Skip to content

Commit

Permalink
[EDR workflows] Osquery serverless tests (elastic#163795)
Browse files Browse the repository at this point in the history
  • Loading branch information
tomsonpl authored Aug 23, 2023
1 parent 805c974 commit 054cdba
Show file tree
Hide file tree
Showing 66 changed files with 1,366 additions and 1,384 deletions.
1 change: 1 addition & 0 deletions .buildkite/ftr_configs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ disabled:
- x-pack/plugins/observability_onboarding/e2e/ftr_config_runner.ts
- x-pack/plugins/observability_onboarding/e2e/ftr_config.ts
- x-pack/test/osquery_cypress/cli_config.ts
- x-pack/test/osquery_cypress/serverless_cli_config.ts
- x-pack/test/osquery_cypress/config.ts
- x-pack/test/osquery_cypress/visual_config.ts
- x-pack/test/security_solution_cypress/cli_config.ts
Expand Down
14 changes: 14 additions & 0 deletions .buildkite/pipelines/pull_request/osquery_cypress.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,17 @@ steps:
soft_fail: true
artifact_paths:
- "target/kibana-osquery/**/*"

- command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh
label: 'Serverless Osquery Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 50
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
artifact_paths:
- "target/kibana-osquery/**/*"
1 change: 1 addition & 0 deletions .buildkite/scripts/pipelines/pull_request/pipeline.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import { execSync } from 'child_process';
import fs from 'fs';
import prConfigs from '../../../pull_requests.json';
import { areChangesSkippable, doAnyChangesMatch } from '#pipeline-utils';

const prConfig = prConfigs.jobs.find((job) => job.pipelineSlug === 'kibana-pull-request');

if (!prConfig) {
Expand Down
15 changes: 15 additions & 0 deletions .buildkite/scripts/steps/functional/security_serverless_osquery.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/usr/bin/env bash

set -euo pipefail

source .buildkite/scripts/common/util.sh
source .buildkite/scripts/steps/functional/common_cypress.sh

.buildkite/scripts/bootstrap.sh
node scripts/build_kibana_platform_plugins.js

export JOB=kibana-osquery-cypress-serverless

echo "--- Security Osquery Serverless Cypress"

yarn --cwd x-pack/plugins/osquery cypress:serverless:run
21 changes: 21 additions & 0 deletions x-pack/plugins/osquery/cypress.config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@

import { defineCypressConfig } from '@kbn/cypress-config';

import path from 'path';
import { safeLoad as loadYaml } from 'js-yaml';
import { readFileSync } from 'fs';

import type { YamlRoleDefinitions } from '../../test_serverless/shared/lib';
// eslint-disable-next-line @kbn/imports/no_boundary_crossing
import { setupUserDataLoader } from '../../test_serverless/functional/test_suites/security/cypress/support/setup_data_loader_tasks';
const ROLES_YAML_FILE_PATH = path.join(
`${__dirname}/cypress/support`,
'project_controller_osquery_roles.yml'
);
const roleDefinitions = loadYaml(readFileSync(ROLES_YAML_FILE_PATH, 'utf8')) as YamlRoleDefinitions;

export default defineCypressConfig({
defaultCommandTimeout: 60000,
execTimeout: 120000,
Expand All @@ -29,6 +42,9 @@ export default defineCypressConfig({
'cypress-react-selector': {
root: '#osquery-app',
},
grepFilterSpecs: true,
grepTags: '@ess',
grepOmitFiltered: true,
},

e2e: {
Expand All @@ -37,5 +53,10 @@ export default defineCypressConfig({
experimentalRunAllSpecs: true,
experimentalMemoryManagement: true,
numTestsKeptInMemory: 3,
setupNodeEvents(on, config) {
setupUserDataLoader(on, config, { roleDefinitions, additionalRoleName: 'viewer' });

return config;
},
},
});
11 changes: 5 additions & 6 deletions x-pack/plugins/osquery/cypress/e2e/all/add_integration.cy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* 2.0.
*/

import { tag } from '../../tags';
import {
cleanupPack,
cleanupAgentPolicy,
Expand All @@ -28,11 +29,9 @@ import {
interceptAgentPolicyId,
policyContainsIntegration,
} from '../../tasks/integrations';

import { login } from '../../tasks/login';
import { findAndClickButton, findFormFieldByRowsLabelAndType } from '../../tasks/live_query';

describe('ALL - Add Integration', () => {
describe('ALL - Add Integration', { tags: [tag.ESS, tag.BROKEN_IN_SERVERLESS] }, () => {
let savedQueryId: string;

before(() => {
Expand All @@ -42,7 +41,7 @@ describe('ALL - Add Integration', () => {
});

beforeEach(() => {
login();
cy.login('elastic');
});

after(() => {
Expand All @@ -63,7 +62,7 @@ describe('ALL - Add Integration', () => {
cy.get(`[url="${NAV_SEARCH_INPUT_OSQUERY_RESULTS.MANAGER}"]`).should('exist').click();
});

describe('Add and upgrade integration', () => {
describe('Add and upgrade integration', { tags: [tag.ESS] }, () => {
const oldVersion = '0.7.4';
const [integrationName, policyName] = generateRandomStringName(2);
let policyId: string;
Expand All @@ -78,7 +77,7 @@ describe('ALL - Add Integration', () => {
cleanupAgentPolicy(policyId);
});

it('should add the old integration and be able to upgrade it', () => {
it('should add the old integration and be able to upgrade it', { tags: tag.ESS }, () => {
cy.visit(createOldOsqueryPath(oldVersion));
addCustomIntegration(integrationName, policyName);
policyContainsIntegration(integrationName, policyName);
Expand Down
24 changes: 14 additions & 10 deletions x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* 2.0.
*/

import { LIVE_QUERY_EDITOR } from '../../screens/live_query';
import {
cleanupCase,
cleanupPack,
Expand All @@ -14,17 +15,18 @@ import {
loadRule,
packFixture,
} from '../../tasks/api_fixtures';
import { ROLE, login } from '../../tasks/login';
import {
addToCase,
checkActionItemsInResults,
clickRuleName,
loadRuleAlerts,
submitQuery,
viewRecentCaseAndCheckResults,
} from '../../tasks/live_query';
import { generateRandomStringName, interceptCaseId } from '../../tasks/integrations';

describe('Alert Event Details - Cases', () => {
import { tag } from '../../tags';
import { ServerlessRoleName } from '../../support/roles';
describe('Alert Event Details - Cases', { tags: [tag.ESS, tag.SERVERLESS] }, () => {
let ruleId: string;
let ruleName: string;
let packId: string;
Expand All @@ -44,9 +46,9 @@ describe('Alert Event Details - Cases', () => {
});

beforeEach(() => {
login(ROLE.soc_manager);
cy.login(ServerlessRoleName.SOC_MANAGER);
cy.visit('/app/security/rules');
cy.contains(ruleName).click();
clickRuleName(ruleName);
});

after(() => {
Expand All @@ -72,10 +74,10 @@ describe('Alert Event Details - Cases', () => {
cy.getBySel('expand-event').first().click({ force: true });
cy.getBySel('take-action-dropdown-btn').click();
cy.getBySel('osquery-action-item').click();
cy.contains('Run a set of queries in a pack').wait(500).click();
cy.getBySel('select-live-pack').within(() => {
cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
});
cy.contains(/^\d+ agen(t|ts) selected/);
cy.contains('Run a set of queries in a pack').click();
cy.get(LIVE_QUERY_EDITOR).should('not.exist');
cy.getBySel('select-live-pack').click().type(`${packName}{downArrow}{enter}`);
submitQuery();
cy.get('[aria-label="Add to Case"]').first().click();
cy.getBySel('cases-table-add-case-filter-bar').click();
Expand All @@ -91,7 +93,8 @@ describe('Alert Event Details - Cases', () => {
});
});

describe('Case', () => {
// verify why calling new action doesnt add to response actions list
describe.skip('Case', () => {
let caseId: string;

before(() => {
Expand Down Expand Up @@ -134,6 +137,7 @@ describe('Alert Event Details - Cases', () => {
cases: true,
timeline: true,
});

