Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Detections] increases coverage of bulk edit rules action according to test plan #141929

Merged
Merged
Show file tree
Hide file tree
Changes from 20 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
185f038
initial commit
vitaliidm Sep 27, 2022
fdcb49d
e2e tests
vitaliidm Sep 28, 2022
e408920
Update index.tsx
vitaliidm Sep 28, 2022
41d8fe5
Update validate_rule_actions_field.ts
vitaliidm Sep 28, 2022
8cb33ba
Update validate_rule_actions_field.ts
vitaliidm Sep 28, 2022
607ac43
Update validate_rule_actions_field.ts
vitaliidm Sep 28, 2022
636067e
Update validate_rule_actions_field.ts
vitaliidm Sep 28, 2022
4dddec4
Merge branch 'main' into detections/bulk-edit-rule-actions-tests
vitaliidm Sep 28, 2022
323bbe9
refactoring
vitaliidm Sep 28, 2022
f97927e
Merge branch 'main' into detections/bulk-edit-rule-actions-tests
vitaliidm Sep 28, 2022
5beef77
Merge branch 'main' into detections/bulk-edit-rule-actions-tests
vitaliidm Sep 30, 2022
0c734f7
refactoring
vitaliidm Sep 30, 2022
7ff763c
refactoring
vitaliidm Sep 30, 2022
9bf93aa
refactoring
vitaliidm Sep 30, 2022
fce583e
additional tests
vitaliidm Sep 30, 2022
159309a
remove generic
vitaliidm Sep 30, 2022
f486ac1
Merge branch 'main' into detections/bulk-edit-rule-actions-tests
vitaliidm Sep 30, 2022
dea07e3
add non actions tests
vitaliidm Oct 3, 2022
fb83b65
Merge branch 'detections/bulk-edit-rule-actions-tests' of https://git…
vitaliidm Oct 3, 2022
aa812e5
Merge branch 'main' into detections/bulk-edit-rule-actions-tests
vitaliidm Oct 3, 2022
7c10ab7
Code review feedback
vitaliidm Oct 6, 2022
d229959
Merge branch 'detections/bulk-edit-rule-actions-tests' of https://git…
vitaliidm Oct 6, 2022
fc7daef
Merge branch 'main' into detections/bulk-edit-rule-actions-tests
vitaliidm Oct 6, 2022
79c5b1a
Merge branch 'main' into detections/bulk-edit-rule-actions-tests
vitaliidm Oct 6, 2022
147194d
Merge branch 'main' into detections/bulk-edit-rule-actions-tests
kibanamachine Oct 10, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,186 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { ROLES } from '../../../common/test';

import {
RULES_BULK_EDIT_ACTIONS_INFO,
RULES_BULK_EDIT_ACTIONS_WARNING,
ADD_RULE_ACTIONS_MENU_ITEM,
} from '../../screens/rules_bulk_edit';

import { cleanKibana, deleteAlertsAndRules, deleteConnectors } from '../../tasks/common';
import {
addSlackRuleAction,
assertSlackRuleAction,
addEmailConnectorAndRuleAction,
assertEmailRuleAction,
} from '../../tasks/common/rule_actions';
import {
waitForRulesTableToBeLoaded,
selectNumberOfRules,
loadPrebuiltDetectionRulesFromHeaderBtn,
goToEditRuleActionsSettings,
} from '../../tasks/alerts_detection_rules';
import {
waitForBulkEditActionToFinish,
submitBulkEditForm,
checkOverwriteRuleActionsCheckbox,
openBulkEditRuleActionsForm,
pickActionFrequency,
openBulkActionsMenu,
} from '../../tasks/rules_bulk_edit';
import { assertSelectedActionFrequency } from '../../tasks/edit_rule';
import { login, visitWithoutDateRange } from '../../tasks/login';
import { esArchiverResetKibana } from '../../tasks/es_archiver';

import { SECURITY_DETECTIONS_RULES_URL } from '../../urls/navigation';

import {
createMachineLearningRule,
createCustomIndicatorRule,
createEventCorrelationRule,
createThresholdRule,
createNewTermsRule,
createSavedQueryRule,
createCustomRuleEnabled,
} from '../../tasks/api_calls/rules';
import { createSlackConnector } from '../../tasks/api_calls/connectors';

