Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cases] Add authorization to configuration & cases routes #97228

Merged
merged 25 commits into from
Apr 26, 2021

Conversation

cnasikas
Copy link
Member

@cnasikas cnasikas commented Apr 15, 2021

Summary

This PR adds authorization to the following routes:

  • Cases:
    • GET: /api/cases/tags
    • GET: /api/cases/reporters
    • GET: /api/cases/<case_id>
    • DELETE: /api/cases/ids=[...<ids>]
  • Configuration:
    • POST: /api/cases/configure
    • GET: /api/cases/configure
    • PATCH: /api/cases/configure/<configuration_id>

Changes:

  • The route GET: /api/cases/configure will return an array instead of an object
  • GET: /api/cases/configure, GET: /api/cases/tags, and GET: /api/cases/reporters needs the owner query parameter.
  • PATCH: /api/cases/configure requires a configuration id.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@cnasikas cnasikas added v8.0.0 Team:Detections and Resp Security Detection Response Team Team:Threat Hunting Security Solution Threat Hunting Team Feature:Cases Cases feature Theme: rac label obsolete Feature:Cases-RAC-RBAC labels Apr 15, 2021
@cnasikas cnasikas self-assigned this Apr 15, 2021
@cnasikas cnasikas force-pushed the auth_cases_routes branch from aca5bc4 to 60ece3a Compare April 15, 2021 11:02
@cnasikas cnasikas changed the title [Cases] Add authorization to cases routes [Cases] Add authorization to configuration routes Apr 22, 2021
@cnasikas cnasikas marked this pull request as ready for review April 22, 2021 18:08
@cnasikas cnasikas requested review from a team as code owners April 22, 2021 18:08
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@cnasikas cnasikas changed the title [Cases] Add authorization to configuration routes [Cases] Add authorization to configuration & cases routes Apr 23, 2021
@cnasikas cnasikas removed the request for review from a team April 23, 2021 09:41
@cnasikas cnasikas force-pushed the auth_cases_routes branch from d3ad7af to 6affd79 Compare April 23, 2021 09:43
@cnasikas cnasikas requested a review from a team as a code owner April 23, 2021 12:26
@cnasikas cnasikas force-pushed the auth_cases_routes branch from 62d4f1c to 157e834 Compare April 23, 2021 12:30

// TODO: we will need to add this type rt.literal('close-by-third-party')
const ClosureTypeRT = rt.union([rt.literal('close-by-user'), rt.literal('close-by-pushing')]);

const CasesConfigureBasicRt = rt.type({
connector: CaseConnectorRt,
closure_type: ClosureTypeRT,
// TODO: should a user be able to update the owner?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw that you added a test for not allow updates to the owner field 👍 could we remove this comment?

name: WriteOperations.UpdateConfiguration,
action: 'update-configuration',
verbs: updateVerbs,
docType: 'case-configuration',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we change this one to case configuration

@@ -23,16 +23,24 @@ export type GetSpaceFn = (request: KibanaRequest) => Promise<Space | undefined>;

// TODO: we need to have an operation per entity route so I think we need to create a bunch like
// getCase, getComment, getSubCase etc for each, need to think of a clever way of creating them for all the routes easily?

// if you add a value here you'll likely also need to make changes here:
// x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@@ -103,16 +147,19 @@ export async function deleteCases(ids: string[], clientArgs: CasesClientArgs): P
soClient,
actions: ids.map((id) =>
buildCaseUserActionItem({
action: 'create',
action: 'delete',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice find!

const query = pipe(
CasesConfigurePatchRt.decode(request.body),
const params = pipe(
CaseConfigureRequestParamsRt.decode(request.params),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this wasn't there before but should this be wrapped in an excess() call too?

Copy link
Member Author

@cnasikas cnasikas Apr 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added but I am not sure if it is needed. The params are part of the url. If a user pass additional params it will get a 404 from Kibana because the endpoint will not exist.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I missed that, you can disregard 👍

caseId: string;
includeComments?: boolean;
expectedHttpCode?: number;
auth?: { user: User; space: string | null };
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I think we could actually get away with doing auth?: { user: User; space?: string };
that way I think the default can be auth = { user: superUser }, and we can still call like this: ${getSpaceUrlPrefix(auth?.space)}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did like this because I wanted to produce a TS error when when someone provides a user but not a space. This error will make them think why they don't want to provide a space and take a decision about it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah gotcha. That makes sense. If we run into a situation where we want to pass in the user but use the default space we can change it then 👍

});
});

it('should not get a case', async () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: maybe should not get a case when the user does not have access to owner

@@ -46,16 +59,36 @@ export default ({ getService }: FtrProviderContext): void => {
await actionsRemover.removeAll();
});

// TODO: Decide what to do with no configuration (no owner)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can remove this right? I think an empty array is good 👍

]) {
it(`User ${scenario.user.username} with role(s) ${scenario.user.roles.join()} and space ${
scenario.space
} - should NOT read a case`, async () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be should NOT read a case configuration?

@@ -155,5 +227,128 @@ export default ({ getService }: FtrProviderContext): void => {
statusCode: 409,
});
});

it('should not allow to change the owner of the configuration', async () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@cnasikas cnasikas merged commit 6cdfa84 into elastic:cases-rbac-poc Apr 26, 2021
@cnasikas cnasikas deleted the auth_cases_routes branch April 26, 2021 16:45
@kibanamachine
Copy link
Contributor

kibanamachine commented Apr 26, 2021

💔 Build Failed

Failed CI Steps


Test Failures

Kibana Pipeline / general / X-Pack Case API Integration Tests.x-pack/test/case_api_integration/security_and_spaces/tests/common/configure/get_configure·ts.cases security and spaces enabled: basic Common get_configure should return a configuration with mapping

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: cases security and spaces enabled: basic
[00:00:00]           └-> "before all" hook in "cases security and spaces enabled: basic"
[00:00:00]           └-> "before all" hook in "cases security and spaces enabled: basic"
[00:00:00]             │ debg creating space
[00:00:00]             │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] [.ds-ilm-history-5-2021.04.26-000001] creating index, cause [initialize_data_stream], templates [ilm-history], shards [1]/[0]
[00:00:00]             │ info [o.e.c.m.MetadataCreateDataStreamService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] adding data stream [ilm-history-5] with write index [.ds-ilm-history-5-2021.04.26-000001] and backing indices []
[00:00:00]             │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.ds-ilm-history-5-2021.04.26-000001][0]]])." previous.health="YELLOW" reason="shards started [[.ds-ilm-history-5-2021.04.26-000001][0]]"
[00:00:00]             │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] moving index [.ds-ilm-history-5-2021.04.26-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [ilm-history-ilm-policy]
[00:00:00]             │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] moving index [.ds-ilm-history-5-2021.04.26-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [ilm-history-ilm-policy]
[00:00:00]             │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] moving index [.ds-ilm-history-5-2021.04.26-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [ilm-history-ilm-policy]
[00:00:00]             │ debg created space
[00:00:00]             │ debg creating space
[00:00:01]             │ debg created space
[00:00:01]             │ debg creating role no_kibana_privileges
[00:00:01]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [no_kibana_privileges]
[00:00:01]             │ debg creating role global_read
[00:00:01]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [global_read]
[00:00:01]             │ debg creating role sec_only_all
[00:00:01]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [sec_only_all]
[00:00:01]             │ debg creating role sec_only_read
[00:00:01]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [sec_only_read]
[00:00:01]             │ debg creating role obs_only_all
[00:00:01]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [obs_only_all]
[00:00:01]             │ debg creating role obs_only_read
[00:00:01]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [obs_only_read]
[00:00:01]             │ debg creating user superuser
[00:00:01]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [superuser]
[00:00:01]             │ debg created user superuser
[00:00:01]             │ debg creating user sec_only
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [sec_only]
[00:00:02]             │ debg created user sec_only
[00:00:02]             │ debg creating user sec_only_read
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [sec_only_read]
[00:00:02]             │ debg created user sec_only_read
[00:00:02]             │ debg creating user obs_only
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [obs_only]
[00:00:02]             │ debg created user obs_only
[00:00:02]             │ debg creating user obs_only_read
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [obs_only_read]
[00:00:02]             │ debg created user obs_only_read
[00:00:02]             │ debg creating user obs_sec
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [obs_sec]
[00:00:02]             │ debg created user obs_sec
[00:00:02]             │ debg creating user obs_sec_read
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [obs_sec_read]
[00:00:02]             │ debg created user obs_sec_read
[00:00:02]             │ debg creating user global_read
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [global_read]
[00:00:02]             │ debg created user global_read
[00:00:02]             │ debg creating user no_kibana_privileges
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [no_kibana_privileges]
[00:00:02]             │ debg created user no_kibana_privileges
[00:00:02]           └-: Common
[00:00:02]             └-> "before all" hook in "Common"
[00:08:22]             └-: get_configure
[00:08:22]               └-> "before all" hook for "should return an empty find body correctly if no configuration is loaded"
[00:08:22]               └-> "before all" hook for "should return an empty find body correctly if no configuration is loaded"
[00:08:22]               └-> should return an empty find body correctly if no configuration is loaded
[00:08:22]                 └-> "before each" hook: global before each for "should return an empty find body correctly if no configuration is loaded"
[00:08:22]                 └- ✓ pass  (44ms) "cases security and spaces enabled: basic Common get_configure should return an empty find body correctly if no configuration is loaded"
[00:08:22]               └-> "after each" hook for "should return an empty find body correctly if no configuration is loaded"
[00:08:22]               └-> should return a configuration
[00:08:22]                 └-> "before each" hook: global before each for "should return a configuration"
[00:08:22]                 │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] [.kibana_8.0.0_001/LTe4GArXQoG66AyJBXpX4A] update_mapping [_doc]
[00:08:23]                 └- ✓ pass  (886ms) "cases security and spaces enabled: basic Common get_configure should return a configuration"
[00:08:23]               └-> "after each" hook for "should return a configuration"
[00:08:23]               └-> should get a single configuration
[00:08:23]                 └-> "before each" hook: global before each for "should get a single configuration"
[00:08:26]                 └- ✓ pass  (3.0s) "cases security and spaces enabled: basic Common get_configure should get a single configuration"
[00:08:26]               └-> "after each" hook for "should get a single configuration"
[00:08:26]               └-> should return by descending order
[00:08:26]                 └-> "before each" hook: global before each for "should return by descending order"
[00:08:29]                 └- ✓ pass  (3.0s) "cases security and spaces enabled: basic Common get_configure should return by descending order"
[00:08:29]               └-> "after each" hook for "should return by descending order"
[00:08:29]               └-> should return a configuration with mapping
[00:08:29]                 └-> "before each" hook: global before each for "should return a configuration with mapping"
[00:08:29]                 └- ✖ fail: cases security and spaces enabled: basic Common get_configure should return a configuration with mapping
[00:08:29]                 │      Error: expected 200 "OK", got 403 "Forbidden"
[00:08:29]                 │       at Test._assertStatus (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:268:12)
[00:08:29]                 │       at Test._assertFunction (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:283:11)
[00:08:29]                 │       at Test.assert (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:173:18)
[00:08:29]                 │       at assert (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:131:12)
[00:08:29]                 │       at /dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:128:5
[00:08:29]                 │       at Test.Request.callback (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:718:3)
[00:08:29]                 │       at /dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:906:18
[00:08:29]                 │       at IncomingMessage.<anonymous> (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/parsers/json.js:19:7)
[00:08:29]                 │       at endReadableNT (internal/streams/readable.js:1327:12)
[00:08:29]                 │       at processTicksAndRejections (internal/process/task_queues.js:80:21)
[00:08:29]                 │ 
[00:08:29]                 │ 

Stack Trace

Error: expected 200 "OK", got 403 "Forbidden"
    at Test._assertStatus (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:268:12)
    at Test._assertFunction (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:283:11)
    at Test.assert (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:173:18)
    at assert (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:131:12)
    at /dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:128:5
    at Test.Request.callback (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:718:3)
    at /dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:906:18
    at IncomingMessage.<anonymous> (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/parsers/json.js:19:7)
    at endReadableNT (internal/streams/readable.js:1327:12)
    at processTicksAndRejections (internal/process/task_queues.js:80:21)

Kibana Pipeline / general / X-Pack Case API Integration Tests.x-pack/test/case_api_integration/security_and_spaces/tests/common/configure/get_configure·ts.cases security and spaces enabled: basic Common get_configure should return a configuration with mapping

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 1 times on tracked branches: https://dryrun

[00:00:00]       │
[00:00:00]         └-: cases security and spaces enabled: basic
[00:00:00]           └-> "before all" hook in "cases security and spaces enabled: basic"
[00:00:00]           └-> "before all" hook in "cases security and spaces enabled: basic"
[00:00:00]             │ debg creating space
[00:00:00]             │ debg created space
[00:00:00]             │ debg creating space
[00:00:01]             │ debg created space
[00:00:01]             │ debg creating role no_kibana_privileges
[00:00:01]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [no_kibana_privileges]
[00:00:01]             │ debg creating role global_read
[00:00:02]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [global_read]
[00:00:02]             │ debg creating role sec_only_all
[00:00:02]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [sec_only_all]
[00:00:02]             │ debg creating role sec_only_read
[00:00:02]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [sec_only_read]
[00:00:02]             │ debg creating role obs_only_all
[00:00:02]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [obs_only_all]
[00:00:02]             │ debg creating role obs_only_read
[00:00:02]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added role [obs_only_read]
[00:00:02]             │ debg creating user superuser
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [superuser]
[00:00:02]             │ debg created user superuser
[00:00:02]             │ debg creating user sec_only
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [sec_only]
[00:00:02]             │ debg created user sec_only
[00:00:02]             │ debg creating user sec_only_read
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [sec_only_read]
[00:00:02]             │ debg created user sec_only_read
[00:00:02]             │ debg creating user obs_only
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [obs_only]
[00:00:02]             │ debg created user obs_only
[00:00:02]             │ debg creating user obs_only_read
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [obs_only_read]
[00:00:02]             │ debg created user obs_only_read
[00:00:02]             │ debg creating user obs_sec
[00:00:02]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [obs_sec]
[00:00:02]             │ debg created user obs_sec
[00:00:02]             │ debg creating user obs_sec_read
[00:00:03]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [obs_sec_read]
[00:00:03]             │ debg created user obs_sec_read
[00:00:03]             │ debg creating user global_read
[00:00:03]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [global_read]
[00:00:03]             │ debg created user global_read
[00:00:03]             │ debg creating user no_kibana_privileges
[00:00:03]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] added user [no_kibana_privileges]
[00:00:03]             │ debg created user no_kibana_privileges
[00:00:03]           └-: Common
[00:00:03]             └-> "before all" hook in "Common"
[00:08:25]             └-: get_configure
[00:08:25]               └-> "before all" hook for "should return an empty find body correctly if no configuration is loaded"
[00:08:25]               └-> "before all" hook for "should return an empty find body correctly if no configuration is loaded"
[00:08:25]               └-> should return an empty find body correctly if no configuration is loaded
[00:08:25]                 └-> "before each" hook: global before each for "should return an empty find body correctly if no configuration is loaded"
[00:08:25]                 └- ✓ pass  (57ms) "cases security and spaces enabled: basic Common get_configure should return an empty find body correctly if no configuration is loaded"
[00:08:25]               └-> "after each" hook for "should return an empty find body correctly if no configuration is loaded"
[00:08:25]               └-> should return a configuration
[00:08:25]                 └-> "before each" hook: global before each for "should return a configuration"
[00:08:25]                 │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501] [.kibana_8.0.0_001/gPeIGklQQRWD-YOJ8j_u5g] update_mapping [_doc]
[00:08:26]                 └- ✓ pass  (855ms) "cases security and spaces enabled: basic Common get_configure should return a configuration"
[00:08:26]               └-> "after each" hook for "should return a configuration"
[00:08:26]               └-> should get a single configuration
[00:08:26]                 └-> "before each" hook: global before each for "should get a single configuration"
[00:08:29]                 └- ✓ pass  (3.0s) "cases security and spaces enabled: basic Common get_configure should get a single configuration"
[00:08:29]               └-> "after each" hook for "should get a single configuration"
[00:08:29]               └-> should return by descending order
[00:08:29]                 └-> "before each" hook: global before each for "should return by descending order"
[00:08:32]                 └- ✓ pass  (3.0s) "cases security and spaces enabled: basic Common get_configure should return by descending order"
[00:08:32]               └-> "after each" hook for "should return by descending order"
[00:08:32]               └-> should return a configuration with mapping
[00:08:32]                 └-> "before each" hook: global before each for "should return a configuration with mapping"
[00:08:32]                 └- ✖ fail: cases security and spaces enabled: basic Common get_configure should return a configuration with mapping
[00:08:32]                 │      Error: expected 200 "OK", got 403 "Forbidden"
[00:08:32]                 │       at Test._assertStatus (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:268:12)
[00:08:32]                 │       at Test._assertFunction (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:283:11)
[00:08:32]                 │       at Test.assert (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:173:18)
[00:08:32]                 │       at assert (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:131:12)
[00:08:32]                 │       at /dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:128:5
[00:08:32]                 │       at Test.Request.callback (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:718:3)
[00:08:32]                 │       at /dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:906:18
[00:08:32]                 │       at IncomingMessage.<anonymous> (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/parsers/json.js:19:7)
[00:08:32]                 │       at endReadableNT (internal/streams/readable.js:1327:12)
[00:08:32]                 │       at processTicksAndRejections (internal/process/task_queues.js:80:21)
[00:08:32]                 │ 
[00:08:32]                 │ 

Stack Trace

Error: expected 200 "OK", got 403 "Forbidden"
    at Test._assertStatus (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:268:12)
    at Test._assertFunction (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:283:11)
    at Test.assert (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:173:18)
    at assert (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:131:12)
    at /dev/shm/workspace/parallel/16/kibana/node_modules/supertest/lib/test.js:128:5
    at Test.Request.callback (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:718:3)
    at /dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:906:18
    at IncomingMessage.<anonymous> (/dev/shm/workspace/parallel/16/kibana/node_modules/supertest/node_modules/superagent/lib/node/parsers/json.js:19:7)
    at endReadableNT (internal/streams/readable.js:1327:12)
    at processTicksAndRejections (internal/process/task_queues.js:80:21)

Kibana Pipeline / general / "before all" hook for "attach timeline to an existing case".attach timeline to case with cases created "before all" hook for "attach timeline to an existing case"

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has failed 3 times on tracked branches: https://github.com/elastic/kibana/issues/86960

CypressError: `cy.request()` failed on:

http://elastic:changeme@localhost:6121/api/cases

The response we received from your web server was:

  > 400: Bad Request

This was considered a failure because the status code was not `2xx` or `3xx`.

