From 2a32f8f3994f962b3e768d09b83c71d1a380e5fc Mon Sep 17 00:00:00 2001
From: Aleh Zasypkin <aleh.zasypkin@gmail.com>
Date: Wed, 6 May 2020 13:17:42 +0200
Subject: [PATCH] Sync Kerberos + Anonymous access tests with the latest
 `security/_authenticate` API (user roles now include roles of anonymous
 user). (#65421)

---
 .../anonymous_access.config.ts                    |  2 +-
 .../apis/security/kerberos_login.ts               | 15 +++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/x-pack/test/kerberos_api_integration/anonymous_access.config.ts b/x-pack/test/kerberos_api_integration/anonymous_access.config.ts
index 90d47ec61a4dc9..8b712afe6c4d65 100644
--- a/x-pack/test/kerberos_api_integration/anonymous_access.config.ts
+++ b/x-pack/test/kerberos_api_integration/anonymous_access.config.ts
@@ -21,7 +21,7 @@ export default async function({ readConfigFile }: FtrConfigProviderContext) {
       serverArgs: [
         ...kerberosAPITestsConfig.get('esTestCluster.serverArgs'),
         'xpack.security.authc.anonymous.username=anonymous_user',
-        'xpack.security.authc.anonymous.roles=superuser',
+        'xpack.security.authc.anonymous.roles=superuser_anonymous',
       ],
     },
   };
diff --git a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts
index fbf9a977e8b1f0..e81db7e2b02f39 100644
--- a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts
+++ b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts
@@ -100,9 +100,7 @@ export default function({ getService }: FtrProviderContext) {
       });
     });
 
-    // Preventing ES Snapshot to be promoted
-    // https://github.com/elastic/kibana/issues/65114
-    describe.skip('finishing SPNEGO', () => {
+    describe('finishing SPNEGO', () => {
       it('should properly set cookie and authenticate user', async () => {
         const response = await supertest
           .get('/internal/security/me')
@@ -120,13 +118,22 @@ export default function({ getService }: FtrProviderContext) {
         const sessionCookie = request.cookie(cookies[0])!;
         checkCookieIsSet(sessionCookie);
 
+        const isAnonymousAccessEnabled = (config.get(
+          'esTestCluster.serverArgs'
+        ) as string[]).some(setting => setting.startsWith('xpack.security.authc.anonymous'));
+
+        // `superuser_anonymous` role is derived from the enabled anonymous access.
+        const expectedUserRoles = isAnonymousAccessEnabled
+          ? ['kibana_admin', 'superuser_anonymous']
+          : ['kibana_admin'];
+
         await supertest
           .get('/internal/security/me')
           .set('kbn-xsrf', 'xxx')
           .set('Cookie', sessionCookie.cookieString())
           .expect(200, {
             username: 'tester@TEST.ELASTIC.CO',
-            roles: ['kibana_admin'],
+            roles: expectedUserRoles,
             full_name: null,
             email: null,
             metadata: {