import {
getEqlRule,
getNewThreatIndicatorRule,
getNewRule,
getNewThresholdRule,
getMachineLearningRule,
getNewTermsRule,
} from '../../objects/rule';

const expectedNumberOfCustomRulesToBeEdited = 7;
// 7 custom rules of different types + 3 prebuilt.
// number of selected rules doesn't matter, we only want to make sure they will be edited an no modal window displayed as for other actions
const expectedNumberOfRulesToBeEdited = expectedNumberOfCustomRulesToBeEdited + 3;

const expectedSlackMessage = 'Slack action test message';

describe('Detection rules, bulk edit of rule actions', () => {
before(() => {
cleanKibana();
login();
});

beforeEach(() => {
deleteAlertsAndRules();
deleteConnectors();
esArchiverResetKibana();

createCustomRuleEnabled(getNewRule(), '1');
createEventCorrelationRule(getEqlRule(), '2');
createMachineLearningRule(getMachineLearningRule(), '3');
createCustomIndicatorRule(getNewThreatIndicatorRule(), '4');
createThresholdRule(getNewThresholdRule(), '5');
createNewTermsRule(getNewTermsRule(), '6');
createSavedQueryRule({ ...getNewRule(), savedId: 'mocked' }, '7');

createSlackConnector();
});

context('Restricted action privileges', () => {
it('User has no actions privileges', () => {
vitaliidm marked this conversation as resolved.
Show resolved Hide resolved
login(ROLES.hunter_no_actions);
visitWithoutDateRange(SECURITY_DETECTIONS_RULES_URL, ROLES.hunter_no_actions);
waitForRulesTableToBeLoaded();

selectNumberOfRules(expectedNumberOfCustomRulesToBeEdited);

openBulkActionsMenu();

cy.get(ADD_RULE_ACTIONS_MENU_ITEM).should('be.disabled');
});
});

context('All actions privileges', () => {
beforeEach(() => {
visitWithoutDateRange(SECURITY_DETECTIONS_RULES_URL);
waitForRulesTableToBeLoaded();
});

it('Add rule actions to rules', () => {
vitaliidm marked this conversation as resolved.
Show resolved Hide resolved
const expectedActionFrequency = 'Daily';

loadPrebuiltDetectionRulesFromHeaderBtn();

// select both custom and prebuilt rules
selectNumberOfRules(expectedNumberOfRulesToBeEdited);
openBulkEditRuleActionsForm();

// ensure rule actions info callout displayed on the form
cy.get(RULES_BULK_EDIT_ACTIONS_INFO).should('be.visible');

pickActionFrequency(expectedActionFrequency);
addSlackRuleAction(expectedSlackMessage);

submitBulkEditForm();
waitForBulkEditActionToFinish({ rulesCount: expectedNumberOfRulesToBeEdited });

// check if rule has been updated
goToEditRuleActionsSettings();

assertSelectedActionFrequency(expectedActionFrequency);
assertSlackRuleAction(expectedSlackMessage);
});

it('Overwrite rule actions in rules', () => {
vitaliidm marked this conversation as resolved.
Show resolved Hide resolved
const expectedActionFrequency = 'On each rule execution';

loadPrebuiltDetectionRulesFromHeaderBtn();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need prebuilt rules for this test case? Installation of all prebuilt rules is a heavy and error-prone operation that often fails due to timeouts. And that's not clear from the test body why we even need prebuilt rules here.

If prebuilt rules are required to check that the "Custom rules cannot be edited" modal is not displayed, I would isolate that in a separate test case and make an explicit check.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not only to ensure no modal displayed, but also to ensure no errors happened when successfully applying both add and overwrite actions to custom and prebuilt rules


// select both custom and prebuilt rules
selectNumberOfRules(expectedNumberOfRulesToBeEdited);
openBulkEditRuleActionsForm();

pickActionFrequency(expectedActionFrequency);
addSlackRuleAction(expectedSlackMessage);

// check overwrite box, ensure warning is displayed
checkOverwriteRuleActionsCheckbox();
cy.get(RULES_BULK_EDIT_ACTIONS_WARNING).contains(
`You're about to overwrite rule actions for ${expectedNumberOfRulesToBeEdited} selected rules`
);

submitBulkEditForm();
waitForBulkEditActionToFinish({ rulesCount: expectedNumberOfRulesToBeEdited });

// check if rule has been updated
goToEditRuleActionsSettings();

assertSelectedActionFrequency(expectedActionFrequency);
assertSlackRuleAction(expectedSlackMessage);
vitaliidm marked this conversation as resolved.
Show resolved Hide resolved
});

it('Add rule actions to rules when creating connector', () => {
vitaliidm marked this conversation as resolved.
Show resolved Hide resolved
const expectedActionFrequency = 'Hourly';
const expectedEmail = '[email protected]';
const expectedSubject = 'Subject';

selectNumberOfRules(expectedNumberOfCustomRulesToBeEdited);
openBulkEditRuleActionsForm();

pickActionFrequency(expectedActionFrequency);
addEmailConnectorAndRuleAction(expectedEmail, expectedSubject);

submitBulkEditForm();
waitForBulkEditActionToFinish({ rulesCount: expectedNumberOfCustomRulesToBeEdited });

// check if rule has been updated
goToEditRuleActionsSettings();

assertSelectedActionFrequency(expectedActionFrequency);
assertEmailRuleAction(expectedEmail, expectedSubject);
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -39,16 +39,10 @@ import {
RULE_NAME_INPUT,
SCHEDULE_INTERVAL_AMOUNT_INPUT,
SCHEDULE_INTERVAL_UNITS_INPUT,
SCHEDULE_CONTINUE_BUTTON,
SEVERITY_DROPDOWN,
TAGS_CLEAR_BUTTON,
TAGS_FIELD,
EMAIL_ACTION_BTN,
CREATE_ACTION_CONNECTOR_BTN,
SAVE_ACTION_CONNECTOR_BTN,
FROM_VALIDATION_ERROR,
EMAIL_ACTION_TO_INPUT,
EMAIL_ACTION_SUBJECT_INPUT,
SCHEDULE_CONTINUE_BUTTON,
} from '../../screens/create_new_rule';
import {
ADDITIONAL_LOOK_BACK_DETAILS,
Expand Down Expand Up @@ -86,12 +80,12 @@ import {
import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { createTimeline } from '../../tasks/api_calls/timelines';
import { cleanKibana, deleteAlertsAndRules } from '../../tasks/common';
import { addEmailConnectorAndRuleAction } from '../../tasks/common/rule_actions';
import {
createAndEnableRule,
fillAboutRule,
fillAboutRuleAndContinue,
fillDefineCustomRuleAndContinue,
fillEmailConnectorForm,
fillScheduleRuleAndContinue,
goToAboutStepTab,
goToActionsStepTab,
Expand Down Expand Up @@ -377,15 +371,8 @@ describe('Custom query rules', () => {
cy.get(ACTIONS_THROTTLE_INPUT).invoke('val').should('eql', 'no_actions');

cy.get(ACTIONS_THROTTLE_INPUT).select('Weekly');
cy.get(EMAIL_ACTION_BTN).click();
cy.get(CREATE_ACTION_CONNECTOR_BTN).click();
fillEmailConnectorForm();
cy.get(SAVE_ACTION_CONNECTOR_BTN).click();

cy.get(EMAIL_ACTION_TO_INPUT).type('[email protected]');
cy.get(EMAIL_ACTION_SUBJECT_INPUT).type('Subject');

cy.get(FROM_VALIDATION_ERROR).should('not.exist');
addEmailConnectorAndRuleAction('[email protected]', 'Subject');

goToAboutStepTab();
cy.get(TAGS_CLEAR_BUTTON).click({ force: true });
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,7 @@ export const TIMELINE_SEARCHBOX = '[data-test-subj="timeline-super-select-search
export const EUI_FILTER_SELECT_ITEM = '.euiFilterSelectItem';

export const EUI_CHECKBOX = '.euiCheckbox__input';