If you do not want status codes to cause failures pass the option: `failOnStatusCode: false`

-----------------------------------------------------------

The request we sent was:

Method: POST
URL: http://elastic:changeme@localhost:6121/api/cases
Headers: {
  "Connection": "keep-alive",
  "kbn-xsrf": "cypress-creds",
  "user-agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/90.0.4430.85 Safari/537.36",
  "accept": "*/*",
  "cookie": "sid=Fe26.2**45addd406a37ac5c4042c5b9f2f0b479a3151419dffc5caef9cd90a254c02133*hLz1pxmrcie7WgxZoop9Uw*yW6f8PY4dW8KqDxwKoj-ogxp0qTX4yI_PA_Y8PrWrzkTq-nGsqT0s6AemPM6S2c2wKRZQLa3deVWGx33tO30THH9OjX4aNvUODEB2npEbhm6laDoYL0YLhexMIu2sDBzFNeTaoHsawJdbv9yuwi0Nj598sWQtRM1Y3YnVLbungTxWU-HnYnr5FEz31BE-mfii8qcXEuMpzTjZBmFV6to2jOhbVqnk-1hmbkcWxoddH0**6077a192bda126213a76cf43e7161baca4b56433ef8f4c7b8c24578f36a0f9d9*JEEX-QC8wZCw6yupH867YkigplEynf4c6ikBc0tXWZw",
  "accept-encoding": "gzip, deflate",
  "authorization": "Basic ZWxhc3RpYzpjaGFuZ2VtZQ==",
  "content-type": "application/json",
  "content-length": 201
}
Body: {"description":"This is the case description","title":"This is the title of the case","tags":["tag"],"connector":{"id":"none","name":"none","type":".none","fields":null},"settings":{"syncAlerts":true}}

-----------------------------------------------------------

The response we got was:

Status: 400 - Bad Request
Headers: {
  "kbn-name": "kibana-ci-immutable-ubuntu-18-tests-xxl-1619453457329385501",
  "kbn-license-sig": "8be19c73d7a70143b07e0803d078640abc3d96b940a1679d8bb3c36bd00d9184",
  "content-type": "application/json; charset=utf-8",
  "cache-control": "private, no-cache, no-store, must-revalidate",
  "content-length": "102",
  "date": "Mon, 26 Apr 2021 16:48:23 GMT",
  "connection": "keep-alive",
  "keep-alive": "timeout=120"
}
Body: {
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Invalid value \"undefined\" supplied to \"owner\""
}


https://on.cypress.io/request

Because this error occurred during a `before all` hook we are skipping the remaining tests in the current suite: `with cases created`

Although you have test retries enabled, we do not retry tests when `before all` or `after all` hooks fail
    at http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:160310:21
    at tryCatcher (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:10765:23)
    at Promise._settlePromiseFromHandler (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:8700:31)
    at Promise._settlePromise (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:8757:18)
    at Promise._settlePromise0 (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:8802:10)
    at Promise._settlePromises (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:8882:18)
    at _drainQueueStep (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:5472:12)
    at _drainQueue (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:5465:9)
    at Async.../../node_modules/bluebird/js/release/async.js.Async._drainQueues (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:5481:5)
    at Async.drainQueues (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:5351:14)
From Your Spec Code:
    at Object.createCase (http://localhost:6121/__cypress/tests?p=cypress/integration/cases/attach_timeline.spec.ts:15652:36)
    at Context.eval (http://localhost:6121/__cypress/tests?p=cypress/integration/cases/attach_timeline.spec.ts:15055:21)

and 2 more failures, only showing the first 3.

Metrics [docs]

‼️ ERROR: no builds found for mergeBase sha [676173e]

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @cnasikas

@cnasikas cnasikas mentioned this pull request May 11, 2021
12 tasks
jonathan-buttner added a commit that referenced this pull request Jun 7, 2021
* Adding feature flag for auth

* Hiding SOs and adding consumer field

* First pass at adding security changes

* Consumer as the app's plugin ID

* Create addConsumerToSO migration helper

* Fix mapping's SO consumer

* Add test for CasesActions

* Declare hidden types on SO client

* Restructure integration tests

* Init spaces_only integration tests

* Implementing the cases security string

* Adding security plugin tests for cases

* Rough concept for authorization class

* Adding comments

* Fix merge

* Get requiredPrivileges for classes

* Check privillages

* Ensure that all classes are available

* Success if hasAllRequested is true

* Failure if hasAllRequested is false

* Adding schema updates for feature plugin

* Seperate basic from trial

* Enable SIR on integration tests

* Starting the plumbing for authorization in plugin

* Unit tests working

* Move find route logic to case client

* Create integration test helper functions

* Adding auth to create call

* Create getClassFilter helper

* Add class attribute to find request

* Create getFindAuthorizationFilter

* Ensure savedObject is authorized in find method

* Include fields for authorization

* Combine authorization filter with cases & subcases filter

* Fix isAuthorized flag

* Fix merge issue

* Create/delete spaces & users before and after tests

* Add more user and roles

* [Cases] Convert filters from strings to KueryNode (#95288)

* [Cases] RBAC: Rename class to scope (#95535)

* [Cases][RBAC] Rename scope to owner (#96035)

* [Cases] RBAC: Create & Find integration tests (#95511)

* [Cases] Cases client enchantment (#95923)

* [Cases] Authorization and Client Audit Logger (#95477)

* Starting audit logger

* Finishing auth audit logger

* Fixing tests and types

* Adding audit event creator

* Renaming class to scope

* Adding audit logger messages to create and find

* Adding comments and fixing import issue

* Fixing type errors

* Fixing tests and adding username to message

* Addressing PR feedback

* Removing unneccessary log and generating id

* Fixing module issue and remove expect.anything

* [Cases] Migrate sub cases routes to a client (#96461)

* Adding sub cases client

* Move sub case routes to case client

* Throw when attempting to access the sub cases client

* Fixing throw and removing user ans soclients

* [Cases] RBAC: Migrate routes' unit tests to integration tests (#96374)

Co-authored-by: Jonathan Buttner <jonathan.buttner@elastic.co>

* [Cases] Move remaining HTTP functionality to client (#96507)

* Moving deletes and find for attachments

* Moving rest of comment apis

* Migrating configuration routes to client

* Finished moving routes, starting utils refactor

* Refactoring utilites and fixing integration tests

* Addressing PR feedback

* Fixing mocks and types

* Fixing integration tests

* Renaming status_stats

* Fixing test type errors

* Adding plugins to kibana.json

* Adding cases to required plugin

* [Cases] Refactoring authorization (#97483)

* Refactoring authorization

* Wrapping auth calls in helper for try catch

* Reverting name change

* Hardcoding the saved object types

* Switching ensure to owner array

* [Cases] Add authorization to configuration & cases routes (#97228)

* [Cases] Attachments RBAC (#97756)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Addressing PR comments

* Reducing operations

* [Cases] Add RBAC to remaining Cases APIs (#98762)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Working case update tests

* Addressing PR comments

* Reducing operations

* Working rbac push case tests

* Starting stats apis

* Working status tests

* User action tests and fixing migration errors

* Fixing type errors

* including error in message

* Addressing pr feedback

* Fixing some type errors

* [Cases] Add space only tests (#99409)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* [Cases] Add security only tests (#99679)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* Starting security only tests

* Adding remainder security only tests

* Using helper objects

* Fixing type error for null space

* Renaming utility variables

* Refactoring users and roles for security only tests

* Adding sub feature

* [Cases] Cleaning up the services and TODOs (#99723)

* Cleaning up the service intialization

* Fixing type errors

* Adding comments for the api

* Working test for cases client

* Fix type error

* Adding generated docs

* Adding more docs and cleaning up types

* Cleaning up readme

* More clean up and links

* Changing some file names

* Renaming docs

* Integration tests for cases privs and fixes (#100038)

* [Cases] RBAC on UI (#99478)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

* Fixing case ids by alert id route call

* [Cases] Fixing UI feature permissions and adding UI tests (#100074)

* Integration tests for cases privs and fixes

* Fixing ui cases permissions and adding tests

* Adding test for collection failure and fixing jest

* Renaming variables

* Fixing type error

* Adding some comments

* Validate cases features

* Fix new schema

* Adding owner param for the status stats

* Fix get case status tests

* Adjusting permissions text and fixing status

* Address PR feedback

* Adding top level feature back

* Fixing feature privileges

* Renaming

* Removing uneeded else

* Fixing tests and adding cases merge tests

* [Cases][Security Solution] Basic license security solution API tests (#100925)

* Cleaning up the fixture plugins

* Adding basic feature test

* renaming to unsecuredSavedObjectsClient (#101215)

* [Cases] RBAC Refactoring audit logging (#100952)

* Refactoring audit logging

* Adding unit tests for authorization classes

* Addressing feedback and adding util tests

* return undefined on empty array

* fixing eslint

* [Cases] Cleaning up RBAC integration tests (#101324)

* Adding tests for space permissions

* Adding tests for testing a disable feature

Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
jonathan-buttner added a commit to jonathan-buttner/kibana that referenced this pull request Jun 7, 2021
* Adding feature flag for auth

* Hiding SOs and adding consumer field

* First pass at adding security changes

* Consumer as the app's plugin ID

* Create addConsumerToSO migration helper

* Fix mapping's SO consumer

* Add test for CasesActions

* Declare hidden types on SO client

* Restructure integration tests

* Init spaces_only integration tests

* Implementing the cases security string

* Adding security plugin tests for cases

* Rough concept for authorization class

* Adding comments

* Fix merge

* Get requiredPrivileges for classes

* Check privillages

* Ensure that all classes are available

* Success if hasAllRequested is true

* Failure if hasAllRequested is false

* Adding schema updates for feature plugin

* Seperate basic from trial

* Enable SIR on integration tests

* Starting the plumbing for authorization in plugin

* Unit tests working

* Move find route logic to case client

* Create integration test helper functions

* Adding auth to create call

* Create getClassFilter helper

* Add class attribute to find request

* Create getFindAuthorizationFilter

* Ensure savedObject is authorized in find method

* Include fields for authorization

* Combine authorization filter with cases & subcases filter

* Fix isAuthorized flag

* Fix merge issue

* Create/delete spaces & users before and after tests

* Add more user and roles

* [Cases] Convert filters from strings to KueryNode (elastic#95288)

* [Cases] RBAC: Rename class to scope (elastic#95535)

* [Cases][RBAC] Rename scope to owner (elastic#96035)

* [Cases] RBAC: Create & Find integration tests (elastic#95511)

* [Cases] Cases client enchantment (elastic#95923)

* [Cases] Authorization and Client Audit Logger (elastic#95477)

* Starting audit logger

* Finishing auth audit logger

* Fixing tests and types

* Adding audit event creator

* Renaming class to scope

* Adding audit logger messages to create and find

* Adding comments and fixing import issue

* Fixing type errors

* Fixing tests and adding username to message

* Addressing PR feedback

* Removing unneccessary log and generating id

* Fixing module issue and remove expect.anything

* [Cases] Migrate sub cases routes to a client (elastic#96461)

* Adding sub cases client

* Move sub case routes to case client

* Throw when attempting to access the sub cases client

* Fixing throw and removing user ans soclients

* [Cases] RBAC: Migrate routes' unit tests to integration tests (elastic#96374)

Co-authored-by: Jonathan Buttner <jonathan.buttner@elastic.co>

* [Cases] Move remaining HTTP functionality to client (elastic#96507)

* Moving deletes and find for attachments

* Moving rest of comment apis

* Migrating configuration routes to client

* Finished moving routes, starting utils refactor

* Refactoring utilites and fixing integration tests

* Addressing PR feedback

* Fixing mocks and types

* Fixing integration tests

* Renaming status_stats

* Fixing test type errors

* Adding plugins to kibana.json

* Adding cases to required plugin

* [Cases] Refactoring authorization (elastic#97483)

* Refactoring authorization

* Wrapping auth calls in helper for try catch

* Reverting name change

* Hardcoding the saved object types

* Switching ensure to owner array

* [Cases] Add authorization to configuration & cases routes (elastic#97228)

* [Cases] Attachments RBAC (elastic#97756)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Addressing PR comments

* Reducing operations

* [Cases] Add RBAC to remaining Cases APIs (elastic#98762)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Working case update tests

* Addressing PR comments

* Reducing operations

* Working rbac push case tests

* Starting stats apis

* Working status tests

* User action tests and fixing migration errors

* Fixing type errors

* including error in message

* Addressing pr feedback

* Fixing some type errors

* [Cases] Add space only tests (elastic#99409)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* [Cases] Add security only tests (elastic#99679)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* Starting security only tests

* Adding remainder security only tests

* Using helper objects

* Fixing type error for null space

* Renaming utility variables

* Refactoring users and roles for security only tests

* Adding sub feature

* [Cases] Cleaning up the services and TODOs (elastic#99723)

* Cleaning up the service intialization

* Fixing type errors

* Adding comments for the api

* Working test for cases client

* Fix type error

* Adding generated docs

* Adding more docs and cleaning up types

* Cleaning up readme

* More clean up and links

* Changing some file names

* Renaming docs

* Integration tests for cases privs and fixes (elastic#100038)

* [Cases] RBAC on UI (elastic#99478)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

* Fixing case ids by alert id route call

* [Cases] Fixing UI feature permissions and adding UI tests (elastic#100074)

* Integration tests for cases privs and fixes

* Fixing ui cases permissions and adding tests

* Adding test for collection failure and fixing jest

* Renaming variables

* Fixing type error

* Adding some comments

* Validate cases features

* Fix new schema

* Adding owner param for the status stats

* Fix get case status tests

* Adjusting permissions text and fixing status

* Address PR feedback

* Adding top level feature back

* Fixing feature privileges

* Renaming

* Removing uneeded else

* Fixing tests and adding cases merge tests

* [Cases][Security Solution] Basic license security solution API tests (elastic#100925)

* Cleaning up the fixture plugins

* Adding basic feature test

* renaming to unsecuredSavedObjectsClient (elastic#101215)

* [Cases] RBAC Refactoring audit logging (elastic#100952)

* Refactoring audit logging

* Adding unit tests for authorization classes

* Addressing feedback and adding util tests

* return undefined on empty array

* fixing eslint

* [Cases] Cleaning up RBAC integration tests (elastic#101324)

* Adding tests for space permissions

* Adding tests for testing a disable feature

Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
# Conflicts:
#	x-pack/plugins/cases/server/client/client.ts
#	x-pack/plugins/cases/server/client/mocks.ts
#	x-pack/plugins/cases/server/client/types.ts
#	x-pack/plugins/cases/server/index.ts
#	x-pack/plugins/cases/server/plugin.ts
#	x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts
#	x-pack/plugins/security_solution/server/endpoint/mocks.ts
#	x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts
jonathan-buttner added a commit that referenced this pull request Jun 7, 2021
* [Cases] RBAC (#95058)

* Adding feature flag for auth

* Hiding SOs and adding consumer field

* First pass at adding security changes

* Consumer as the app's plugin ID

* Create addConsumerToSO migration helper

* Fix mapping's SO consumer

* Add test for CasesActions

* Declare hidden types on SO client

* Restructure integration tests

* Init spaces_only integration tests

* Implementing the cases security string

* Adding security plugin tests for cases

* Rough concept for authorization class

* Adding comments

* Fix merge

* Get requiredPrivileges for classes

* Check privillages

* Ensure that all classes are available

* Success if hasAllRequested is true

* Failure if hasAllRequested is false

* Adding schema updates for feature plugin

* Seperate basic from trial

* Enable SIR on integration tests

* Starting the plumbing for authorization in plugin

* Unit tests working

* Move find route logic to case client

* Create integration test helper functions

* Adding auth to create call

* Create getClassFilter helper

* Add class attribute to find request

* Create getFindAuthorizationFilter

* Ensure savedObject is authorized in find method

* Include fields for authorization

* Combine authorization filter with cases & subcases filter

* Fix isAuthorized flag

* Fix merge issue

* Create/delete spaces & users before and after tests

* Add more user and roles

* [Cases] Convert filters from strings to KueryNode (#95288)

* [Cases] RBAC: Rename class to scope (#95535)

* [Cases][RBAC] Rename scope to owner (#96035)

* [Cases] RBAC: Create & Find integration tests (#95511)

* [Cases] Cases client enchantment (#95923)

* [Cases] Authorization and Client Audit Logger (#95477)

* Starting audit logger

* Finishing auth audit logger

* Fixing tests and types

* Adding audit event creator

* Renaming class to scope

* Adding audit logger messages to create and find

* Adding comments and fixing import issue

* Fixing type errors

* Fixing tests and adding username to message

* Addressing PR feedback

* Removing unneccessary log and generating id

* Fixing module issue and remove expect.anything

* [Cases] Migrate sub cases routes to a client (#96461)

* Adding sub cases client

* Move sub case routes to case client

* Throw when attempting to access the sub cases client

* Fixing throw and removing user ans soclients

* [Cases] RBAC: Migrate routes' unit tests to integration tests (#96374)

Co-authored-by: Jonathan Buttner <jonathan.buttner@elastic.co>

* [Cases] Move remaining HTTP functionality to client (#96507)

* Moving deletes and find for attachments

* Moving rest of comment apis

* Migrating configuration routes to client

* Finished moving routes, starting utils refactor

* Refactoring utilites and fixing integration tests

* Addressing PR feedback

* Fixing mocks and types

* Fixing integration tests

* Renaming status_stats

* Fixing test type errors

* Adding plugins to kibana.json

* Adding cases to required plugin

* [Cases] Refactoring authorization (#97483)

* Refactoring authorization

* Wrapping auth calls in helper for try catch

* Reverting name change

* Hardcoding the saved object types

* Switching ensure to owner array

* [Cases] Add authorization to configuration & cases routes (#97228)

* [Cases] Attachments RBAC (#97756)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Addressing PR comments

* Reducing operations

* [Cases] Add RBAC to remaining Cases APIs (#98762)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Working case update tests

* Addressing PR comments

* Reducing operations

* Working rbac push case tests

* Starting stats apis

* Working status tests

* User action tests and fixing migration errors

* Fixing type errors

* including error in message

* Addressing pr feedback

* Fixing some type errors

* [Cases] Add space only tests (#99409)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* [Cases] Add security only tests (#99679)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* Starting security only tests

* Adding remainder security only tests

* Using helper objects

* Fixing type error for null space

* Renaming utility variables

* Refactoring users and roles for security only tests

* Adding sub feature

* [Cases] Cleaning up the services and TODOs (#99723)

* Cleaning up the service intialization

* Fixing type errors

* Adding comments for the api

* Working test for cases client

* Fix type error

* Adding generated docs

* Adding more docs and cleaning up types

* Cleaning up readme

* More clean up and links

* Changing some file names

* Renaming docs

* Integration tests for cases privs and fixes (#100038)

* [Cases] RBAC on UI (#99478)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

* Fixing case ids by alert id route call

* [Cases] Fixing UI feature permissions and adding UI tests (#100074)

* Integration tests for cases privs and fixes

* Fixing ui cases permissions and adding tests

* Adding test for collection failure and fixing jest

* Renaming variables

* Fixing type error

* Adding some comments

* Validate cases features

* Fix new schema

* Adding owner param for the status stats

* Fix get case status tests

* Adjusting permissions text and fixing status

* Address PR feedback

* Adding top level feature back

* Fixing feature privileges

* Renaming

* Removing uneeded else

* Fixing tests and adding cases merge tests

* [Cases][Security Solution] Basic license security solution API tests (#100925)

* Cleaning up the fixture plugins

* Adding basic feature test

* renaming to unsecuredSavedObjectsClient (#101215)

* [Cases] RBAC Refactoring audit logging (#100952)

