elastic · paul-tavares · Sep 25, 2023 · Sep 20, 2023 · Sep 20, 2023 · Sep 20, 2023
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { EndpointSecurityRoleNames } from '../../../../scripts/endpoint/common/roles_users';
+
+export type KibanaKnownUserAccounts = typeof KIBANA_KNOWN_DEFAULT_ACCOUNTS[number];
+
+export type SecurityTestUser = EndpointSecurityRoleNames | KibanaKnownUserAccounts;
+
+export const KIBANA_KNOWN_DEFAULT_ACCOUNTS = [
+  'elastic',
+  'elastic_serverless',
+  'system_indices_superuser',
+] as const;
@@ -17,7 +17,12 @@ import type {
   HostPolicyResponse,
   LogsEndpointActionResponse,
 } from '../../../common/endpoint/types';
-import type { IndexEndpointHostsCyTaskOptions, HostActionResponse } from './types';
+import type {
+  HostActionResponse,
+  IndexEndpointHostsCyTaskOptions,
+  LoadUserAndRoleCyTaskOptions,
+  CreateUserAndRoleCyTaskOptions,
+} from './types';
 import type {
   DeleteIndexedFleetEndpointPoliciesResponse,
   IndexedFleetEndpointPolicyResponse,
@@ -32,6 +37,7 @@ import type {
   DeletedIndexedEndpointRuleAlerts,
   IndexedEndpointRuleAlerts,
 } from '../../../common/endpoint/data_loaders/index_endpoint_rule_alerts';
+import type { LoadedRoleAndUser } from '../../../scripts/endpoint/common/role_and_user_loader';
 
 declare global {
   namespace Cypress {
@@ -185,6 +191,18 @@ declare global {
         arg: { hostname: string; path: string; password?: string },
         options?: Partial<Loggable & Timeoutable>
       ): Chainable<string>;
+
+      task(
+        name: 'loadUserAndRole',
+        arg: LoadUserAndRoleCyTaskOptions,
+        options?: Partial<Loggable & Timeoutable>
+      ): Chainable<LoadedRoleAndUser>;
+
+      task(
+        name: 'createUserAndRole',
+        arg: CreateUserAndRoleCyTaskOptions,
+        options?: Partial<Loggable & Timeoutable>
+      ): Chainable<LoadedRoleAndUser>;
     }
   }
 }
@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { getRoleWithArtifactReadPrivilege } from '../../fixtures/role_with_artifact_read_privilege';
 import { getEndpointSecurityPolicyManager } from '../../../../../scripts/endpoint/common/roles_users/endpoint_security_policy_manager';
 import { getArtifactsListTestsData } from '../../fixtures/artifacts_page';
 import { visitPolicyDetailsPage } from '../../screens/policy_details';
@@ -16,27 +17,21 @@ import {
   yieldFirstPolicyID,
 } from '../../tasks/artifacts';
 import { loadEndpointDataForEventFiltersIfNeeded } from '../../tasks/load_endpoint_data';
-import {
-  getRoleWithArtifactReadPrivilege,
-  login,
-  loginWithCustomRole,
-  loginWithRole,
-  ROLE,
-} from '../../tasks/login';
+import { login, ROLE } from '../../tasks/login';
 import { performUserActions } from '../../tasks/perform_user_actions';
 
 const loginWithPrivilegeAll = () => {
-  loginWithRole(ROLE.endpoint_security_policy_manager);
+  login(ROLE.endpoint_policy_manager);
 };
 
 const loginWithPrivilegeRead = (privilegePrefix: string) => {
   const roleWithArtifactReadPrivilege = getRoleWithArtifactReadPrivilege(privilegePrefix);
-  loginWithCustomRole('roleWithArtifactReadPrivilege', roleWithArtifactReadPrivilege);
+  login.withCustomRole({ name: 'roleWithArtifactReadPrivilege', ...roleWithArtifactReadPrivilege });
 };
 
 const loginWithPrivilegeNone = (privilegePrefix: string) => {
   const roleWithoutArtifactPrivilege = getRoleWithoutArtifactPrivilege(privilegePrefix);
-  loginWithCustomRole('roleWithoutArtifactPrivilege', roleWithoutArtifactPrivilege);
+  login.withCustomRole({ name: 'roleWithoutArtifactPrivilege', ...roleWithoutArtifactPrivilege });
 };
 
 const getRoleWithoutArtifactPrivilege = (privilegePrefix: string) => {

@@ -5,13 +5,8 @@
  * 2.0.
  */
 
-import {
-  getRoleWithArtifactReadPrivilege,
-  login,
-  loginWithCustomRole,
-  loginWithRole,
-  ROLE,
-} from '../../tasks/login';
+import { getRoleWithArtifactReadPrivilege } from '../../fixtures/role_with_artifact_read_privilege';
+import { login, ROLE } from '../../tasks/login';
 import { loadPage } from '../../tasks/common';
 
 import { getArtifactsListTestsData } from '../../fixtures/artifacts_page';
@@ -20,18 +15,18 @@ import { performUserActions } from '../../tasks/perform_user_actions';
 import { loadEndpointDataForEventFiltersIfNeeded } from '../../tasks/load_endpoint_data';
 
 const loginWithWriteAccess = (url: string) => {
-  loginWithRole(ROLE.endpoint_security_policy_manager);
+  login(ROLE.endpoint_policy_manager);
   loadPage(url);
 };
 
 const loginWithReadAccess = (privilegePrefix: string, url: string) => {
   const roleWithArtifactReadPrivilege = getRoleWithArtifactReadPrivilege(privilegePrefix);
-  loginWithCustomRole('roleWithArtifactReadPrivilege', roleWithArtifactReadPrivilege);
+  login.withCustomRole({ name: 'roleWithArtifactReadPrivilege', ...roleWithArtifactReadPrivilege });
   loadPage(url);
 };
 
 const loginWithoutAccess = (url: string) => {
-  loginWithRole(ROLE.t1_analyst);
+  login(ROLE.t1_analyst);
   loadPage(url);
 };
 

@@ -16,12 +16,12 @@ import {
 } from '../../tasks/response_actions';
 import { cleanupRule, generateRandomStringName, loadRule } from '../../tasks/api_fixtures';
 import { RESPONSE_ACTION_TYPES } from '../../../../../common/api/detection_engine';
-import { loginWithRole, ROLE } from '../../tasks/login';
+import { login, ROLE } from '../../tasks/login';
 
 describe('Form', { tags: '@ess' }, () => {
   describe('User with no access can not create an endpoint response action', () => {
     before(() => {
-      loginWithRole(ROLE.endpoint_response_actions_no_access);
+      login(ROLE.endpoint_response_actions_no_access);
     });
 
     it('no endpoint response action option during rule creation', () => {
@@ -36,7 +36,7 @@ describe('Form', { tags: '@ess' }, () => {
     const [ruleName, ruleDescription] = generateRandomStringName(2);
 
     before(() => {
-      loginWithRole(ROLE.endpoint_response_actions_access);
+      login(ROLE.endpoint_response_actions_access);
     });
     after(() => {
       cleanupRule(ruleId);
@@ -94,7 +94,7 @@ describe('Form', { tags: '@ess' }, () => {
       });
     });
     beforeEach(() => {
-      loginWithRole(ROLE.endpoint_response_actions_access);
+      login(ROLE.endpoint_response_actions_access);
     });
     after(() => {
       cleanupRule(ruleId);
@@ -146,7 +146,7 @@ describe('Form', { tags: '@ess' }, () => {
     const [ruleName, ruleDescription] = generateRandomStringName(2);
 
     before(() => {
-      loginWithRole(ROLE.endpoint_response_actions_no_access);
+      login(ROLE.endpoint_response_actions_no_access);
     });
 
     it('response actions are disabled', () => {
@@ -166,7 +166,7 @@ describe('Form', { tags: '@ess' }, () => {
       loadRule().then((res) => {
         ruleId = res.id;
       });
-      loginWithRole(ROLE.endpoint_response_actions_no_access);
+      login(ROLE.endpoint_response_actions_no_access);
     });
     after(() => {
       cleanupRule(ruleId);

@@ -9,7 +9,7 @@ import { disableExpandableFlyoutAdvancedSettings } from '../../tasks/common';
 import { APP_ALERTS_PATH } from '../../../../../common/constants';
 import { closeAllToasts } from '../../tasks/toasts';
 import { fillUpNewRule } from '../../tasks/response_actions';
-import { login, loginWithRole, ROLE } from '../../tasks/login';
+import { login, ROLE } from '../../tasks/login';
 import { generateRandomStringName } from '../../tasks/utils';
 import type { ReturnTypeFromChainable } from '../../types';
 import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
@@ -20,7 +20,7 @@ describe('No License', { tags: '@ess', env: { ftrConfig: { license: 'basic' } }
     const [ruleName, ruleDescription] = generateRandomStringName(2);
 
     before(() => {
-      loginWithRole(ROLE.endpoint_response_actions_access);
+      login(ROLE.endpoint_response_actions_access);
     });
 
     it('response actions are disabled', () => {

@@ -6,7 +6,7 @@
  */
 
 import { ensureResponseActionAuthzAccess } from '../../../tasks/response_actions';
-import { loginServerless, ServerlessUser } from '../../../tasks/login_serverless';
+import { loginServerless, SecurityUser } from '../../../tasks/login_serverless';
 import { RESPONSE_ACTION_API_COMMANDS_NAMES } from '../../../../../../common/endpoint/service/response_actions/constants';
 import { getNoPrivilegesPage } from '../../../screens/common';
 import { getEndpointManagementPageList } from '../../../screens';
@@ -31,7 +31,7 @@ describe(
     let password: string;
 
     beforeEach(() => {
-      loginServerless(ServerlessUser.ENDPOINT_OPERATIONS_ANALYST).then((response) => {
+      loginServerless(SecurityUser.endpoint_operations_analyst).then((response) => {
         username = response.username;
         password = response.password;
       });

@@ -6,7 +6,7 @@
  */
 
 import { ensureResponseActionAuthzAccess } from '../../../tasks/response_actions';
-import { loginServerless, ServerlessUser } from '../../../tasks/login_serverless';
+import { loginServerless, SecurityUser } from '../../../tasks/login_serverless';
 import { RESPONSE_ACTION_API_COMMANDS_NAMES } from '../../../../../../common/endpoint/service/response_actions/constants';
 import {
   getEndpointManagementPageList,
@@ -33,7 +33,7 @@ describe(
     let password: string;
 
     beforeEach(() => {
-      loginServerless(ServerlessUser.ENDPOINT_OPERATIONS_ANALYST).then((response) => {
+      loginServerless(SecurityUser.endpoint_operations_analyst).then((response) => {
         username = response.username;
         password = response.password;
       });

@@ -6,7 +6,7 @@
  */
 
 import { ensureResponseActionAuthzAccess } from '../../../tasks/response_actions';
-import { loginServerless, ServerlessUser } from '../../../tasks/login_serverless';
+import { loginServerless, SecurityUser } from '../../../tasks/login_serverless';
 import { RESPONSE_ACTION_API_COMMANDS_NAMES } from '../../../../../../common/endpoint/service/response_actions/constants';
 import { getNoPrivilegesPage } from '../../../screens/common';
 import { getEndpointManagementPageList } from '../../../screens';
@@ -33,7 +33,7 @@ describe(
     let password: string;
 
     beforeEach(() => {
-      loginServerless(ServerlessUser.ENDPOINT_OPERATIONS_ANALYST).then((response) => {
+      loginServerless(SecurityUser.endpoint_operations_analyst).then((response) => {
         username = response.username;
         password = response.password;
       });

