[MKI] Failing test: x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/coverage_overview/coverage_overview.cy.ts

[MadameSheema]

It is failing in MKI with the following error:

The request we sent was:

Method: PUT
URL: https://kibana-cypress-security-solution-ephemeral-850d2b7-d27100.es.eu-west-1.aws.qa.elastic.cloud/.kibana_security_solution/_mapping
Headers: {
"Connection": "keep-alive",
"kbn-xsrf": "cypress-creds",
"x-elastic-internal-origin": "security-solution",
"elastic-api-version": [
"2023-10-31"
],
"Content-Type": "application/json",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36",
"accept": "/",
"authorization": "Basic dGVzdGluZy1pbnRlcm5hbDp3NTZXWEVjTDAwQjc5NFI5cnQ0UDBqWlQ=",
"accept-encoding": "gzip, deflate",
"content-length": 16
}
Body: {"dynamic":true}

-----------------------------------------------------------

The response we got was:

Status: 403 - Forbidden
Headers: {
"content-length": "565",
"content-type": "application/json",
"elastic-api-version": "2023-10-31",
"x-cloud-request-id": "oVpKs35lQ_S-VLpAkdODpw",
"x-found-handling-cluster": "d27100edab91491e9109842d9d6a3f9a.es",
"x-found-handling-instance": "es-es-index-9cc88c7b5-jd96w",
"date": "Wed, 20 Mar 2024 13:51:01 GMT"
}
Body: {
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:admin/mapping/put] is unauthorized for user [testing-internal] with effective roles [superuser] on restricted indices [.kibana_security_solution], this action is granted by the index privileges [manage,all]"
}
],
"type": "security_exception",
"reason": "action [indices:admin/mapping/put] is unauthorized for user [testing-internal] with effective roles [superuser] on restricted indices [.kibana_security_solution], this action is granted by the index privileges [manage,all]"
},
"status": 403
}

This is because when doing createAndInstallMockedPrebuiltRules on the beforeEach hook, executes the below piece of code, which is hitting an internal index, something that is forbidden in MKI environments. (x-pack/test/security_solution_cypress/cypress/tasks/api_calls/prebuilt_rules.ts line 146).

   rootRequest({
    method: 'PUT',
    url: `${Cypress.env('ELASTICSEARCH_URL')}/${index}/_mapping`,
    body: {
      dynamic: true,
    },
    headers: {
      'Content-Type': 'application/json',
    },
  });

If we comment that piece of code, all the tests works in a non-mki environment and in an mki environments all the tests inside the spec file except technique panel renders custom and prebuilt rule data on page load passes.

With the piece of code commented, the test fails because the prebuilt rules are not created, but just in the MKI environment.

@banderror @maximpn can you please confirm what do you want to do?

1. Skip the whole spec file in MKI
2. Comment the problematic piece of code and skip just the technique panel renders custom and prebuilt rule data on page load test in MKI.

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[banderror]

@MadameSheema I'll look into this issue. I believe we shouldn't be commenting any code that our tests depend on, but I'll need to look into the code first.

[MadameSheema]

Thanks @banderror as I don't have a deep knowledge in your area, I don't want to make any decision for you. This ticket is the output of the investigation I run trying to make easier to figure out which can be the root cause of the issue and possible workaround for now to have the green build on MKI but work should be done for sure to have the green build without having to skip the test on MKI.

[maximpn]

@MadameSheema Can we skip only technique panel renders custom and prebuilt rule data on page load test in MKI environment? Regarding the test coverage skipping the whole spec file in MKI is better than commenting the problematic technique panel renders custom and prebuilt rule data on page load test. In the second case it won't run in any environment.

[MadameSheema]

@MadameSheema Can we skip only technique panel renders custom and prebuilt rule data on page load test in MKI environment?

If we skip just that test without commenting the problematic code I shared above, the whole spec file fails.

Regarding the test coverage skipping the whole spec file in MKI is better than commenting the problematic technique panel renders custom and prebuilt rule data on page load test. In the second case it won't run in any environment.

Skipping the whole spec file in MKI will not affect the regular executions on PRs for both Serverless and ESS. I tested it on ESS without the problematic piece of code, and the spec file passed.

[MadameSheema]

For now, the whole test is going to be skipped just in MKI executions until more investigations are performed.

[banderror]

This test has been skipped in the periodic pipeline as part of https://github.com/elastic/security-team/issues/10609. We don't have any short-term plans for fixing and enabling it there. We're gonna be revisiting and extending our MKI test suite next year: #200309.