[FTR] support "deployment agnostic" api-integration tests #188737
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmlemeshko
commented
Jul 22, 2024
| hostOptions, | ||
| log, | ||
| isCloud: config.env.CLOUD_SERVERLESS, | ||
| cloudUsersFilePath: `${REPO_ROOT}/.ftr/${rolesFilename}`, |
There was a problem hiding this comment.
For some reason not able to use path.resolve here: Do not import Node.js builtin module "path"
Let me know if there is the way to do it in a reliable way (this code will fail on Windows)
There was a problem hiding this comment.
Regarding change: I believe passing the absolute path to the file with credentials gives a better flexibility and also less logic inside SamlSessionManager, which now will be used for both svl & stateful
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
This reverts commit 22fedf1.
…ibana into ftr/unify-saml-auth-service
|
/ci |
|
/ci |
mgiota
reviewed
Aug 2, 2024
| import { KibanaServer } from '../..'; | ||
|
|
||
| import { ServerlessAuthProvider } from './serverless/auth_provider'; | ||
| import { StatefuAuthProvider } from './stateful/auth_provider'; |
There was a problem hiding this comment.
There is a typo here. Should be StatefulAuthProvider
|
/ci |
…ibana into ftr/unify-saml-auth-service
|
/ci |
dmlemeshko
changed the title
|
/ci |
…ibana into ftr/unify-saml-auth-service
|
/ci |
⏳ Build in-progress, with failuresFailed CI Steps
Test Failures
History
To update your PR or re-run it, just comment with: |
dmlemeshko
added a commit
that referenced
this pull request
Aug 5, 2024
…services (#189613) ## Summary While working on #188737 I had to move `supertestWithoutAuth` into `kbn-ftr-common-functional-services` package. This change seems to be bigger than initially planned. Moving it to the separate PR with following changes: - move FTR `SupertestWithoutAuthProvider` service to package - remove "duplicates" in favour of service from package - update service type where needed
|
Work is finished in #189853 |
dmlemeshko
added a commit
that referenced
this pull request
Aug 7, 2024
## Summary ### This PR introduces a new type of API integration tests in FTR: deployment-agnostic  #### Test suite is considered deployment-agnostic when it fulfils the following criteria: **Functionality**: It tests Kibana APIs that are **logically identical in both stateful and serverless environments** for the same SAML roles. **Design**: The test design is **clean and does not require additional logic** to execute in either stateful or serverless environments. ### How It Works Most existing stateful tests use basic authentication for API testing. In contrast, serverless tests use SAML authentication with project-specific role mapping. Since stateful deployments also support SAML, deployment-agnostic tests **configure Elasticsearch and Kibana with SAML authentication in both cases**. For roles, stateful deployments define 'viewer', 'editor', and 'admin' roles with serverless-alike privileges. New `samlAuth` service has `AuthProvider` interface with 2 different implementations: depending on environment context (serverless or stateful) appropriate implementation is used. But it remains on service level and hidden in test suite. test example ``` export default function ({ getService }: DeploymentAgnosticFtrProviderContext) { const samlAuth = getService('samlAuth'); const supertestWithoutAuth = getService('supertestWithoutAuth'); let roleAuthc: RoleCredentials; let internalHeaders: InternalRequestHeader; describe('GET /api/console/api_server', () => { before(async () => { roleAuthc = await samlAuth.createM2mApiKeyWithRoleScope('admin'); internalHeaders = samlAuth.getInternalRequestHeader(); }); after(async () => { await samlAuth.invalidateM2mApiKeyWithRoleScope(roleAuthc); }); it('returns autocomplete definitions', async () => { const { body } = await supertestWithoutAuth .get('/api/console/api_server') .set(roleAuthc.apiKeyHeader) .set(internalHeaders) .set('kbn-xsrf', 'true') .expect(200); expect(body.es).to.be.ok(); const { es: { name, globals, endpoints }, } = body; expect(name).to.be.ok(); expect(Object.keys(globals).length).to.be.above(0); expect(Object.keys(endpoints).length).to.be.above(0); }); }); } ``` Please read [readme](https://github.com/elastic/kibana/blob/966822ac872c71284258faf61682176251bcf2c2/x-pack/test/api_integration/deployment_agnostic/README.md) for more details and step-by-step guide. It should help migrating existing serverless tests to deployment-agnostic, assuming requirements are met. ### Examples Deployment-agnostic tests: ``` x-pack/test/api_integration/deployment_agnostic/apis/console/spec_definitions.ts x-pack/test/api_integration/deployment_agnostic/apis/core/compression.ts x-pack/test/api_integration/deployment_agnostic/apis/painless_lab/painless_lab.ts ``` Configs to run it: ``` node scripts/functional_tests --config x-pack/test/api_integration/deployment_agnostic/oblt.serverless.config.ts node scripts/functional_tests --config x-pack/test/api_integration/deployment_agnostic/search.serverless.config.ts node scripts/functional_tests --config x-pack/test/api_integration/deployment_agnostic/security.serverless.config.ts node scripts/functional_tests --config x-pack/test/api_integration/deployment_agnostic/stateful.config.ts ``` PR is a compact version of #188737 with reduced changes in existing serverless tests. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: elena-shostak <[email protected]> Co-authored-by: Aleh Zasypkin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Closed in favour of #189853
This PR adds capability to create a single test file and run it against both serverless project and stateful deployment.
How it works:
svlUserManagerservice is using newSamlAuthProviderservice for SAML authentication for serverless and stateful both locally and in Elastic CloudDeploymentAgnosticFtrProviderContextlimits the scope of FTR services only the ones that compatible in both serverless & statefultest example
stateful config example:
serverless Oblt example
Code changes:
This PR modifies serveless-specific
SvlUserManagerProviderinto deployment agnosticSamlAuthProviderand moves service intokbn-ftr-common-functional-servicespackage. Though it is a "common" service, it shouldn't be loaded in tests that use basic authentication (more details in comment below)In oder to guarantee the test to work in both serverless and stateful environments (especially MKI and cloud deployments), it is important for every used FTR service to be "deployment-agnostic".
SamlAuthProvidercan be used as example how to create one. Since FTR config schema hasserverlessproperty, service can have 2 implementations of the same interface. This way test code remains "clean" keeping all the difference inside the service.As a required dependency,
SupertestWithoutAuthProviderforSvlUserManagerProviderservice was move to the same package in #189613To simplify new FTR configs creation for serverless and stateful context 2 functions were added: