fix auth

elastic · Jul 31, 2024 · 940dd12 · 940dd12
1 parent 23bb3c1
commit 940dd12
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 6 deletions.
diff --git a/...k/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts b/...k/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts
@@ -45,7 +45,7 @@ export const defineBulkActionCspBenchmarkRulesRoute = (router: CspRouter) =>
       access: 'internal',
       path: CSP_BENCHMARK_RULES_BULK_ACTION_ROUTE_PATH,
       options: {
-        tags: ['access:cloud-security-posture-read'],
+        tags: ['access:cloud-security-posture-all'],
       },
     })
     .addVersion(

diff --git a/x-pack/test/cloud_security_posture_api/routes/csp_benchmark_rules_bulk_update.ts b/x-pack/test/cloud_security_posture_api/routes/csp_benchmark_rules_bulk_update.ts
@@ -484,8 +484,8 @@ export default function (providerContext: FtrProviderContext) {
         });
       expect(status).to.be(403);
     });
-    // Blocked by https://github.com/elastic/kibana/issues/188059
-    it.skip('users with read privileges on cloud security should be able to mute', async () => {
+
+    it('users with all privileges on cloud security should be able to mute', async () => {
       const rule1 = await getRandomCspBenchmarkRule();
       const rule2 = await getRandomCspBenchmarkRule();
 
@@ -494,7 +494,7 @@ export default function (providerContext: FtrProviderContext) {
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .set('kbn-xsrf', 'xxxx')
-        .auth('role_security_read_user', cspSecurity.getPasswordForUser('role_security_read_user'))
+        .auth('role_security_all_user', cspSecurity.getPasswordForUser('role_security_all_user'))
         .send({
           action: 'mute',
           rules: [

diff --git a/x-pack/test/cloud_security_posture_api/routes/helper/user_roles_utilites.ts b/x-pack/test/cloud_security_posture_api/routes/helper/user_roles_utilites.ts
@@ -129,6 +129,24 @@ export function CspSecurityCommonProvider(providerContext: FtrProviderContext) {
         },
       ],
     },
+    {
+      name: 'role_security_all',
+      elasticsearch: {
+        indices: securityUserIndinces,
+      },
+      kibana: [
+        {
+          base: [],
+          feature: {
+            siem: ['all'],
+            fleet: ['all'],
+            fleetv2: ['all'],
+            savedObjectsManagement: ['all'],
+          },
+          spaces: ['*'],
+        },
+      ],
+    },
   ];
 
   const users = [
@@ -140,7 +158,7 @@ export function CspSecurityCommonProvider(providerContext: FtrProviderContext) {
     },
     {
       name: 'role_security_read_user_alerts',
-      full_name: 'user with 0 security privilege for',
+      full_name: 'user with 0 security privilege',
       password: 'csp123',
       roles: ['role_security_read_alerts'],
     },
@@ -152,10 +170,16 @@ export function CspSecurityCommonProvider(providerContext: FtrProviderContext) {
     },
     {
       name: 'role_security_no_read_user_alerts',
-      full_name: 'user with 0 security privilege for',
+      full_name: 'user with 0 security privilege',
       password: 'csp123',
       roles: ['role_security_no_read_alerts'],
     },
+    {
+      name: 'role_security_all_user',
+      full_name: 'user with all security privilege',
+      password: 'csp123',
+      roles: ['role_security_all'],
+    },
   ];
 
   return {