* Refactoring audit logging

* Adding unit tests for authorization classes

* Addressing feedback and adding util tests

* return undefined on empty array

* fixing eslint

* [Cases] Cleaning up RBAC integration tests (#101324)

* Adding tests for space permissions

* Adding tests for testing a disable feature

Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
# Conflicts:
#	x-pack/plugins/cases/server/client/client.ts
#	x-pack/plugins/cases/server/client/mocks.ts
#	x-pack/plugins/cases/server/client/types.ts
#	x-pack/plugins/cases/server/index.ts
#	x-pack/plugins/cases/server/plugin.ts
#	x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts
#	x-pack/plugins/security_solution/server/endpoint/mocks.ts
#	x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts

* Fixing type errors

* Addressing plugin type errors
jonathan-buttner added a commit that referenced this pull request Jun 22, 2021
* Adding feature flag for auth

* Hiding SOs and adding consumer field

* First pass at adding security changes

* Consumer as the app's plugin ID

* Create addConsumerToSO migration helper

* Fix mapping's SO consumer

* Add test for CasesActions

* Declare hidden types on SO client

* Restructure integration tests

* Init spaces_only integration tests

* Implementing the cases security string

* Adding security plugin tests for cases

* Rough concept for authorization class

* Adding comments

* Fix merge

* Get requiredPrivileges for classes

* Check privillages

* Ensure that all classes are available

* Success if hasAllRequested is true

* Failure if hasAllRequested is false

* Adding schema updates for feature plugin

* Seperate basic from trial

* Enable SIR on integration tests

* Starting the plumbing for authorization in plugin

* Unit tests working

* Move find route logic to case client

* Create integration test helper functions

* Adding auth to create call

* Create getClassFilter helper

* Add class attribute to find request

* Create getFindAuthorizationFilter

* Ensure savedObject is authorized in find method

* Include fields for authorization

* Combine authorization filter with cases & subcases filter

* Fix isAuthorized flag

* Fix merge issue

* Create/delete spaces & users before and after tests

* Add more user and roles

* [Cases] Convert filters from strings to KueryNode (#95288)

* [Cases] RBAC: Rename class to scope (#95535)

* [Cases][RBAC] Rename scope to owner (#96035)

* [Cases] RBAC: Create & Find integration tests (#95511)

* [Cases] Cases client enchantment (#95923)

* [Cases] Authorization and Client Audit Logger (#95477)

* Starting audit logger

* Finishing auth audit logger

* Fixing tests and types

* Adding audit event creator

* Renaming class to scope

* Adding audit logger messages to create and find

* Adding comments and fixing import issue

* Fixing type errors

* Fixing tests and adding username to message

* Addressing PR feedback

* Removing unneccessary log and generating id

* Fixing module issue and remove expect.anything

* [Cases] Migrate sub cases routes to a client (#96461)

* Adding sub cases client

* Move sub case routes to case client

* Throw when attempting to access the sub cases client

* Fixing throw and removing user ans soclients

* [Cases] RBAC: Migrate routes' unit tests to integration tests (#96374)

Co-authored-by: Jonathan Buttner <jonathan.buttner@elastic.co>

* [Cases] Move remaining HTTP functionality to client (#96507)

* Moving deletes and find for attachments

* Moving rest of comment apis

* Migrating configuration routes to client

* Finished moving routes, starting utils refactor

* Refactoring utilites and fixing integration tests

* Addressing PR feedback

* Fixing mocks and types

* Fixing integration tests

* Renaming status_stats

* Fixing test type errors

* Adding plugins to kibana.json

* Adding cases to required plugin

* [Cases] Refactoring authorization (#97483)

* Refactoring authorization

* Wrapping auth calls in helper for try catch

* Reverting name change

* Hardcoding the saved object types

* Switching ensure to owner array

* [Cases] Add authorization to configuration & cases routes (#97228)

* [Cases] Attachments RBAC (#97756)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Addressing PR comments

* Reducing operations

* [Cases] Add RBAC to remaining Cases APIs (#98762)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Working case update tests

* Addressing PR comments

* Reducing operations

* Working rbac push case tests

* Starting stats apis

* Working status tests

* User action tests and fixing migration errors

* Fixing type errors

* including error in message

* Addressing pr feedback

* Fixing some type errors

* [Cases] Add space only tests (#99409)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* [Cases] Add security only tests (#99679)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* Starting security only tests

* Adding remainder security only tests

* Using helper objects

* Fixing type error for null space

* Renaming utility variables

* Refactoring users and roles for security only tests

* Adding sub feature

* [Cases] Cleaning up the services and TODOs (#99723)

* Cleaning up the service intialization

* Fixing type errors

* Adding comments for the api

* Working test for cases client

* Fix type error

* Adding generated docs

* Adding more docs and cleaning up types

* Cleaning up readme

* More clean up and links

* Changing some file names

* Renaming docs

* Integration tests for cases privs and fixes (#100038)

* [Cases] RBAC on UI (#99478)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

* Fixing case ids by alert id route call

* [Cases] Fixing UI feature permissions and adding UI tests (#100074)

* Integration tests for cases privs and fixes

* Fixing ui cases permissions and adding tests

* Adding test for collection failure and fixing jest

* Renaming variables

* Fixing type error

* Adding some comments

* Validate cases features

* Fix new schema

* Adding owner param for the status stats

* Fix get case status tests

* Adjusting permissions text and fixing status

* Address PR feedback

* Adding top level feature back

* Fixing feature privileges

* Renaming

* Removing uneeded else

* Fixing tests and adding cases merge tests

* [Cases][Security Solution] Basic license security solution API tests (#100925)

* Cleaning up the fixture plugins

* Adding basic feature test

* renaming to unsecuredSavedObjectsClient (#101215)

* [Cases] RBAC Refactoring audit logging (#100952)

* Refactoring audit logging

* Adding unit tests for authorization classes

* Addressing feedback and adding util tests

* return undefined on empty array

* fixing eslint

* conditional rendering the recently created cases

* Remove unnecessary Array.from

* Cleaning up overview page for permissions

* Fixing log message for attachments

* hiding add to cases button

* Disable the Cases app from the global nav

* Hide the add to cases button from detections

* Fixing merge

* Making progress on removing icons

* Hding edit icons on detail view

* Trying to get connector error msg tests working

* Removing test

* Disable error callouts

* Fixing spacing and removing cases tab one no read

* Adding read only badge

* Cleaning up and adding badge

* Wrapping in use effect

* Default toasting permissions errors

* Removing actions icon on comments

* Addressing feedback

* Fixing type

Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
jonathan-buttner added a commit that referenced this pull request Jun 22, 2021
* Adding feature flag for auth

