Skip to content

Commit

Permalink
Merge branch 'system_actions_mvp' into sa_update_rule_api
Browse files Browse the repository at this point in the history
  • Loading branch information
guskovaue committed Nov 14, 2023
2 parents 3871f8c + d8a7569 commit 9d15915
Show file tree
Hide file tree
Showing 2,744 changed files with 59,981 additions and 25,563 deletions.
24 changes: 14 additions & 10 deletions .buildkite/ftr_configs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ disabled:
- x-pack/test/security_solution_api_integration/config/ess/config.base.ts
- x-pack/test/security_solution_api_integration/config/serverless/config.base.ts
- x-pack/test/security_solution_endpoint/config.base.ts
- x-pack/test/security_solution_endpoint_api_int/config.base.ts

# QA suites that are run out-of-band
- x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js
Expand Down Expand Up @@ -225,13 +226,8 @@ enabled:
- x-pack/test/detection_engine_api_integration/security_and_spaces/group1/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/group4/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/group5/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/group6/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/group10/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/large_prebuilt_rules_package/config.ts
- x-pack/test/detection_engine_api_integration/security_and_spaces/update_prebuilt_rules_package/config.ts
- x-pack/test/disable_ems/config.ts
- x-pack/test/encrypted_saved_objects_api_integration/config.ts
- x-pack/test/examples/config.ts
Expand Down Expand Up @@ -386,6 +382,7 @@ enabled:
- x-pack/test/security_functional/user_profiles.config.ts
- x-pack/test/security_functional/expired_session.config.ts
- x-pack/test/security_solution_endpoint_api_int/config.ts
- x-pack/test/security_solution_endpoint_api_int/serverless.config.ts
- x-pack/test/security_solution_endpoint/endpoint.config.ts
- x-pack/test/security_solution_endpoint/serverless.endpoint.config.ts
- x-pack/test/security_solution_endpoint/integrations.config.ts
Expand Down Expand Up @@ -461,8 +458,15 @@ enabled:
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/ess.config.ts





- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/ess.config.ts
10 changes: 10 additions & 0 deletions .buildkite/pipelines/artifacts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,16 @@ steps:
- exit_status: '*'
limit: 1

- command: KIBANA_DOCKER_CONTEXT=ironbank .buildkite/scripts/steps/artifacts/docker_context.sh
label: 'Docker Context Verification'
agents:
queue: n2-2
timeout_in_minutes: 30
retry:
automatic:
- exit_status: '*'
limit: 1

- command: .buildkite/scripts/steps/artifacts/cloud.sh
label: 'Cloud Deployment'
soft_fail:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# https://buildkite.com/elastic/kibana-serverless-emergency-release-branch-testing

## Triggers the artifacts container image build for emergency releases
agents:
queue: kibana-default

notify:
- slack: "#kibana-mission-control"
if: "build.state == 'passed' || build.state == 'failed' || build.state == 'scheduled'"

steps:
- trigger: "kibana-artifacts-container-image"
label: ":docker: Build Kibana Artifacts Container Image"
build:
branch: $BUILDKITE_BRANCH
commit: $BUILDKITE_COMMIT
message: Running PR build for $BUILDKITE_BRANCH
67 changes: 67 additions & 0 deletions .buildkite/pipelines/security_solution/api_integration.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
steps:
- label: Running exception_workflows:runner:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:qa:serverless
key: exception_workflows:runner:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '*'
limit: 2

- label: Running exception_operators_date_numeric_types:runner:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_date_numeric_types:qa:serverless
key: exception_operators_date_numeric_types:runner:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '*'
limit: 2

- label: Running exception_operators_keyword_text_long:runner:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:qa:serverless
key: exception_operators_keyword_text_long:runner:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '*'
limit: 2

- label: Running exception_operators_ips_text_array:runner:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:qa:serverless
key: exception_operators_ips_text_array:runner:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2

- label: Running rule_creation:runner:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:qa:serverless
key: rule_creation:runner:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2

- label: Running actions:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh actions:qa:serverless
key: actions:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2

Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
steps:
- command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless
label: 'Serverless MKI QA Security Cypress Tests'
agents:
queue: n2-4-spot
# TODO : Revise the timeout when the pipeline will be officially integrated with the quality gate.
timeout_in_minutes: 300
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1