@@ -6,7 +6,7 @@
  */
 
 import { ensureResponseActionAuthzAccess } from '../../../tasks/response_actions';
-import { loginServerless, ServerlessUser } from '../../../tasks/login_serverless';
+import { loginServerless, SecurityUser } from '../../../tasks/login_serverless';
 import { RESPONSE_ACTION_API_COMMANDS_NAMES } from '../../../../../../common/endpoint/service/response_actions/constants';
 import {
   getEndpointManagementPageMap,
@@ -41,7 +41,7 @@ describe(
     let password: string;
 
     beforeEach(() => {
-      loginServerless(ServerlessUser.ENDPOINT_OPERATIONS_ANALYST).then((response) => {
+      loginServerless(SecurityUser.endpoint_operations_analyst).then((response) => {
         username = response.username;
         password = response.password;
       });

@@ -8,7 +8,7 @@
 import { pick } from 'lodash';
 import type { CyIndexEndpointHosts } from '../../../tasks/index_endpoint_hosts';
 import { indexEndpointHosts } from '../../../tasks/index_endpoint_hosts';
-import { loginServerless, ServerlessUser } from '../../../tasks/login_serverless';
+import { loginServerless, SecurityUser } from '../../../tasks/login_serverless';
 import { ensurePolicyDetailsPageAuthzAccess } from '../../../screens/policy_details';
 import type { EndpointArtifactPageId } from '../../../screens';
 import {
@@ -63,7 +63,7 @@ describe(
     });
 
     // roles `t1_analyst` and `t2_analyst` are very similar with exception of one page
-    (['t1_analyst', `t2_analyst`] as ServerlessUser[]).forEach((roleName) => {
+    (['t1_analyst', `t2_analyst`] as SecurityUser[]).forEach((roleName) => {
       describe(`for role: ${roleName}`, () => {
         const deniedPages = allPages.filter((page) => page.id !== 'endpointList');
 
@@ -124,7 +124,7 @@ describe(
       const deniedResponseActions = pick(consoleHelpPanelResponseActionsTestSubj, 'execute');
 
       beforeEach(() => {
-        loginServerless(ServerlessUser.T3_ANALYST);
+        loginServerless(SecurityUser.t3_analyst);
       });
 
       it('should have access to Endpoint list page', () => {
@@ -176,7 +176,7 @@ describe(
       const deniedPages = allPages.filter(({ id }) => id !== 'blocklist' && id !== 'endpointList');
 
       beforeEach(() => {
-        loginServerless(ServerlessUser.THREAT_INTELLIGENCE_ANALYST);
+        loginServerless(SecurityUser.threat_intelligence_analyst);
       });
 
       it('should have access to Endpoint list page', () => {
@@ -221,7 +221,7 @@ describe(
       ];
 
       beforeEach(() => {
-        loginServerless(ServerlessUser.RULE_AUTHOR);
+        loginServerless(SecurityUser.rule_author);
       });
 
       for (const { id, title } of artifactPagesFullAccess) {
@@ -272,7 +272,7 @@ describe(
       const grantedAccessPages = [pageById.endpointList, pageById.policyList];
 
       beforeEach(() => {
-        loginServerless(ServerlessUser.SOC_MANAGER);
+        loginServerless(SecurityUser.soc_manager);
       });
 
       for (const { id, title } of artifactPagesFullAccess) {
@@ -319,7 +319,7 @@ describe(
       const grantedAccessPages = [pageById.endpointList, pageById.policyList];
 
       beforeEach(() => {
-        loginServerless(ServerlessUser.ENDPOINT_OPERATIONS_ANALYST);
+        loginServerless(SecurityUser.endpoint_operations_analyst);
       });
 
       for (const { id, title } of artifactPagesFullAccess) {
@@ -350,7 +350,7 @@ describe(
       });
     });
 
-    (['platform_engineer', 'endpoint_policy_manager'] as ServerlessUser[]).forEach((roleName) => {
+    (['platform_engineer', 'endpoint_policy_manager'] as SecurityUser[]).forEach((roleName) => {
       describe(`for role: ${roleName}`, () => {
         const artifactPagesFullAccess = [
           pageById.trustedApps,