[ResponseOps][Cases] Change login role in serverless API tests. (elas…

…tic#187471) # Summary Updated the API FTR tests to not run with operator privileges. Fixes elastic#184742
PhilippeOberti · Jul 3, 2024 · 0017fd5 · 0017fd5
1 parent 80f3c19
commit 0017fd5
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 8 deletions.
diff --git a/x-pack/test_serverless/api_integration/test_suites/search/cases/find_cases.ts b/x-pack/test_serverless/api_integration/test_suites/search/cases/find_cases.ts
@@ -6,17 +6,30 @@
  */
 
 import { CASES_URL } from '@kbn/cases-plugin/common/constants';
+import type { RoleCredentials } from '../../../../shared/services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default ({ getService }: FtrProviderContext): void => {
-  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
 
   describe('find_cases', () => {
+    let roleAuthc: RoleCredentials;
+
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('viewer');
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
+
     it('403 when calling find cases API', async () => {
-      await supertest
+      await supertestWithoutAuth
         .get(`${CASES_URL}/_find`)
-        .set('kbn-xsrf', 'foo')
-        .set('x-elastic-internal-origin', 'foo')
+        .set(svlCommonApi.getInternalRequestHeader())
+        .set(roleAuthc.apiKeyHeader)
         .expect(403);
     });
   });

diff --git a/x-pack/test_serverless/api_integration/test_suites/search/cases/post_case.ts b/x-pack/test_serverless/api_integration/test_suites/search/cases/post_case.ts
@@ -8,18 +8,31 @@
 import { CASES_URL } from '@kbn/cases-plugin/common/constants';
 import { CaseSeverity } from '@kbn/cases-plugin/common/types/domain';
 import { ConnectorTypes } from '@kbn/cases-plugin/common/types/domain';
+import type { RoleCredentials } from '../../../../shared/services';
 
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default ({ getService }: FtrProviderContext): void => {
-  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const svlCommonApi = getService('svlCommonApi');
+  const svlUserManager = getService('svlUserManager');
 
   describe('post_case', () => {
+    let roleAuthc: RoleCredentials;
+
+    before(async () => {
+      roleAuthc = await svlUserManager.createApiKeyForRole('viewer');
+    });
+
+    after(async () => {
+      await svlUserManager.invalidateApiKeyForRole(roleAuthc);
+    });
+
     it('403 when trying to create case', async () => {
-      await supertest
+      await supertestWithoutAuth
         .post(CASES_URL)
-        .set('kbn-xsrf', 'foo')
-        .set('x-elastic-internal-origin', 'foo')
+        .set(svlCommonApi.getInternalRequestHeader())
+        .set(roleAuthc.apiKeyHeader)
         .send({
           description: 'This is a brand new case of a bad meanie defacing data',
           title: 'Super Bad Observability Issue',