- command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:explore
label: 'Serverless MKI QA Explore - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
# TODO : Revise the timeout when the pipeline will be officially integrated with the quality gate.
timeout_in_minutes: 300
parallelism: 4
retry:
automatic:
- exit_status: '*'
limit: 1

- command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:investigations
label: 'Serverless MKI QA Investigations - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
# TODO : Revise the timeout when the pipeline will be officially integrated with the quality gate.
timeout_in_minutes: 300
parallelism: 8
retry:
automatic:
- exit_status: '*'
limit: 1
2 changes: 2 additions & 0 deletions .buildkite/scripts/build_kibana.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ is_pr_with_label "ci:build-docker-cross-compile" && BUILD_ARGS+=("--docker-cross
is_pr_with_label "ci:build-os-packages" || BUILD_ARGS+=("--skip-os-packages")
is_pr_with_label "ci:build-canvas-shareable-runtime" || BUILD_ARGS+=("--skip-canvas-shareable-runtime")
is_pr_with_label "ci:build-docker-contexts" || BUILD_ARGS+=("--skip-docker-contexts")
is_pr_with_label "ci:build-cdn-assets" || BUILD_ARGS+=("--skip-cdn-assets")

echo "> node scripts/build" "${BUILD_ARGS[@]}"
node scripts/build "${BUILD_ARGS[@]}"
Expand All @@ -24,6 +25,7 @@ if is_pr_with_label "ci:build-cloud-image"; then
--skip-initialize \
--skip-generic-folders \
--skip-platform-folders \
--skip-cdn-assets \
--skip-archives \
--docker-images \
--docker-tag-qualifier="$GIT_COMMIT" \
Expand Down
18 changes: 18 additions & 0 deletions .buildkite/scripts/common/env.sh
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,24 @@ export KIBANA_BASE_BRANCH="$KIBANA_PKG_BRANCH"
KIBANA_PKG_VERSION="$(jq -r .version "$KIBANA_DIR/package.json")"
export KIBANA_PKG_VERSION

# Detects and exports the final target branch when using a merge queue
if [[ "${BUILDKITE_BRANCH:-}" == "gh-readonly-queue"* ]]; then
# removes gh-readonly-queue/
BKBRANCH_WITHOUT_GH_MQ_PREFIX="${BUILDKITE_BRANCH#gh-readonly-queue/}"

# extracts target mqueue branch
MERGE_QUEUE_TARGET_BRANCH=${BKBRANCH_WITHOUT_GH_MQ_PREFIX%/*}
else
MERGE_QUEUE_TARGET_BRANCH=""
fi
export MERGE_QUEUE_TARGET_BRANCH

# Exports BUILDKITE_BRANCH_MERGE_QUEUE which will use the value from MERGE_QUEUE_TARGET_BRANCH if defined otherwise
# will fallback to BUILDKITE_BRANCH.
BUILDKITE_BRANCH_MERGE_QUEUE="${MERGE_QUEUE_TARGET_BRANCH:-${BUILDKITE_BRANCH:-}}"
export BUILDKITE_BRANCH_MERGE_QUEUE


BUILDKITE_AGENT_GCP_REGION=""
if [[ "$(curl -is metadata.google.internal || true)" ]]; then
# projects/1003139005402/zones/us-central1-a -> us-central1-a -> us-central1
Expand Down
1 change: 1 addition & 0 deletions .buildkite/scripts/lifecycle/post_command.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ if [[ "$IS_TEST_EXECUTION_STEP" == "true" ]]; then
buildkite-agent artifact upload 'target/kibana-coverage/functional/**/*'
buildkite-agent artifact upload 'target/kibana-*'
buildkite-agent artifact upload 'target/kibana-security-solution/**/*.png'
buildkite-agent artifact upload 'target/kibana-security-solution/**/management/**/*.mp4'
buildkite-agent artifact upload 'target/kibana-osquery/**/*.png'
buildkite-agent artifact upload 'target/kibana-osquery/**/*.mp4'
buildkite-agent artifact upload 'target/kibana-fleet/**/*.png'
Expand Down
4 changes: 2 additions & 2 deletions .buildkite/scripts/pipelines/pull_request/pipeline.ts
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,8 @@ const uploadPipeline = (pipelineContent: string | object) => {
}

if (
GITHUB_PR_LABELS.includes('ci:project-deploy-es') ||
GITHUB_PR_LABELS.includes('ci:project-deploy-oblt') ||
GITHUB_PR_LABELS.includes('ci:project-deploy-elasticsearch') ||
GITHUB_PR_LABELS.includes('ci:project-deploy-observability') ||
GITHUB_PR_LABELS.includes('ci:project-deploy-security')
) {
pipeline.push(getPipeline('.buildkite/pipelines/pull_request/deploy_project.yml'));
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#!/bin/bash
if [ -z "$1" ]
then
echo "No target script from the package.json file, is supplied"
exit 1
fi

source .buildkite/scripts/common/util.sh
.buildkite/scripts/bootstrap.sh

buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true"

echo "--- Serverless Security Second Quality Gate"
cd x-pack/test/security_solution_api_integration
set +e

QA_API_KEY=$(retry 5 5 vault read -field=qa_api_key secret/kibana-issues/dev/security-solution-qg-enc-key)

# Generate a random 5-digit number
random_number=$((10000 + $RANDOM % 90000))
ENVIRONMENT_DETAILS=$(curl --location 'https://global.qa.cld.elstc.co/api/v1/serverless/projects/security' \
--header "Authorization: ApiKey $QA_API_KEY" \
--header 'Content-Type: application/json' \
--data '{
"name": "ftr-integration-tests-'$random_number'",
"region_id": "aws-eu-west-1"}' | jq '.')
NAME=$(echo $ENVIRONMENT_DETAILS | jq -r '.name')
ID=$(echo $ENVIRONMENT_DETAILS | jq -r '.id')
ES_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.elasticsearch')
KB_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.kibana')

# Wait five seconds for the project to appear
sleep 5

# Resetting the credentials of the elastic user in the project
CREDS_BODY=$(curl -s --location --request POST "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID/_reset-credentials" \
--header "Authorization: ApiKey $QA_API_KEY" \
--header 'Content-Type: application/json' | jq '.')
USERNAME=$(echo $CREDS_BODY | jq -r '.username')
PASSWORD=$(echo $CREDS_BODY | jq -r '.password')
AUTH=$(echo "$USERNAME:$PASSWORD")

# Checking if Elasticsearch has status green
while : ; do
STATUS=$(curl -u $AUTH --location "$ES_URL:443/_cluster/health?wait_for_status=green&timeout=50s" | jq -r '.status')
if [ "$STATUS" != "green" ]; then
echo "Sleeping for 40s to wait for ES status to be green..."
sleep 40
else
echo "Elasticsearch has status green."
break
fi
done

# Checking if Kibana is available
while : ; do
STATUS=$(curl -u $AUTH --location "$KB_URL:443/api/status" | jq -r '.status.overall.level')
if [ "$STATUS" != "available" ]; then
echo "Sleeping for 15s to wait for Kibana to be available..."
sleep 15
else
echo "Kibana is available."
break
fi
done

# Removing the https:// part of the url provided in order to use it in the command below.
FORMATTED_ES_URL="${ES_URL/https:\/\//}"
FORMATTED_KB_URL="${KB_URL/https:\/\//}"

# Find a way to remove this in the future
# This is used in order to wait for the environment to be ready.
sleep 150

TEST_CLOUD=1 TEST_ES_URL="https://elastic:$PASSWORD@$FORMATTED_ES_URL:443" TEST_KIBANA_URL="https://elastic:$PASSWORD@$FORMATTED_KB_URL:443" yarn run $1
cmd_status=$?
echo "Exit code with status: $cmd_status"

curl --location --request DELETE "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID" \
--header "Authorization: ApiKey $QA_API_KEY"

exit $cmd_status
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash

set -euo pipefail

echo "Running the EDR-Workflows testing for Kibana"

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/bin/bash

set -euo pipefail

if [ -z "$1" ]
then
echo "No target script from the package.json file, is supplied"
exit 1
fi

source .buildkite/scripts/common/util.sh
source .buildkite/scripts/steps/functional/common_cypress.sh
.buildkite/scripts/bootstrap.sh

export JOB=kibana-security-solution-chrome

buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true"

cd x-pack/test/security_solution_cypress
set +e

QA_API_KEY=$(retry 5 5 vault read -field=qa_api_key secret/kibana-issues/dev/security-solution-qg-enc-key)

CLOUD_QA_API_KEY=$QA_API_KEY yarn $1; status=$?; yarn junit:merge || :; exit $status
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash

set -euo pipefail

ts-node .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/pipeline.ts
Loading

0 comments on commit 9d15915

Please sign in to comment.