The serverless API tests are all in process of being updated to use non-operator authentication. The roles APIs should be updated to use an appropriate access level role, and to manipulate non-reserved roles (these currently target the superuser role and will return 400's and 401's instead of the expected status).
The serverless API tests are all in process of being updated to use non-operator authentication. The roles APIs should be updated to use an appropriate access level role, and to manipulate non-reserved roles (these currently target the superuser role and will return 400's and 401's instead of the expected status).
e.g. file https://github.com/elastic/kibana/blob/main/x-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts
In serverless the roles APIs are gated behind feature flags, which need to be enabled in the corresponding feature flag configs. e.g file x-pack/test_serverless/api_integration/test_suites/observability/config.feature_flags.ts Required ES flag:
xpack.security.authc.native_roles.enabled=true