export const COMBO_BOX_INPUT = '[data-test-subj="comboBoxInput"]';

export const COMBO_BOX_SELECTION = '.euiMark';
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export const EMAIL_ACTION_BTN = '[data-test-subj=".email-siem-ActionTypeSelectOption"]';

export const CREATE_ACTION_CONNECTOR_BTN = '[data-test-subj="createActionConnectorButton-0"]';

export const SAVE_ACTION_CONNECTOR_BTN = '[data-test-subj="saveActionButtonModal"]';

export const EMAIL_ACTION_TO_INPUT = '[data-test-subj="toEmailAddressInput"]';

export const EMAIL_ACTION_SUBJECT_INPUT = '[data-test-subj="subjectInput"]';

export const SLACK_ACTION_BTN = '[data-test-subj=".slack-siem-ActionTypeSelectOption"]';

export const SLACK_ACTION_MESSAGE_TEXTAREA = '[data-test-subj="messageTextArea"]';

export const CONNECTOR_NAME_INPUT = '[data-test-subj="nameInput"]';

export const EMAIL_CONNECTOR_FROM_INPUT = '[data-test-subj="emailFromInput"]';

export const EMAIL_CONNECTOR_HOST_INPUT = '[data-test-subj="emailHostInput"]';

export const EMAIL_CONNECTOR_PORT_INPUT = '[data-test-subj="emailPortInput"]';

export const EMAIL_CONNECTOR_USER_INPUT = '[data-test-subj="emailUserInput"]';

export const EMAIL_CONNECTOR_PASSWORD_INPUT = '[data-test-subj="emailPasswordInput"]';

export const EMAIL_CONNECTOR_SERVICE_SELECTOR = '[data-test-subj="emailServiceSelectInput"]';

export const FORM_VALIDATION_ERROR = '.euiFormErrorText';

export const JSON_EDITOR = "[data-test-subj='actionJsonEditor']";

export const INDEX_SELECTOR = "[data-test-subj='.index-siem-ActionTypeSelectOption']";
Original file line number Diff line number Diff line change
Expand Up @@ -16,34 +16,6 @@ export const ACTIONS_EDIT_TAB = '[data-test-subj="edit-rule-actions-tab"]';
export const ACTIONS_THROTTLE_INPUT =
'[data-test-subj="stepRuleActions"] [data-test-subj="select"]';

export const EMAIL_ACTION_BTN = '[data-test-subj=".email-siem-ActionTypeSelectOption"]';

export const CREATE_ACTION_CONNECTOR_BTN = '[data-test-subj="createActionConnectorButton-0"]';

export const SAVE_ACTION_CONNECTOR_BTN = '[data-test-subj="saveActionButtonModal"]';

export const EMAIL_ACTION_TO_INPUT = '[data-test-subj="toEmailAddressInput"]';

export const EMAIL_ACTION_SUBJECT_INPUT = '[data-test-subj="subjectInput"]';

export const FROM_VALIDATION_ERROR = '.euiFormErrorText';

export const CONNECTOR_NAME_INPUT = '[data-test-subj="nameInput"]';

export const EMAIL_CONNECTOR_FROM_INPUT = '[data-test-subj="emailFromInput"]';

export const EMAIL_CONNECTOR_HOST_INPUT = '[data-test-subj="emailHostInput"]';

export const EMAIL_CONNECTOR_PORT_INPUT = '[data-test-subj="emailPortInput"]';

export const EMAIL_CONNECTOR_USER_INPUT = '[data-test-subj="emailUserInput"]';

export const EMAIL_CONNECTOR_PASSWORD_INPUT = '[data-test-subj="emailPasswordInput"]';

export const EMAIL_CONNECTOR_SERVICE_SELECTOR = '[data-test-subj="emailServiceSelectInput"]';

export const JSON_EDITOR = "[data-test-subj='actionJsonEditor']";

export const ADD_FALSE_POSITIVE_BTN =
'[data-test-subj="detectionEngineStepAboutRuleFalsePositives"] .euiButtonEmpty__text';

Expand All @@ -58,10 +30,6 @@ export const BACK_TO_ALL_RULES_LINK = '[data-test-subj="ruleDetailsBackToAllRule

export const COMBO_BOX_CLEAR_BTN = '[data-test-subj="comboBoxClearButton"]';

export const COMBO_BOX_INPUT = '[data-test-subj="comboBoxInput"]';

export const COMBO_BOX_SELECTION = '.euiMark';

export const CREATE_AND_ENABLE_BTN = '[data-test-subj="create-enable"]';

export const CUSTOM_QUERY_INPUT = '[data-test-subj="queryInput"]';
Expand Down Expand Up @@ -260,7 +228,3 @@ export const savedQueryByName = (savedQueryName: string) =>

export const APPLY_SELECTED_SAVED_QUERY_BUTTON =
'[data-test-subj="saved-query-management-apply-changes-button"]';

export const INDEX_SELECTOR = "[data-test-subj='.index-siem-ActionTypeSelectOption']";

export const CREATE_CONNECTOR_BTN = "[data-test-subj='createActionConnectorButton-0']";
Original file line number Diff line number Diff line change
Expand Up @@ -123,3 +123,5 @@ export const BACK_TO_RULES = '[data-test-subj="ruleDetailsBackToAllRules"]';

export const DEFINE_RULE_PANEL_PROGRESS =
'[data-test-subj="defineRule"] [data-test-subj="stepPanelProgress"]';

export const EDIT_RULE_SETTINGS_LINK = '[data-test-subj="editRuleSettingsLink"]';
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ export const DELETE_INDEX_PATTERNS_RULE_BULK_MENU_ITEM =

export const UPDATE_SCHEDULE_MENU_ITEM = '[data-test-subj="setScheduleBulk"]';

export const ADD_RULE_ACTIONS_MENU_ITEM = '[data-test-subj="addRuleActionsBulk"]';

export const APPLY_TIMELINE_RULE_BULK_MENU_ITEM = '[data-test-subj="applyTimelineTemplateBulk"]';

export const TAGS_RULE_BULK_MENU_ITEM = '[data-test-subj="tagsBulkEditRule"]';
Expand Down Expand Up @@ -65,3 +67,13 @@ export const UPDATE_SCHEDULE_LOOKBACK_INPUT =
export const UPDATE_SCHEDULE_TIME_INTERVAL = '[data-test-subj="interval"]';

export const UPDATE_SCHEDULE_TIME_UNIT_SELECT = '[data-test-subj="timeType"]';

export const RULES_BULK_EDIT_ACTIONS_THROTTLE_INPUT =
'[data-test-subj="bulkEditRulesRuleActionThrottle"] [data-test-subj="select"]';

export const RULES_BULK_EDIT_ACTIONS_INFO = '[data-test-subj="bulkEditRulesRuleActionInfo"]';

export const RULES_BULK_EDIT_ACTIONS_WARNING = '[data-test-subj="bulkEditRulesRuleActionsWarning"]';

export const RULES_BULK_EDIT_OVERWRITE_ACTIONS_CHECKBOX =
'[data-test-subj="bulkEditRulesOverwriteRuleActions"]';
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,12 @@ import {
} from '../screens/alerts_detection_rules';
import { EUI_CHECKBOX } from '../screens/common/controls';
import { ALL_ACTIONS } from '../screens/rule_details';
import { EDIT_SUBMIT_BUTTON } from '../screens/edit_rule';
import { LOADING_INDICATOR } from '../screens/security_header';

import { goToRuleEditSettings } from './rule_details';
import { goToActionsStepTab } from './create_new_rule';

export const enableRule = (rulePosition: number) => {
cy.get(RULE_SWITCH).eq(rulePosition).click({ force: true });
};
Expand Down Expand Up @@ -415,3 +419,11 @@ export const cancelConfirmationModal = () => {
export const clickErrorToastBtn = () => {
cy.get(TOASTER_ERROR_BTN).click();
};

export const goToEditRuleActionsSettings = () => {
goToRuleDetails();
goToRuleEditSettings();
// wait until first step loads completely. Otherwise cypress stuck at the first edit page
cy.get(EDIT_SUBMIT_BUTTON).should('be.enabled');
goToActionsStepTab();
};
Loading