Sync Kerberos + Anonymous access tests with the latest `security/_aut…

…henticate` API (user roles now include roles of anonymous user). (#65421)
elastic · May 6, 2020 · 2a32f8f · 2a32f8f
1 parent ced64f4
commit 2a32f8f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/x-pack/test/kerberos_api_integration/anonymous_access.config.ts b/x-pack/test/kerberos_api_integration/anonymous_access.config.ts
@@ -21,7 +21,7 @@ export default async function({ readConfigFile }: FtrConfigProviderContext) {
       serverArgs: [
         ...kerberosAPITestsConfig.get('esTestCluster.serverArgs'),
         'xpack.security.authc.anonymous.username=anonymous_user',
-        'xpack.security.authc.anonymous.roles=superuser',
+        'xpack.security.authc.anonymous.roles=superuser_anonymous',
       ],
     },
   };

diff --git a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts
@@ -100,9 +100,7 @@ export default function({ getService }: FtrProviderContext) {
       });
     });
 
-    // Preventing ES Snapshot to be promoted
-    // https://github.com/elastic/kibana/issues/65114
-    describe.skip('finishing SPNEGO', () => {
+    describe('finishing SPNEGO', () => {
       it('should properly set cookie and authenticate user', async () => {
         const response = await supertest
           .get('/internal/security/me')
@@ -120,13 +118,22 @@ export default function({ getService }: FtrProviderContext) {
         const sessionCookie = request.cookie(cookies[0])!;
         checkCookieIsSet(sessionCookie);
 
+        const isAnonymousAccessEnabled = (config.get(
+          'esTestCluster.serverArgs'
+        ) as string[]).some(setting => setting.startsWith('xpack.security.authc.anonymous'));
+
+        // `superuser_anonymous` role is derived from the enabled anonymous access.
+        const expectedUserRoles = isAnonymousAccessEnabled
+          ? ['kibana_admin', 'superuser_anonymous']
+          : ['kibana_admin'];
+
         await supertest
           .get('/internal/security/me')
           .set('kbn-xsrf', 'xxx')
           .set('Cookie', sessionCookie.cookieString())
           .expect(200, {
             username: 'tester@TEST.ELASTIC.CO',
-            roles: ['kibana_admin'],
+            roles: expectedUserRoles,
             full_name: null,
             email: null,
             metadata: {