elastic · FrankHassanabad · Oct 27, 2021 · Oct 25, 2021 · Oct 25, 2021 · Oct 25, 2021
diff --git a/test/common/services/bsearch.ts b/test/common/services/bsearch.ts
@@ -0,0 +1,122 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import expect from '@kbn/expect';
+import request from 'superagent';
+import type SuperTest from 'supertest';
+import { IEsSearchResponse } from 'src/plugins/data/common';
+import { FtrProviderContext } from '../ftr_provider_context';
+import { RetryService } from './retry/retry';
+
+/**
+ * Function copied from here:
+ * test/api_integration/apis/search/bsearch.ts without the compress
+ *
+ * Splits the JSON lines from bsearch
+ */
+const parseBfetchResponse = (resp: request.Response): Array<Record<string, any>> => {
+  return resp.text
+    .trim()
+    .split('\n')
+    .map((item) => JSON.parse(item));
+};
+
+/**
+ * Function copied from here:
+ * x-pack/test/rule_registry/common/lib/authentication/spaces.ts
+ * @param spaceId The space id we want to utilize
+ */
+const getSpaceUrlPrefix = (spaceId?: string): string => {
+  return spaceId && spaceId !== 'default' ? `/s/${spaceId}` : ``;
+};
+
+/**
+ * Options for the send method
+ */
+interface SendOptions {
+  supertest: SuperTest.SuperTest<SuperTest.Test>;
+  options: object;
+  strategy: string;
+  space?: string;
+}
+
+/**
+ * Bsearch factory which will return a new bsearch capable service that can reduce flake
+ * on the CI systems when they are under pressure and bsearch returns an async search
+ * response or a sync response.
+ *
+ * @example
+ * const supertest = getService('supertest');
+ * const bsearch = getService('bsearch');
+ * const response = await bsearch.send<MyType>({
+ *   supertest,
+ *   options: {
+ *     defaultIndex: ['large_volume_dns_data'],
+ *   }
+ *    strategy: 'securitySolutionSearchStrategy',
+ *   });
+ * expect(response).eql({ ... your value ... });
+ */
+export const BSearchFactory = (retry: RetryService) => ({
+  /** Send method to send in your supertest, url, options, and strategy name */
+  send: async <T extends IEsSearchResponse>({
+    supertest,
+    options,
+    strategy,
+    space,
+  }: SendOptions): Promise<T> => {
+    const spaceUrl = getSpaceUrlPrefix(space);
+    const { body } = await retry.try(async () => {
+      return supertest
+        .post(`${spaceUrl}/internal/search/${strategy}`)
+        .set('kbn-xsrf', 'true')
+        .send(options)
+        .expect(200);
+    });
+
+    if (body.isRunning) {
+      const result = await retry.try(async () => {
+        const resp = await supertest
+          .post(`${spaceUrl}/internal/bsearch`)
+          .set('kbn-xsrf', 'true')
+          .send({
+            batch: [
+              {
+                request: {
+                  id: body.id,
+                  ...options,
+                },
+                options: {
+                  strategy,
+                },
+              },
+            ],
+          })
+          .expect(200);
+        const [parsedResponse] = parseBfetchResponse(resp);
+        expect(parsedResponse.result.isRunning).equal(false);
+        return parsedResponse.result;
+      });
+      return result;
+    } else {
+      return body;
+    }
+  },
+});
+
+/**
+ * Bsearch provider which will return a new bsearch capable service that can reduce flake
+ * on the CI systems when they are under pressure and bsearch returns an async search response
+ * or a sync response.
+ */
+export function BSearchProvider({
+  getService,
+}: FtrProviderContext): ReturnType<typeof BSearchFactory> {
+  const retry = getService('retry');
+  return BSearchFactory(retry);
+}
diff --git a/test/common/services/index.ts b/test/common/services/index.ts
@@ -16,6 +16,7 @@ import { SecurityServiceProvider } from './security';
 import { EsDeleteAllIndicesProvider } from './es_delete_all_indices';
 import { SavedObjectInfoService } from './saved_object_info';
 import { IndexPatternsService } from './index_patterns';
+import { BSearchProvider } from './bsearch';
 
 export const services = {
   deployment: DeploymentService,
@@ -28,4 +29,5 @@ export const services = {
   esDeleteAllIndices: EsDeleteAllIndicesProvider,
   savedObjectInfo: SavedObjectInfoService,
   indexPatterns: IndexPatternsService,
+  bsearch: BSearchProvider,
 };
diff --git a/x-pack/test/api_integration/apis/security_solution/authentications.ts b/x-pack/test/api_integration/apis/security_solution/authentications.ts
@@ -6,7 +6,10 @@
  */
 
 import expect from '@kbn/expect';
-import { HostsQueries } from '../../../../plugins/security_solution/common/search_strategy';
+import {
+  HostAuthenticationsStrategyResponse,
+  HostsQueries,
+} from '../../../../plugins/security_solution/common/search_strategy';
 
 import { FtrProviderContext } from '../../ftr_provider_context';
 
@@ -22,16 +25,19 @@ const EDGE_LENGTH = 1;
 export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const supertest = getService('supertest');
+  const bsearch = getService('bsearch');
 
   describe('authentications', () => {
-    before(() => esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'));
-    after(() => esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'));
+    before(async () => await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'));
+
+    after(
+      async () => await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts')
+    );
 
     it('Make sure that we get Authentication data', async () => {
-      const { body: authentications } = await supertest
-        .post('/internal/search/securitySolutionSearchStrategy/')
-        .set('kbn-xsrf', 'true')
-        .send({
+      const authentications = await bsearch.send<HostAuthenticationsStrategyResponse>({
+        supertest,
+        options: {
           factoryQueryType: HostsQueries.authentications,
           timerange: {
             interval: '12h',
@@ -47,20 +53,19 @@ export default function ({ getService }: FtrProviderContext) {
           defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           inspect: false,
-          wait_for_completion_timeout: '10s',
-        })
-        .expect(200);
+        },
+        strategy: 'securitySolutionSearchStrategy',
+      });
 
       expect(authentications.edges.length).to.be(EDGE_LENGTH);
       expect(authentications.totalCount).to.be(TOTAL_COUNT);
       expect(authentications.pageInfo.fakeTotalCount).to.equal(3);
     });
 
     it('Make sure that pagination is working in Authentications query', async () => {
-      const { body: authentications } = await supertest
-        .post('/internal/search/securitySolutionSearchStrategy/')
-        .set('kbn-xsrf', 'true')
-        .send({
+      const authentications = await bsearch.send<HostAuthenticationsStrategyResponse>({
+        supertest,
+        options: {
           factoryQueryType: HostsQueries.authentications,
           timerange: {
             interval: '12h',
@@ -76,16 +81,16 @@ export default function ({ getService }: FtrProviderContext) {
           defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           inspect: false,
-          wait_for_completion_timeout: '10s',
-        })
-        .expect(200);
+        },
+        strategy: 'securitySolutionSearchStrategy',
+      });
 
       expect(authentications.edges.length).to.be(EDGE_LENGTH);
       expect(authentications.totalCount).to.be(TOTAL_COUNT);
-      expect(authentications.edges[0]!.node.lastSuccess!.source!.ip).to.eql([
+      expect(authentications.edges[0].node.lastSuccess?.source?.ip).to.eql([
         LAST_SUCCESS_SOURCE_IP,
       ]);
-      expect(authentications.edges[0]!.node.lastSuccess!.host!.name).to.eql([HOST_NAME]);
+      expect(authentications.edges[0].node.lastSuccess?.host?.name).to.eql([HOST_NAME]);
     });
   });
 }
diff --git a/x-pack/test/api_integration/apis/security_solution/events.ts b/x-pack/test/api_integration/apis/security_solution/events.ts
@@ -11,13 +11,13 @@ import { JsonObject } from '@kbn/utility-types';
 import {
   Direction,
   TimelineEventsQueries,
+  TimelineEventsAllStrategyResponse,
 } from '../../../../plugins/security_solution/common/search_strategy';
 import { FtrProviderContext } from '../../ftr_provider_context';
 import { getDocValueFields, getFieldsToRequest, getFilterValue } from './utils';
 
 const TO = '3000-01-01T00:00:00.000Z';
 const FROM = '2000-01-01T00:00:00.000Z';
-const TEST_URL = '/internal/search/timelineSearchStrategy/';
 // typical values that have to change after an update from "scripts/es_archiver"
 const DATA_COUNT = 7;
 const HOST_NAME = 'suricata-sensor-amsterdam';
@@ -30,6 +30,8 @@ const LIMITED_PAGE_SIZE = 2;
 export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const supertest = getService('supertest');
+  const bsearch = getService('bsearch');
+
   const getPostBody = (): JsonObject => ({
     defaultIndex: ['auditbeat-*'],
     docValueFields: getDocValueFields(),
@@ -66,14 +68,14 @@ export default function ({ getService }: FtrProviderContext) {
     });
 
     it('returns Timeline data', async () => {
-      const resp = await supertest
-        .post(TEST_URL)
-        .set('kbn-xsrf', 'true')
-        .set('Content-Type', 'application/json')
-        .send(getPostBody())
-        .expect(200);
+      const timeline = await bsearch.send<TimelineEventsAllStrategyResponse>({
+        supertest,
+        options: {
+          ...getPostBody(),
+        },
+        strategy: 'timelineSearchStrategy',
+      });
 
-      const timeline = resp.body;
       expect(timeline.edges.length).to.be(EDGE_LENGTH);
       expect(timeline.edges[0].node.data.length).to.be(DATA_COUNT);
       expect(timeline.totalCount).to.be(TOTAL_COUNT);
@@ -82,20 +84,17 @@ export default function ({ getService }: FtrProviderContext) {
     });
 
     it('returns paginated Timeline query', async () => {
-      const resp = await supertest
-        .post(TEST_URL)
-        .set('kbn-xsrf', 'true')
-        .set('Content-Type', 'application/json')
-        .send({
+      const timeline = await bsearch.send<TimelineEventsAllStrategyResponse>({
+        supertest,
+        options: {
           ...getPostBody(),
           pagination: {
             activePage: 0,
             querySize: LIMITED_PAGE_SIZE,
           },
-        })
-        .expect(200);
-
-      const timeline = resp.body;
+        },
+        strategy: 'timelineSearchStrategy',
+      });
       expect(timeline.edges.length).to.be(LIMITED_PAGE_SIZE);
       expect(timeline.edges[0].node.data.length).to.be(DATA_COUNT);
       expect(timeline.totalCount).to.be(TOTAL_COUNT);

diff --git a/x-pack/test/api_integration/apis/security_solution/host_details.ts b/x-pack/test/api_integration/apis/security_solution/host_details.ts
@@ -7,16 +7,24 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../ftr_provider_context';
-import { HostsQueries } from '../../../../plugins/security_solution/common/search_strategy';
+import {
+  HostDetailsStrategyResponse,
+  HostsQueries,
+} from '../../../../plugins/security_solution/common/search_strategy';
 
 export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const supertest = getService('supertest');
+  const bsearch = getService('bsearch');
 
   describe('Host Details', () => {
     describe('With filebeat', () => {
-      before(() => esArchiver.load('x-pack/test/functional/es_archives/filebeat/default'));
-      after(() => esArchiver.unload('x-pack/test/functional/es_archives/filebeat/default'));
+      before(
+        async () => await esArchiver.load('x-pack/test/functional/es_archives/filebeat/default')
+      );
+      after(
+        async () => await esArchiver.unload('x-pack/test/functional/es_archives/filebeat/default')
+      );
 
       const FROM = '2000-01-01T00:00:00.000Z';
       const TO = '3000-01-01T00:00:00.000Z';
@@ -213,12 +221,9 @@ export default function ({ getService }: FtrProviderContext) {
       };
 
       it('Make sure that we get HostDetails data', async () => {
-        const {
-          body: { hostDetails },
-        } = await supertest
-          .post('/internal/search/securitySolutionSearchStrategy/')
-          .set('kbn-xsrf', 'true')
-          .send({
+        const { hostDetails } = await bsearch.send<HostDetailsStrategyResponse>({
+          supertest,
+          options: {
             factoryQueryType: HostsQueries.details,
             timerange: {
               interval: '12h',
@@ -229,9 +234,9 @@ export default function ({ getService }: FtrProviderContext) {
             docValueFields: [],
             hostName: 'raspberrypi',
             inspect: false,
-            wait_for_completion_timeout: '10s',
-          })
-          .expect(200);
+          },
+          strategy: 'securitySolutionSearchStrategy',
+        });
         expect(hostDetails).to.eql(expectedResult.hostDetails);
       });
     });