Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Add snooze rule tests #158195

Merged
merged 9 commits into from
Jun 7, 2023

Conversation

maximpn
Copy link
Contributor

@maximpn maximpn commented May 22, 2023

Addresses: #158196

Summary

This PR mostly implements a test plan to cover rule snoozing functionality by automation tests.

@maximpn maximpn added release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team v8.9.0 labels May 22, 2023
@maximpn maximpn self-assigned this May 22, 2023
@maximpn maximpn force-pushed the add-rule-snoozing-tests branch 2 times, most recently from 6032fb5 to a2535e0 Compare May 23, 2023 12:21
@maximpn maximpn added the Feature:Rule Management Security Solution Detection Rule Management area label May 23, 2023
@maximpn maximpn marked this pull request as ready for review May 23, 2023 16:32
@maximpn maximpn requested review from a team as code owners May 23, 2023 16:32
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@maximpn maximpn requested a review from jpdjere May 23, 2023 16:32
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Copy link
Member

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alerting changes LGTM

export const INTERNAL_ALERTING_API_FIND_RULES_PATH = `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_find`;
export const INTERNAL_BASE_ALERTING_API_PATH = '/internal/alerting' as const;
export const INTERNAL_ALERTING_SNOOZE_RULE =
`${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_snooze` as const;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL this was possible! Wow.

Kinda confusing, especially with the const INTERNAL_BASE_ALERTING_API_PATH presumably getting interpolated in the definition, but {id} left for later interpolation.

But does seem to make sense when reading.

@@ -69,3 +71,6 @@ export const hostDetailsUrl = (hostName: string) =>
export const userDetailsUrl = (userName: string) => `/app/security/users/${userName}/allUsers`;

export const exceptionsListDetailsUrl = (listId: string) => `${EXCEPTIONS_LIST_URL}/${listId}`;

export const internalAlertingSnoozeRule = (ruleId: string) =>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this file refers to frontend navigation routes, I would place this method somewhere else.

I realize there's no central file within the Cypress folder that hold all API routes, so maybe we can create one?

A new x-pack/plugins/security_solution/cypress/tasks/api_calls/routes.ts file can be an option.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, I moved it to a separate file.

deleteConnectors();
});

it('ensures actions are visible', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this as a seperate test needed? It is not concretely related to snoozing.

If you want to have the test fail if the actions are not visible, you could move the cy.get(actionFormSelector(0)).should('be.visible'); assertion to the next test ("adds an action to a snoozed rule"), which already contains the whole setup before the assertions.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I've removed this test as the next one testing that it's possible to create new actions actually covers this case too.

Copy link
Contributor

@jpdjere jpdjere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving with a couple of comments and proposals 👍

@jpdjere
Copy link
Contributor

jpdjere commented May 31, 2023

Also, would be nice to have the test plan linked in the PR description, for future reference.

@maximpn maximpn force-pushed the add-rule-snoozing-tests branch 3 times, most recently from 29ae3ec to d732a38 Compare June 2, 2023 16:19
@maximpn maximpn force-pushed the add-rule-snoozing-tests branch from d732a38 to 2fdbcf2 Compare June 3, 2023 07:04
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
alerting 595 596 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 10.7MB 10.7MB -126.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
alerting 49.2KB 49.3KB +92.0B
Unknown metric groups

API count

id before after diff
alerting 617 618 +1

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
securitySolution 414 418 +4
total +6

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
securitySolution 498 502 +4
total +6

History

  • 💔 Build #132206 failed d732a38560e1fc0ce937b1412e526e7b0bba4b59
  • 💔 Build #132150 failed 29ae3ec167fc2a200f850a43b3f52960c8184d39
  • 💔 Build #131643 failed b526400715397863f0891c0263ed0f71280ec655
  • 💛 Build #129560 was flaky fe8917cdb14e2aa981083f412e8a2ecdbf218f42
  • 💔 Build #129475 failed 6032fb562477789bc88ea1c41b75ad6fd45cdc3a

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @maximpn

Copy link
Contributor

@e40pud e40pud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigations changes. LGTM!

@maximpn maximpn merged commit dc953c7 into elastic:main Jun 7, 2023
@maximpn maximpn deleted the add-rule-snoozing-tests branch June 7, 2023 19:45
maximpn added a commit that referenced this pull request Aug 11, 2023
**Addresses:** #159349

## Summary

This PR fixes and re-enables rule snoozing Cypress test `Rule editing page / actions tab - adds an action to a snoozed rule`. 

## Details

Basically the test wasn't flaky it just failed on the `main` branch and was skipped. The cause lays in interlacing [Rule snooze tests PR](#158195) with [Rule Editing page refactoring PR](#157749). Two PRs were merged independently to the `main` branch (while the tests PR was merged the last) so combining them lead to a test failure while each one separately didn't cause any problems.

### The root cause

The root cause is in a combination of factors.

[useForm](https://github.com/elastic/kibana/blob/main/src/plugins/es_ui_shared/static/forms/hook_form_lib/hooks/use_form.ts#L33) hook has a flaw it can't update its state when new `defaultValue` comes in. The same issue also in [useField](https://github.com/elastic/kibana/blob/main/src/plugins/es_ui_shared/static/forms/hook_form_lib/hooks/use_field.ts#L77) hook. Rule Editing page fetched a fresh rule's data every time it's rendered via [useRule](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx#L581). As `useRule` hook is based on `React Query` it returns stale data during the first render while firing an HTTP request for the fresh data. Obviously the problem happens if the stale data is passed to `useForm` hook as `defaultValue` and when fresh data is fetched and passed again to `useForm` hook the latter just ignores it.

Staying longer on the Rule Details page helps to avoid the problem as fetched rule's data is cached and returned as stale data on the Rule Editing page after transition. As stale and fresh data are the same the test would pass. Anyway this behaviour can be reproduced in prod with a slow internet connection.

### What was done to fix the problem?

Functionality has been added to update the cached rule's data (React Query cache) upon mutation successful update rule mutation. The mutation if fired by pressing "Save changes" button on the Rule Editing page. It is possible as update rule endpoint returns an updated rule in its response.

Along the way it turned out update rule endpoint's and read rule endpoint's responses weren't properly typed so it lead to types mismatch. To fix it `updateRule`'s and `UseMutationOptions`'s return types were changed to `Rule` instead of  `RuleResponse`.

### Misc

Along the way it turned out `cy.get(RULE_INDICES).should('be.visible');` isn't required anymore to access rule actions form.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting Feature:Rule Management Security Solution Detection Rule Management area release_note:skip Skip the PR/issue when compiling release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.9.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants