Add more test for Security solution

elastic · Sep 8, 2023 · 34cb87f · 34cb87f
1 parent 1265e19
commit 34cb87f
Show file tree

Hide file tree

Showing 8 changed files with 352 additions and 14 deletions.
diff --git a/x-pack/plugins/security_solution/common/detection_engine/transform_actions.test.ts b/x-pack/plugins/security_solution/common/detection_engine/transform_actions.test.ts
@@ -18,8 +18,12 @@ import type {
   RuleResponseAction,
 } from '../api/detection_engine/model/rule_response_actions';
 import { RESPONSE_ACTION_TYPES } from '../api/detection_engine/model/rule_response_actions';
-import type { NormalizedRuleAction } from '../api/detection_engine/rule_management/bulk_actions/bulk_actions_route';
-import type { RuleAction } from '@kbn/alerting-plugin/common';
+import type {
+  NormalizedRuleAction,
+  NormalizedSystemRuleAction,
+} from '../api/detection_engine/rule_management/bulk_actions/bulk_actions_route';
+import type { RuleDefaultAction, RuleSystemAction } from '@kbn/alerting-plugin/common';
+import { RuleActionTypes } from '@kbn/alerting-plugin/common';
 
 describe('transform_actions', () => {
   test('it should transform RuleAlertAction[] to RuleAction[]', () => {
@@ -29,7 +33,9 @@ describe('transform_actions', () => {
       action_type_id: 'action_type_id',
       params: {},
     };
+
     const alertAction = transformRuleToAlertAction(ruleAction);
+
     expect(alertAction).toEqual({
       id: ruleAction.id,
       group: ruleAction.group,
@@ -38,6 +44,26 @@ describe('transform_actions', () => {
     });
   });
 
+  test('it should transform RuleAlertSystemAction[] to RuleSystemAction[]', () => {
+    const systemAction = {
+      id: 'id',
+      action_type_id: 'action_type_id',
+      params: {},
+      uuid: 'uuid',
+      type: RuleActionTypes.SYSTEM,
+    };
+
+    const alertAction = transformRuleToAlertAction(systemAction);
+
+    expect(alertAction).toEqual({
+      id: systemAction.id,
+      actionTypeId: systemAction.action_type_id,
+      params: systemAction.params,
+      uuid: systemAction.uuid,
+      type: systemAction.type,
+    });
+  });
+
   test('it should transform RuleAction[] to RuleAlertAction[]', () => {
     const alertAction = {
       id: 'id',
@@ -46,7 +72,9 @@ describe('transform_actions', () => {
       params: {},
       uuid: '111',
     };
+
     const ruleAction = transformAlertToRuleAction(alertAction);
+
     expect(ruleAction).toEqual({
       id: alertAction.id,
       group: alertAction.group,
@@ -55,6 +83,27 @@ describe('transform_actions', () => {
       uuid: '111',
     });
   });
+
+  test('it should transform RuleSystemAction[] to RuleAlertSystemAction[]', () => {
+    const systemAction = {
+      id: 'id',
+      actionTypeId: 'action_type_id',
+      params: {},
+      uuid: 'uuid',
+      type: RuleActionTypes.SYSTEM,
+    };
+
+    const ruleAction = transformAlertToRuleAction(systemAction);
+
+    expect(ruleAction).toEqual({
+      id: systemAction.id,
+      action_type_id: systemAction.actionTypeId,
+      params: systemAction.params,
+      uuid: systemAction.uuid,
+      type: systemAction.type,
+    });
+  });
+
   test('it should transform NormalizedRuleAction[] to NormalizedAlertAction[]', () => {
     const ruleAction: NormalizedRuleAction = {
       id: 'id',
@@ -63,7 +112,9 @@ describe('transform_actions', () => {
       frequency: { summary: true, throttle: null, notifyWhen: 'onActiveAlert' },
       alerts_filter: { query: { kql: '*', filters: [] } },
     };
+
     const alertAction = transformNormalizedRuleToAlertAction(ruleAction);
+
     expect(alertAction).toEqual({
       id: ruleAction.id,
       group: ruleAction.group,
@@ -72,8 +123,27 @@ describe('transform_actions', () => {
       alertsFilter: ruleAction.alerts_filter,
     });
   });
+
+  test('it should transform NormalizedSystemRuleAction[] to NormalizedSystemAlertAction[]', () => {
+    const systemAction: NormalizedSystemRuleAction = {
+      id: 'id',
+      params: {},
+      uuid: 'uuid',
+      type: RuleActionTypes.SYSTEM,
+    };
+
+    const alertAction = transformNormalizedRuleToAlertAction(systemAction);
+
+    expect(alertAction).toEqual({
+      id: systemAction.id,
+      params: systemAction.params,
+      uuid: systemAction.uuid,
+      type: systemAction.type,
+    });
+  });
+
   test('it should transform RuleAction[] to NormalizedRuleAction[]', () => {
-    const alertAction: RuleAction = {
+    const alertAction: RuleDefaultAction = {
       id: 'id',
       group: 'group',
       actionTypeId: 'actionTypeId',
@@ -82,15 +152,38 @@ describe('transform_actions', () => {
       frequency: { summary: true, throttle: null, notifyWhen: 'onActiveAlert' },
       alertsFilter: { query: { kql: '*', filters: [] } },
     };
+
     const ruleAction = transformAlertToNormalizedRuleAction(alertAction);
+
     expect(ruleAction).toEqual({
       id: alertAction.id,
       group: alertAction.group,
       params: alertAction.params,
       frequency: alertAction.frequency,
       alerts_filter: alertAction.alertsFilter,
+      uuid: '111',
     });
   });
+
+  test('it should transform RuleSystemAction[] to NormalizedSystemAlertAction[]', () => {
+    const systemAction: RuleSystemAction = {
+      id: 'id',
+      actionTypeId: 'action_type_id',
+      params: {},
+      uuid: 'uuid',
+      type: RuleActionTypes.SYSTEM,
+    };
+
+    const ruleAction = transformAlertToNormalizedRuleAction(systemAction);
+
+    expect(ruleAction).toEqual({
+      id: systemAction.id,
+      params: systemAction.params,
+      uuid: systemAction.uuid,
+      type: systemAction.type,
+    });
+  });
+
   test('it should transform ResponseAction[] to RuleResponseAction[]', () => {
     const ruleAction: ResponseAction = {
       action_type_id: RESPONSE_ACTION_TYPES.OSQUERY,
@@ -102,7 +195,9 @@ describe('transform_actions', () => {
         queries: undefined,
       },
     };
+
     const alertAction = transformRuleToAlertResponseAction(ruleAction);
+
     expect(alertAction).toEqual({
       actionTypeId: ruleAction.action_type_id,
       params: {
@@ -126,7 +221,9 @@ describe('transform_actions', () => {
         queries: undefined,
       },
     };
+
     const ruleAction = transformAlertToRuleResponseAction(alertAction);
+
     expect(ruleAction).toEqual({
       action_type_id: alertAction.actionTypeId,
       params: {

diff --git a/x-pack/plugins/security_solution/common/utils/is_system_action.test.ts b/x-pack/plugins/security_solution/common/utils/is_system_action.test.ts
@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { RuleDefaultAction, RuleSystemAction } from '@kbn/alerting-plugin/common';
+import { RuleActionTypes } from '@kbn/alerting-plugin/common';
+import { isSystemAction } from './is_system_action';
+
+describe('isSystemAction', () => {
+  const defaultAction: RuleDefaultAction = {
+    actionTypeId: '.test',
+    uuid: '111',
+    group: 'default',
+    id: '1',
+    params: {},
+  };
+
+  const systemAction: RuleSystemAction = {
+    id: '1',
+    uuid: '123',
+    params: { 'not-exist': 'test' },
+    actionTypeId: '.test',
+    type: RuleActionTypes.SYSTEM,
+  };
+
+  it('returns true if it is a system action', () => {
+    expect(isSystemAction(systemAction)).toBe(true);
+  });
+
+  it('returns false if it is not a system action', () => {
+    expect(isSystemAction(defaultAction)).toBe(false);
+  });
+});
diff --git a/...solution/server/lib/detection_engine/rule_management/logic/actions/duplicate_rule.test.ts b/...solution/server/lib/detection_engine/rule_management/logic/actions/duplicate_rule.test.ts
@@ -6,9 +6,15 @@
  */
 
 import { v4 as uuidv4 } from 'uuid';
-import type { SanitizedRule } from '@kbn/alerting-plugin/common';
+import type {
+  RuleSystemAction,
+  SanitizedDefaultRuleAction,
+  SanitizedRule,
+} from '@kbn/alerting-plugin/common';
+import { RuleActionTypes } from '@kbn/alerting-plugin/common';
 import type { RuleParams } from '../../../rule_schema';
 import { duplicateRule } from './duplicate_rule';
+import { NOTIFICATION_DEFAULT_FREQUENCY } from '../../../../../../common/constants';
 
 jest.mock('uuid', () => ({
   v4: jest.fn(),
@@ -157,6 +163,41 @@ describe('duplicateRule', () => {
     );
   });
 
+  it('should add frequency to default actions', async () => {
+    const defaultAction: SanitizedDefaultRuleAction = {
+      group: 'group',
+      id: 'id-123',
+      actionTypeId: 'id-456',
+      params: {},
+    };
+
+    const rule = createTestRule();
+    const result = await duplicateRule({
+      rule: { ...rule, actions: [defaultAction] },
+    });
+
+    expect(result.actions).toEqual([
+      { ...defaultAction, frequency: NOTIFICATION_DEFAULT_FREQUENCY },
+    ]);
+  });
+
+  it('should not add frequency to system actions', async () => {
+    const systemAction: RuleSystemAction = {
+      id: 'id',
+      actionTypeId: 'action_type_id',
+      params: {},
+      uuid: 'uuid',
+      type: RuleActionTypes.SYSTEM,
+    };
+
+    const rule = createTestRule();
+    const result = await duplicateRule({
+      rule: { ...rule, actions: [systemAction] },
+    });
+
+    expect(result.actions).toEqual([systemAction]);
+  });
+
   describe('when duplicating a prebuilt (immutable) rule', () => {
     const createPrebuiltRule = () => {
       const rule = createTestRule();

diff --git a/...ection_engine/rule_management/logic/bulk_actions/action_to_rules_client_operation.test.ts b/...ection_engine/rule_management/logic/bulk_actions/action_to_rules_client_operation.test.ts
@@ -5,6 +5,9 @@
  * 2.0.
  */
 
+import { RuleActionTypes } from '@kbn/alerting-plugin/common';
+import { NOTIFICATION_DEFAULT_FREQUENCY } from '../../../../../../common/constants';
+import type { BulkActionEditPayloadRuleActions } from '../../../../../../common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route';
 import { BulkActionEditType } from '../../../../../../common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route';
 import { bulkEditActionToRulesClientOperation } from './action_to_rules_client_operation';
 
@@ -58,4 +61,54 @@ describe('bulkEditActionToRulesClientOperation', () => {
       },
     ]);
   });
+
+  const actionTests: Array<[BulkActionEditPayloadRuleActions['type'], string]> = [
+    [BulkActionEditType.add_rule_actions, 'add'],
+    [BulkActionEditType.set_rule_actions, 'set'],
+  ];
+
+  test.each(actionTests)('should transform actions bulk edit %s correctly', (type, operation) => {
+    const defaultAction = {
+      id: 'id',
+      action_type_id: 'action_type_id',
+      params: {},
+      group: 'group',
+    };
+
+    const systemAction = {
+      id: 'id',
+      action_type_id: 'action_type_id',
+      params: {},
+      uuid: 'uuid',
+      type: RuleActionTypes.SYSTEM,
+    };
+
+    expect(
+      bulkEditActionToRulesClientOperation({
+        type,
+        value: {
+          actions: [defaultAction, systemAction],
+        },
+      })
+    ).toEqual([
+      {
+        field: 'actions',
+        operation,
+        value: [
+          {
+            id: 'id',
+            group: 'group',
+            params: {},
+            frequency: NOTIFICATION_DEFAULT_FREQUENCY,
+          },
+          {
+            id: 'id',
+            params: {},
+            type: RuleActionTypes.SYSTEM,
+            uuid: 'uuid',
+          },
+        ],
+      },
+    ]);
+  });
 });