* update cache-control header
* update tests
* update test run config
* remove custom cache-control header for authentication resources
* address test flakiness
* address PR feedback
* revert changes to endpoint test
* revert changes for real this time
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* initial implementation of configurable test users
* user superuser by default to match master
* referenced the configs in reporting and api integration
* setting the minimum number of default roles
* looking for x-pack tests with users and roles
* add testUserService in dashboard mode tests
* running only ciGroup7
* uncommenting - addign visualization
* re-enabling all CI groups to run on CI
* reinstating Jenkinsfile
* disable Test user for OIDC config
* improved logging and added Roles for OSS tests to get better info on the runs.
* disable test_user for auth tests
* don't fetch enabledPlugins when testuser disabled
* fix es-lint
* running oss tests with x-pack enabled
* [revertme] build default dist for oss tests
* updating NOTICE.txt file as it complained in the kibana intake tests
* changed to pick OSS builds
* trying a license change to trial
* switch back to xpack builds
* created a new sample data role and used it in homepage tests
* revert test/scripts/jenkins_ci_group.sh
* only refresh browser and wait for chrome if we are already on Kibana page
* fix large_string test to use minimum set of roles and privileges
* fix for date nanos custom timestamp with a configured role
* changes to the files with addition of new roles for the test_user
* reverting to OSS changes and few additions to the time_zone test to run as a test_user
* changes to security
* changes to the x-pack test to use elastic superuser
* fix for chart_types test
* fixes to area chart , input control test
* fix for dashboard filtering test and a new config role
* changes to handle the x-pack tests
* additional role for date nanos mixed
* added the logstash role to the accessibility tests
* removed telemetry setting
* docs+few changes to the tests
* removed Page navigation
* removed pageNavigation which was unused
* test/accessibility/apps/management.ts
* update management.ts
* aria label, and other changes
* accidentally checked in a piped file with results.
* accidentally checked in a piped file with results.
* accidentally checked in a piped file with results.
* accidentally checked in a piped file with results.
* accidentally checked in a piped file with results.
* accidentally checked in a piped file with results.
* accidentally checked in a piped file with results.
* accidentally checked in a piped file with results.
* reverted
* unloading of logstash data, fixing aria label
* aria-label
* added the required role
* fix for tsvb chart
* fix for sample data test reverted home_page pageobject file
* changes to sample data test and visualize index file to incorporate OSS changes
* changes to describe() and some more changes to incorporate in settings_page
* re-adding the after()
* removed unwanted roles
* replaced kibana_user with kibana_admin
* added the check of deprecated kibana_user
* testing with kibana_admin role
* fix for discover test
* incorporated the review comments
* incorporated the review comments
* incorporate review comments and added restoreDefaults()
* removed describe.only
* reverted the OSS logic change I had here- pulled into seperate PR
* incorporated the review comments
* incorporated review changes
* adding hidden=true to find hidden kibanaChrome
* change field.test.tsx to be same as that of master branch
Co-authored-by: spalger <spalger@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [csp] allow blob styles when running from source
* update kbn/pm dist
* add kibanaServer service to saml_api_integration suite
* use common naming
* attempt to use env.packageInfo instead of IS_KIBANA_DISTRIBUTABLE const
* remove mock, clone rules before modifying
* pass env where necessary
* update core api docs
* make env optional in HttpConfig
* add tests for CspConfig changes, base header on this.rules
* fix test snapshot
* make env optional in HttpConfig too
* remove CspConfig.DEFAULT and make env a required constructor arg
* update csp_usage_collector tests
* update core api docs
* fix test name
* rename headerChangedFromDefault back to rulesChangedFromDefault
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This instructs mapbox-gl to load its workers using a static script. It removes the corresponding child-src CSP-rule from the policy. It retains the worker-src rule as it is required by the ace-editor in Dev-tools.
* [xpack/ftr/common] follow conventions, expose a config file
In order to make xpack/test/common ftr config easier to work with, this updates it to follow the conventions established by most other configs of exposing all services from the services module as an object that can be easily merges into local services modules.
* common config file and FtrProviderConfig are unused and unnecessary
* turns out FtrProviderContext was used...
* Re-split ciGroups after pipeline rollout
Revert "Revert "Revert "Revert "Revert "[ci] compress jobs for CI stab… (#45454)"
This reverts commit 9a109f2170.
Revert "set IS_PIPELINE_JOB in intake jobs (#45850)"
This reverts commit b1a01effa8.
* Split one of the slow test suites up to try to make overall CI faster
* Disable visualRegression groups, they are being handled in other work
* Revert "Split one of the slow test suites up to try to make overall CI faster"
This reverts commit 1213239545.
* Move some different xpack ciGroup8 suites around
* Pipeline
* WIP some work for parallelization with ciGroups
* Fix xpack kibana install dir, and add some debugging
* Attempt to quick fix a few tests
* Revert "Revert "Revert "[ci] compress jobs for CI stability" (#44584)""
This reverts commit 078ac2897f.
* Recombine test groups, and try runbld again
* Mostly cleanup, and fix failed_tests reporting to hopefully work for both pipeline and non-pipeline
* Fix typo in shell script
* Remove some debug code
* Add support for changing es transport.port during testing via TEST_ES_TRANSPORT_PORT
* Fix test that uses hard-coded es transport port and add it back in to parallel groups
* Disable checks reporter again for now
* Set env var for TEST_ES_TRANSPORT_PORT in pipeline
* Update Jenkinsfile for shorter testrunner labels
* Fix another hard-coded transport port
* Fix a new test with hard-coded URLs
* Jenkinsfile cleanup and fix one of the groups
* Fix double slash
* Testing vault credentials on jenkins server
* Add a non-existent credential
* Revert "Add a non-existent credential"
This reverts commit 0dc234c465a5483b1a994cb510a182fef766e9cc.
* Try github-checks-reporter again
* github-checks-reporter should only run for elastic/kibana, forks won't work
* Clean up some debug code
* Changing names around to try to make BlueOcean UI a little better
* Add more stages
* Make some changes to stage structure to mirror a nested example from CloudBees
* Handle TODOs, and some cleanup in Jenkinsfile
* Pass GIT_BRANCH when started without GHPRB, fix branch check
* Fix mailer problem and add code that ensures all tests are in cigroups back in
* Test adding worker/job name to junit report paths
* Remove some duplication from ci_setup scripts
* Fix unit test that uses junit path
* Don't reinstall node every time setup_env is run
* Fix yarn install logic
* Fix another unit test that uses junit output dir
* Download latest ES snapshot after kibana builds
* Make sure junit reports are always processed
* Add two failing tests for testing purposes
* Add support to Jenkinsfile for kibana build e-mails
* Remove some debug code for email sending
* Change JOB env handling in junit paths and move it to a sub-directory
* Revert "Add two failing tests for testing purposes"
This reverts commit 5715203e26922a93483feb0ebb8bb3fdcc3daf8c.
* Fix junit report path in test
* Don't send kibana emails on build abort
* Address PR feedback, formatting and use built-in url formatting library
* Fix path formatting for functional test
* Add email sending back in to Jenkinsfile
* Fix another unit test with path problem
* Adding "style-src 'unsafe-inline' 'self'" to default CSP rules
* Updating jest snapshot
* Fixing api integration smoke test
* Verifying all CSP responses
* Fixing OIDC implicit flow test
* Switch Kerberos authentication provider to a dedicated `_kerberos` grant. Introduce `Tokens` for common access/refresh token tasks.
* Review#1: improve/fix code comments, properly log the case when token invalidation failed.
The OpenID Connect authProvider is the accompanying authProvider for the OpenID Connect authentication realm in Elasticsearch. This is very similar to the saml authProvider in most ways with three noticeable differences:
- We require explicit configuration regarding the Elasticsearch realm name instead of trying to build an environment aware string (like ACS URL in saml) and pass that to Elasticsearch for it to resolve the realm.
- We do not support multiple values for the realm specific nonces (state and nonce) as we do with requestId in the SAML realm. Instead if an existing value ( for state and nonce) is present in the user's session, we pass that to Elasticsearch to be reused. The end goal is the same, allow a better UX for users attempting many requests over different tabs in the same browser context.
- IDP initiated SSO ( Third Party initiated authentication in OIDC-speak ) is implemented but starts as an unsolicited request to initiate the handshake, instead of an unsolicited request with an authentication response (which is not supported here)
This change also adds a fake plugin named oidc_provider to be used in integration tests for mocking calls to the token and userinfo endpoint of an OpenID Connect Provider
This does not support the OpenID Connect Implicit flow as that depends on fragment handling/processing as described for instance in the spec
Co-Authored-By: Brandon Kobel <kobelb@elastic.co>