Skip to content

Commit

Permalink
fix export security FTR tests
Browse files Browse the repository at this point in the history
  • Loading branch information
pgayvallet committed Aug 20, 2021
1 parent 3c0e37c commit edf1a19
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 4 deletions.
12 changes: 10 additions & 2 deletions x-pack/test/saved_object_api_integration/common/suites/export.ts
Original file line number Diff line number Diff line change
Expand Up @@ -155,8 +155,16 @@ export function exportTestSuiteFactory(esArchiver: any, supertest: SuperTest<any
if (failure?.reason === 'unauthorized') {
// In export only, the API uses "bulkGet" or "find" depending on the parameters it receives.
if (failure.statusCode === 403) {
// "bulkGet" was unauthorized, which returns a forbidden error
await expectSavedObjectForbiddenBulkGet(type)(response);
if (id) {
// "bulkGet" was unauthorized, which returns a forbidden error
await expectSavedObjectForbiddenBulkGet(type)(response);
} else {
expect(response.body).to.eql({
statusCode: 403,
error: 'Forbidden',
message: `unauthorized`,
});
}
} else if (failure.statusCode === 200) {
// "find" was unauthorized, which returns an empty result
expect(response.body).not.to.have.property('error');
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ export default function ({ getService }: FtrProviderContext) {
return {
unauthorized: [
createTestDefinitions(exportableObjects, { statusCode: 403, reason: 'unauthorized' }),
createTestDefinitions(exportableTypes, { statusCode: 200, reason: 'unauthorized' }), // failure with empty result
createTestDefinitions(exportableTypes, { statusCode: 403, reason: 'unauthorized' }),
createTestDefinitions(nonExportableObjectsAndTypes, false),
].flat(),
authorized: createTestDefinitions(allObjectsAndTypes, false),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ export default function ({ getService }: FtrProviderContext) {
return {
unauthorized: [
createTestDefinitions(exportableObjects, { statusCode: 403, reason: 'unauthorized' }),
createTestDefinitions(exportableTypes, { statusCode: 200, reason: 'unauthorized' }), // failure with empty result
createTestDefinitions(exportableTypes, { statusCode: 403, reason: 'unauthorized' }), // failure with empty result
createTestDefinitions(nonExportableObjectsAndTypes, false),
].flat(),
authorized: createTestDefinitions(allObjectsAndTypes, false),
Expand Down

0 comments on commit edf1a19

Please sign in to comment.