* Hiding SOs and adding consumer field

* First pass at adding security changes

* Consumer as the app's plugin ID

* Create addConsumerToSO migration helper

* Fix mapping's SO consumer

* Add test for CasesActions

* Declare hidden types on SO client

* Restructure integration tests

* Init spaces_only integration tests

* Implementing the cases security string

* Adding security plugin tests for cases

* Rough concept for authorization class

* Adding comments

* Fix merge

* Get requiredPrivileges for classes

* Check privillages

* Ensure that all classes are available

* Success if hasAllRequested is true

* Failure if hasAllRequested is false

* Adding schema updates for feature plugin

* Seperate basic from trial

* Enable SIR on integration tests

* Starting the plumbing for authorization in plugin

* Unit tests working

* Move find route logic to case client

* Create integration test helper functions

* Adding auth to create call

* Create getClassFilter helper

* Add class attribute to find request

* Create getFindAuthorizationFilter

* Ensure savedObject is authorized in find method

* Include fields for authorization

* Combine authorization filter with cases & subcases filter

* Fix isAuthorized flag

* Fix merge issue

* Create/delete spaces & users before and after tests

* Add more user and roles

* [Cases] Convert filters from strings to KueryNode (#95288)

* [Cases] RBAC: Rename class to scope (#95535)

* [Cases][RBAC] Rename scope to owner (#96035)

* [Cases] RBAC: Create & Find integration tests (#95511)

* [Cases] Cases client enchantment (#95923)

* [Cases] Authorization and Client Audit Logger (#95477)

* Starting audit logger

* Finishing auth audit logger

* Fixing tests and types

* Adding audit event creator

* Renaming class to scope

* Adding audit logger messages to create and find

* Adding comments and fixing import issue

* Fixing type errors

* Fixing tests and adding username to message

* Addressing PR feedback

* Removing unneccessary log and generating id

* Fixing module issue and remove expect.anything

* [Cases] Migrate sub cases routes to a client (#96461)

* Adding sub cases client

* Move sub case routes to case client

* Throw when attempting to access the sub cases client

* Fixing throw and removing user ans soclients

* [Cases] RBAC: Migrate routes' unit tests to integration tests (#96374)

Co-authored-by: Jonathan Buttner <jonathan.buttner@elastic.co>

* [Cases] Move remaining HTTP functionality to client (#96507)

* Moving deletes and find for attachments

* Moving rest of comment apis

* Migrating configuration routes to client

* Finished moving routes, starting utils refactor

* Refactoring utilites and fixing integration tests

* Addressing PR feedback

* Fixing mocks and types

* Fixing integration tests

* Renaming status_stats

* Fixing test type errors

* Adding plugins to kibana.json

* Adding cases to required plugin

* [Cases] Refactoring authorization (#97483)

* Refactoring authorization

* Wrapping auth calls in helper for try catch

* Reverting name change

* Hardcoding the saved object types

* Switching ensure to owner array

* [Cases] Add authorization to configuration & cases routes (#97228)

* [Cases] Attachments RBAC (#97756)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Addressing PR comments

* Reducing operations

* [Cases] Add RBAC to remaining Cases APIs (#98762)

* Starting rbac for comments

* Adding authorization to rest of comment apis

* Starting the comment rbac tests

* Fixing some of the rbac tests

* Adding some integration tests

* Starting patch tests

* Working tests for comments

* Working tests

* Fixing some tests

* Fixing type issues from pulling in master

* Fixing connector tests that only work in trial license

* Attempting to fix cypress

* Mock return of array for configure

* Fixing cypress test

* Cleaning up

* Working case update tests

* Addressing PR comments

* Reducing operations

* Working rbac push case tests

* Starting stats apis

* Working status tests

* User action tests and fixing migration errors

* Fixing type errors

* including error in message

* Addressing pr feedback

* Fixing some type errors

* [Cases] Add space only tests (#99409)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* [Cases] Add security only tests (#99679)

* Starting spaces tests

* Finishing space only tests

* Refactoring createCaseWithConnector

* Fixing spelling

* Addressing PR feedback and creating alert tests

* Fixing mocks

* Starting security only tests

* Adding remainder security only tests

* Using helper objects

* Fixing type error for null space

* Renaming utility variables

* Refactoring users and roles for security only tests

* Adding sub feature

* [Cases] Cleaning up the services and TODOs (#99723)

* Cleaning up the service intialization

* Fixing type errors

* Adding comments for the api

* Working test for cases client

* Fix type error

* Adding generated docs

* Adding more docs and cleaning up types

* Cleaning up readme

* More clean up and links

* Changing some file names

* Renaming docs

* Integration tests for cases privs and fixes (#100038)

* [Cases] RBAC on UI (#99478)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

* Fixing case ids by alert id route call

* [Cases] Fixing UI feature permissions and adding UI tests (#100074)

* Integration tests for cases privs and fixes

* Fixing ui cases permissions and adding tests

* Adding test for collection failure and fixing jest

* Renaming variables

* Fixing type error

* Adding some comments

* Validate cases features

* Fix new schema

* Adding owner param for the status stats

* Fix get case status tests

* Adjusting permissions text and fixing status

* Address PR feedback

* Adding top level feature back

* Fixing feature privileges

* Renaming

* Removing uneeded else

* Fixing tests and adding cases merge tests

* [Cases][Security Solution] Basic license security solution API tests (#100925)

* Cleaning up the fixture plugins

* Adding basic feature test

* renaming to unsecuredSavedObjectsClient (#101215)

* [Cases] RBAC Refactoring audit logging (#100952)

* Refactoring audit logging

* Adding unit tests for authorization classes

* Addressing feedback and adding util tests

* return undefined on empty array

* fixing eslint

* conditional rendering the recently created cases

* Remove unnecessary Array.from

* Cleaning up overview page for permissions

* Fixing log message for attachments

* hiding add to cases button

* Disable the Cases app from the global nav

* Hide the add to cases button from detections

* Fixing merge

* Making progress on removing icons

* Hding edit icons on detail view

* Trying to get connector error msg tests working

* Removing test

* Disable error callouts

* Fixing spacing and removing cases tab one no read

* Adding read only badge

* Cleaning up and adding badge

* Wrapping in use effect

* Default toasting permissions errors

* Removing actions icon on comments

* Addressing feedback

* Fixing type

Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Cases Cases feature Team:Detections and Resp Security Detection Response Team Team:Threat Hunting Security Solution Threat Hunting Team Theme: rac label obsolete v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants