = getService('security');
const dashboardPanelActions = getService('dashboardPanelActions');
const PageObjects = getPageObjects(['common', 'dashboard', 'header', 'visualize', 'timePicker']);

Expand All @@ -41,6 +42,7 @@ export default function({ getService, getPageObjects }) {

before(async () => {
await esArchiver.load('dashboard/current/kibana');
await security.testUser.setRoles(['kibana_admin', 'test_logstash_reader', 'animals']);
await kibanaServer.uiSettings.replace({
defaultIndex: '0bf35f60-3dc9-11e8-8660-4d65aa086b3c',
});
Expand All @@ -49,6 +51,10 @@ export default function({ getService, getPageObjects }) {
await PageObjects.dashboard.gotoDashboardLandingPage();
});

after(async () => {
await security.testUser.restoreDefaults();
});

describe('adding a filter that excludes all data', () => {
before(async () => {
await PageObjects.dashboard.clickNewDashboard();
Expand Down
1 change: 1 addition & 0 deletions test/functional/apps/dashboard/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ export default function({ getService, loadTestFile }) {

async function loadCurrentData() {
await browser.setWindowSize(1300, 900);
await esArchiver.unload('logstash_functional');
await esArchiver.loadIfNeeded('dashboard/current/data');
}

Expand Down
2 changes: 0 additions & 2 deletions test/functional/apps/dashboard/time_zones.js
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import expect from '@kbn/expect';

export default function({ getService, getPageObjects }) {
const pieChart = getService('pieChart');
const browser = getService('browser');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const PageObjects = getPageObjects(['dashboard', 'timePicker', 'settings', 'common']);
Expand All @@ -48,7 +47,6 @@ export default function({ getService, getPageObjects }) {

after(async () => {
await kibanaServer.uiSettings.replace({ 'dateFormat:tz': 'UTC' });
await browser.refresh();
});

it('Exported dashboard adjusts EST time to UTC', async () => {
Expand Down
7 changes: 5 additions & 2 deletions test/functional/apps/discover/_date_nanos.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,19 +23,22 @@ export default function({ getService, getPageObjects }) {
const esArchiver = getService('esArchiver');
const PageObjects = getPageObjects(['common', 'timePicker', 'discover']);
const kibanaServer = getService('kibanaServer');
const security = getService('security');
const fromTime = 'Sep 22, 2019 @ 20:31:44.000';
const toTime = 'Sep 23, 2019 @ 03:31:44.000';

describe('date_nanos', function() {
before(async function() {
await esArchiver.loadIfNeeded('date_nanos');
await kibanaServer.uiSettings.replace({ defaultIndex: 'date-nanos' });
await security.testUser.setRoles(['kibana_admin', 'kibana_date_nanos']);
await PageObjects.common.navigateToApp('discover');
await PageObjects.timePicker.setAbsoluteRange(fromTime, toTime);
});

after(function unloadMakelogs() {
return esArchiver.unload('date_nanos');
after(async function unloadMakelogs() {
await security.testUser.restoreDefaults();
await esArchiver.unload('date_nanos');
});

it('should show a timestamp with nanoseconds in the first result row', async function() {
Expand Down
Loading

0 comments on commit 2df113e

Please sign in to comment.