diff --git a/.github/workflows/trigger-e2e-tests.yml b/.github/workflows/trigger-e2e-tests.yml
index 4b0f169..dc61c3e 100644
--- a/.github/workflows/trigger-e2e-tests.yml
+++ b/.github/workflows/trigger-e2e-tests.yml
@@ -11,13 +11,19 @@ jobs:
e2e-tests:
runs-on: ubuntu-latest
strategy:
+ fail-fast: false
matrix:
- version: [8x, 7x]
+ version: ["8.15.2", "7.17.24"]
+ env: [docker]
steps:
- name: Checkout code
uses: actions/checkout@v2
+ - name: Set up Node.js
+ uses: actions/setup-node@v3
+ with:
+ node-version: '20'
- name: Run tests
- run: ./run-${{ matrix.version }}.sh
+ run: ./run-env-and-tests.sh ${{ matrix.version }} ${{ matrix.env }}
env:
ROR_ACTIVATION_KEY: ${{ secrets.ROR_KBN_LICENSE }}
- name: S3 Upload Videos & show logs
@@ -27,4 +33,5 @@ jobs:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: |
aws configure set region eu-west-1
- aws s3 cp results/videos/ s3://readonlyrest-data/e2e-tests/build_${{ github.run_id }}/${{ matrix.version }}/ --recursive
+ aws s3 cp results/videos/ s3://readonlyrest-data/e2e-tests/build_${{ github.run_id }}/${{ matrix.env }}/${{ matrix.version }}/ --recursive
+
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 7942ae3..24f3d02 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
-.DS_Store
-elk-ror/elk-ror.log
+**/.DS_Store
+.idea
+environments/**/*.log
+environments/**/*.zip
+environments/**/plugins
e2e-tests/node_modules
-plugins/*
results/*
\ No newline at end of file
diff --git a/README.md b/README.md
index c3f16a1..bc7b932 100644
--- a/README.md
+++ b/README.md
@@ -13,11 +13,11 @@ Prerequisites:
To bootstrap a Docker-based test environment (ES with latest ROR + KBN with latest ROR) and run Cypress E2E tests run:
```bash
-$ ./run-8x.sh
+./run-env-and-tests.sh 8.15.2 docker
```
```bash
-$ ./run-7x.sh
+./run-env-and-tests.sh 7.17.24 docker
```
#### Tested environment & E2E tests separately
@@ -26,18 +26,18 @@ You can bootstrap the test env and run tests separately (to not build the ES+KBN
To run the env:
```bash
-$ ./elk-ror/run.sh --es "8.10.0" --kbn "8.10.0"
+./environments/elk-ror/start.sh --es "8.15.0" --kbn "8.15.2"
```
To run tests on the env:
```bash
-$ ./e2e-tests/run.sh "8.10.0"
+$ ./e2e-tests/run-tests.sh "8.15.2"
```
#### Cypress tests in interactive GUI
```bash
-$ cd e2e-tests; yarn cypress open
+$ cd e2e-tests; yarn cypress open --env kibanaVersion=[KBN_VERSION]
```
### In docker isolated environment
@@ -61,7 +61,7 @@ $ ./docker-based-ror-dev-env/runE2ETests7xInDocker.sh
### Test environment
-The test environment is created with the Docker Compose. All code is located in the `elk-ror` folder. Currently, the latest version of ROR is downloaded for the sake of tests. In the future, we are going to improve it and build plugins from sources too.
+The test environment is created with the Docker Compose. All code is located in the `environments/elk-ror` folder. Currently, the latest version of ROR is downloaded for the sake of tests. In the future, we are going to improve it and build plugins from sources too.
### Cypress tests
diff --git a/docker-based-ror-dev-env/runInDocker.sh b/docker-based-ror-dev-env/runInDocker.sh
index c3d8da3..98ac94d 100755
--- a/docker-based-ror-dev-env/runInDocker.sh
+++ b/docker-based-ror-dev-env/runInDocker.sh
@@ -31,9 +31,7 @@ fi
docker run --rm $DIND_OPTIONS $DOCKER_RUN_OPTIONS \
-e ROR_ACTIVATION_KEY="$ROR_ACTIVATION_KEY" \
-v ./../e2e-tests:/app/e2e-tests \
- -v ./../elk-ror:/app/elk-ror \
+ -v ./../enviroments/elk-ror:/app/enviroments/elk-ror \
-v ./../results:/app/results \
- -v ./../run.sh:/app/run.sh \
- -v ./../run-7x.sh:/app/run-7x.sh \
- -v ./../run-8x.sh:/app/run-8x.sh \
+ -v ./../run-env-and-tests.sh:/app/run-env-and-tests.sh \
e2e-tests-dev-env:"$DOCKER_BASED_ROR_DEV_ENV_HASH" "$COMMAND"
diff --git a/docker-based-ror-dev-env/src/processRorEnvCommand.sh b/docker-based-ror-dev-env/src/processRorEnvCommand.sh
index 2b0b766..492ceed 100755
--- a/docker-based-ror-dev-env/src/processRorEnvCommand.sh
+++ b/docker-based-ror-dev-env/src/processRorEnvCommand.sh
@@ -9,10 +9,10 @@ npm i -g yarn
case "$1" in
e2e-tests-7x )
- /app/run-7x.sh
+ /app/run-env-and-tests.sh "7.17.24" "docker"
;;
e2e-tests-8x )
- /app/run-8x.sh
+ /app/run-env-and-tests.sh "8.15.2" "docker"
;;
bash )
bash
diff --git a/e2e-tests/cypress.config.ts b/e2e-tests/cypress.config.ts
index 9ada94f..986a6be 100644
--- a/e2e-tests/cypress.config.ts
+++ b/e2e-tests/cypress.config.ts
@@ -5,9 +5,9 @@ export default defineConfig({
login: 'admin',
password: 'dev',
kibanaVersion: 'KIBANA_VERSION_NOT_SET_YET',
- elasticsearchUrl: 'http://localhost:19200',
+ elasticsearchUrl: 'https://localhost:9200',
enterpriseActivationKey: 'PROVIDE_YOUR_ACTIVATION_KEY',
- kibanaUserCredentials: "kibana:kibana"
+ kibanaUserCredentials: 'kibana:kibana'
},
video: true,
screenshotOnRunFailure: true,
@@ -28,9 +28,9 @@ export default defineConfig({
// You may want to clean this up later by importing these.
setupNodeEvents(on, config) {
// eslint-disable-next-line @typescript-eslint/no-var-requires,global-require
- return require('./cypress/plugins/index.js')(on, config);
+ return require('./cypress/plugins/index.ts')(on, config);
},
- baseUrl: 'http://localhost:5601',
+ baseUrl: 'https://localhost:5601',
videosFolder: '../results/videos',
screenshotsFolder: '../results/screenshots'
}
diff --git a/e2e-tests/cypress/e2e/Activation-keys.cy.ts b/e2e-tests/cypress/e2e/Activation-keys.cy.ts
index a1904cb..e72ada9 100644
--- a/e2e-tests/cypress/e2e/Activation-keys.cy.ts
+++ b/e2e-tests/cypress/e2e/Activation-keys.cy.ts
@@ -11,7 +11,7 @@ describe.skip('Activation key', () => {
afterEach(() => {
cy.kbnPost({
- endpoint: "api/ror/license?overwrite=true",
+ endpoint: 'api/ror/license?overwrite=true',
credentials: userCredentials,
payload: { license: `${Cypress.env().enterpriseActivationKey}` }
});
diff --git a/e2e-tests/cypress/e2e/Direct-kibana-request.cy.ts b/e2e-tests/cypress/e2e/Direct-kibana-request.cy.ts
index 3a97a2c..2b8a5d4 100644
--- a/e2e-tests/cypress/e2e/Direct-kibana-request.cy.ts
+++ b/e2e-tests/cypress/e2e/Direct-kibana-request.cy.ts
@@ -1,60 +1,58 @@
import * as semver from 'semver';
import { getKibanaVersion, userCredentials } from '../support/helpers';
import { kbnApiAdvancedClient } from '../support/helpers/KbnApiAdvancedClient';
+import { rorApiClient } from '../support/helpers/RorApiClient';
describe('Direct kibana request', () => {
- const user = 'user1:dev';
+ const user1 = 'user1:dev';
+ const admin = 'admin:dev';
- afterEach(() => {
- const clearDirectKibanaRequestState = () => {
- kbnApiAdvancedClient.deleteSavedObjects(user);
- if (semver.gte(getKibanaVersion(), '8.0.0')) {
- kbnApiAdvancedClient.deleteDataViews(user);
- }
- };
+ beforeEach(() => {
+ clearDirectKibanaRequestState();
+ rorApiClient.configureRorIndexMainSettings('defaultSettings.yaml');
+ });
+ afterEach(() => {
clearDirectKibanaRequestState();
+ rorApiClient.configureRorIndexMainSettings('defaultSettings.yaml');
});
it('should check direct kibana request', () => {
const verifySavedObjects = () => {
- kbnApiAdvancedClient.deleteSavedObjects(user);
+ kbnApiAdvancedClient.deleteSavedObjects(user1);
cy.log('Import saved objects for user1');
cy.kbnImport({
- endpoint: "api/saved_objects/_import?overwrite=true",
- credentials: user,
- filename: 'cypress/fixtures/file.ndjson'
+ endpoint: 'api/saved_objects/_import?overwrite=true',
+ credentials: user1,
+ fixtureFilename: 'file.ndjson'
});
cy.log('Get imported saved objects for user1 Administrators group');
- kbnApiAdvancedClient.getSavedObjects(user).then(result => {
+ kbnApiAdvancedClient.getSavedObjects(user1).then(result => {
expect(result.saved_objects[0].id).equal('my-pattern');
expect(result.saved_objects[1].id).equal('my-dashboard');
- })
+ expect(result.saved_objects).to.have.length(2);
+ });
cy.log('Get imported saved objects for admin Administrators group');
- kbnApiAdvancedClient
- .getSavedObjects(userCredentials)
- .then(result => {
- expect(result.saved_objects[0].id).equal('my-pattern');
- expect(result.saved_objects[1].id).equal('my-dashboard');
- expect(result.saved_objects).to.have.length(2);
- });
+ kbnApiAdvancedClient.getSavedObjects(admin).then(result => {
+ expect(result.saved_objects[0].id).equal('my-pattern');
+ expect(result.saved_objects[1].id).equal('my-dashboard');
+ expect(result.saved_objects).to.have.length(2);
+ });
cy.log('Get imported saved objects for user1 infosec group');
- kbnApiAdvancedClient.getSavedObjects(user, "infosec_group")
- .then(result => {
- const actual = result.saved_objects.some(
- saved_object => saved_object.id === 'my-pattern' || saved_object.id === 'my-dashboard'
- );
- // eslint-disable-next-line no-unused-expressions
- expect(actual).to.be.false;
- });
+ kbnApiAdvancedClient.getSavedObjects(user1, 'infosec_group').then(result => {
+ const actual = result.saved_objects.some(
+ saved_object => saved_object.id === 'my-pattern' || saved_object.id === 'my-dashboard'
+ );
+ expect(actual).to.be.false;
+ });
};
const verifyDataViews = () => {
- kbnApiAdvancedClient.deleteDataViews(user);
+ kbnApiAdvancedClient.deleteDataViews(user1);
cy.log('Create data_views for user1 Administrators group');
kbnApiAdvancedClient.createDataView(
{
@@ -64,17 +62,14 @@ describe('Direct kibana request', () => {
name: 'My Logstash Data View'
}
},
- user
+ user1
);
cy.log('get all data_views for user1 infosec group');
- kbnApiAdvancedClient
- .getDataViews(userCredentials, "infosec_group")
- .then(result => {
- const actual = result.data_view.some(saved_object => saved_object.id === 'logstash');
- // eslint-disable-next-line no-unused-expressions
- expect(actual).to.be.false;
- });
+ kbnApiAdvancedClient.getDataViews(userCredentials, 'infosec_group').then(result => {
+ const actual = result.data_view.some(saved_object => saved_object.id === 'logstash');
+ expect(actual).to.be.false;
+ });
};
verifySavedObjects();
@@ -82,4 +77,13 @@ describe('Direct kibana request', () => {
verifyDataViews();
}
});
+
+ const clearDirectKibanaRequestState = () => {
+ kbnApiAdvancedClient.deleteSavedObjects(user1);
+ kbnApiAdvancedClient.deleteSavedObjects(admin);
+ if (semver.gte(getKibanaVersion(), '8.0.0')) {
+ kbnApiAdvancedClient.deleteDataViews(user1);
+ kbnApiAdvancedClient.deleteDataViews(admin);
+ }
+ };
});
diff --git a/e2e-tests/cypress/e2e/Impersonate.cy.ts b/e2e-tests/cypress/e2e/Impersonate.cy.ts
index 668e7b5..18af499 100644
--- a/e2e-tests/cypress/e2e/Impersonate.cy.ts
+++ b/e2e-tests/cypress/e2e/Impersonate.cy.ts
@@ -1,9 +1,8 @@
import { Login } from '../support/page-objects/Login';
import { Impersonate } from '../support/page-objects/Impersonate';
import { SecuritySettings } from '../support/page-objects/SecuritySettings';
-import { KibanaNavigation } from '../support/page-objects/KibanaNavigation';
import { TestSettings } from '../support/page-objects/TestSettings';
-import { Settings } from '../support/page-objects/Settings';
+import { rorApiClient } from '../support/helpers/RorApiClient';
describe('impersonate', () => {
beforeEach(() => {
@@ -26,6 +25,7 @@ describe('impersonate', () => {
cy.log('should check service lists rendering');
Impersonate.setTestSettingsData();
+
TestSettings.open();
Impersonate.open();
diff --git a/e2e-tests/cypress/e2e/Reporting-index.ts b/e2e-tests/cypress/e2e/Reporting-index.cy.ts
similarity index 78%
rename from e2e-tests/cypress/e2e/Reporting-index.ts
rename to e2e-tests/cypress/e2e/Reporting-index.cy.ts
index 0a360dc..ec767f3 100644
--- a/e2e-tests/cypress/e2e/Reporting-index.ts
+++ b/e2e-tests/cypress/e2e/Reporting-index.cy.ts
@@ -2,13 +2,12 @@ import { Login } from '../support/page-objects/Login';
import { Loader } from '../support/page-objects/Loader';
import { RorMenu } from '../support/page-objects/RorMenu';
import { Discover } from '../support/page-objects/Discover';
-import defaultSettingsData from '../fixtures/defaultSettings.json';
-import reportingSettingsData from '../fixtures/reportingSettings.json';
import { Settings } from '../support/page-objects/Settings';
-describe('Reporting index', () => {
+// todo: the test fails. Please fix me
+describe.skip('Reporting index', () => {
beforeEach(() => {
- Settings.setSettingsData(reportingSettingsData);
+ Settings.setSettingsData('reportingSettings.yaml');
cy.visit(Cypress.config().baseUrl);
cy.on('url:changed', () => {
sessionStorage.setItem('ror:ignoreTrialInfo', 'true');
@@ -19,7 +18,7 @@ describe('Reporting index', () => {
});
afterEach(() => {
- Settings.setSettingsData(defaultSettingsData);
+ Settings.setSettingsData('defaultSettings.yaml');
});
it('should correctly match index pattern when audit index_template contains .reporting', () => {
diff --git a/e2e-tests/cypress/e2e/Sanity-check-ro-kibana-access.cy.ts b/e2e-tests/cypress/e2e/Sanity-check-ro-kibana-access.cy.ts
index 267de7f..cad9cc7 100644
--- a/e2e-tests/cypress/e2e/Sanity-check-ro-kibana-access.cy.ts
+++ b/e2e-tests/cypress/e2e/Sanity-check-ro-kibana-access.cy.ts
@@ -1,9 +1,7 @@
import { Login } from '../support/page-objects/Login';
import { RoAndRoStrictKibanaAccessAssertions } from '../support/page-objects/RoAndRoStrictKibanaAccessAssertions';
-import roSettings from '../fixtures/roSettings.json';
import { Settings } from '../support/page-objects/Settings';
-import defaultSettings from '../fixtures/defaultSettings.json';
-import { kbnApiClient, KbnApiClient } from '../support/helpers/KbnApiClient';
+import { kbnApiClient } from '../support/helpers/KbnApiClient';
import { userCredentials } from '../support/helpers';
describe('sanity check ro kibana access', () => {
@@ -12,11 +10,11 @@ describe('sanity check ro kibana access', () => {
});
afterEach(() => {
- Settings.setSettingsData(defaultSettings);
- kbnApiClient.deleteSampleData("ecommerce", userCredentials, "template_group");
+ Settings.setSettingsData('defaultSettings.yaml');
+ kbnApiClient.deleteSampleData('ecommerce', userCredentials, 'template_group');
});
it('should verify that everything works', () => {
- RoAndRoStrictKibanaAccessAssertions.runAssertions(roSettings);
+ RoAndRoStrictKibanaAccessAssertions.runAssertions('roSettings.yaml');
});
});
diff --git a/e2e-tests/cypress/e2e/Sanity-check-ro_strict-kibana-access.cy.ts b/e2e-tests/cypress/e2e/Sanity-check-ro_strict-kibana-access.cy.ts
index 5885142..d11376c 100644
--- a/e2e-tests/cypress/e2e/Sanity-check-ro_strict-kibana-access.cy.ts
+++ b/e2e-tests/cypress/e2e/Sanity-check-ro_strict-kibana-access.cy.ts
@@ -1,9 +1,7 @@
import { Login } from '../support/page-objects/Login';
import { RoAndRoStrictKibanaAccessAssertions } from '../support/page-objects/RoAndRoStrictKibanaAccessAssertions';
-import roStrictSettings from '../fixtures/roStrictSettings.json';
import { Settings } from '../support/page-objects/Settings';
-import defaultSettings from '../fixtures/defaultSettings.json';
-import { kbnApiClient, KbnApiClient } from '../support/helpers/KbnApiClient';
+import { kbnApiClient } from '../support/helpers/KbnApiClient';
import { userCredentials } from '../support/helpers';
describe('sanity check ro_strict kibana access', () => {
@@ -12,11 +10,11 @@ describe('sanity check ro_strict kibana access', () => {
});
afterEach(() => {
- Settings.setSettingsData(defaultSettings);
- kbnApiClient.deleteSampleData("ecommerce", userCredentials, "template_group");
+ Settings.setSettingsData('defaultSettings.yaml');
+ kbnApiClient.deleteSampleData('ecommerce', userCredentials, 'template_group');
});
it('should verify that everything works', () => {
- RoAndRoStrictKibanaAccessAssertions.runAssertions(roStrictSettings);
+ RoAndRoStrictKibanaAccessAssertions.runAssertions('roStrictSettings.yaml');
});
});
diff --git a/e2e-tests/cypress/e2e/Sanity-check.cy.ts b/e2e-tests/cypress/e2e/Sanity-check.cy.ts
index 2a8d879..6cee287 100644
--- a/e2e-tests/cypress/e2e/Sanity-check.cy.ts
+++ b/e2e-tests/cypress/e2e/Sanity-check.cy.ts
@@ -12,14 +12,14 @@ import { SampleData } from '../support/helpers/SampleData';
describe('sanity check', () => {
beforeEach(() => {
- SampleData.createSampleData("sample_index", 1)
+ SampleData.createSampleData('sample_index', 1);
Login.initialization();
});
afterEach(() => {
- esApiAdvancedClient.deleteIndex("sample_index");
- kbnApiAdvancedClient.deleteSavedObjects("admin:dev");
- kbnApiAdvancedClient.deleteSavedObjects("admin:dev", "infosec_group")
+ esApiAdvancedClient.deleteIndex('sample_index');
+ kbnApiAdvancedClient.deleteSavedObjects('admin:dev');
+ kbnApiAdvancedClient.deleteSavedObjects('admin:dev', 'infosec_group');
esApiAdvancedClient.pruneAllReportingIndices();
});
diff --git a/e2e-tests/cypress/e2e/Saved-objects.cy.ts b/e2e-tests/cypress/e2e/Saved-objects.cy.ts
index 2a098f0..ca0debb 100644
--- a/e2e-tests/cypress/e2e/Saved-objects.cy.ts
+++ b/e2e-tests/cypress/e2e/Saved-objects.cy.ts
@@ -11,7 +11,7 @@ describe('Saved objects', () => {
});
afterEach(() => {
- kbnApiAdvancedClient.deleteSavedObjects("admin:dev");
+ kbnApiAdvancedClient.deleteSavedObjects('admin:dev');
});
it('should display saved objects list', () => {
diff --git a/e2e-tests/cypress/fixtures/defaultSettings.json b/e2e-tests/cypress/fixtures/defaultSettings.json
deleted file mode 100644
index 8128f51..0000000
--- a/e2e-tests/cypress/fixtures/defaultSettings.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "settings": "helpers:\n cr: &common-rules\n kibana_access: rw\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: \".kibana_@{acl:current_group}\"\n\n ag: &all-groups\n groups:\n - id: admins_group\n name: administrators\n - id: infosec_group\n name: infosec\n - id: template_group\n name: template\n\n\nreadonlyrest:\n response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin\n prompt_for_basic_auth: false\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'readonlyrest_audit_'yyyy-MM-dd\"\n serializer: tech.beshu.ror.requestcontext.QueryAuditLogSerializer\n\n access_control_rules:\n - name: KIBANA_SERVER\n auth_key: kibana:kibana\n verbosity: error\n\n - name: PERSONAL_GRP\n groups: [ Personal ]\n <<: *common-rules\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n <<: *common-rules\n kibana_access: admin\n\n # - name: infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec_group\n # verbosity: error\n\n - name: infosec\n groups: [ infosec_group ]\n <<: *common-rules\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n\n - name: Template Tenancy\n groups: [ template_group ]\n <<: *common-rules\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n <<: *all-groups\n\n - username: user1\n auth_key: user1:dev\n <<: *all-groups\n\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n"
-}
diff --git a/e2e-tests/cypress/fixtures/defaultSettings.yaml b/e2e-tests/cypress/fixtures/defaultSettings.yaml
new file mode 100644
index 0000000..2a54a74
--- /dev/null
+++ b/e2e-tests/cypress/fixtures/defaultSettings.yaml
@@ -0,0 +1,73 @@
+helpers:
+ cr: &common-rules
+ kibana_access: rw
+ kibana_hide_apps: ["Enterprise Search|Overview", "Observability"]
+ kibana_index: ".kibana_@{acl:current_group}"
+
+ ag: &all-groups
+ groups:
+ - id: admins_group
+ name: administrators
+ - id: infosec_group
+ name: infosec
+ - id: template_group
+ name: template
+
+readonlyrest:
+ response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
+ prompt_for_basic_auth: false
+
+ audit:
+ enabled: true
+ outputs:
+ - type: index
+ index_template: "'readonlyrest_audit_'yyyy-MM-dd"
+
+ access_control_rules:
+
+ - name: "Kibana service account - user/pass"
+ verbosity: error
+ auth_key: kibana:kibana
+
+ - name: PERSONAL_GRP
+ groups: [Personal]
+ <<: *common-rules
+ kibana_index: ".kibana_@{user}"
+
+ - name: ADMIN_GRP
+ groups: [admins_group]
+ <<: *common-rules
+ kibana_access: admin
+
+ - name: infosec
+ groups: [infosec_group]
+ <<: *common-rules
+ kibana_hide_apps:
+ ["Enterprise Search|Overview", "Observability", "Management"]
+
+ - name: Template Tenancy
+ groups: [template_group]
+ <<: *common-rules
+
+ - name: "ReadonlyREST Enterprise instance #1"
+ kibana_index: ".kibana_external_auth"
+ ror_kbn_auth:
+ name: "kbn1"
+
+ users:
+ - username: admin
+ auth_key: admin:dev
+ <<: *all-groups
+
+ - username: user1
+ auth_key: user1:dev
+ <<: *all-groups
+
+ ror_kbn:
+ - name: kbn1
+ signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf"
+
+ impersonation:
+ - impersonator: admin
+ users: ["*"]
+ auth_key: admin:dev
diff --git a/e2e-tests/cypress/fixtures/reportingSettings.json b/e2e-tests/cypress/fixtures/reportingSettings.json
deleted file mode 100644
index 80d9032..0000000
--- a/e2e-tests/cypress/fixtures/reportingSettings.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "settings": "helpers:\n cr: &common-rules\n kibana_access: rw\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: \".kibana_@{acl:current_group}\"\n\n ag: &all-groups\n groups:\n - id: admins_group\n name: administrators\n - id: infosec_group\n name: infosec\n - id: template_group\n name: template\n\n\nreadonlyrest:\n response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin\n prompt_for_basic_auth: false\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'xxx.reporting-'YYYY-MM\"\n serializer: tech.beshu.ror.requestcontext.QueryAuditLogSerializer\n\n access_control_rules:\n - name: KIBANA_SERVER\n auth_key: kibana:kibana\n verbosity: error\n\n - name: PERSONAL_GRP\n groups: [ personal_group ]\n <<: *common-rules\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n <<: *common-rules\n kibana_access: admin\n\n # - name: infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec\n # verbosity: error\n\n - name: infosec\n groups: [ infosec_group ]\n <<: *common-rules\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n\n - name: Template Tenancy\n groups: [ template_group ]\n <<: *common-rules\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n <<: *all-groups\n\n - username: user1\n auth_key: user1:dev\n <<: *all-groups\n\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n"
-}
diff --git a/e2e-tests/cypress/fixtures/reportingSettings.yaml b/e2e-tests/cypress/fixtures/reportingSettings.yaml
new file mode 100644
index 0000000..d4f21a4
--- /dev/null
+++ b/e2e-tests/cypress/fixtures/reportingSettings.yaml
@@ -0,0 +1,72 @@
+helpers:
+ cr: &common-rules
+ kibana_access: rw
+ kibana_hide_apps: ["Enterprise Search|Overview", "Observability"]
+ kibana_index: ".kibana_@{acl:current_group}"
+
+ ag: &all-groups
+ groups:
+ - id: admins_group
+ name: administrators
+ - id: infosec_group
+ name: infosec
+ - id: template_group
+ name: template
+
+readonlyrest:
+ response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
+ prompt_for_basic_auth: false
+ audit:
+ enabled: true
+ outputs:
+ - type: index
+ index_template: "'xxx.reporting-'YYYY-MM"
+
+ access_control_rules:
+
+ - name: "Kibana service account - user/pass"
+ verbosity: error
+ auth_key: kibana:kibana
+
+ - name: PERSONAL_GRP
+ groups: [personal_group]
+ <<: *common-rules
+ kibana_index: ".kibana_@{user}"
+
+ - name: ADMIN_GRP
+ groups: [admins_group]
+ <<: *common-rules
+ kibana_access: admin
+
+ - name: infosec
+ groups: [infosec_group]
+ <<: *common-rules
+ kibana_hide_apps:
+ ["Enterprise Search|Overview", "Observability", "Management"]
+
+ - name: Template Tenancy
+ groups: [template_group]
+ <<: *common-rules
+
+ - name: "ReadonlyREST Enterprise instance #1"
+ kibana_index: ".kibana_external_auth"
+ ror_kbn_auth:
+ name: "kbn1"
+
+ users:
+ - username: admin
+ auth_key: admin:dev
+ <<: *all-groups
+
+ - username: user1
+ auth_key: user1:dev
+ <<: *all-groups
+
+ ror_kbn:
+ - name: kbn1
+ signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf"
+
+ impersonation:
+ - impersonator: admin
+ users: ["*"]
+ auth_key: admin:dev
diff --git a/e2e-tests/cypress/fixtures/roSettings.json b/e2e-tests/cypress/fixtures/roSettings.json
deleted file mode 100644
index 20e5716..0000000
--- a/e2e-tests/cypress/fixtures/roSettings.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "settings": "helpers:\n cr: &common-rules\n kibana_access: ro\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: \".kibana_@{acl:current_group}\"\n\n ag: &all-groups\n groups:\n - id: admins_group\n name: administrators\n - id: infosec_group\n name: infosec\n - id: template_group\n name: template\n\n\nreadonlyrest:\n response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin\n prompt_for_basic_auth: false\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'readonlyrest_audit_'yyyy-MM-dd\"\n serializer: tech.beshu.ror.requestcontext.QueryAuditLogSerializer\n\n access_control_rules:\n - name: KIBANA_SERVER\n auth_key: kibana:kibana\n verbosity: error\n\n - name: PERSONAL_GRP\n groups: [ personal_group ]\n <<: *common-rules\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n <<: *common-rules\n kibana_access: admin\n\n # - name: infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec\n # verbosity: error\n\n - name: infosec\n groups: [ infosec_group ]\n <<: *common-rules\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n\n - name: Template Tenancy\n groups: [ template_group ]\n <<: *common-rules\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n <<: *all-groups\n\n - username: user1\n auth_key: user1:dev\n <<: *all-groups\n\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n"
-}
diff --git a/e2e-tests/cypress/fixtures/roSettings.yaml b/e2e-tests/cypress/fixtures/roSettings.yaml
new file mode 100644
index 0000000..b878440
--- /dev/null
+++ b/e2e-tests/cypress/fixtures/roSettings.yaml
@@ -0,0 +1,73 @@
+helpers:
+ cr: &common-rules
+ kibana_access: ro
+ kibana_hide_apps: ["Enterprise Search|Overview", "Observability"]
+ kibana_index: ".kibana_@{acl:current_group}"
+
+ ag: &all-groups
+ groups:
+ - id: admins_group
+ name: administrators
+ - id: infosec_group
+ name: infosec
+ - id: template_group
+ name: template
+
+readonlyrest:
+ response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
+ prompt_for_basic_auth: false
+
+ audit:
+ enabled: true
+ outputs:
+ - type: index
+ index_template: "'readonlyrest_audit_'yyyy-MM-dd"
+
+ access_control_rules:
+
+ - name: "Kibana service account - user/pass"
+ verbosity: error
+ auth_key: kibana:kibana
+
+ - name: PERSONAL_GRP
+ groups: [personal_group]
+ <<: *common-rules
+ kibana_index: ".kibana_@{user}"
+
+ - name: ADMIN_GRP
+ groups: [admins_group]
+ <<: *common-rules
+ kibana_access: admin
+
+ - name: infosec
+ groups: [infosec_group]
+ <<: *common-rules
+ kibana_hide_apps:
+ ["Enterprise Search|Overview", "Observability", "Management"]
+
+ - name: Template Tenancy
+ groups: [template_group]
+ <<: *common-rules
+
+ - name: "ReadonlyREST Enterprise instance #1"
+ kibana_index: ".kibana_external_auth"
+ ror_kbn_auth:
+ name: "kbn1"
+
+ users:
+ - username: admin
+ auth_key: admin:dev
+ <<: *all-groups
+
+ - username: user1
+ auth_key: user1:dev
+ <<: *all-groups
+
+ ror_kbn:
+ - name: kbn1
+ signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf"
+
+ impersonation:
+ - impersonator: admin
+ users: ["*"]
+ auth_key: admin:dev
diff --git a/e2e-tests/cypress/fixtures/roStrictSettings.json b/e2e-tests/cypress/fixtures/roStrictSettings.json
deleted file mode 100644
index 1049a08..0000000
--- a/e2e-tests/cypress/fixtures/roStrictSettings.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
- "settings": "helpers:\n cr: &common-rules\n kibana_access: ro\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: \".kibana_@{acl:current_group}\"\n\n ag: &all-groups\n groups:\n - id: admins_group\n name: administrators\n - id: infosec_group\n name: infosec\n - id: template_group\n name: template\n\n\nreadonlyrest:\n response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin\n prompt_for_basic_auth: false\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'readonlyrest_audit'-yyyy-MM-dd\"\n serializer: tech.beshu.ror.requestcontext.QueryAuditLogSerializer\n\n access_control_rules:\n - name: KIBANA_SERVER\n auth_key: kibana:kibana\n verbosity: error\n\n - name: PERSONAL_GRP\n groups: [ personal_group ]\n <<: *common-rules\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n <<: *common-rules\n kibana_access: admin\n\n # - name: infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec\n # verbosity: error\n\n - name: infosec\n groups: [ infosec_group ]\n <<: *common-rules\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n\n - name: Template Tenancy\n groups: [ template_group ]\n <<: *common-rules\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n <<: *all-groups\n\n - username: user1\n auth_key: user1:dev\n <<: *all-groups\n\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n"
-}
diff --git a/e2e-tests/cypress/fixtures/roStrictSettings.yaml b/e2e-tests/cypress/fixtures/roStrictSettings.yaml
new file mode 100644
index 0000000..fa29368
--- /dev/null
+++ b/e2e-tests/cypress/fixtures/roStrictSettings.yaml
@@ -0,0 +1,72 @@
+helpers:
+ cr: &common-rules
+ kibana_access: ro
+ kibana_hide_apps: ["Enterprise Search|Overview", "Observability"]
+ kibana_index: ".kibana_@{acl:current_group}"
+
+ ag: &all-groups
+ groups:
+ - id: admins_group
+ name: administrators
+ - id: infosec_group
+ name: infosec
+ - id: template_group
+ name: template
+
+readonlyrest:
+ response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
+ prompt_for_basic_auth: false
+ audit:
+ enabled: true
+ outputs:
+ - type: index
+ index_template: "'readonlyrest_audit_'yyyy-MM-dd"
+
+ access_control_rules:
+
+ - name: "Kibana service account - user/pass"
+ verbosity: error
+ auth_key: kibana:kibana
+
+ - name: PERSONAL_GRP
+ groups: [personal_group]
+ <<: *common-rules
+ kibana_index: ".kibana_@{user}"
+
+ - name: ADMIN_GRP
+ groups: [admins_group]
+ <<: *common-rules
+ kibana_access: admin
+
+ - name: infosec
+ groups: [infosec_group]
+ <<: *common-rules
+ kibana_hide_apps:
+ ["Enterprise Search|Overview", "Observability", "Management"]
+
+ - name: Template Tenancy
+ groups: [template_group]
+ <<: *common-rules
+
+ - name: "ReadonlyREST Enterprise instance #1"
+ kibana_index: ".kibana_external_auth"
+ ror_kbn_auth:
+ name: "kbn1"
+
+ users:
+ - username: admin
+ auth_key: admin:dev
+ <<: *all-groups
+
+ - username: user1
+ auth_key: user1:dev
+ <<: *all-groups
+
+ ror_kbn:
+ - name: kbn1
+ signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf"
+
+ impersonation:
+ - impersonator: admin
+ users: ["*"]
+ auth_key: admin:dev
diff --git a/e2e-tests/cypress/fixtures/testSettings.json b/e2e-tests/cypress/fixtures/testSettings.json
deleted file mode 100644
index a341ea8..0000000
--- a/e2e-tests/cypress/fixtures/testSettings.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "settings": "readonlyrest:\n prompt_for_basic_auth: false\n audit:\n enabled: true\n outputs:\n - type: index\n index_template: \"'roraudit.reporting'-yyyy-MM\"\n access_control_rules:\n - name: \"::Tweets1::\"\n methods: [GET, POST]\n indices: [\"twitter\", \".kibana\"]\n proxy_auth:\n proxy_auth_config: \"proxy1\"\n users: [\"kibana\"]\n groups_provider_authorization:\n user_groups_provider: \"ACME2 External Authentication Service\"\n groups: [\"group3\"]\n\n - name: \"::Facebook2 posts::\"\n methods: [GET, POST]\n indices: [\"facebook\", \".kibana\"]\n proxy_auth:\n proxy_auth_config: \"proxy1\"\n users: [\"kibana\"]\n groups_provider_authorization:\n user_groups_provider: \"ACME2 External Authentication Service\"\n groups: [\"group1\"]\n cache_ttl_in_sec: 60\n\n - name: \"::Tweets::\"\n methods: [GET, POST]\n indices: [\"twitter\", \".kibana\"]\n external_authentication: \"ACME1 External Authorization Service\"\n\n - name: Accept requests to index2 from users with valid LDAP credentials, belonging to LDAP group 'team2'\n ldap_authentication: LDAP 1\n ldap_authorization:\n name: \"LDAP 1\"\n groups: [\"group3\"]\n\n - name: KIBANA_SERVER\n auth_key: kibana:kibana\n verbosity: error\n\n - name: PERSONAL_GRP\n groups: [ personal_group ]\n kibana_access: rw\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: '.kibana_@{user}'\n\n - name: ADMIN_GRP\n groups: [ admins_group ]\n kibana_access: admin\n kibana_hide_apps: [ \"Security\", \"Enterprise Search|Overview\", \"Observability\" ]\n kibana_index: '.kibana_admins'\n\n # - name: Infosec4search\n # groups: [ infosec_group ]\n # indices: [\"readonlyrest_audit*\"]\n # #filter: '{\"bool\": { \"must_not\": { \"match\": { \"type\": \"xxxx\" }}}}'\n # kibana_index: .kibana_infosec\n # verbosity: error\n\n - name: INFOSEC_GRP\n groups: [ infosec_group ]\n kibana_access: rw\n kibana_hide_apps: [ \"Enterprise Search|Overview\", \"Observability\", \"Management\" ]\n kibana_index: .kibana_infosec\n\n - name: Template Tenancy\n groups: [ template_group ]\n kibana_access: admin\n kibana_index: \".kibana_template\"\n\n - name: \"ReadonlyREST Enterprise instance #1\"\n kibana_index: \".kibana_external_auth\"\n ror_kbn_auth:\n name: \"kbn1\"\n\n # USERS TO GROUPS ############\n users:\n - username: admin\n auth_key: admin:dev\n groups:\n - id: admins_group\n name: Administrators\n - id: infosec_group\n name: Infosec\n - id: Template\n name: Template\n\n - username: user1\n auth_key: user1:dev\n groups:\n - id: admins_group\n name: Administrators\n - id: personal_group\n name: Personal\n - id: infosec_group\n name: Infosec\n\n - username: new_user\n auth_key: new_user:dev\n groups:\n - id: admins_group\n name: Administrators\n - id: personal_group\n name: Personal\n - id: infosec_group\n name: Infosec\n\n - username: 'wildcard_user#*'\n groups:\n - g1: group1\n ldap_auth:\n name: \"LDAP 1\"\n groups: [\"group1\"]\n ror_kbn:\n - name: kbn1\n signature_key: \"9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf\"\n\n impersonation:\n - impersonator: admin\n users: [\"*\"]\n auth_key: admin:dev\n ldaps:\n\n - name: LDAP 1\n host: \"ldap1.example.com\"\n port: 389\n ssl_enabled: false\n ssl_trust_all_certs: true\n ignore_ldap_connectivity_problems: true\n bind_dn: \"cn=admin,dc=example,dc=com\"\n bind_password: \"password\"\n search_user_base_DN: \"ou=People,dc=example,dc=com\"\n user_id_attribute: \"uid\"\n search_groups_base_DN: \"ou=Groups,dc=example,dc=com\"\n unique_member_attribute: \"uniqueMember\"\n connection_pool_size: 10\n connection_timeout: 10s\n request_timeout: 10s\n cache_ttl: 60s\n group_search_filter: \"(objectClass=group)(cn=application*)\"\n group_name_attribute: \"cn\"\n circuit_breaker:\n max_retries: 2\n reset_duration: 5s\n external_authentication_service_configs:\n - name: \"ACME1 External Authorization Service\"\n authentication_endpoint: \"http://external-website1:8080/auth1\"\n success_status_code: 200\n cache_ttl_in_sec: 60\n validate: false # SSL certificate validation (default to true)\n\n proxy_auth_configs:\n\n - name: \"proxy1\"\n user_id_header: \"X-Auth-Token\" # default X-Forwarded-User\n\n user_groups_providers:\n - name: ACME2 External Authentication Service\n groups_endpoint: \"http://localhost:8080/groups\"\n auth_token_name: \"token\"\n auth_token_passed_as: QUERY_PARAM # HEADER OR QUERY_PARAM\n response_groups_json_path: \"$..groups[?(@.id)].id\" # see: https://github.com/json-path/JsonPath\n cache_ttl_in_sec: 60\n http_connection_settings:\n connection_timeout_in_sec: 5 # default 2\n socket_timeout_in_sec: 3 # default 5\n connection_request_timeout_in_sec: 3 # default 5\n connection_pool_size: 10 # default 30\n",
- "ttl": "30 minutes"
-}
diff --git a/e2e-tests/cypress/fixtures/testSettings.yaml b/e2e-tests/cypress/fixtures/testSettings.yaml
new file mode 100644
index 0000000..cf3e221
--- /dev/null
+++ b/e2e-tests/cypress/fixtures/testSettings.yaml
@@ -0,0 +1,164 @@
+readonlyrest:
+ prompt_for_basic_auth: false
+
+ audit:
+ enabled: true
+ outputs:
+ - type: index
+ index_template: "'roraudit.reporting'-yyyy-MM"
+
+ access_control_rules:
+
+ - name: "::Tweets1::"
+ methods: [GET, POST]
+ indices: ["twitter", ".kibana"]
+ proxy_auth:
+ proxy_auth_config: "proxy1"
+ users: ["kibana"]
+ groups_provider_authorization:
+ user_groups_provider: "ACME2 External Authentication Service"
+ groups: ["group3"]
+
+ - name: "::Facebook2 posts::"
+ methods: [GET, POST]
+ indices: ["facebook", ".kibana"]
+ proxy_auth:
+ proxy_auth_config: "proxy1"
+ users: ["kibana"]
+ groups_provider_authorization:
+ user_groups_provider: "ACME2 External Authentication Service"
+ groups: ["group1"]
+ cache_ttl_in_sec: 60
+
+ - name: "::Tweets::"
+ methods: [GET, POST]
+ indices: ["twitter", ".kibana"]
+ external_authentication: "ACME1 External Authorization Service"
+
+ - name: Accept requests to index2 from users with valid LDAP credentials, belonging to LDAP group 'team2'
+ ldap_authentication: LDAP 1
+ ldap_authorization:
+ name: "LDAP 1"
+ groups: ["group3"]
+
+ - name: PERSONAL_GRP
+ groups: [ personal_group ]
+ kibana_access: rw
+ kibana_hide_apps: [ "Enterprise Search|Overview", "Observability" ]
+ kibana_index: '.kibana_@{user}'
+
+ - name: ADMIN_GRP
+ groups: [ admins_group ]
+ kibana_access: admin
+ kibana_hide_apps: [ "Security", "Enterprise Search|Overview", "Observability" ]
+ kibana_index: '.kibana_admins'
+
+ - name: INFOSEC_GRP
+ groups: [ infosec_group ]
+ kibana_access: rw
+ kibana_hide_apps: [ "Enterprise Search|Overview", "Observability", "Management" ]
+ kibana_index: .kibana_infosec
+
+ - name: Template Tenancy
+ groups: [ template_group ]
+ kibana_access: admin
+ kibana_index: ".kibana_template"
+
+ - name: "ReadonlyREST Enterprise instance #1"
+ kibana_index: ".kibana_external_auth"
+ ror_kbn_auth:
+ name: "kbn1"
+
+ users:
+ - username: admin
+ auth_key: admin:dev
+ groups:
+ - id: admins_group
+ name: Administrators
+ - id: infosec_group
+ name: Infosec
+ - id: Template
+ name: Template
+
+ - username: user1
+ auth_key: user1:dev
+ groups:
+ - id: admins_group
+ name: Administrators
+ - id: personal_group
+ name: Personal
+ - id: infosec_group
+ name: Infosec
+
+ - username: new_user
+ auth_key: new_user:dev
+ groups:
+ - id: admins_group
+ name: Administrators
+ - id: personal_group
+ name: Personal
+ - id: infosec_group
+ name: Infosec
+
+ - username: 'wildcard_user#*'
+ groups:
+ - g1: group1
+ ldap_auth:
+ name: "LDAP 1"
+ groups: ["group1"]
+
+ ror_kbn:
+ - name: kbn1
+ signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf"
+
+ impersonation:
+ - impersonator: admin
+ users: ["*"]
+ auth_key: admin:dev
+
+ ldaps:
+ - name: LDAP 1
+ host: "ldap1.example.com"
+ port: 389
+ ssl_enabled: false
+ ssl_trust_all_certs: true
+ ignore_ldap_connectivity_problems: true
+ bind_dn: "cn=admin,dc=example,dc=com"
+ bind_password: "password"
+ search_user_base_DN: "ou=People,dc=example,dc=com"
+ user_id_attribute: "uid"
+ search_groups_base_DN: "ou=Groups,dc=example,dc=com"
+ unique_member_attribute: "uniqueMember"
+ connection_pool_size: 10
+ connection_timeout: 10s
+ request_timeout: 10s
+ cache_ttl: 60s
+ group_search_filter: "(objectClass=group)(cn=application*)"
+ group_name_attribute: "cn"
+ circuit_breaker:
+ max_retries: 2
+ reset_duration: 5s
+
+ external_authentication_service_configs:
+ - name: "ACME1 External Authorization Service"
+ authentication_endpoint: "http://external-website1:8080/auth1"
+ success_status_code: 200
+ cache_ttl_in_sec: 60
+ validate: false
+
+ proxy_auth_configs:
+ - name: "proxy1"
+ user_id_header: "X-Auth-Token"
+
+ user_groups_providers:
+ - name: ACME2 External Authentication Service
+ groups_endpoint: "http://localhost:8080/groups"
+ auth_token_name: "token"
+ auth_token_passed_as: QUERY_PARAM
+ response_groups_json_path: "$..groups[?(@.id)].id"
+ cache_ttl_in_sec: 60
+ http_connection_settings:
+ connection_timeout_in_sec: 5
+ socket_timeout_in_sec: 3
+ connection_request_timeout_in_sec: 3
+ connection_pool_size: 10
diff --git a/e2e-tests/cypress/plugins/index.js b/e2e-tests/cypress/plugins/index.js
deleted file mode 100644
index 59b2bab..0000000
--- a/e2e-tests/cypress/plugins/index.js
+++ /dev/null
@@ -1,22 +0,0 @@
-///
-// ***********************************************************
-// This example plugins/index.js can be used to load plugins
-//
-// You can change the location of this file or turn off loading
-// the plugins file with the 'pluginsFile' configuration option.
-//
-// You can read more here:
-// https://on.cypress.io/plugins-guide
-// ***********************************************************
-
-// This function is called when a project is opened or re-opened (e.g. due to
-// the project's config changing)
-
-/**
- * @type {Cypress.PluginConfig}
- */
-// eslint-disable-next-line no-unused-vars
-module.exports = (on, config) => {
- // `on` is used to hook into various events Cypress emits
- // `config` is the resolved Cypress config
-}
diff --git a/e2e-tests/cypress/plugins/index.ts b/e2e-tests/cypress/plugins/index.ts
new file mode 100644
index 0000000..0ee91d4
--- /dev/null
+++ b/e2e-tests/cypress/plugins/index.ts
@@ -0,0 +1,107 @@
+import { Agent } from 'https';
+import fetch, { Response } from 'node-fetch';
+import FormData from 'form-data';
+
+module.exports = (on: Cypress.PluginEvents, config: Cypress.PluginConfigOptions) => {
+ on('task', {
+ async httpCall(options: HttpCallOptions): Promise {
+ const { method, url, headers, body } = options;
+
+ const agent: Agent = new Agent({
+ rejectUnauthorized: false,
+ secureProtocol: 'TLSv1_2_method'
+ });
+
+ try {
+ const response: Response = await fetch(url, { method, headers, body, agent });
+
+ if (!response.ok) {
+ throw new Error(
+ `HTTP error: ${method} ${url}: HTTP STATUS ${response.status}; Body: ${await response.text()}`
+ );
+ }
+
+ const contentType = response.headers.get('content-type') || '';
+ const data = contentType.includes('application/json') ? await response.json() : await response.text();
+
+ console.log(`Response: ${method} ${url}: HTTP STATUS ${response.status}; Body: ${data}`);
+ return data;
+ } catch (error) {
+ console.error('HTTP Request failed:', {
+ error: (error as Error).message,
+ url,
+ method,
+ headers,
+ body
+ });
+ throw error;
+ }
+ },
+ async uploadFile(options: UploadFileOptions): Promise {
+ const { url, headers, file } = options;
+
+ const agent: Agent = new Agent({
+ rejectUnauthorized: false,
+ secureProtocol: 'TLSv1_2_method'
+ });
+
+ const form = new FormData();
+ form.append('file', file.fileBinaryContent, {
+ filename: file.fileName,
+ contentType: 'application/octet-stream'
+ });
+
+ const combinedHeaders: { [key: string]: string } = {
+ ...headers,
+ ...form.getHeaders()
+ };
+
+ const method = 'POST';
+
+ try {
+ const response: Response = await fetch(url, {
+ method,
+ headers: combinedHeaders,
+ body: form,
+ agent
+ });
+
+ if (!response.ok) {
+ throw new Error(`HTTP error! Status: ${response.status} | URL: ${url} | Body: ${await response.text()}`);
+ }
+
+ const contentType = response.headers.get('content-type') || '';
+ const data = contentType.includes('application/json') ? await response.json() : await response.text();
+
+ console.log(`Response: ${method} ${url}: HTTP STATUS ${response.status}; Body: ${data}`);
+ return data;
+ } catch (error) {
+ console.error('HTTP Request failed:', {
+ error: (error as Error).message,
+ url,
+ combinedHeaders,
+ file
+ });
+ throw error;
+ }
+ }
+ });
+};
+
+interface HttpCallOptions {
+ method: string;
+ url: string;
+ headers?: { [key: string]: string };
+ body: string | null;
+}
+
+interface FileToUpload {
+ fileName: string;
+ fileBinaryContent: any;
+}
+
+interface UploadFileOptions {
+ url: string;
+ headers?: { [key: string]: string };
+ file: FileToUpload;
+}
diff --git a/e2e-tests/cypress/support/commands.ts b/e2e-tests/cypress/support/commands.ts
index b6e4837..a7f4ee4 100644
--- a/e2e-tests/cypress/support/commands.ts
+++ b/e2e-tests/cypress/support/commands.ts
@@ -1,121 +1,135 @@
import '@testing-library/cypress/add-commands';
-import { isJsonString } from './helpers';
Cypress.Commands.add('kbnPost', ({ endpoint, credentials, payload, currentGroupHeader }, ...args) => {
- const payloadCurlPart = `-H "Content-Type: application/json" -d ${JSON.stringify(JSON.stringify(payload || {}))}`
cy.kbnRequest({
- method: "POST",
+ method: 'POST',
endpoint: endpoint,
credentials: credentials,
- options: currentGroupHeader ? `${payloadCurlPart} -H "x-ror-current-group: ${currentGroupHeader}"` : payloadCurlPart
- })
+ payload: payload,
+ currentGroupHeader: currentGroupHeader
+ });
});
-Cypress.Commands.add('esPost', ({ endpoint, credentials, payload }, ...args) =>
+Cypress.Commands.add('esPost', ({ endpoint, credentials, payload }, ...args) =>
cy.esRequest({
- method: "POST",
+ method: 'POST',
endpoint: endpoint,
credentials: credentials,
- options: `-H "Content-Type: application/json" -d ${JSON.stringify(JSON.stringify(payload || {}))}`
+ payload: payload
})
);
-Cypress.Commands.add('kbnPut', ({ endpoint, credentials, payload }, ...args) =>
+Cypress.Commands.add('kbnPut', ({ endpoint, credentials, payload }, ...args) =>
cy.kbnRequest({
- method: "PUT",
+ method: 'PUT',
endpoint: endpoint,
credentials: credentials,
- options: `-H "Content-Type: application/json" -d ${JSON.stringify(JSON.stringify(payload || {}))}`
+ payload: payload
})
);
-Cypress.Commands.add('esPut', ({ endpoint, credentials, payload }, ...args) =>
+Cypress.Commands.add('esPut', ({ endpoint, credentials, payload }, ...args) =>
cy.esRequest({
- method: "PUT",
+ method: 'PUT',
endpoint: endpoint,
credentials: credentials,
- options: `-H "Content-Type: application/json" -d ${JSON.stringify(JSON.stringify(payload || {}))}`
+ payload: payload
})
);
-Cypress.Commands.add(
- 'kbnImport',
- ({ endpoint, credentials, filename }, ...args) =>
- cy.kbnRequest({
- method: "POST",
- endpoint: endpoint,
- credentials: credentials,
- options: `--form file=@${filename}`
- })
+Cypress.Commands.add('kbnImport', ({ endpoint, credentials, fixtureFilename }, ...args) =>
+ uploadFile(`${Cypress.config().baseUrl}/${endpoint}`, credentials, fixtureFilename, { 'kbn-xsrf': 'true' })
);
-Cypress.Commands.add(
- 'kbnGet',
- ({ endpoint, credentials, currentGroupHeader }, ...args) =>
- cy.kbnRequest({
- method: "GET",
- endpoint: endpoint,
- credentials: credentials,
- options: currentGroupHeader ? `-H "x-ror-current-group: ${currentGroupHeader}"` : undefined
- })
-)
-
-Cypress.Commands.add(
- 'esGet',
- ({ endpoint, credentials }, ...args) =>
- cy.esRequest({
- method: "GET",
- endpoint: endpoint,
- credentials: credentials
- })
+Cypress.Commands.add('kbnGet', ({ endpoint, credentials, currentGroupHeader }, ...args) =>
+ cy.kbnRequest({
+ method: 'GET',
+ endpoint: endpoint,
+ credentials: credentials,
+ currentGroupHeader: currentGroupHeader
+ })
);
-Cypress.Commands.add(
- 'kbnDelete',
- ({ endpoint, credentials, currentGroupHeader }, ...args) =>
- cy.kbnRequest({
- method: "DELETE",
- endpoint: endpoint,
- credentials: credentials,
- options: currentGroupHeader ? `-H "x-ror-current-group: ${currentGroupHeader}"` : undefined
- })
+Cypress.Commands.add('esGet', ({ endpoint, credentials }, ...args) =>
+ cy.esRequest({
+ method: 'GET',
+ endpoint: endpoint,
+ credentials: credentials
+ })
);
-Cypress.Commands.add(
- 'esDelete',
- ({ endpoint, credentials }, ...args) =>
- cy.esRequest({
- method: "DELETE",
- endpoint: endpoint,
- credentials: credentials
- })
+Cypress.Commands.add('kbnDelete', ({ endpoint, credentials, currentGroupHeader }, ...args) =>
+ cy.kbnRequest({
+ method: 'DELETE',
+ endpoint: endpoint,
+ credentials: credentials,
+ currentGroupHeader: currentGroupHeader
+ })
);
-Cypress.Commands.add(
- 'kbnRequest',
- ({ method, endpoint, credentials, options}) => {
- const url = `${Cypress.config().baseUrl}/${endpoint}`
- cy
- .exec(`curl -H "kbn-xsrf: true" -v -k -X ${method} "${url}" --user ${credentials} ${options || ""}`)
- .then(result => {
- console.log(url, result);
- return isJsonString(result.stdout) ? JSON.parse(result.stdout) : result.stdout;
- })
- }
+Cypress.Commands.add('esDelete', ({ endpoint, credentials }, ...args) =>
+ cy.esRequest({
+ method: 'DELETE',
+ endpoint: endpoint,
+ credentials: credentials
+ })
);
-Cypress.Commands.add(
- 'esRequest',
- ({ method, endpoint, credentials, options }) => {
- const url = `${Cypress.env().elasticsearchUrl}/${endpoint}`
- cy
- .exec(`curl -H "kbn-xsrf: true" -v -k -X ${method} "${url}" --user ${credentials} ${options || ""}`)
- .then(result => {
- console.log(url, result);
- return isJsonString(result.stdout) ? JSON.parse(result.stdout) : result.stdout;
- })
+Cypress.Commands.add('kbnRequest', ({ method, endpoint, credentials, payload, currentGroupHeader }) => {
+ const customHeaders: { [key: string]: string } = { 'kbn-xsrf': 'true' };
+ if (currentGroupHeader) {
+ customHeaders['x-ror-current-group'] = currentGroupHeader;
}
-);
+ httpCall(method, `${Cypress.config().baseUrl}/${endpoint}`, credentials, payload, customHeaders);
+});
+
+Cypress.Commands.add('esRequest', ({ method, endpoint, credentials, payload }) => {
+ httpCall(method, `${Cypress.env().elasticsearchUrl}/${endpoint}`, credentials, payload);
+});
+
+function httpCall(
+ method: string,
+ url: string,
+ credentials: string,
+ payload?: string | object,
+ headers?: { [key: string]: string }
+): Cypress.Chainable {
+ const options = {
+ method,
+ url,
+ headers: {
+ 'Content-Type': 'application/json',
+ authorization: `Basic ${btoa(credentials)}`,
+ ...headers
+ },
+ body: payload ? JSON.stringify(payload) : null
+ };
+
+ return cy.task('httpCall', options);
+}
+
+function uploadFile(
+ url: string,
+ credentials: string,
+ fixtureFilename: string,
+ headers?: { [key: string]: string }
+): Cypress.Chainable {
+ return cy.fixture(fixtureFilename, 'binary').then(fileContent => {
+ const options = {
+ url,
+ headers: {
+ authorization: `Basic ${btoa(credentials)}`,
+ ...headers
+ },
+ file: {
+ fileName: fixtureFilename,
+ fileBinaryContent: fileContent
+ }
+ };
+
+ return cy.task('uploadFile', options);
+ });
+}
Cypress.on('uncaught:exception', (err, runnable) => {
/**
diff --git a/e2e-tests/cypress/support/e2e.ts b/e2e-tests/cypress/support/e2e.ts
index e149882..17a4ce3 100644
--- a/e2e-tests/cypress/support/e2e.ts
+++ b/e2e-tests/cypress/support/e2e.ts
@@ -24,18 +24,20 @@ declare global {
// eslint-disable-next-line @typescript-eslint/no-namespace
namespace Cypress {
export interface Chainable {
- kbnRequest({ method, endpoint, credentials, options }: { method: string, endpoint: string, credentials: string, options?: string }): Chainable;
+ kbnRequest({ method, endpoint, credentials, payload, currentGroupHeader }: { method: string, endpoint: string, credentials: string, payload?: Payload, currentGroupHeader?: string }): Chainable;
kbnGet({ endpoint, credentials, currentGroupHeader }: { endpoint: string, credentials: string, currentGroupHeader?: string }): Chainable;
- kbnPost({ endpoint, credentials, payload, currentGroupHeader }: { endpoint: string, credentials: string, payload?: unknown, currentGroupHeader?: string }): Chainable;
- kbnPut({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: unknown }): Chainable;
- kbnImport({endpoint, credentials, filename}: {endpoint: string, credentials: string, filename: string}): Chainable;
+ kbnPost({ endpoint, credentials, payload, currentGroupHeader }: { endpoint: string, credentials: string, payload?: Payload, currentGroupHeader?: string }): Chainable;
+ kbnPut({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: Payload }): Chainable;
+ kbnImport({ endpoint, credentials, fixtureFilename }: { endpoint: string, credentials: string, fixtureFilename: string }): Chainable;
kbnDelete({ endpoint, credentials, currentGroupHeader }: { endpoint: string, credentials: string, currentGroupHeader?: string }): Chainable;
- esRequest({ method, endpoint, credentials, options }: { method: string, endpoint: string, credentials: string, options?: string }): Chainable;
+ esRequest({ method, endpoint, credentials, payload }: { method: string, endpoint: string, credentials: string, payload?: Payload }): Chainable;
esGet({ endpoint, credentials }: { endpoint: string, credentials: string }): Chainable;
- esPost({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: unknown }): Chainable;
- esPut({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: unknown }): Chainable;
+ esPost({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: Payload }): Chainable;
+ esPut({ endpoint, credentials, payload }: { endpoint: string, credentials: string, payload?: Payload }): Chainable;
esDelete({ endpoint, credentials }: { endpoint: string, credentials: string }): Chainable;
}
+
+ type Payload = string | object
}
}
diff --git a/e2e-tests/cypress/support/helpers/EsApiAdvancedClient.ts b/e2e-tests/cypress/support/helpers/EsApiAdvancedClient.ts
index 8d34f42..f398d83 100644
--- a/e2e-tests/cypress/support/helpers/EsApiAdvancedClient.ts
+++ b/e2e-tests/cypress/support/helpers/EsApiAdvancedClient.ts
@@ -1,7 +1,6 @@
import { EsApiClient } from './EsApiClient';
export class EsApiAdvancedClient extends EsApiClient {
-
public pruneAllReportingIndices(): void {
cy.log('Pruning all reporting indices...');
this.indices().then(result => {
@@ -14,7 +13,6 @@ export class EsApiAdvancedClient extends EsApiClient {
});
cy.log('Pruning all reporting indices - DONE!');
}
-
}
export const esApiAdvancedClient = new EsApiAdvancedClient();
diff --git a/e2e-tests/cypress/support/helpers/EsApiClient.ts b/e2e-tests/cypress/support/helpers/EsApiClient.ts
index 9c82642..34d02eb 100644
--- a/e2e-tests/cypress/support/helpers/EsApiClient.ts
+++ b/e2e-tests/cypress/support/helpers/EsApiClient.ts
@@ -1,5 +1,4 @@
export class EsApiClient {
-
public deleteIndexDocsByQuery(index: string): void {
cy.esPost({
endpoint: `${index}/_delete_by_query`,
@@ -9,37 +8,36 @@ export class EsApiClient {
match_all: {}
}
}
- })
+ });
}
public refreshIndex(index: string): void {
cy.esPost({
endpoint: `${index}/_refresh`,
- credentials: Cypress.env().kibanaUserCredentials,
- })
+ credentials: Cypress.env().kibanaUserCredentials
+ });
}
public deleteIndex(index: string): void {
cy.esDelete({
endpoint: index,
credentials: Cypress.env().kibanaUserCredentials
- })
+ });
}
- public addDocument(index: string, id: string, doc: unknown): void {
+ public addDocument(index: string, id: string, doc: object): void {
cy.esPost({
endpoint: `${index}/_doc/${id}`,
credentials: Cypress.env().kibanaUserCredentials,
payload: doc
- })
+ });
}
public indices(): Cypress.Chainable {
- return cy
- .esGet({
- endpoint: "_cat/indices?format=json",
- credentials: Cypress.env().kibanaUserCredentials
- })
+ return cy.esGet({
+ endpoint: '_cat/indices?format=json',
+ credentials: Cypress.env().kibanaUserCredentials
+ });
}
}
@@ -47,4 +45,4 @@ export const esApiClient = new EsApiClient();
export interface GetIndices {
index: string;
-}
\ No newline at end of file
+}
diff --git a/e2e-tests/cypress/support/helpers/KbnApiAdvancedClient.ts b/e2e-tests/cypress/support/helpers/KbnApiAdvancedClient.ts
index 435eff3..c5cad3d 100644
--- a/e2e-tests/cypress/support/helpers/KbnApiAdvancedClient.ts
+++ b/e2e-tests/cypress/support/helpers/KbnApiAdvancedClient.ts
@@ -1,7 +1,6 @@
import { KbnApiClient } from './KbnApiClient';
export class KbnApiAdvancedClient extends KbnApiClient {
-
public deleteSavedObjects(credentials: string, group?: string): void {
cy.log(`Get all saved objects for the ${credentials}`);
this.getSavedObjects(credentials, group).then(result => {
@@ -10,7 +9,7 @@ export class KbnApiAdvancedClient extends KbnApiClient {
this.deleteSavedObject(savedObject, credentials, group);
});
});
- };
+ }
public deleteDataViews(credentials: string) {
cy.log(`get all data_views for the ${credentials}`);
@@ -20,8 +19,7 @@ export class KbnApiAdvancedClient extends KbnApiClient {
this.deleteDataView(dataView.id, credentials);
});
});
- };
-
+ }
}
export const kbnApiAdvancedClient = new KbnApiAdvancedClient();
diff --git a/e2e-tests/cypress/support/helpers/KbnApiClient.ts b/e2e-tests/cypress/support/helpers/KbnApiClient.ts
index e50d26a..e8ed98f 100644
--- a/e2e-tests/cypress/support/helpers/KbnApiClient.ts
+++ b/e2e-tests/cypress/support/helpers/KbnApiClient.ts
@@ -1,16 +1,15 @@
export class KbnApiClient {
-
public getDataViews(credentials: string, group?: string): Cypress.Chainable {
return cy.kbnGet({
- endpoint: "api/data_views",
+ endpoint: 'api/data_views',
credentials: credentials,
currentGroupHeader: group
});
}
- public createDataView(dataView: unknown, credentials: string, group?: string): void {
+ public createDataView(dataView: object, credentials: string, group?: string): void {
cy.kbnPost({
- endpoint: "api/data_views/data_view",
+ endpoint: 'api/data_views/data_view',
credentials: credentials,
currentGroupHeader: group,
payload: dataView
@@ -27,7 +26,7 @@ export class KbnApiClient {
public getSavedObjects(credentials: string, group?: string): Cypress.Chainable {
return cy.kbnGet({
- endpoint: "api/saved_objects/_find?type=index-pattern&type=search&type=visualization&type=dashboard&type=config",
+ endpoint: 'api/saved_objects/_find?type=index-pattern&type=search&type=visualization&type=dashboard&type=config',
credentials: credentials,
currentGroupHeader: group
});
@@ -67,4 +66,4 @@ interface SavedObject {
export interface GetObject {
saved_objects: SavedObject[];
-}
\ No newline at end of file
+}
diff --git a/e2e-tests/cypress/support/helpers/RorApiClient.ts b/e2e-tests/cypress/support/helpers/RorApiClient.ts
new file mode 100644
index 0000000..c8155a8
--- /dev/null
+++ b/e2e-tests/cypress/support/helpers/RorApiClient.ts
@@ -0,0 +1,38 @@
+export class RorApiClient {
+ public configureRorIndexMainSettings(fixtureYamlFileName: string): Cypress.Chainable {
+ return cy.fixture(fixtureYamlFileName).then(yamlContent => {
+ cy.esPost({
+ endpoint: '_readonlyrest/admin/config',
+ credentials: Cypress.env().kibanaUserCredentials,
+ payload: {
+ settings: `${yamlContent}`
+ }
+ });
+ });
+ }
+
+ public configureRorIndexTestSettings(fixtureYamlFileName: string, ttlInSeconds: number): Cypress.Chainable {
+ return cy.fixture(fixtureYamlFileName).then(yamlContent => {
+ cy.esPost({
+ endpoint: '_readonlyrest/admin/config/test',
+ credentials: Cypress.env().kibanaUserCredentials,
+ payload: {
+ settings: `${yamlContent}`,
+ ttl: `${ttlInSeconds} sec`
+ }
+ });
+ });
+ }
+
+ public configureRorAuthMockSettings(fixtureJsonFileName: string): Cypress.Chainable {
+ return cy.fixture(fixtureJsonFileName).then(content => {
+ cy.esPost({
+ endpoint: '_readonlyrest/admin/config/test/authmock',
+ credentials: Cypress.env().kibanaUserCredentials,
+ payload: content
+ });
+ });
+ }
+}
+
+export const rorApiClient = new RorApiClient();
diff --git a/e2e-tests/cypress/support/helpers/SampleData.ts b/e2e-tests/cypress/support/helpers/SampleData.ts
index 5122ea4..ed82733 100644
--- a/e2e-tests/cypress/support/helpers/SampleData.ts
+++ b/e2e-tests/cypress/support/helpers/SampleData.ts
@@ -1,19 +1,14 @@
-import { esApiClient } from "./EsApiClient"
+import { esApiClient } from './EsApiClient';
export class SampleData {
-
static createSampleData = (index: string, docsCount: number) => {
for (let i = 1; i <= docsCount; i++) {
- esApiClient.addDocument(
- index,
- i.toString(),
- {
- name: 'Jane Smith',
- age: 25,
- occupation: 'Designer',
- '@timestamp': new Date().toISOString()
- }
- );
+ esApiClient.addDocument(index, i.toString(), {
+ name: 'Jane Smith',
+ age: 25,
+ occupation: 'Designer',
+ '@timestamp': new Date().toISOString()
+ });
}
- }
-}
\ No newline at end of file
+ };
+}
diff --git a/e2e-tests/cypress/support/helpers/index.ts b/e2e-tests/cypress/support/helpers/index.ts
index 3f905ac..c51a253 100644
--- a/e2e-tests/cypress/support/helpers/index.ts
+++ b/e2e-tests/cypress/support/helpers/index.ts
@@ -17,4 +17,4 @@ export function isJsonString(str) {
return true;
}
-export const userCredentials = `${Cypress.env().login}:${Cypress.env().password}`
\ No newline at end of file
+export const userCredentials = `${Cypress.env().login}:${Cypress.env().password}`;
diff --git a/e2e-tests/cypress/support/page-objects/Editor.ts b/e2e-tests/cypress/support/page-objects/Editor.ts
index 94519d5..c55345a 100644
--- a/e2e-tests/cypress/support/page-objects/Editor.ts
+++ b/e2e-tests/cypress/support/page-objects/Editor.ts
@@ -6,7 +6,8 @@ export class Editor {
const selectAllKeys = Cypress.platform === 'darwin' ? '{cmd}a' : '{ctrl}a';
SecuritySettings.getIframeBody()
.findByRole('code')
- .find('textarea').eq(0)
+ .find('textarea')
+ .eq(0)
.focus()
.type(`${selectAllKeys}{backspace}`, { force: true })
.type(config, { force: true });
@@ -21,10 +22,11 @@ export class Editor {
cy.get('@iframeBody')
.findByRole('code')
- .find('textarea').eq(0)
+ .find('textarea')
+ .eq(0)
.focus()
.type(closeSearchBoxIfExist, { force: true })
- .type(findKeys, { force: true })
+ .type(findKeys, { force: true });
SecuritySettings.getIframeBody()
.findByRole('button', { name: /toggle replace/i })
diff --git a/e2e-tests/cypress/support/page-objects/Impersonate.ts b/e2e-tests/cypress/support/page-objects/Impersonate.ts
index eb0ec3f..1c5a958 100644
--- a/e2e-tests/cypress/support/page-objects/Impersonate.ts
+++ b/e2e-tests/cypress/support/page-objects/Impersonate.ts
@@ -1,9 +1,10 @@
import { RorMenu } from './RorMenu';
import { SecuritySettings } from './SecuritySettings';
import { Loader } from './Loader';
-import testSettings from '../../fixtures/testSettings.json';
import authMocks from '../../fixtures/authMocks.json';
import { userCredentials } from '../helpers';
+import { rorApiClient } from '../helpers/RorApiClient';
+import { debug } from 'console';
export class Impersonate {
static open() {
@@ -179,17 +180,9 @@ export class Impersonate {
cy.get('[data-testid=automatically-deactivate]').should('not.exist');
}
- static setTestSettingsData() {
+ static setTestSettingsData(): Cypress.Chainable {
cy.log('Initialize Test ACL data');
- cy.esPost({
- endpoint: "_readonlyrest/admin/config/test",
- credentials: userCredentials,
- payload: testSettings
- });
- cy.esPost({
- endpoint: "_readonlyrest/admin/config/test/authmock",
- credentials: userCredentials,
- payload: authMocks
- });
+ rorApiClient.configureRorIndexTestSettings('testSettings.yaml', 30 * 60);
+ return rorApiClient.configureRorAuthMockSettings('authMocks.json');
}
}
diff --git a/e2e-tests/cypress/support/page-objects/Loader.ts b/e2e-tests/cypress/support/page-objects/Loader.ts
index fe542ce..741a800 100644
--- a/e2e-tests/cypress/support/page-objects/Loader.ts
+++ b/e2e-tests/cypress/support/page-objects/Loader.ts
@@ -14,6 +14,6 @@ export class Loader {
cy.log('loading finish');
cy.contains('Loading Elastic', { timeout: 80000 }).should('not.exist');
cy.url().should('include', `${Cypress.config().baseUrl}${spacePrefix}${finishUrl}`);
- cy.get('[data-test-subj=globalLoadingIndicator-hidden]').should('be.visible')
+ cy.get('[data-test-subj=globalLoadingIndicator-hidden]').should('be.visible');
}
}
diff --git a/e2e-tests/cypress/support/page-objects/Reporting.ts b/e2e-tests/cypress/support/page-objects/Reporting.ts
index 77f63af..5aad3b3 100644
--- a/e2e-tests/cypress/support/page-objects/Reporting.ts
+++ b/e2e-tests/cypress/support/page-objects/Reporting.ts
@@ -14,22 +14,14 @@ export class Reporting {
cy.log('verifySavedReport');
this.openReportingPage(openBy);
cy.contains(reportName).should('be.visible');
- cy.get('[data-test-subj=reportJobListing]')
- .get('.euiTableRow')
- .should('have.length', reportsCount);
+ cy.get('[data-test-subj=reportJobListing]').get('.euiTableRow').should('have.length', reportsCount);
}
static verifyIfReportingPageAfterRefresh() {
cy.log('Verify if reporting page open after refresh');
- cy.url().should(
- 'include',
- `${Cypress.config().baseUrl}/s/default/app/management/insightsAndAlerting/reporting`
- );
+ cy.url().should('include', `${Cypress.config().baseUrl}/s/default/app/management/insightsAndAlerting/reporting`);
cy.reload();
- cy.url().should(
- 'include',
- `${Cypress.config().baseUrl}/s/default/app/management/insightsAndAlerting/reporting`
- );
+ cy.url().should('include', `${Cypress.config().baseUrl}/s/default/app/management/insightsAndAlerting/reporting`);
}
private static openReportingPage(openBy: OpenBy) {
if (openBy === 'rorMenu') {
diff --git a/e2e-tests/cypress/support/page-objects/RoAndRoStrictKibanaAccessAssertions.ts b/e2e-tests/cypress/support/page-objects/RoAndRoStrictKibanaAccessAssertions.ts
index 135b561..294e3e8 100644
--- a/e2e-tests/cypress/support/page-objects/RoAndRoStrictKibanaAccessAssertions.ts
+++ b/e2e-tests/cypress/support/page-objects/RoAndRoStrictKibanaAccessAssertions.ts
@@ -11,10 +11,10 @@ import { IndexPattern } from './IndexPattern';
import { getKibanaVersion } from '../helpers';
export class RoAndRoStrictKibanaAccessAssertions {
- static runAssertions(settings: { settings: string }) {
+ static runAssertions(fixtureYamlFileName: string) {
RorMenu.changeTenancy('template', '/app/home#/');
Home.loadSampleData();
- Settings.setSettingsData(settings);
+ Settings.setSettingsData(fixtureYamlFileName);
RorMenu.changeTenancy('administrators', '/app/home#/');
RorMenu.changeTenancy('template', '/app/home#/');
Home.loadSampleDataButtonHidden();
diff --git a/e2e-tests/cypress/support/page-objects/RorMenu.ts b/e2e-tests/cypress/support/page-objects/RorMenu.ts
index df42736..da94ee2 100644
--- a/e2e-tests/cypress/support/page-objects/RorMenu.ts
+++ b/e2e-tests/cypress/support/page-objects/RorMenu.ts
@@ -1,7 +1,6 @@
import { Loader } from './Loader';
export class RorMenu {
-
static openRorMenu() {
cy.get('#rorMenuPopover').click();
}
diff --git a/e2e-tests/cypress/support/page-objects/Settings.ts b/e2e-tests/cypress/support/page-objects/Settings.ts
index f358c72..efabbc8 100644
--- a/e2e-tests/cypress/support/page-objects/Settings.ts
+++ b/e2e-tests/cypress/support/page-objects/Settings.ts
@@ -1,4 +1,5 @@
import { userCredentials } from '../helpers';
+import { rorApiClient } from '../helpers/RorApiClient';
import { RorMenu } from './RorMenu';
import { SecuritySettings } from './SecuritySettings';
@@ -85,12 +86,8 @@ export class Settings {
return SecuritySettings.getIframeBody().contains('Malformed settings');
}
- static setSettingsData(settings: Record) {
- cy.log('Set settings data');
- cy.esPost({
- endpoint: "_readonlyrest/admin/config",
- credentials: userCredentials,
- payload: settings
- });
+ static setSettingsData(fixtureYamlSettingsFileName: string) {
+ cy.log('Set settings data from file ' + fixtureYamlSettingsFileName);
+ rorApiClient.configureRorIndexMainSettings(fixtureYamlSettingsFileName);
}
}
diff --git a/e2e-tests/package.json b/e2e-tests/package.json
index 89e5aa7..8c090fe 100644
--- a/e2e-tests/package.json
+++ b/e2e-tests/package.json
@@ -12,11 +12,15 @@
"license": "Beshu Limited, All rights reserved",
"dependencies": {
"@testing-library/cypress": "^10.0.1",
- "cypress": "13.14.2",
+ "cypress": "13.15.0",
+ "form-data": "^4.0.0",
+ "js-yaml": "^4.1.0",
+ "node-fetch": "2.6.7",
"semver": "7.5.2"
},
"devDependencies": {
"@types/node": "^20.14.10",
+ "@types/node-fetch": "^2.6.11",
"@types/semver": "^7.5.8",
"@typescript-eslint/eslint-plugin": "^5.27.0",
"@typescript-eslint/parser": "^5.27.0",
diff --git a/e2e-tests/run.sh b/e2e-tests/run-tests.sh
similarity index 100%
rename from e2e-tests/run.sh
rename to e2e-tests/run-tests.sh
diff --git a/e2e-tests/yarn.lock b/e2e-tests/yarn.lock
index cd2937a..08af9e0 100644
--- a/e2e-tests/yarn.lock
+++ b/e2e-tests/yarn.lock
@@ -30,7 +30,7 @@
dependencies:
regenerator-runtime "^0.13.4"
-"@cypress/request@^3.0.1":
+"@cypress/request@^3.0.4":
version "3.0.5"
resolved "https://registry.yarnpkg.com/@cypress/request/-/request-3.0.5.tgz#d893a6e68ce2636c085fcd8d7283c3186499ba63"
integrity sha512-v+XHd9XmWbufxF1/bTaVm2yhbxY+TB4YtWRqF2zaXBlDNMkls34KiATz0AVDLavL3iB6bQk9/7n3oY1EoLSWGA==
