-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Meta] FTR configurable test users for xpack #60815
Comments
Pinging @elastic/kibana-security (Team:Security) |
Pinging @elastic/kibana-qa (Team:QA) |
Thanks for this @Rasroh! #52431 was a great step forward in making sure we're running with the minimal set of documented Elasticsearch Privileges, but we should also keep Kibana Privileges in mind when designing these tests going forward. #52431 specifies a set of roles with specific cluster/index privileges, but from what I can tell, each test still runs with the
For example, to test that the dashboard application works correctly for read/write access, you would want a user with a role similar to the following: {
"name": "test_dashboard_user_role",
"elasticsearch": {
"cluster": []
"indices": [{
"names": ["kibana-sample-data-*"],
"privileges" ["read", "view_index_metadata"]
}],
"run_as": []
},
"kibana": [{
"spaces": ["*"],
"feature": {
"dashboard": ["all"]
}
}]
} |
Good suggestion, Larry- As we do new tests, we shall make it more granular like the example shared above. For the older tests, it needs to be dealt as a separate PR. |
All of the existing items have been completed. If there's any follow-up work, please open a new meta issue. |
fixes: #26937
Reference for OSS tests: #52431
Objective :
We should run all CI tests with security enabled and with a user who has the minimal documented privileges to allow them to be successful.
Describe a specific use case for the feature:
The x-pack tests already do run with security enabled but the
test_user
has the superuser role.This issue tries to eliminate the usage of superuser role in the tests and instead use the right set of roles and privileges required to run the tests.
Here I have listed the xpack apps which currently run as
superuser
. Each of the tests in these apps need to be run as atest_user
with the right set of roles and privileges.These tests exclude
feature controls tests
As an example xpack tests under
api_keys
, anddashboard_view_mode.js
have been modified to run as atest_user
with the right set of roles and privileges.Please Note: This requires contribution from all teams.
cc @elastic/kibana-qa
The text was updated successfully, but these errors were encountered: