From 4aaa78246481a22be99a69b912e5643e5d3bd275 Mon Sep 17 00:00:00 2001 From: Lin Wang Date: Wed, 13 Nov 2024 10:41:21 +0800 Subject: [PATCH] Replace kibanaserver with self created workspace test user Signed-off-by: Lin Wang --- .../workspace/workspaceTestRole.json | 17 +++++++++ .../workspace/workspaceTestRoleMapping.json | 3 ++ .../workspace/workspaceTestUser.json | 3 ++ .../mds_workspace_detail.spec.js | 37 ++++++++++++++----- .../dashboards/workspace-plugin/constants.js | 5 --- .../security-dashboards-plugin/commands.js | 8 ++++ 6 files changed, 59 insertions(+), 14 deletions(-) create mode 100644 cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json create mode 100644 cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json create mode 100644 cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json diff --git a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json new file mode 100644 index 000000000..913c96425 --- /dev/null +++ b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json @@ -0,0 +1,17 @@ +{ + "cluster_permissions": ["*"], + "index_permissions": [ + { + "index_patterns": ["*"], + "fls": [], + "masked_fields": [], + "allowed_actions": ["*"] + } + ], + "tenant_permissions": [ + { + "tenant_patterns": ["*"], + "allowed_actions": ["kibana_all_write"] + } + ] +} diff --git a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json new file mode 100644 index 000000000..5d3698510 --- /dev/null +++ b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json @@ -0,0 +1,3 @@ +{ + "users": ["workspace-test"] +} diff --git a/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json new file mode 100644 index 000000000..ab42fc30d --- /dev/null +++ b/cypress/fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json @@ -0,0 +1,3 @@ +{ + "password": "testUserPassword123" +} diff --git a/cypress/integration/core-opensearch-dashboards/opensearch-dashboards/workspace-plugin/mds_workspace_detail.spec.js b/cypress/integration/core-opensearch-dashboards/opensearch-dashboards/workspace-plugin/mds_workspace_detail.spec.js index e7093b996..5f2fa12b1 100644 --- a/cypress/integration/core-opensearch-dashboards/opensearch-dashboards/workspace-plugin/mds_workspace_detail.spec.js +++ b/cypress/integration/core-opensearch-dashboards/opensearch-dashboards/workspace-plugin/mds_workspace_detail.spec.js @@ -5,7 +5,12 @@ import { MiscUtils } from '@opensearch-dashboards-test/opensearch-dashboards-test-library'; import { ADMIN_AUTH } from '../../../../utils/commands'; -import { NONE_DASHBOARDS_ADMIN_USER } from '../../../../utils/dashboards/workspace-plugin/constants'; +import workspaceTestUser from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestUser.json'; +import workspaceTestRole from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRole.json'; +import workspaceTestRoleMapping from '../../../../fixtures/dashboard/opensearch_dashboards/workspace/workspaceTestRoleMapping.json'; + +const NONE_DASHBOARDS_ADMIN_USERNAME = 'workspace-test'; +const WORKSPACE_TEST_ROLE_NAME = 'workspace-test-role'; const miscUtils = new MiscUtils(cy); const workspaceName = 'test_workspace_320sdfouAz'; @@ -16,6 +21,17 @@ let workspaceFeatures = ['use-case-observability']; if (Cypress.env('WORKSPACE_ENABLED')) { describe('Workspace detail', () => { before(() => { + if (Cypress.env('SECURITY_ENABLED')) { + cy.createInternalUser( + NONE_DASHBOARDS_ADMIN_USERNAME, + workspaceTestUser + ); + cy.createRole(WORKSPACE_TEST_ROLE_NAME, workspaceTestRole); + cy.createRoleMapping( + WORKSPACE_TEST_ROLE_NAME, + workspaceTestRoleMapping + ); + } cy.deleteWorkspaceByName(workspaceName); cy.createWorkspace({ name: workspaceName, @@ -25,8 +41,8 @@ if (Cypress.env('WORKSPACE_ENABLED')) { permissions: { library_write: { users: ['%me%'] }, write: { users: ['%me%'] }, - library_read: { users: [NONE_DASHBOARDS_ADMIN_USER.username] }, - read: { users: [NONE_DASHBOARDS_ADMIN_USER.username] }, + library_read: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] }, + read: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] }, }, }, }).then((value) => (workspaceId = value)); @@ -34,6 +50,9 @@ if (Cypress.env('WORKSPACE_ENABLED')) { after(() => { cy.deleteWorkspaceById(workspaceId); + if (Cypress.env('SECURITY_ENABLED')) { + cy.deleteInternalUser(NONE_DASHBOARDS_ADMIN_USERNAME); + } }); describe('workspace details', () => { @@ -163,8 +182,8 @@ if (Cypress.env('WORKSPACE_ENABLED')) { ADMIN_AUTH.newPassword = originalPassword; }); it('should not able to update workspace meta for non workspace admin', () => { - ADMIN_AUTH.newUser = NONE_DASHBOARDS_ADMIN_USER.username; - ADMIN_AUTH.newPassword = NONE_DASHBOARDS_ADMIN_USER.password; + ADMIN_AUTH.newUser = NONE_DASHBOARDS_ADMIN_USERNAME; + ADMIN_AUTH.newPassword = workspaceTestUser.password; // Visit workspace list page miscUtils.visitPage(`/app/workspace_list`); @@ -200,8 +219,8 @@ if (Cypress.env('WORKSPACE_ENABLED')) { features: ['use-case-all'], settings: { permissions: { - library_write: { users: [NONE_DASHBOARDS_ADMIN_USER.username] }, - write: { users: [NONE_DASHBOARDS_ADMIN_USER.username] }, + library_write: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] }, + write: { users: [NONE_DASHBOARDS_ADMIN_USERNAME] }, }, }, }; @@ -209,8 +228,8 @@ if (Cypress.env('WORKSPACE_ENABLED')) { cy.createWorkspace(kibanaServerAdminWorkspace) .as('adminWorkspaceId') .then(() => { - ADMIN_AUTH.newUser = NONE_DASHBOARDS_ADMIN_USER.username; - ADMIN_AUTH.newPassword = NONE_DASHBOARDS_ADMIN_USER.password; + ADMIN_AUTH.newUser = NONE_DASHBOARDS_ADMIN_USERNAME; + ADMIN_AUTH.newPassword = workspaceTestUser.password; }); // Visit workspace list page diff --git a/cypress/utils/dashboards/workspace-plugin/constants.js b/cypress/utils/dashboards/workspace-plugin/constants.js index d8d82e8c3..764f778bc 100644 --- a/cypress/utils/dashboards/workspace-plugin/constants.js +++ b/cypress/utils/dashboards/workspace-plugin/constants.js @@ -4,8 +4,3 @@ */ export const WORKSPACE_API_PREFIX = '/api/workspaces'; - -export const NONE_DASHBOARDS_ADMIN_USER = { - username: 'kibanaserver', - password: 'kibanaserver', -}; diff --git a/cypress/utils/plugins/security-dashboards-plugin/commands.js b/cypress/utils/plugins/security-dashboards-plugin/commands.js index a0d901af0..25fa2a5f4 100644 --- a/cypress/utils/plugins/security-dashboards-plugin/commands.js +++ b/cypress/utils/plugins/security-dashboards-plugin/commands.js @@ -29,6 +29,14 @@ Cypress.Commands.add('createInternalUser', (userID, userJson) => { cy.wait(10000); }); +Cypress.Commands.add('deleteInternalUser', (userID) => { + cy.request( + 'DELETE', + `${Cypress.env('openSearchUrl')}${SEC_API.INTERNALUSERS_BASE}/${userID}` + ); + cy.wait(10000); +}); + Cypress.Commands.add('createRole', (roleID, roleJson) => { cy.request( 'PUT',