addToCase(caseId);
viewRecentCaseAndCheckResults();
});
Expand Down
16 changes: 9 additions & 7 deletions x-pack/plugins/osquery/cypress/e2e/all/alerts_liked_apps.cy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,21 @@

import { cleanupRule, loadRule } from '../../tasks/api_fixtures';
import { RESPONSE_ACTIONS_ITEM_0, RESPONSE_ACTIONS_ITEM_1 } from '../../tasks/response_actions';
import { ROLE, login } from '../../tasks/login';
import {
checkActionItemsInResults,
clickRuleName,
inputQuery,
loadRuleAlerts,
submitQuery,
} from '../../tasks/live_query';
import { closeModalIfVisible, closeToastIfVisible } from '../../tasks/integrations';
import { RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query';
import { tag } from '../../tags';
import { ServerlessRoleName } from '../../support/roles';

const UUID_REGEX = '[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}';

describe('Alert Event Details', { browser: 'electron' }, () => {
describe('Alert Event Details', { browser: 'electron', tags: [tag.ESS, tag.SERVERLESS] }, () => {
let ruleId: string;
let ruleName: string;

Expand All @@ -36,9 +38,9 @@ describe('Alert Event Details', { browser: 'electron' }, () => {
});

beforeEach(() => {
login(ROLE.soc_manager);
cy.login(ServerlessRoleName.SOC_MANAGER);
cy.visit('/app/security/rules');
cy.contains(ruleName).click();
clickRuleName(ruleName);
});

it('should be able to add investigation guides to response actions', () => {
Expand Down Expand Up @@ -98,7 +100,7 @@ describe('Alert Event Details', { browser: 'electron' }, () => {
closeModalIfVisible();
});

it('can visit discover from response action results', () => {
it('can visit discover from response action results', { tags: [tag.ESS] }, () => {
const discoverRegex = new RegExp(`action_id: ${UUID_REGEX}`);
cy.getBySel('expand-event').first().click();
cy.getBySel('securitySolutionDocumentDetailsFlyoutResponseSectionHeader').click();
Expand All @@ -124,7 +126,7 @@ describe('Alert Event Details', { browser: 'electron' }, () => {
});
});

it('can visit lens from response action results', () => {
it('can visit lens from response action results', { tags: [tag.ESS] }, () => {
const lensRegex = new RegExp(`Action ${UUID_REGEX} results`);
cy.getBySel('expand-event').first().click();
cy.getBySel('securitySolutionDocumentDetailsFlyoutResponseSectionHeader').click();
Expand Down Expand Up @@ -158,7 +160,7 @@ describe('Alert Event Details', { browser: 'electron' }, () => {
cy.getBySel('breadcrumbs').contains(lensRegex);
});

it('can add to timeline from response action results', () => {
it('can add to timeline from response action results', { tags: [tag.ESS] }, () => {
const timelineRegex = new RegExp(`Added ${UUID_REGEX} to timeline`);
const filterRegex = new RegExp(`action_id: "${UUID_REGEX}"`);
cy.getBySel('expand-event').first().click();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,18 @@
* 2.0.
*/

import { tag } from '../../tags';
import { cleanupRule, loadRule } from '../../tasks/api_fixtures';
import { ROLE, login } from '../../tasks/login';
import {
clickRuleName,
inputQuery,
loadRuleAlerts,
submitQuery,
takeOsqueryActionWithParams,
} from '../../tasks/live_query';
import { ServerlessRoleName } from '../../support/roles';

describe('Alert Event Details - dynamic params', () => {
describe('Alert Event Details - dynamic params', { tags: [tag.ESS, tag.SERVERLESS] }, () => {
let ruleId: string;
let ruleName: string;

Expand All @@ -31,9 +33,9 @@ describe('Alert Event Details - dynamic params', () => {
});

beforeEach(() => {
login(ROLE.soc_manager);
cy.login(ServerlessRoleName.SOC_MANAGER);
cy.visit('/app/security/rules');
cy.contains(ruleName).click();
clickRuleName(ruleName);
});

it('should substitute parameters in investigation guide', () => {
Expand Down
Loading

0 comments on commit 054cdba

Please sign in to comment.