Skip to content

Commit

Permalink
[8.9] [Security Solution] Intercept individual package installation v…
Browse files Browse the repository at this point in the history
…ia Fleet (#161859) (#161972)

# Backport

This will backport the following commits from `main` to `8.9`:
- [[Security Solution] Intercept individual package installation via
Fleet (#161859)](#161859)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Juan Pablo
Djeredjian","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-07-14T13:49:42Z","message":"[Security
Solution] Intercept individual package installation via Fleet
(#161859)\n\n## Summary\r\n\r\nDuring Cypress tests, intercept
`POST\r\n/api/fleet/epm/packages/security_detection_engine/*`.\r\n\r\nThis
is the endpoint used when a specific
`security_detection_engine`\r\npackage is set to be used via
the\r\n`--xpack.securitySolution.prebuiltRulesPackageVersion` config
flag,\r\nwhich is used to test by the TRADE team.\r\n\r\nThis PR updates
the test to account for that flow.\r\n\r\n### For maintainers\r\n\r\n- [
] This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"45a483f49643bcca4ff130d9f100c38a1a2181e7","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","backport:skip","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","v8.10.0"],"number":161859,"url":"https://github.com/elastic/kibana/pull/161859","mergeCommit":{"message":"[Security
Solution] Intercept individual package installation via Fleet
(#161859)\n\n## Summary\r\n\r\nDuring Cypress tests, intercept
`POST\r\n/api/fleet/epm/packages/security_detection_engine/*`.\r\n\r\nThis
is the endpoint used when a specific
`security_detection_engine`\r\npackage is set to be used via
the\r\n`--xpack.securitySolution.prebuiltRulesPackageVersion` config
flag,\r\nwhich is used to test by the TRADE team.\r\n\r\nThis PR updates
the test to account for that flow.\r\n\r\n### For maintainers\r\n\r\n- [
] This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"45a483f49643bcca4ff130d9f100c38a1a2181e7"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/161859","number":161859,"mergeCommit":{"message":"[Security
Solution] Intercept individual package installation via Fleet
(#161859)\n\n## Summary\r\n\r\nDuring Cypress tests, intercept
`POST\r\n/api/fleet/epm/packages/security_detection_engine/*`.\r\n\r\nThis
is the endpoint used when a specific
`security_detection_engine`\r\npackage is set to be used via
the\r\n`--xpack.securitySolution.prebuiltRulesPackageVersion` config
flag,\r\nwhich is used to test by the TRADE team.\r\n\r\nThis PR updates
the test to account for that flow.\r\n\r\n### For maintainers\r\n\r\n- [
] This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"45a483f49643bcca4ff130d9f100c38a1a2181e7"}}]}]
BACKPORT-->

Co-authored-by: Juan Pablo Djeredjian <[email protected]>
  • Loading branch information
kibanamachine and jpdjere authored Jul 16, 2023
1 parent d3e1266 commit 6f96154
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 18 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -45,35 +45,57 @@ describe('Detection rules, Prebuilt Rules Installation and Update workflow', ()

describe('Installation of prebuilt rules package via Fleet', () => {
beforeEach(() => {
cy.intercept('POST', '/api/fleet/epm/packages/_bulk*').as('installPackage');
cy.intercept('POST', '/api/fleet/epm/packages/_bulk*').as('installPackageBulk');
cy.intercept('POST', '/api/fleet/epm/packages/security_detection_engine/*').as(
'installPackage'
);
waitForRulesTableToBeLoaded();
});

it('should install package from Fleet in the background', () => {
/* Assert that the package in installed from Fleet by checking that
/* the installSource is "registry", as opposed to "bundle" */
cy.wait('@installPackage', {
cy.wait('@installPackageBulk', {
timeout: 60000,
}).then(({ response }) => {
cy.wrap(response?.statusCode).should('eql', 200);

const packages = response?.body.items.map(({ name, result }: BulkInstallPackageInfo) => ({
name,
installSource: result.installSource,
}));

expect(packages.length).to.have.greaterThan(0);
expect(packages).to.deep.include.members([
{ name: 'security_detection_engine', installSource: 'registry' },
]);
}).then(({ response: bulkResponse }) => {
cy.wrap(bulkResponse?.statusCode).should('eql', 200);

const packages = bulkResponse?.body.items.map(
({ name, result }: BulkInstallPackageInfo) => ({
name,
installSource: result.installSource,
})
);

const packagesBulkInstalled = packages.map(({ name }: { name: string }) => name);

// Under normal flow the package is installed via the Fleet bulk install API.
// However, for testing purposes the package can be installed via the Fleet individual install API,
// so we need to intercept and wait for that request as well.
if (!packagesBulkInstalled.includes('security_detection_engine')) {
// Should happen only during testing when the `xpack.securitySolution.prebuiltRulesPackageVersion` flag is set
cy.wait('@installPackage').then(({ response }) => {
cy.wrap(response?.statusCode).should('eql', 200);
cy.wrap(response?.body)
.should('have.property', 'items')
.should('have.length.greaterThan', 0);
cy.wrap(response?.body)
.should('have.property', '_meta')
.should('have.property', 'install_source')
.should('eql', 'registry');
});
} else {
// Normal flow, install via the Fleet bulk install API
expect(packages.length).to.have.greaterThan(0);
expect(packages).to.deep.include.members([
{ name: 'security_detection_engine', installSource: 'registry' },
]);
}
});
});

it('should install rules from the Fleet package when user clicks on CTA', () => {
/* Retrieve how many rules were installed from the Fleet package */
cy.wait('@installPackage', {
timeout: 60000,
}).then(() => {
const getRulesAndAssertNumberInstalled = () => {
getRuleAssets().then((response) => {
const ruleIds = response.body.hits.hits.map(
(hit: { _source: { ['security-rule']: Rule } }) => hit._source['security-rule'].rule_id
Expand All @@ -87,6 +109,25 @@ describe('Detection rules, Prebuilt Rules Installation and Update workflow', ()
.should('be.visible')
.should('have.text', `${numberOfRulesToInstall} rules installed successfully.`);
});
};
/* Retrieve how many rules were installed from the Fleet package */
/* See comments in test above for more details */
cy.wait('@installPackageBulk', {
timeout: 60000,
}).then(({ response: bulkResponse }) => {
cy.wrap(bulkResponse?.statusCode).should('eql', 200);

const packagesBulkInstalled = bulkResponse?.body.items.map(
({ name }: { name: string }) => name
);

if (!packagesBulkInstalled.includes('security_detection_engine')) {
cy.wait('@installPackage').then(() => {
getRulesAndAssertNumberInstalled();
});
} else {
getRulesAndAssertNumberInstalled();
}
});
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@ export const getRuleAssets = (index: string | undefined = '.kibana_security_solu
/* during e2e tests, and allow for manual installation of mock rules instead. */
export const preventPrebuiltRulesPackageInstallation = () => {
cy.intercept('POST', '/api/fleet/epm/packages/_bulk*', {});
cy.intercept('POST', '/api/fleet/epm/packages/security_detection_engine/*', {});
};

/**
Expand Down

0 comments on commit 6f96154

Please sign in to comment.