diff --git a/e2e-tests/cypress/e2e/Impersonate.cy.ts b/e2e-tests/cypress/e2e/Impersonate.cy.ts index f288c0d..18af499 100644 --- a/e2e-tests/cypress/e2e/Impersonate.cy.ts +++ b/e2e-tests/cypress/e2e/Impersonate.cy.ts @@ -6,7 +6,6 @@ import { rorApiClient } from '../support/helpers/RorApiClient'; describe('impersonate', () => { beforeEach(() => { - // rorApiClient.configureRorIndexMainSettings("defaultSettings.yaml") Login.initialization(); }); diff --git a/e2e-tests/cypress/fixtures/defaultSettings.json b/e2e-tests/cypress/fixtures/defaultSettings.json deleted file mode 100644 index e8a7d3a..0000000 --- a/e2e-tests/cypress/fixtures/defaultSettings.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "settings": "helpers:\n cr: &common-rules\n kibana_access: rw\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: \".kibana_@{acl:current_group}\"\n\n ag: &all-groups\n groups:\n - id: admins_group\n name: administrators\n - id: infosec_group\n name: infosec\n - id: template_group\n name: template\n\nreadonlyrest:\n \n response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin\n prompt_for_basic_auth: false\n\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'readonlyrest_audit_'yyyy-MM-dd\"\n\n access_control_rules:\n \n - name: \"Kibana service account\"\n verbosity: error\n token_authentication:\n token: \"Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}\" \n username: service_account\n \n - name: \"PROBE\"\n verbosity: error\n auth_key: \"elastic-internal-probe:${INTERNAL_PROBE_PASS}\"\n\n - name: \"ELASTIC-INTERNAL\"\n verbosity: error\n auth_key: \"elastic-internal:${INTERNAL_USR_PASS}\"\n \n - name: KIBANA_SERVER\n verbosity: error\n auth_key: kibana:kibana\n\n - name: PERSONAL_GRP\n groups: [ Personal ]\n <<: *common-rules\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n <<: *common-rules\n kibana_access: admin\n\n - name: infosec\n groups: [ infosec_group ]\n <<: *common-rules\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n\n - name: Template Tenancy\n groups: [ template_group ]\n <<: *common-rules\n\n - name: \"Reporting tests: user2\"\n auth_key: user2:dev\n kibana:\n index: \".kibana_user2\"\n access: rw\n indices: [ \"invoices\" ]\n\n - name: \"Reporting tests: user3\"\n auth_key: user3:dev\n kibana:\n index: \".kibana_user3\"\n access: rw\n indices: [ \"invoices\" ]\n\n users:\n - username: admin\n auth_key: admin:dev\n <<: *all-groups\n\n - username: user1\n auth_key: user1:dev\n <<: *all-groups\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n" -} diff --git a/e2e-tests/cypress/fixtures/defaultSettings.yaml b/e2e-tests/cypress/fixtures/defaultSettings.yaml index 6757173..2a54a74 100644 --- a/e2e-tests/cypress/fixtures/defaultSettings.yaml +++ b/e2e-tests/cypress/fixtures/defaultSettings.yaml @@ -24,24 +24,11 @@ readonlyrest: index_template: "'readonlyrest_audit_'yyyy-MM-dd" access_control_rules: - - name: "Kibana service account - token" - verbosity: error - token_authentication: - token: "Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}" - username: service_account - name: "Kibana service account - user/pass" verbosity: error auth_key: kibana:kibana - - name: "PROBE" - verbosity: error - auth_key: "elastic-internal-probe:${INTERNAL_PROBE_PASS}" - - - name: "ELASTIC-INTERNAL" - verbosity: error - auth_key: "elastic-internal:${INTERNAL_USR_PASS}" - - name: PERSONAL_GRP groups: [Personal] <<: *common-rules diff --git a/e2e-tests/cypress/fixtures/reportingSettings.json b/e2e-tests/cypress/fixtures/reportingSettings.json deleted file mode 100644 index 4f3174e..0000000 --- a/e2e-tests/cypress/fixtures/reportingSettings.