@@ -176,6 +176,14 @@
resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.29.tgz#ee28707ae94e11d2b827bcbe5270bcea7f3e71ee"
integrity sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ==
+"@types/node-fetch@^2.6.11":
+ version "2.6.11"
+ resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.6.11.tgz#9b39b78665dae0e82a08f02f4967d62c66f95d24"
+ integrity sha512-24xFj9R5+rfQJLRyM56qh+wnVSYhyXC2tkoBndtY0U+vubqNsYXGjufB2nn8Q6gt0LrARwL6UBtMCSVCwl4B1g==
+ dependencies:
+ "@types/node" "*"
+ form-data "^4.0.0"
+
"@types/node@*":
version "16.4.4"
resolved "https://registry.npmjs.org/@types/node/-/node-16.4.4.tgz"
@@ -736,12 +744,12 @@ cross-spawn@^7.0.0, cross-spawn@^7.0.2:
shebang-command "^2.0.0"
which "^2.0.1"
-cypress@13.14.2:
- version "13.14.2"
- resolved "https://registry.yarnpkg.com/cypress/-/cypress-13.14.2.tgz#4237eb7b26de2baeaa1f01e585f965d88fca7f39"
- integrity sha512-lsiQrN17vHMB2fnvxIrKLAjOr9bPwsNbPZNrWf99s4u+DVmCY6U+w7O3GGG9FvP4EUVYaDu+guWeNLiUzBrqvA==
+cypress@13.15.0:
+ version "13.15.0"
+ resolved "https://registry.yarnpkg.com/cypress/-/cypress-13.15.0.tgz#5eca5387ef34b2e611cfa291967c69c2cd39381d"
+ integrity sha512-53aO7PwOfi604qzOkCSzNlWquCynLlKE/rmmpSPcziRH6LNfaDUAklQT6WJIsD8ywxlIy+uVZsnTMCCQVd2kTw==
dependencies:
- "@cypress/request" "^3.0.1"
+ "@cypress/request" "^3.0.4"
"@cypress/xvfb" "^1.2.4"
"@types/sinonjs__fake-timers" "8.1.1"
"@types/sizzle" "^2.3.2"
@@ -1394,7 +1402,7 @@ forever-agent@~0.6.1:
resolved "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz"
integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=
-form-data@~4.0.0:
+form-data@^4.0.0, form-data@~4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452"
integrity sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==
@@ -2172,6 +2180,13 @@ natural-compare@^1.4.0:
resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
integrity sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==
+node-fetch@2.6.7:
+ version "2.6.7"
+ resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
+ integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
+ dependencies:
+ whatwg-url "^5.0.0"
+
npm-run-path@^4.0.0:
version "4.0.1"
resolved "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz"
@@ -2823,6 +2838,11 @@ tough-cookie@^4.1.3:
universalify "^0.2.0"
url-parse "^1.5.3"
+tr46@~0.0.3:
+ version "0.0.3"
+ resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
+ integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==
+
tsconfig-paths@^3.15.0:
version "3.15.0"
resolved "https://registry.yarnpkg.com/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz#5299ec605e55b1abb23ec939ef15edaf483070d4"
@@ -2982,6 +3002,19 @@ verror@1.10.0:
core-util-is "1.0.2"
extsprintf "^1.2.0"
+webidl-conversions@^3.0.0:
+ version "3.0.1"
+ resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
+ integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==
+
+whatwg-url@^5.0.0:
+ version "5.0.0"
+ resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"
+ integrity sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==
+ dependencies:
+ tr46 "~0.0.3"
+ webidl-conversions "^3.0.0"
+
which-boxed-primitive@^1.0.2:
version "1.0.2"
resolved "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz"
diff --git a/elk-ror/conf/es/elasticsearch.yml b/elk-ror/conf/es/elasticsearch.yml
deleted file mode 100644
index b8b51f0..0000000
--- a/elk-ror/conf/es/elasticsearch.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-cluster.name: ror-cluster
-node.name: ror-es01
-network.host: 0.0.0.0
-
-xpack.security.enabled: false
\ No newline at end of file
diff --git a/elk-ror/conf/es/readonlyrest.yml b/elk-ror/conf/es/readonlyrest.yml
deleted file mode 100644
index 1b8ed94..0000000
--- a/elk-ror/conf/es/readonlyrest.yml
+++ /dev/null
@@ -1,98 +0,0 @@
-helpers:
- cr: &common-rules
- kibana_access: rw
- kibana_hide_apps: [ "Enterprise Search|Overview", "Observability" ]
- kibana_index: ".kibana_@{acl:current_group}"
-
- ag: &all-groups
- groups:
- - id: admins_group
- name: administrators
- - id: infosec_group
- name: infosec
- - id: template_group
- name: template
-
-readonlyrest:
- response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
- prompt_for_basic_auth: false
- audit:
- enabled: true
- outputs:
- - type: index
- index_template: "'readonlyrest_audit_'yyyy-MM-dd"
-
- access_control_rules:
- - name: KIBANA_SERVER
- auth_key: kibana:kibana
- verbosity: error
-
- - name: PERSONAL_GRP
- groups: [ Personal ]
- <<: *common-rules
- kibana_index: '.kibana_@{user}'
-
- - name: ADMIN_GRP
- groups: [ admins_group ]
- <<: *common-rules
- kibana_access: admin
-
- - name: infosec
- groups: [ infosec_group ]
- <<: *common-rules
- kibana_hide_apps: [ "Enterprise Search|Overview", "Observability", "Management" ]
-
- - name: Template Tenancy
- groups: [ template_group ]
- <<: *common-rules
-
- - name: "ReadonlyREST Enterprise instance #1"
- kibana_index: ".kibana_external_auth"
- ror_kbn_auth:
- name: "kbn1"
-
- - name: "Reporting tests: user2"
- auth_key: user2:dev
- kibana:
- index: ".kibana_user2"
- access: rw
- indices: [ "invoices" ]
-
- - name: "Reporting tests: user3"
- auth_key: user3:dev
- kibana:
- index: ".kibana_user3"
- access: rw
- indices: [ "invoices" ]
-
- # USERS TO GROUPS ############
- users:
- - username: admin
- auth_key: admin:dev
- <<: *all-groups
-
- - username: user1
- auth_key: user1:dev
- <<: *all-groups
-
- ror_kbn:
- - name: kbn1
- signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf"
-
- impersonation:
- - impersonator: admin
- users: ["*"]
- auth_key: admin:dev
-
- user_groups_providers:
- - name: "grp1"
- groups_endpoint: "http://localhost:1000/auth"
- auth_token_name: "user"
- auth_token_passed_as: QUERY_PARAM
- response_groups_json_path: "$..groups[?(@.id)].id"
-
- external_authentication_service_configs:
- - name: "ext1"
- authentication_endpoint: "http://localhost:1000/auth"
- success_status_code: 200
- cache_ttl: 60s
diff --git a/elk-ror/conf/kbn/custom_kibana.css b/elk-ror/conf/kbn/custom_kibana.css
deleted file mode 100644
index 30b523e..0000000
--- a/elk-ror/conf/kbn/custom_kibana.css
+++ /dev/null
@@ -1,7 +0,0 @@
-input {
- background: purple;
-}
-
-div {
- color: yellow;
-}
diff --git a/elk-ror/conf/kbn/custom_kibana.js b/elk-ror/conf/kbn/custom_kibana.js
deleted file mode 100644
index 912c692..0000000
--- a/elk-ror/conf/kbn/custom_kibana.js
+++ /dev/null
@@ -1,64 +0,0 @@
-console.log('ROR_METADATA', window.ROR_METADATA);
-
-const logoHeader = document.querySelector('.euiHeaderLogo');
-
-if (window.ROR_METADATA.newLogo) {
- Array.from(logoHeader.childNodes).forEach(node => {
- node.style.display = 'none';
- });
-
- const observer = new MutationObserver(mutations => {
- mutations.forEach(mutation => {
- mutation.addedNodes.forEach(node => {
- const customLogo = document.querySelector('#customLogo');
-
- const createCustomLogo = () => {
- const img = document.createElement('img');
- img.src = `data:image/svg+xml;base64,${window.ROR_METADATA.newLogo}`;
- img.style.width = '32px';
- img.style.height = '32px';
- img.id = 'customLogo';
- logoHeader.appendChild(img);
- };
-
- const hideAllLogoElements = () => {
- Array.from(logoHeader.childNodes).forEach(node => {
- node.style.display = 'none';
- });
- };
-
- const handleInit = () => {
- hideAllLogoElements();
- createCustomLogo();
- };
-
- if (customLogo) {
- const displayCustomLogo = () => {
- customLogo.style.display = 'block';
- };
- const hideCustomLogo = () => {
- customLogo.style.display = 'none';
- };
- if (node.role === 'progressbar') {
- hideCustomLogo();
- }
-
- if (node.role === 'img') {
- const hideDefaultLogo = () => {
- node.style.display = 'none';
- };
-
- hideDefaultLogo();
- displayCustomLogo();
- }
- }
-
- if (node.dataset.type === 'logoElastic' && !customLogo) {
- handleInit();
- }
- });
- });
- });
-
- observer.observe(logoHeader, { childList: true });
-}
diff --git a/elk-ror/conf/kbn/custom_login.css b/elk-ror/conf/kbn/custom_login.css
deleted file mode 100644
index 8da46f5..0000000
--- a/elk-ror/conf/kbn/custom_login.css
+++ /dev/null
@@ -1,7 +0,0 @@
-input {
- background: red;
-}
-
-div {
- color: green;
-}
diff --git a/elk-ror/conf/kbn/custom_login.js b/elk-ror/conf/kbn/custom_login.js
deleted file mode 100644
index b90417c..0000000
--- a/elk-ror/conf/kbn/custom_login.js
+++ /dev/null
@@ -1 +0,0 @@
-console.log('it works');
diff --git a/elk-ror/conf/kbn/custom_middleware_default_tenant_file.js b/elk-ror/conf/kbn/custom_middleware_default_tenant_file.js
deleted file mode 100644
index 3e4779e..0000000
--- a/elk-ror/conf/kbn/custom_middleware_default_tenant_file.js
+++ /dev/null
@@ -1,28 +0,0 @@
-async function customMiddleware(req, res, next) {
- const rorRequest = req.rorRequest;
- const metadata =
- req.rorRequest && req.rorRequest.getIdentitySession() && req.rorRequest.getIdentitySession().metadata;
- const defaultGroup = 'infosec_group';
-
- if (rorRequest.getPath() === '/login' && rorRequest.getMethod() === 'post') {
- if (rorRequest.getBody().username === 'admin') {
- rorRequest.setQuery('defaultGroup', defaultGroup);
- }
- }
-
- if (metadata && rorRequest.getPath() === '/pkp/api/info') {
- const availableGroups = metadata.availableGroups;
- if (availableGroups.some(availableGroup => availableGroup === defaultGroup)) {
- const index = availableGroups.indexOf(defaultGroup);
- const groupAvailable = index !== -1;
- if (groupAvailable) {
- availableGroups.splice(index, 1);
- availableGroups.unshift(defaultGroup);
- }
-
- rorRequest.enrichIdentitySessionMetadata({ availableGroups });
- }
- }
-
- return next();
-}
diff --git a/elk-ror/conf/kbn/custom_middleware_file.js b/elk-ror/conf/kbn/custom_middleware_file.js
deleted file mode 100644
index e6a5a42..0000000
--- a/elk-ror/conf/kbn/custom_middleware_file.js
+++ /dev/null
@@ -1,13 +0,0 @@
-async function customMiddleware(req, res, next) {
- const metadata =
- req.rorRequest && req.rorRequest.getIdentitySession() && req.rorRequest.getIdentitySession().metadata;
-
- if (metadata && metadata.username === 'admin') {
- req.rorRequest.enrichIdentitySessionMetadata({
- newLogo:
- 'PHN2ZyBpZD0ic3ZnIiB2ZXJzaW9uPSIxLjEiIHdpZHRoPSI0MDAiIGhlaWdodD0iMzYzIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHN0eWxlPSJkaXNwbGF5OiBibG9jazsiPgogICAgPGcgaWQ9InN2Z2ciPgogICAgICAgIDxwYXRoIGlkPSJwYXRoMCIKICAgICAgICAgICAgICBkPSJNMTIyLjgzNiAxMS42MTEgQyAxMTMuNTg2IDE0LjQwNCwxMDguMDAyIDkzLjQxNiwxMDkuOTgyIDE5My41MDAgQyAxMTEuNTE1IDI3MC45ODAsMTExLjI4OCAzMDAuNzQzLDEwOS4wODUgMzExLjI4MyBDIDEwNS4yNjkgMzI5LjU0NCwxMDAuNDI2IDMyNy4zNDAsOTYuMzczIDMwNS41MDAgQyA5NC44ODcgMjk3LjQ4OSw5NC42MzEgMjgxLjI3Nyw5NC4wNDMgMTU4LjAwMCBDIDkzLjM1NCAxMy40NTcsOTMuNDQzIDE2LjAwMCw4OS4wNjggMTYuMDAwIEMgNjcuMDkxIDE2LjAwMCwzMC42ODMgNDQuNjgwLDE5Ljc2MCA3MC41OTUgQyAxMS43NDggODkuNjA3LDkuMjk2IDEzMi42NTcsMTQuNzI1IDE1OS4wMDAgQyAzMC4xNjkgMjMzLjkzOCw1NC45MjIgMjg4LjYxNiw4Ny42MzYgMzIwLjA1OCBDIDEyMi4xNjAgMzUzLjIzOCwxNzAuOTYxIDM1Ny45MjAsMjMwLjAwMCAzMzMuNzE1IEMgMjQ3LjY5OSAzMjYuNDU5LDI0OC4yNjEgMzI1LjA5OCwyNDIuMjg0IDMwNC4wMDAgQyAyMjkuNzc2IDI1OS44NDYsMjE3LjE2OCAyMzkuMDE4LDE3Ni42MDQgMTk1LjUwMCBDIDE1My43NDYgMTcwLjk3OCwxNDkuMzkxIDE2NC4zMzQsMTQ1LjA4NiAxNDcuNDE5IEMgMTM3LjE3NyAxMTYuMzQ3LDE0MS4zMjcgOTIuMzg0LDE2My41MTcgNDEuMDAwIEMgMTc0LjkwNiAxNC42MjYsMTc0Ljg4OCAxNC40NjksMTYwLjM2OCAxMy4wMTUgQyAxNDguODIxIDExLjg2MCwxMjQuOTY4IDEwLjk2NywxMjIuODM2IDExLjYxMSBNMTk2LjA2MSAyMi4xNDEgQyAxOTUuNTE0IDIzLjQzOCwxOTMuMDU1IDI5LjkwMCwxOTAuNTk3IDM2LjUwMCBDIDE4OC4xNDAgNDMuMTAwLDE4My4yMTAgNTUuNTg2LDE3OS42NDQgNjQuMjQ3IEMgMTUzLjU3MiAxMjcuNTU5LDE1NC4wMjUgMTMxLjI3NCwxOTMuMDM2IDE3NC4wMDAgQyAyMjYuMjg4IDIxMC40MTksMjQ5Ljk2OSAyNTIuOTM2LDI1OC40ODEgMjkxLjUwMCBDIDI2MC44NTIgMzAyLjI0MywyNjIuNzkyIDMwOS4yMDksMjYzLjg3OCAzMTAuODc2IEMgMjY0Ljg4NiAzMTIuNDI1LDI3MC4wMzMgMzA5LjI5NCwyNzguNzI0IDMwMS44NDcgQyAyODEuMzUxIDI5OS41OTYsMjg2LjQyNSAyOTUuMjQ3LDI5MC4wMDAgMjkyLjE4MiBDIDMzMy40NTYgMjU0LjkzMCwzNzQuMTM0IDIwMS45NzMsMzgxLjkzMSAxNzIuNTAwIEMgMzkzLjczMiAxMjcuODkwLDMzNi4yMDMgNjguNTg2LDI0OS4wMDAgMzUuNDY3IEMgMjQ3LjA3NSAzNC43MzYsMjQzLjAyNSAzMy4xODMsMjQwLjAwMCAzMi4wMTUgQyAyMTMuNDEwIDIxLjc0OCwxOTcuNzE1IDE4LjIyMSwxOTYuMDYxIDIyLjE0MSAiCiAgICAgICAgICAgICAgc3Ryb2tlPSJub25lIiBmaWxsPSIjMDBiZmIyIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPjwvcGF0aD4KICAgIDwvZz4KPC9zdmc+Cg=='
- });
- }
-
- return next();
-}
diff --git a/elk-ror/conf/kbn/kbn-proxy-nginx.conf b/elk-ror/conf/kbn/kbn-proxy-nginx.conf
deleted file mode 100644
index c9efe0e..0000000
--- a/elk-ror/conf/kbn/kbn-proxy-nginx.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-events { }
-
-http {
- upstream kbn-ror {
- server kbn-ror:5601;
- }
-
- server {
- listen 80;
-
- location / {
- proxy_pass http://kbn-ror;
- }
- }
-}
\ No newline at end of file
diff --git a/elk-ror/conf/kbn/kibana.yml b/elk-ror/conf/kbn/kibana.yml
deleted file mode 100644
index 8f7b6aa..0000000
--- a/elk-ror/conf/kbn/kibana.yml
+++ /dev/null
@@ -1,92 +0,0 @@
-server.name: "kibana-ror-${HOSTNAME}"
-server.host: 0.0.0.0
-server.port: 5601
-#server.basePath: '/kibana'
-#server.rewriteBasePath: true
-#logging.dest: /var/log/kibana/kibana.log
-#kibana.index: .kibana_custom
-# server.ssl.enabled: true
-# server.ssl.certificate: /etc/cert/localhost.cer
-# server.ssl.key: /etc/cert/localhost.key
-# elasticsearch.ssl.verificationMode: none
-elasticsearch.pingTimeout: 3000 # default: 30000
-elasticsearch.requestTimeout: 30000
-# csp needs to be disabled to let cypress e2e tests works
-csp.strict: false
-csp.warnLegacyBrowsers: false
-
-#elasticsearch.hosts: [ "http://localhost:9201", "http://localhost:9202" ] # USE FAKENODE CLUSTER SIMULATOR
-elasticsearch.hosts: [ "${ES_API_URL}" ]
-elasticsearch.username: kibana
-elasticsearch.password: kibana
-xpack.encryptedSavedObjects.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!"
