Turn on internal API restriction for serverless tests #162636
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jloleysens
added
Feature:http
Team:Core
|
Pinging @elastic/kibana-core (Team:Core) |
jbudz
approved these changes
Jul 27, 2023
|
@jloleysens We just merged a fix for the security request headers tests. When you resolve conflicts you should be able to just use what's in main. |
|
Pinging @elastic/apm-ui (Team:APM) |
jloleysens
commented
Jul 28, 2023
| @@ -33,6 +33,7 @@ export default async () => { | |||
| }, | |||
| sourceArgs: ['--no-base-path', '--env.name=development'], | |||
| serverArgs: [ | |||
| `--server.restrictInternalApis=true`, | |||
There was a problem hiding this comment.
The most important change of the PR
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
| @@ -16,7 +16,7 @@ export default function ({ getService }: FtrProviderContext) { | |||
| it('rejects request to create a new fleet server hosts', async () => { | |||
| const { body, status } = await supertest | |||
| .post('/api/fleet/fleet_server_hosts') | |||
| .set(svlCommonApi.getCommonRequestHeader()) | |||
| .set(svlCommonApi.getInternalRequestHeader()) | |||
There was a problem hiding this comment.
the API's public, not internal. Fleet has an open issue to change to 'public' again: https://github.com/elastic/ingest-dev/issues/1921
There was a problem hiding this comment.
This means until the linked issue is resolved, this API would be treated as internal ?
| @@ -34,7 +34,7 @@ export default function ({ getService }: FtrProviderContext) { | |||
| it('rejects request to create a new proxy', async () => { | |||
| const { body, status } = await supertest | |||
| .post('/api/fleet/proxies') | |||
| .set(svlCommonApi.getCommonRequestHeader()) | |||
| .set(svlCommonApi.getInternalRequestHeader()) | |||
| @@ -54,6 +55,7 @@ export async function createRule({ | |||
| const { body } = await supertest | |||
| .post(`/api/alerting/rule`) | |||
| .set('kbn-xsrf', 'foo') | |||
| .set('x-elastic-internal-origin', 'foo') | |||
There was a problem hiding this comment.
👍 . confirmed with @elastic/actionable-observability, their APIs are 'internal'
| const response = await supertest | ||
| .get(`/api/alerting/rule/${id}`) | ||
| .set('kbn-xsrf', 'foo') | ||
| .set('x-elastic-internal-origin', 'foo'); |
| @@ -21,6 +21,7 @@ export const createDataView = async ({ | |||
| const { body } = await supertest | |||
| .post(`/api/content_management/rpc/create`) | |||
| .set('kbn-xsrf', 'foo') | |||
| .set('x-elastic-internal-origin', 'foo') | |||
| await supertest | ||
| .delete(`/api/alerting/rule/${ruleId}`) | ||
| .set('kbn-xsrf', 'foo') | ||
| .set('x-elastic-internal-origin', 'foo'); |
| await supertest | ||
| .delete(`/api/actions/connector/${actionId}`) | ||
| .set('kbn-xsrf', 'foo') | ||
| .set('x-elastic-internal-origin', 'foo'); |
This was referenced Jul 28, 2023
achyutjhunjhunwala
approved these changes
Jul 31, 2023
There was a problem hiding this comment.
APM changes are good to go, only concern is with the Fleet API which @TinaHeiligers has already highlighted
ThomThomson
pushed a commit
to ThomThomson/kibana
that referenced
this pull request
Aug 1, 2023
## Summary Since we already have some E2E tests running for serverless, this PR turns on the internal API restriction flag to test whether our UI functions _as such_ under these tests. An alternative could be to have a specific smoke test for this, but it seems this is thoroughly covered by piggy-backing off the existing set of tests. Blocks: elastic#162149
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Since we already have some E2E tests running for serverless, this PR turns on the internal API restriction flag to test whether our UI functions as such under these tests.
An alternative could be to have a specific smoke test for this, but it seems this is thoroughly covered by piggy-backing off the existing set of tests.
Blocks: #162149