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "settings": "helpers:\n cr: &common-rules\n kibana_access: rw\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: \".kibana_@{acl:current_group}\"\n\n ag: &all-groups\n groups:\n - id: admins_group\n name: administrators\n - id: infosec_group\n name: infosec\n - id: template_group\n name: template\n\nreadonlyrest:\n \n response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin\n prompt_for_basic_auth: false\n\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'readonlyrest_audit_'yyyy-MM-dd\"\n\n access_control_rules:\n \n - name: \"Kibana service account\"\n verbosity: error\n token_authentication:\n token: \"Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}\" \n username: service_account\n \n - name: \"PROBE\"\n verbosity: error\n auth_key: \"elastic-internal-probe:${INTERNAL_PROBE_PASS}\"\n\n - name: \"ELASTIC-INTERNAL\"\n verbosity: error\n auth_key: \"elastic-internal:${INTERNAL_USR_PASS}\"\n \n - name: KIBANA_SERVER\n verbosity: error\n auth_key: kibana:kibana\n\n - name: PERSONAL_GRP\n groups: [ personal_group ]\n <<: *common-rules\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n <<: *common-rules\n kibana_access: admin\n\n # - name: infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec\n # verbosity: error\n\n - name: infosec\n groups: [ infosec_group ]\n <<: *common-rules\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n\n - name: Template Tenancy\n groups: [ template_group ]\n <<: *common-rules\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n <<: *all-groups\n\n - username: user1\n auth_key: user1:dev\n <<: *all-groups\n\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n" -} diff --git a/e2e-tests/cypress/fixtures/reportingSettings.yaml b/e2e-tests/cypress/fixtures/reportingSettings.yaml index 3536a3d..d4f21a4 100644 --- a/e2e-tests/cypress/fixtures/reportingSettings.yaml +++ b/e2e-tests/cypress/fixtures/reportingSettings.yaml @@ -24,24 +24,10 @@ readonlyrest: access_control_rules: - - name: "Kibana service account - token" - verbosity: error - token_authentication: - token: "Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}" - username: service_account - - name: "Kibana service account - user/pass" verbosity: error auth_key: kibana:kibana - - name: "PROBE" - verbosity: error - auth_key: "elastic-internal-probe:${INTERNAL_PROBE_PASS}" - - - name: "ELASTIC-INTERNAL" - verbosity: error - auth_key: "elastic-internal:${INTERNAL_USR_PASS}" - - name: PERSONAL_GRP groups: [personal_group] <<: *common-rules diff --git a/e2e-tests/cypress/fixtures/roSettings.json b/e2e-tests/cypress/fixtures/roSettings.json deleted file mode 100644 index a81318f..0000000 --- a/e2e-tests/cypress/fixtures/roSettings.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "settings": "helpers:\n cr: &common-rules\n kibana_access: ro\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: \".kibana_@{acl:current_group}\"\n\n ag: &all-groups\n groups:\n - id: admins_group\n name: administrators\n - id: infosec_group\n name: infosec\n - id: template_group\n name: template\n\nreadonlyrest:\n \n response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin\n prompt_for_basic_auth: false\n\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'readonlyrest_audit_'yyyy-MM-dd\"\n\n access_control_rules:\n \n - name: \"Kibana service account\"\n verbosity: error\n token_authentication:\n token: \"Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}\" \n username: service_account\n \n - name: \"PROBE\"\n verbosity: error\n auth_key: \"elastic-internal-probe:${INTERNAL_PROBE_PASS}\"\n\n - name: \"ELASTIC-INTERNAL\"\n verbosity: error\n auth_key: \"elastic-internal:${INTERNAL_USR_PASS}\"\n \n - name: KIBANA_SERVER\n verbosity: error\n auth_key: kibana:kibana\n\n - name: PERSONAL_GRP\n groups: [ personal_group ]\n <<: *common-rules\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n <<: *common-rules\n kibana_access: admin\n\n # - name: infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec\n # verbosity: error\n\n - name: infosec\n groups: [ infosec_group ]\n <<: *common-rules\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n\n - name: Template Tenancy\n groups: [ template_group ]\n <<: *common-rules\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n <<: *all-groups\n\n - username: user1\n auth_key: user1:dev\n <<: *all-groups\n\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n" -} diff --git a/e2e-tests/cypress/fixtures/roSettings.yaml b/e2e-tests/cypress/fixtures/roSettings.yaml index 098a05f..b878440 100644 --- a/e2e-tests/cypress/fixtures/roSettings.yaml +++ b/e2e-tests/cypress/fixtures/roSettings.yaml @@ -25,24 +25,10 @@ readonlyrest: access_control_rules: - - name: "Kibana service account - token" - verbosity: error - token_authentication: - token: "Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}" - username: service_account - - name: "Kibana service account - user/pass" verbosity: error auth_key: kibana:kibana - - name: "PROBE" - verbosity: error - auth_key: "elastic-internal-probe:${INTERNAL_PROBE_PASS}" - - - name: "ELASTIC-INTERNAL" - verbosity: error - auth_key: "elastic-internal:${INTERNAL_USR_PASS}" - - name: PERSONAL_GRP groups: [personal_group] <<: *common-rules diff --git a/e2e-tests/cypress/fixtures/roStrictSettings.json b/e2e-tests/cypress/fixtures/roStrictSettings.json deleted file mode 100644 index a81318f..0000000 --- a/e2e-tests/cypress/fixtures/roStrictSettings.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "settings": "helpers:\n cr: &common-rules\n kibana_access: ro\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: \".kibana_@{acl:current_group}\"\n\n ag: &all-groups\n groups:\n - id: admins_group\n name: administrators\n - id: infosec_group\n name: infosec\n - id: template_group\n name: template\n\nreadonlyrest:\n \n response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin\n prompt_for_basic_auth: false\n\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'readonlyrest_audit_'yyyy-MM-dd\"\n\n access_control_rules:\n \n - name: \"Kibana service account\"\n verbosity: error\n token_authentication:\n token: \"Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}\" \n username: service_account\n \n - name: \"PROBE\"\n verbosity: error\n auth_key: \"elastic-internal-probe:${INTERNAL_PROBE_PASS}\"\n\n - name: \"ELASTIC-INTERNAL\"\n verbosity: error\n auth_key: \"elastic-internal:${INTERNAL_USR_PASS}\"\n \n - name: KIBANA_SERVER\n verbosity: error\n auth_key: kibana:kibana\n\n - name: PERSONAL_GRP\n groups: [ personal_group ]\n <<: *common-rules\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n <<: *common-rules\n kibana_access: admin\n\n # - name: infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec\n # verbosity: error\n\n - name: infosec\n groups: [ infosec_group ]\n <<: *common-rules\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n\n - name: Template Tenancy\n groups: [ template_group ]\n <<: *common-rules\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n <<: *all-groups\n\n - username: user1\n auth_key: user1:dev\n <<: *all-groups\n\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n" -} diff --git a/e2e-tests/cypress/fixtures/roStrictSettings.yaml b/e2e-tests/cypress/fixtures/roStrictSettings.yaml index d34f0a9..fa29368 100644 --- a/e2e-tests/cypress/fixtures/roStrictSettings.yaml +++ b/e2e-tests/cypress/fixtures/roStrictSettings.yaml @@ -23,24 +23,10 @@ readonlyrest: index_template: "'readonlyrest_audit_'yyyy-MM-dd" access_control_rules: - - - name: "Kibana service account - token" - verbosity: error - token_authentication: - token: "Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}" - username: service_account - name: "Kibana service account - user/pass" verbosity: error auth_key: kibana:kibana - - - name: "PROBE" - verbosity: error - auth_key: "elastic-internal-probe:${INTERNAL_PROBE_PASS}" - - - name: "ELASTIC-INTERNAL" - verbosity: error - auth_key: "elastic-internal:${INTERNAL_USR_PASS}" - name: PERSONAL_GRP groups: [personal_group] diff --git a/e2e-tests/cypress/fixtures/testSettings.json b/e2e-tests/cypress/fixtures/testSettings.json deleted file mode 100644 index da9e995..0000000 --- a/e2e-tests/cypress/fixtures/testSettings.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "settings": "readonlyrest:\n prompt_for_basic_auth: false\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'roraudit.reporting'-yyyy-MM\"\n access_control_rules:\n - name: \"::Tweets1::\"\n methods: [GET, POST]\n indices: [\"twitter\", \".kibana\"]\n proxy_auth:\n proxy_auth_config: \"proxy1\"\n users: [\"kibana\"]\n groups_provider_authorization:\n user_groups_provider: \"ACME2 External Authentication Service\"\n groups: [\"group3\"]\n\n - name: \"::Facebook2 posts::\"\n methods: [GET, POST]\n indices: [\"facebook\", \".kibana\"]\n proxy_auth:\n proxy_auth_config: \"proxy1\"\n users: [\"kibana\"]\n groups_provider_authorization:\n user_groups_provider: \"ACME2 External Authentication Service\"\n groups: [\"group1\"]\n cache_ttl_in_sec: 60\n\n - name: \"::Tweets::\"\n methods: [GET, POST]\n indices: [\"twitter\", \".kibana\"]\n external_authentication: \"ACME1 External Authorization Service\"\n\n - name: Accept requests to index2 from users with valid LDAP credentials, belonging to LDAP group 'team2'\n ldap_authentication: LDAP 1\n ldap_authorization:\n name: \"LDAP 1\"\n groups: [\"group3\"]\n\n \n - name: \"Kibana service account\"\n verbosity: error\n token_authentication:\n token: \"Bearer ${KIBANA_SERVICE_ACCOUNT_TOKEN}\" \n username: service_account\n \n - name: \"PROBE\"\n verbosity: error\n auth_key: \"elastic-internal-probe:${INTERNAL_PROBE_PASS}\"\n\n - name: \"ELASTIC-INTERNAL\"\n verbosity: error\n auth_key: \"elastic-internal:${INTERNAL_USR_PASS}\"\n \n - name: KIBANA_SERVER\n verbosity: error\n auth_key: kibana:kibana\n\n - name: PERSONAL_GRP\n groups: [ personal_group ]\n kibana_access: rw\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n kibana_access: admin\n kibana_hide_apps: [ \"Security\", \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: '.kibana_admins'\n\n # - name: Infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec\n # verbosity: error\n\n - name: INFOSEC_GRP\n groups: [ infosec_group ]\n kibana_access: rw\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n kibana_index: .kibana_infosec\n\n - name: Template Tenancy\n groups: [ template_group ]\n kibana_access: admin\n kibana_index: \".kibana_template\"\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n groups:\n - id: admins_group\n name: Administrators\n - id: infosec_group\n name: Infosec\n - id: Template\n name: Template\n\n - username: user1\n auth_key: user1:dev\n groups:\n - id: admins_group\n name: Administrators\n - id: personal_group\n name: Personal\n - id: infosec_group\n name: Infosec\n\n - username: new_user\n auth_key: new_user:dev\n groups:\n - id: admins_group\n name: Administrators\n - id: personal_group\n name: Personal\n - id: infosec_group\n name: Infosec\n\n - username: 'wildcard_user#*'\n groups:\n - g1: group1\n ldap_auth:\n name: \"LDAP 1\"\n groups: [\"group1\"]\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n ldaps:\n\n - name: LDAP 1\n host: \"ldap1.example.com\"\n port: 389\n ssl_enabled: false\n ssl_trust_all_certs: true\n ignore_ldap_connectivity_problems: true\n bind_dn: \"cn=admin,dc=example,dc=com\"\n bind_password: \"password\"\n search_user_base_DN: \"ou=People,dc=example,dc=com\"\n user_id_attribute: \"uid\"\n search_groups_base_DN: \"ou=Groups,dc=example,dc=com\"\n unique_member_attribute: \"uniqueMember\"\n connection_pool_size: 10\n connection_timeout: 10s\n request_timeout: 10s\n cache_ttl: 60s\n group_search_filter: \"(objectClass=group)(cn=application*)\"\n group_name_attribute: \"cn\"\n circuit_breaker:\n max_retries: 2\n reset_duration: 5s\n external_authentication_service_configs:\n - name: \"ACME1 External Authorization Service\"\n authentication_endpoint: \"http://external-website1:8080/auth1\"\n success_status_code: 200\n cache_ttl_in_sec: 60\n validate: false # SSL certificate validation (default to true)\n\n proxy_auth_configs:\n\n - name: \"proxy1\"\n user_id_header: \"X-Auth-Token\" # default X-Forwarded-User\n\n user_groups_providers:\n - name: ACME2 External Authentication Service\n groups_endpoint: \"http://localhost:8080/groups\"\n auth_token_name: \"token\"\n auth_token_passed_as: QUERY_PARAM # HEADER OR QUERY_PARAM\n response_groups_json_path: \"$..groups[?(@.id)].id\" # see: https://github.com/json-path/JsonPath\n cache_ttl_in_sec: 60\n http_connection_settings:\n connection_timeout_in_sec: 5 # default 2\n socket_timeout_in_sec: 3 # default 5\n connection_request_timeout_in_sec: 3 # default 5\n connection_pool_size: 10 # default 30\n", - "ttl": "30 minutes" -} diff --git a/e2e-tests/cypress/fixtures/testSettings.yaml b/e2e-tests/cypress/fixtures/testSettings.yaml index d6efa5a..cf3e221 100644 --- a/e2e-tests/cypress/fixtures/testSettings.yaml +++ b/e2e-tests/cypress/fixtures/testSettings.yaml @@ -1,5 +1,6 @@ readonlyrest: prompt_for_basic_auth: false + audit: enabled: true outputs: @@ -114,8 +115,8 @@ readonlyrest: - impersonator: admin users: ["*"] auth_key: admin:dev + ldaps: - - name: LDAP 1 host: "ldap1.example.com" port: 389 @@ -137,27 +138,27 @@ readonlyrest: circuit_breaker: max_retries: 2 reset_duration: 5s + external_authentication_service_configs: - name: "ACME1 External Authorization Service" authentication_endpoint: "http://external-website1:8080/auth1" success_status_code: 200 cache_ttl_in_sec: 60 - validate: false # SSL certificate validation (default to true) + validate: false proxy_auth_configs: - - name: "proxy1" - user_id_header: "X-Auth-Token" # default X-Forwarded-User + user_id_header: "X-Auth-Token" user_groups_providers: - name: ACME2 External Authentication Service groups_endpoint: "http://localhost:8080/groups" auth_token_name: "token" - auth_token_passed_as: QUERY_PARAM # HEADER OR QUERY_PARAM - response_groups_json_path: "$..groups[?(@.id)].id" # see: https://github.com/json-path/JsonPath + auth_token_passed_as: QUERY_PARAM + response_groups_json_path: "$..groups[?(@.id)].id" cache_ttl_in_sec: 60 http_connection_settings: - connection_timeout_in_sec: 5 # default 2 - socket_timeout_in_sec: 3 # default 5 - connection_request_timeout_in_sec: 3 # default 5 - connection_pool_size: 10 # default 30 + connection_timeout_in_sec: 5 + socket_timeout_in_sec: 3 + connection_request_timeout_in_sec: 3 + connection_pool_size: 10 diff --git a/e2e-tests/cypress/plugins/index.ts b/e2e-tests/cypress/plugins/index.ts index 3dbce53..2e8ac91 100644 --- a/e2e-tests/cypress/plugins/index.ts +++ b/e2e-tests/cypress/plugins/index.ts @@ -29,7 +29,7 @@ module.exports = (on: Cypress.PluginEvents, config: Cypress.PluginConfigOptions) const contentType = response.headers.get('content-type') || ''; const data = contentType.includes('application/json') ? await response.json() : await response.text(); - console.log(`Response: ${method} ${url}: HTTP STATUS ${response.status}; Body: ${data}`); // todo: do we need that? + console.log(`Response: ${method} ${url}: HTTP STATUS ${response.status}; Body: ${data}`); return data; } catch (error) { console.error('HTTP Request failed:', { @@ -61,9 +61,11 @@ module.exports = (on: Cypress.PluginEvents, config: Cypress.PluginConfigOptions) ...form.getHeaders() }; + const method = 'POST' + try { const response: Response = await fetch(url, { - method: 'POST', + method, headers: combinedHeaders, body: form, agent @@ -76,7 +78,7 @@ module.exports = (on: Cypress.PluginEvents, config: Cypress.PluginConfigOptions) const contentType = response.headers.get('content-type') || ''; const data = contentType.includes('application/json') ? await response.json() : await response.text(); - console.log('HTTP Request successful. Response data:', data); // todo: do we need that? + console.log(`Response: ${method} ${url}: HTTP STATUS ${response.status}; Body: ${data}`); return data; } catch (error) { console.error('HTTP Request failed:', { diff --git a/e2e-tests/cypress/support/e2e.ts b/e2e-tests/cypress/support/e2e.ts index 44e4cf1..9561d99 100644 --- a/e2e-tests/cypress/support/e2e.ts +++ b/e2e-tests/cypress/support/e2e.ts @@ -24,105 +24,20 @@ declare global { // eslint-disable-next-line @typescript-eslint/no-namespace namespace Cypress { export interface Chainable { - kbnRequest({ - method, - endpoint, - credentials, - payload, - currentGroupHeader - }: { - method: string; - endpoint: string; - credentials: string; - payload?: Payload; - currentGroupHeader?: string; - }): Chainable; - kbnGet({ - endpoint, - credentials, - currentGroupHeader - }: { - endpoint: string; - credentials: string; - currentGroupHeader?: string; - }): Chainable; - kbnPost({ - endpoint, - credentials, - payload, - currentGroupHeader - }: { - endpoint: string; - credentials: string; - payload?: Payload; - currentGroupHeader?: string; - }): Chainable; - kbnPut({ - endpoint, - credentials, - payload - }: { - endpoint: string; - credentials: string; - payload?: Payload; - }): Chainable; - kbnImport({ - endpoint, - credentials, - fixtureFilename - }: { - endpoint: string; - credentials: string; - fixtureFilename: string; - }): Chainable; - kbnDelete({ - endpoint, - credentials, - currentGroupHeader - }: { - endpoint: string; - credentials: string; - currentGroupHeader?: string; - }): Chainable; + kbnRequest({ method, endpoint, credentials, payload, currentGroupHeader }: { method: string, endpoint: string, credentials: string, payload?: Payload, currentGroupHeader?: string }): Chainable; + kbnGet({ endpoint, credentials, currentGroupHeader }: { endpoint: string, credentials: string, currentGroupHeader?: string }): Chainable; + kbnPost({ endpoint, credentials, payload, currentGroupHeader }: { endpoint: string, credentials: string, payload?: Payload, currentGroupHeader?: string }): Chainable; + kbnPut({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: Payload }): Chainable; + kbnImport({ endpoint, credentials, fixtureFilename }: { endpoint: string, credentials: string, fixtureFilename: string }): Chainable; + kbnDelete({ endpoint, credentials, currentGroupHeader }: { endpoint: string, credentials: string, currentGroupHeader?: string }): Chainable; - esRequest({ - method, - endpoint, - credentials, - payload - }: { - method: string; - endpoint: string; - credentials: string; - payload?: Payload; - }): Chainable; - esGet({ endpoint, credentials }: { endpoint: string; credentials: string }): Chainable; - esPost({ - endpoint, - credentials, - payload - }: { - endpoint: string; - credentials: string; - payload?: Payload; - }): Chainable; - esPut({ - endpoint, - credentials, - payload - }: { - endpoint: string; - credentials: string; - payload?: Payload; - }): Chainable; - esDelete({ endpoint, credentials }: { endpoint: string; credentials: string }): Chainable; + esRequest({ method, endpoint, credentials, payload }: { method: string, endpoint: string, credentials: string, payload?: Payload }): Chainable; + esGet({ endpoint, credentials }: { endpoint: string, credentials: string }): Chainable; + esPost({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: Payload }): Chainable; + esPut({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: Payload }): Chainable; + esDelete({ endpoint, credentials }: { endpoint: string, credentials: string }): Chainable; } - export interface Credentials { - username: string; - password: string; - } - - export type Payload = string | object; + export type Payload = string | object } } diff --git a/run-env-and-tests.sh b/run-env-and-tests.sh index 52c4e97..2bdb931 100755 --- a/run-env-and-tests.sh +++ b/run-env-and-tests.sh @@ -12,7 +12,7 @@ case "$2" in ENV_NAME="elk-ror" ;; *) - echo 'Only "docker" and 'eck' are available environments' + echo 'Only "docker" is available environment' exit 2; ;; esac