-xpack.reporting.encryptionKey: "321421321211231241232132132132132"
-#xpack.reporting.index: '.reporting-test-index'
-telemetry.enabled: false
-
-readonlyrest_kbn:
-# license:
-# activationKeyRefreshInterval: '10s'
-# activationKeyRetrievalMode: "file"
-# activationKeyFilePath: /tmp/activation.key
-# kibanaIndexTemplate: ".kibana_template"
-# resetKibanaIndexToTemplate: true
- cookiePass: '12312313123213123213123adadasdasdasd'
- logLevel: 'trace'
- whitelistedPaths: [.*/api/status$]
- clearSessionOnEvents: [login, tenancyHop]
- sessions_probe_interval_seconds: 60
- store_sessions_in_index: true
-# sessions_index_name: 'test_index'
-# session_timeout_minutes: 1
-# sessions_cleanup_interval: '3m'
- login_title: Custom Title!
- login_subtitle: "PRO/Enteprise: You should see a red border, a tiny unicorn logo, a two column page, and this text. You should see none of these customisation when testing ROR Free."
- login_custom_logo: "https://i.imgur.com/MdRBUfV.gif"
- login_html_head_inject: ''
-# login_custom_css_inject_file: '/usr/share/kibana/custom_login.css'
- login_custom_js_inject_file: '/usr/share/kibana/custom_login.js'
-# kibana_custom_css_inject_file: '/usr/share/kibana/custom_kibana.css'
-# kibana_custom_js_inject_file: '/usr/share/kibana/custom_kibana.js'
-# custom_middleware_inject_file: '/usr/share/kibana/custom_middleware_file.js'
-# custom_middleware_inject: 'function test(req, res, next) {logger.debug("custom middleware called"); next()}'
-# multiTenancyEnabled: false
-# cookies:
-# secure: true
-# sameSite: 'none'
- tenantIndex:
- number_of_shards: 1
- number_of_replicas: 0
- auth:
- signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf"
-
- saml_kc:
- buttonName: "KeyCloak SAML SSO"
- enabled: true
- type: "saml"
- issuer: "ror"
- entryPoint: "http://localhost:8080/realms/ror/protocol/saml"
- kibanaExternalHost: 'localhost:5601'
- protocol: "https"
- usernameParameter: "nameID"
- groupsParameter: "Role"
- logoutUrl: "http://localhost:8080/realms/ror/protocol/saml"
- YOU_SHOULD_READ_ME_IN_STRATEGY_CONFIGURATION_LOG: "unknown conf params should be passed unmodified to the underlying passport-saml library"
- cert: "PLACEHOLDER_TO_CHANGE_INTO_REAL_KEYCLOAK_CERTIFICATE"
- oidc_kc:
- buttonName: "KeyCloak OpenID"
- type: "oidc"
- protocol: "https"
- issuer: 'http://kc.localhost:8080/realms/ror'
- authorizationURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/auth'
- tokenURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/token'
- userInfoURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/userinfo'
- clientID: 'ror_oidc'
- clientSecret: '**********'
- scope: 'openid profile roles email'
- usernameParameter: 'preferred_username'
- groupsParameter: 'groups'
- kibanaExternalHost: 'localhost:5601'
- logoutUrl: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/logout'
- jwksURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/certs'
-# proxyURL: 'https://localhost:6200'
diff --git a/elk-ror/images/es/Dockerfile b/elk-ror/images/es/Dockerfile
deleted file mode 100644
index 646123a..0000000
--- a/elk-ror/images/es/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-ARG ES_VERSION
-
-FROM docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION}
-
-ARG ES_ROR_FILE
-
-COPY plugins/$ES_ROR_FILE /tmp/ror.zip
-
-USER elasticsearch
-RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install --batch file:///tmp/ror.zip
-USER root
-RUN /usr/share/elasticsearch/jdk/bin/java -jar /usr/share/elasticsearch/plugins/readonlyrest/ror-tools.jar patch
-
-USER elasticsearch
-
-COPY elk-ror/conf/es/readonlyrest.yml /usr/share/elasticsearch/config/readonlyrest.yml
-COPY elk-ror/conf/es/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
-COPY elk-ror/conf/es/log4j2.properties /usr/share/elasticsearch/config/log4j2.properties
diff --git a/elk-ror/images/kbn/Proxy-Dockerfile b/elk-ror/images/kbn/Proxy-Dockerfile
deleted file mode 100644
index cebcf37..0000000
--- a/elk-ror/images/kbn/Proxy-Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM nginx:latest
-
-COPY elk-ror/conf/kbn/kbn-proxy-nginx.conf /etc/nginx/nginx.conf
\ No newline at end of file
diff --git a/environments/elk-ror/conf/es/elasticsearch.yml b/environments/elk-ror/conf/es/elasticsearch.yml
new file mode 100644
index 0000000..6741455
--- /dev/null
+++ b/environments/elk-ror/conf/es/elasticsearch.yml
@@ -0,0 +1,8 @@
+cluster.name: ror-cluster
+node.name: ror-es01
+network.host: 0.0.0.0
+
+xpack.security.enabled: false
+
+http.type: ssl_netty4
+path.repo: /tmp/repositories
\ No newline at end of file
diff --git a/elk-ror/conf/es/log4j2.properties b/environments/elk-ror/conf/es/log4j2.properties
similarity index 99%
rename from elk-ror/conf/es/log4j2.properties
rename to environments/elk-ror/conf/es/log4j2.properties
index 8b212bb..cdafac8 100644
--- a/elk-ror/conf/es/log4j2.properties
+++ b/environments/elk-ror/conf/es/log4j2.properties
@@ -85,4 +85,4 @@ appender.header_warning.type = HeaderWarningAppender
appender.header_warning.name = header_warning
logger.ror.name=tech.beshu.ror.accesscontrol.blocks.rules.elasticsearch.indices
-logger.ror.level=debug
\ No newline at end of file
+logger.ror.level=info
diff --git a/environments/elk-ror/conf/es/readonlyrest.yml b/environments/elk-ror/conf/es/readonlyrest.yml
new file mode 100644
index 0000000..f798373
--- /dev/null
+++ b/environments/elk-ror/conf/es/readonlyrest.yml
@@ -0,0 +1,84 @@
+helpers:
+ cr: &common-rules
+ kibana_access: rw
+ kibana_hide_apps: ["Enterprise Search|Overview", "Observability"]
+ kibana_index: ".kibana_@{acl:current_group}"
+
+ ag: &all-groups
+ groups:
+ - id: admins_group
+ name: administrators
+ - id: infosec_group
+ name: infosec
+ - id: template_group
+ name: template
+
+readonlyrest:
+ ssl:
+ enable: true
+ keystore_file: "ror-keystore.jks"
+ keystore_pass: readonlyrest
+ key_pass: readonlyrest
+
+ response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
+ prompt_for_basic_auth: false
+
+ audit:
+ enabled: true
+ outputs:
+ - type: index
+ index_template: "'readonlyrest_audit_'yyyy-MM-dd"
+
+ access_control_rules:
+
+ - name: "Kibana service account - user/pass"
+ verbosity: error
+ auth_key: kibana:kibana
+
+ - name: PERSONAL_GRP
+ groups: [Personal]
+ <<: *common-rules
+ kibana_index: ".kibana_@{user}"
+
+ - name: ADMIN_GRP
+ groups: [admins_group]
+ <<: *common-rules
+ kibana_access: admin
+
+ - name: infosec
+ groups: [infosec_group]
+ <<: *common-rules
+ kibana_hide_apps:
+ ["Enterprise Search|Overview", "Observability", "Management"]
+
+ - name: Template Tenancy
+ groups: [template_group]
+ <<: *common-rules
+
+ - name: "Reporting tests: user2"
+ auth_key: user2:dev
+ kibana:
+ index: ".kibana_user2"
+ access: rw
+ indices: ["invoices"]
+
+ - name: "Reporting tests: user3"
+ auth_key: user3:dev
+ kibana:
+ index: ".kibana_user3"
+ access: rw
+ indices: ["invoices"]
+
+ users:
+ - username: admin
+ auth_key: admin:dev
+ <<: *all-groups
+
+ - username: user1
+ auth_key: user1:dev
+ <<: *all-groups
+
+ impersonation:
+ - impersonator: admin
+ users: ["*"]
+ auth_key: admin:dev
diff --git a/environments/elk-ror/conf/es/ror-keystore.jks b/environments/elk-ror/conf/es/ror-keystore.jks
new file mode 100644
index 0000000..5cbe627
Binary files /dev/null and b/environments/elk-ror/conf/es/ror-keystore.jks differ
diff --git a/environments/elk-ror/conf/kbn/kbn-proxy-nginx.conf b/environments/elk-ror/conf/kbn/kbn-proxy-nginx.conf
new file mode 100644
index 0000000..ad5a9b3
--- /dev/null
+++ b/environments/elk-ror/conf/kbn/kbn-proxy-nginx.conf
@@ -0,0 +1,27 @@
+events { }
+
+http {
+ upstream kbn-ror {
+ server kbn-ror:5601;
+ }
+
+ server {
+ listen 443 ssl;
+ server_name localhost;
+
+ ssl_certificate /etc/nginx/kibana/kibana.crt;
+ ssl_certificate_key /etc/nginx/kibana/kibana.key;
+
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+
+ location / {
+ proxy_pass https://kbn-ror;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_ssl_verify off; # Disable SSL verification for internal requests (only if Kibana uses self-signed certs)
+ }
+ }
+}
\ No newline at end of file
diff --git a/environments/elk-ror/conf/kbn/kibana.crt b/environments/elk-ror/conf/kbn/kibana.crt
new file mode 100644
index 0000000..e299680
--- /dev/null
+++ b/environments/elk-ror/conf/kbn/kibana.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUBiE6BT/+Rshrppljbwt9YUKI0L4wDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA5MjYxODQyNThaFw0zNDA5
+MjQxODQyNThaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDG3G4Thxy7EozvjLSipdvZqjqCsfsjS9hpYP3yCYHd
+X6Zd1jEIrUnU7m0K9Mqnu4ws+rMKFVPG8VTGtwYtvhirp3E5Z452BCpPVlA95buA
+tgFaPF7fD/KexrlZZguBGmGvg1Tl2XbuTPMxy2bOaQEB23MnKdfGrG/vrZW4dYBn
+BdbITpZv3RTtpiM6nWLaGXKMuZKa5jLLvATqF6NyoSDzp0h/mLkAlyK9YGCcAfcX
+FenpHfO7bXK0j+cuZOxLTqWqfvXk3W+PIti0x1oX+wCWUeLcunu55ULZiCmHkp1j
+SxQRGJtlBFMcCQ1cqVzjCcXNG2yLhvvLiNbieZsQQEMVAgMBAAGjUzBRMB0GA1Ud
+DgQWBBQAhrFCBCBAdrJH179OeQI2at+wHDAfBgNVHSMEGDAWgBQAhrFCBCBAdrJH
+179OeQI2at+wHDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBI
+esiejMlKXp0mj34N5NDs3I7+AHIFIGTY+u6I4kF+tuiAcCYWWF4cG3g0pJzvokIi
+wIdjCQjXBwfbu6KBv0wphqlSJ9lwDPBGBG1Lc6Sg+wHTqrdwL8f4FcJF1IB92mLc
+wNSQNnjqxgcD5AOTqVHIy9hhJVufZonypIMSRV5xndv5qGP2TjSM4bF/Cj3YIK9D
+2pLAUG3Vj3YIr0jOiyRbYlzaXpV9hPwfkbLSrqi/RwHvZtUv7B7roAY1mSg5wYFg
+CbHH7nmpV3wzaF47Y/k+O4+37DbCYuDJwrLyhqksqQiN55s4UG15ATBS8fYWfRnf
+t2WXvSztBJ6TS+pOm6GM
+-----END CERTIFICATE-----
diff --git a/environments/elk-ror/conf/kbn/kibana.key b/environments/elk-ror/conf/kbn/kibana.key
new file mode 100644
index 0000000..8bb8fc5
--- /dev/null
+++ b/environments/elk-ror/conf/kbn/kibana.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDG3G4Thxy7Eozv
+jLSipdvZqjqCsfsjS9hpYP3yCYHdX6Zd1jEIrUnU7m0K9Mqnu4ws+rMKFVPG8VTG
+twYtvhirp3E5Z452BCpPVlA95buAtgFaPF7fD/KexrlZZguBGmGvg1Tl2XbuTPMx
+y2bOaQEB23MnKdfGrG/vrZW4dYBnBdbITpZv3RTtpiM6nWLaGXKMuZKa5jLLvATq
+F6NyoSDzp0h/mLkAlyK9YGCcAfcXFenpHfO7bXK0j+cuZOxLTqWqfvXk3W+PIti0
+x1oX+wCWUeLcunu55ULZiCmHkp1jSxQRGJtlBFMcCQ1cqVzjCcXNG2yLhvvLiNbi
+eZsQQEMVAgMBAAECggEAF5FSPmA56HXXXCCJ2+jaOF6zVn/vaox3lm2XSxMTYAAR
+AHf9EbEv2dtz8uN2DRDuGPqRM3W5mw9I49AXHF62H8nVYl9Cg/wUY5iwI9XRNfzc
+Biy3dao3L9gPaWftnxxYTWu8KQ1vyeg2vkUD5xyMsQKoEBEmcHZJQdeJsfXDBPJ3
+tQSkDSrnr4f7uEQvr9iidEXnyfz1azF0snZ00IkBXRV2dcbTOIu6W+2uI1/Pthjt
+rAoqvSuwBlUtvQG7Btat4tL84LNTfH+SoXJK1v4JwbqydV/U47Cc0Tp2inJugfVA
+o6Cj5ptKvxI7mkFQuoyG4bm3x+79XeNbrYxhBK3hlQKBgQDnvMTfdIxC+rU+cKY0
+6sEaCzNbh3ZGqgVpBRj0i7EfdBNOctzlFSQGQhCD1SnXc7ihNZ5t2MKJRap3MNDX
+Xh6jllgkjXnw1V+b2E1nBtkp/F8dWnrvzwJbSN+KeCP+zio6g2gKYLZab0GIRTEB
+QvXgeaWAmIuxq2GENF8K1FuQYwKBgQDbrnsDKJI3rpfLbzrZB22gwdmq7wZWllzc
+1Axiqn6xXqghXPLna3fDAbisQgRrQFTjBU9gM3isp4PGVurdPQa35ve6UAgoJUat
+hIqvBzcbER3YEBksJtLvai9m9yQ69vYdMPbR10ZhA6EqTcp2MgyIEvAvue964J2p
+3L1/r6bsJwKBgCksRN5e2rzbxm/9m8ozG3QBIXLVspIDi0qJeVGZsDKicPuzNMQO
+6YOjIUQLD5AUI22hFTD3Hjk9g3gB2Fkrg84U3DxCVrQPdRk/aSEw+kyXZl7UwJry
+8Lw/SlhT2DFhd+dFiaquXDfdJIuNn5NVzlG/y0P51ngOtxjCJVDLQil5AoGAa0qk
+Ob6u6xMSgAErNKQ0HreOn7Vt2wxE/nVyNx4eEnKwmtrSp8QNEejdUQRNNDSPQPFu
++wUoguqtqUj6HGOZzGe5xf0gfrr18fkx4pobh9SsRsJWCQJNMzEhRaCeyU2klk07
+vvDtJqSnKgokP+XhyPO26xhcph7d4gA1bQ9U7zECgYAX4Fe9+2Uzmu035C5oHgUv
+dA4NRP9lutpH0uboUxo1hdxKtTM1dmeXAj+SL5jyYBpfE3c8Ha3QGlIN8sHiKZTA
+0A3bRAHjoKNULPgiODmwaK9y1vOm0Kol6QsJ3QZrc+iHf3wscMnimSwH2XxPnNSD
+zh06Wun9UBVUZbdsIPDcLg==
+-----END PRIVATE KEY-----
diff --git a/environments/elk-ror/conf/kbn/kibana.yml b/environments/elk-ror/conf/kbn/kibana.yml
new file mode 100644
index 0000000..3251cac
--- /dev/null
+++ b/environments/elk-ror/conf/kbn/kibana.yml
@@ -0,0 +1,32 @@
+server.name: "kibana-ror-${HOSTNAME}"
+server.host: 0.0.0.0
+server.port: 5601
+server.publicBaseUrl: "http://localhost:5601"
+
+# csp needs to be disabled to let cypress e2e tests works
+csp.strict: false
+csp.warnLegacyBrowsers: false
+
+elasticsearch.hosts: [ "${ES_API_URL}" ]
+elasticsearch.username: kibana
+elasticsearch.password: kibana
+elasticsearch.ssl.verificationMode: none
+elasticsearch.pingTimeout: 3000 # default: 30000
+elasticsearch.requestTimeout: 30000
+
+# generated with:
+# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt
+server.ssl.enabled: true
+server.ssl.certificate: /usr/share/kibana/config/kibana.crt
+server.ssl.key: /usr/share/kibana/config/kibana.key
+server.ssl.redirectHttpFromPort: 80
+
+xpack.encryptedSavedObjects.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!"
+xpack.reporting.encryptionKey: "321421321211231241232132132132132"
+
+telemetry.enabled: false
+
+readonlyrest_kbn:
+ cookiePass: '12312313123213123213123adadasdasdasd'
+ logLevel: info
+ store_sessions_in_index: true
diff --git a/elk-ror/docker-compose.yml b/environments/elk-ror/docker-compose.yml
similarity index 76%
rename from elk-ror/docker-compose.yml
rename to environments/elk-ror/docker-compose.yml
index 28e5e1c..dad4470 100644
--- a/elk-ror/docker-compose.yml
+++ b/environments/elk-ror/docker-compose.yml
@@ -2,14 +2,13 @@ services:
es-ror:
build:
- context: ../.
- dockerfile: elk-ror/images/es/Dockerfile
+ context: .
+ dockerfile: images/es/Dockerfile
args:
ES_VERSION: $ES_VERSION
ES_ROR_FILE: $ES_ROR_FILE
ports:
- - "19200:9200"
- - "19300:9300"
+ - "9200:9200"
- "5000:5000"
deploy:
resources:
@@ -24,7 +23,7 @@ services:
# for a sake of debugging and profiling
- "ES_JAVA_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5000 -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9010 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.rmi.port=9010 -Djava.rmi.server.hostname=127.0.0.1"
healthcheck:
- test: [ "CMD", "curl", "-fk", "-u", "kibana:kibana", "http://localhost:9200/_cluster/health" ]
+ test: [ "CMD", "curl", "-fk", "-u", "kibana:kibana", "https://localhost:9200/_cluster/health" ]
interval: 10s
timeout: 10s
retries: 30
@@ -35,13 +34,11 @@ services:
memlock:
soft: -1
hard: -1
- volumes:
- - /tmp/visualvm:/tmp/visualvm
-
+
kbn-ror:
build:
- context: ../.
- dockerfile: elk-ror/images/kbn/Dockerfile
+ context: .
+ dockerfile: images/kbn/Dockerfile
args:
KBN_VERSION: $KBN_VERSION
KBN_ROR_FILE: $KBN_ROR_FILE
@@ -51,15 +48,14 @@ services:
condition: service_healthy
deploy:
mode: replicated
- replicas: 3
+ replicas: 2
resources:
limits:
memory: 756G
environment:
- ELASTIC_USER_PASSWORD: elastic
- ES_API_URL: http://es-ror:9200
+ ES_API_URL: https://es-ror:9200
healthcheck:
- test: [ "CMD", "curl", "--fail", "http://localhost:5601/api/status" ]
+ test: [ "CMD", "curl", "-k", "--fail", "https://localhost:5601/api/status" ]
interval: 10s
timeout: 10s
retries: 30
@@ -73,15 +69,15 @@ services:
kbn-proxy:
build:
- context: ../.
- dockerfile: elk-ror/images/kbn/Proxy-Dockerfile
+ context: .
+ dockerfile: images/kbn/Proxy-Dockerfile
depends_on:
kbn-ror:
condition: service_healthy
ports:
- - "5601:80"
+ - "5601:443"
healthcheck:
- test: [ "CMD", "curl", "--fail", "http://localhost:80/api/status" ]
+ test: [ "CMD", "curl", "-k", "--fail", "https://localhost:443/api/status" ]
interval: 10s
timeout: 10s
retries: 30
diff --git a/elk-ror/download-ror-es.sh b/environments/elk-ror/download-ror-es.sh
similarity index 53%
rename from elk-ror/download-ror-es.sh
rename to environments/elk-ror/download-ror-es.sh
index b2f568e..f45944c 100755
--- a/elk-ror/download-ror-es.sh
+++ b/environments/elk-ror/download-ror-es.sh
@@ -9,9 +9,9 @@ fi
ES_VERSION="$1"
-mkdir -p ../plugins
+mkdir -p images/plugins
ES_PLUGIN_FILENAME="ROR-latest-for-ES-$ES_VERSION.zip"
-curl -s -L -D - -o "../plugins/$ES_PLUGIN_FILENAME" "https://api.beshu.tech/download/es?esVersion=$ES_VERSION&email=ror-e2e-tests%40readonlyrest.com" > /dev/null 2>&1
+curl -s -L -D - -o "images/plugins/$ES_PLUGIN_FILENAME" "https://api.beshu.tech/download/es?esVersion=$ES_VERSION&email=ror-e2e-tests%40readonlyrest.com" > /dev/null 2>&1
echo "$ES_PLUGIN_FILENAME"
\ No newline at end of file
diff --git a/elk-ror/download-ror-kbn.sh b/environments/elk-ror/download-ror-kbn.sh
similarity index 51%
rename from elk-ror/download-ror-kbn.sh
rename to environments/elk-ror/download-ror-kbn.sh
index bcd2d4b..335e13c 100755
--- a/elk-ror/download-ror-kbn.sh
+++ b/environments/elk-ror/download-ror-kbn.sh
@@ -9,9 +9,9 @@ fi
KBN_VERSION="$1"
-mkdir -p ../plugins
+mkdir -p images/plugins
KBN_PLUGIN_FILENAME="ROR-latest-for-KBN-$KBN_VERSION.zip"
-curl -s -L -D - -o "../plugins/$KBN_PLUGIN_FILENAME" "https://api.beshu.tech/download/kbn?esVersion=$KBN_VERSION&edition=kbn_universal&email=ror-e2e-tests%40readonlyrest.com" > /dev/null 2>&1
+curl -s -L -D - -o "images/plugins/$KBN_PLUGIN_FILENAME" "https://api.beshu.tech/download/kbn?esVersion=$KBN_VERSION&edition=kbn_universal&email=ror-e2e-tests%40readonlyrest.com" > /dev/null 2>&1
echo "$KBN_PLUGIN_FILENAME"
\ No newline at end of file
diff --git a/environments/elk-ror/images/es/Dockerfile b/environments/elk-ror/images/es/Dockerfile
new file mode 100644
index 0000000..6786497
--- /dev/null
+++ b/environments/elk-ror/images/es/Dockerfile
@@ -0,0 +1,19 @@
+ARG ES_VERSION
+
+FROM docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION}
+
+ARG ES_ROR_FILE
+
+COPY images/plugins/$ES_ROR_FILE /tmp/ror.zip
+
+USER elasticsearch
+RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install --batch file:///tmp/ror.zip
+USER root
+RUN /usr/share/elasticsearch/jdk/bin/java -jar /usr/share/elasticsearch/plugins/readonlyrest/ror-tools.jar patch
+
+USER elasticsearch
+
+COPY conf/es/readonlyrest.yml /usr/share/elasticsearch/config/readonlyrest.yml
+COPY conf/es/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
+COPY conf/es/log4j2.properties /usr/share/elasticsearch/config/log4j2.properties
+COPY conf/es/ror-keystore.jks /usr/share/elasticsearch/config/ror-keystore.jks
diff --git a/elk-ror/images/kbn/Dockerfile b/environments/elk-ror/images/kbn/Dockerfile
similarity index 61%
rename from elk-ror/images/kbn/Dockerfile
rename to environments/elk-ror/images/kbn/Dockerfile
index 54c7120..897affe 100644
--- a/elk-ror/images/kbn/Dockerfile
+++ b/environments/elk-ror/images/kbn/Dockerfile
@@ -7,7 +7,7 @@ ARG ROR_ACTIVATION_KEY
ENV ROR_ACTIVATION_KEY=$ROR_ACTIVATION_KEY
-COPY plugins/$KBN_ROR_FILE /tmp/ror.zip
+COPY images/plugins/$KBN_ROR_FILE /tmp/ror.zip
RUN /usr/share/kibana/bin/kibana-plugin install file:///tmp/ror.zip
@@ -29,10 +29,6 @@ RUN \
USER kibana
-COPY elk-ror/conf/kbn/kibana.yml /usr/share/kibana/config/kibana.yml
-COPY elk-ror/conf/kbn/custom_kibana.css /usr/share/kibana
-COPY elk-ror/conf/kbn/custom_kibana.js /usr/share/kibana
-COPY elk-ror/conf/kbn/custom_login.css /usr/share/kibana
-COPY elk-ror/conf/kbn/custom_login.js /usr/share/kibana
-COPY elk-ror/conf/kbn/custom_middleware_default_tenant_file.js /usr/share/kibana
-COPY elk-ror/conf/kbn/custom_middleware_file.js /usr/share/kibana
+COPY conf/kbn/kibana.yml /usr/share/kibana/config/kibana.yml
+COPY conf/kbn/kibana.key /usr/share/kibana/config/kibana.key
+COPY conf/kbn/kibana.crt /usr/share/kibana/config/kibana.crt
diff --git a/environments/elk-ror/images/kbn/Proxy-Dockerfile b/environments/elk-ror/images/kbn/Proxy-Dockerfile
new file mode 100644
index 0000000..1fc492c
--- /dev/null
+++ b/environments/elk-ror/images/kbn/Proxy-Dockerfile
@@ -0,0 +1,5 @@
+FROM nginx:latest
+
+COPY conf/kbn/kbn-proxy-nginx.conf /etc/nginx/nginx.conf
+COPY conf/kbn/kibana.crt /etc/nginx/kibana/kibana.crt
+COPY conf/kbn/kibana.key /etc/nginx/kibana/kibana.key
\ No newline at end of file
diff --git a/elk-ror/print-logs.sh b/environments/elk-ror/print-logs.sh
similarity index 100%
rename from elk-ror/print-logs.sh
rename to environments/elk-ror/print-logs.sh
diff --git a/elk-ror/run.sh b/environments/elk-ror/start.sh
similarity index 92%
rename from elk-ror/run.sh
rename to environments/elk-ror/start.sh
index 6094c5d..7d11cae 100755
--- a/elk-ror/run.sh
+++ b/environments/elk-ror/start.sh
@@ -13,7 +13,7 @@ if ! docker compose version &>/dev/null; then
fi
if [[ -z "${ROR_ACTIVATION_KEY}" ]]; then
- echo "ROR_ACTIVATION_KEY env is not set or is empty (see https://github.com/beshu-tech/readonlyrest-e2e-tests/blob/RORDEV-1044/README.md#troubleshooting to figure out how to obtain the key and set it)"
+ echo "ROR_ACTIVATION_KEY env is not set or is empty (see https://github.com/beshu-tech/readonlyrest-e2e-tests/blob/master/README.md#troubleshooting to figure out how to obtain the key and set it)"
exit 1
fi
diff --git a/elk-ror/stop-and-clean.sh b/environments/elk-ror/stop-and-clean.sh
similarity index 100%
rename from elk-ror/stop-and-clean.sh
rename to environments/elk-ror/stop-and-clean.sh
diff --git a/run-7x.sh b/run-7x.sh
deleted file mode 100755
index ea14c1d..0000000
--- a/run-7x.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash -e
-
-./run.sh "7.17.24"
\ No newline at end of file
diff --git a/run-8x.sh b/run-8x.sh
deleted file mode 100755
index 305c69f..0000000
--- a/run-8x.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash -e
-
-./run.sh "8.15.1"
\ No newline at end of file
diff --git a/run.sh b/run-env-and-tests.sh
similarity index 57%
rename from run.sh
rename to run-env-and-tests.sh
index efd249b..2bdb931 100755
--- a/run.sh
+++ b/run-env-and-tests.sh
@@ -1,18 +1,28 @@
#!/bin/bash -e
-if [ $# -ne 1 ]; then
- echo "One parameter is required: 1) ELK version"
+if [ $# -ne 2 ]; then
+ echo "Two parameters are required: 1) ELK version 2) enviroment name (available options: docker)"
exit 1
fi
ELK_VERSION="$1"
+ENV_NAME=""
+case "$2" in
+ "docker")
+ ENV_NAME="elk-ror"
+ ;;
+ *)
+ echo 'Only "docker" is available environment'
+ exit 2;
+ ;;
+esac
handle_error() {
- ./elk-ror/print-logs.sh
+ ./environments/"$ENV_NAME"/print-logs.sh
}
cleanup() {
- ./elk-ror/stop-and-clean.sh
+ ./environments/"$ENV_NAME"/stop-and-clean.sh
}
trap handle_error ERR
@@ -31,5 +41,5 @@ echo -e "
echo -e "E2E TESTS\n"
-time ./elk-ror/run.sh --es "$ELK_VERSION" --kbn "$ELK_VERSION"
-time ./e2e-tests/run.sh "$ELK_VERSION"
\ No newline at end of file
+time ./environments/$ENV_NAME/start.sh --es "$ELK_VERSION" --kbn "$ELK_VERSION"
+time ./e2e-tests/run-tests.sh "$ELK_VERSION"
\ No newline at end of file