Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Meta] Update serverless test to not run with operator privileges #183512

Open
13 tasks
pheyos opened this issue May 15, 2024 · 4 comments
Open
13 tasks

[Meta] Update serverless test to not run with operator privileges #183512

pheyos opened this issue May 15, 2024 · 4 comments
Labels
Meta Team:QA Team label for QA Team

Comments

@pheyos
Copy link
Member

pheyos commented May 15, 2024
edited by paulb-elastic

Overview

The serverless operator user should not be used for functional / e2e testing. There are some reasons for it:

  • The operator user has more privileges than a regular serverless user would have. So tests running as operator are not exactly covering what a real user would experience.
  • The operator user is treated differently by some parts of Elasticsearch, e.g. the REST parameter validation. So a test might pass due to these elevated privileges where it should actually fail.

Our UI and API integration tests should be close to the actions a real user would perform in order to have best possible test coverage. This includes user privileges.

Having said all that, the operator user is still required in some places like test setup or teardown. But it should not be used for login nor for the API under test.

Details and examples of how to do that are in the serverless test readme: https://github.com/elastic/kibana/blob/main/x-pack/test_serverless/README.md#roles-based-testing

cc as discussed @cachedout @sphilipse @MindyRS

High level areas to update

Target date is end of June 2024

Tagging the teams to drive it - not necessarily to implement it.

Group 1: x-pack/test_serverless/api_integration/

Group 2: x-pack/test_serverless/functional/

Group 3: x-pack/test/security_solution*

  • test/security_solution_api_integration (serverless tests)
    • @elastic/security-engineering-productivity
  • test/security_solution_cypress (serverless tests)
    • @elastic/security-engineering-productivity
  • test/security_solution_endpoint (serverless tests)
    • @elastic/security-engineering-productivity
  • test/security_solution_endpoint_api_int (serverless tests)
    • @elastic/security-engineering-productivity
  • test/security_solution_cypress (serverless tests)
    • @elastic/security-engineering-productivity
@pheyos pheyos added the Meta label May 15, 2024
@botelastic botelastic bot added the needs-team Issues missing a team label label May 15, 2024
@pheyos pheyos added the Team:QA Team label for QA Team label May 15, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/appex-qa (Team:QA)

@botelastic botelastic bot removed the needs-team Issues missing a team label label May 15, 2024
@sphilipse
Copy link
Member

Added tracking issue for Search and updated tagged team

@pheyos pheyos mentioned this issue May 16, 2024
Open
4 tasks
@paulb-elastic paulb-elastic mentioned this issue May 22, 2024
Open
2 tasks
@paulb-elastic
Copy link
Contributor

paulb-elastic commented May 22, 2024
edited

#184033 created to address the Observability requirements and updated the contact to me (we don't have a corresponding GitHub team, but a project team for this)

@MadameSheema
Copy link
Member

In Security we have started implementing the change in our Cypress tests: #183608 and then we'll move forward with the API ones.

@MadameSheema MadameSheema mentioned this issue May 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Meta Team:QA Team label for QA Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pheyos @elasticmachine @MadameSheema @paulb-elastic @sphilipse