Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Detections Response][FTR] Move remaining basic license FTRs to new folder #172132

Closed
wants to merge 12 commits into from
Closed

[Detections Response][FTR] Move remaining basic license FTRs to new folder #172132

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
52379af
moving remaining basic license tests
yctercero Nov 29, 2023
9b2c3ec
updating tags
yctercero Nov 29, 2023
abe2ffd
updating tags and utils
yctercero Nov 29, 2023
b62bafb
update codeowners
yctercero Nov 29, 2023
4158a84
Merge branch 'main' into ftrs/basic
kibanamachine Nov 30, 2023
c86ce48
update lint errors
yctercero Nov 30, 2023
99136f6
adding to qa run configs
yctercero Dec 2, 2023
c90f81d
Merge branch 'main' of github.com:elastic/kibana into ftrs/basic
yctercero Dec 2, 2023
885fee3
remove old configs
yctercero Dec 3, 2023
7232183
Merge branch 'main' of github.com:elastic/kibana into ftrs/basic
yctercero Dec 13, 2023
63802fa
remove detection_engine_api_integration folder
yctercero Dec 13, 2023
079d045
cleanup after merge with upstream
yctercero Dec 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions .buildkite/ftr_configs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ disabled:
- test/functional/config.base.js
- test/functional/firefox/config.base.ts
- x-pack/test/functional/config.base.js
- x-pack/test/detection_engine_api_integration/security_and_spaces/config.base.ts
- x-pack/test/functional_enterprise_search/base_config.ts
- x-pack/test/localization/config.base.ts
- test/server_integration/config.base.js
Expand Down Expand Up @@ -231,7 +230,6 @@ enabled:
- x-pack/test/cloud_security_posture_functional/config.ts
- x-pack/test/cloud_security_posture_api/config.ts
- x-pack/test/dataset_quality_api_integration/basic/config.ts
- x-pack/test/detection_engine_api_integration/basic/config.ts
- x-pack/test/disable_ems/config.ts
- x-pack/test/encrypted_saved_objects_api_integration/config.ts
- x-pack/test/examples/config.ts
Expand Down Expand Up @@ -491,6 +489,24 @@ enabled:
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/serverless.config.ts
Expand Down
10 changes: 8 additions & 2 deletions .github/CODEOWNERS
View file
Open in desktop
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -1239,7 +1239,6 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
# Security Solution
/x-pack/test/functional/es_archives/endpoint/ @elastic/security-solution
/x-pack/test/plugin_functional/test_suites/resolver/ @elastic/security-solution
/x-pack/test/detection_engine_api_integration @elastic/security-solution
/x-pack/test/api_integration/apis/security_solution @elastic/security-solution
#CC# /x-pack/plugins/security_solution/ @elastic/security-solution

Expand Down Expand Up @@ -1344,6 +1343,9 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout @elastic/
/x-pack/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules @elastic/security-detection-rule-management
/x-pack/plugins/security_solution/docs/testing/test_plans/detection_response/rule_management @elastic/security-detection-rule-management
/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules @elastic/security-detection-rule-management
/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read @elastic/security-detection-rule-management
/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management @elastic/security-detection-rule-management
/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export @elastic/security-detection-rule-management
Comment on lines +1346 to +1348
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also add x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete here?

/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete @elastic/security-detection-rule-management
x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update @elastic/security-detection-rule-management
/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch @elastic/security-detection-rule-management
Expand Down Expand Up @@ -1417,7 +1419,11 @@ x-pack/test/security_solution_api_integration/test_suites/detections_response/de
/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit @elastic/security-detection-engine
Comment on lines +1423 to +1424
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I might agree that although the corresponding endpoints are owned by Rule Management, the Detection Engine team should probably own integration tests for rule creation and editing. Or at least some of these tests - those related to specific rule types and parameters.

I'm just wondering what is your reasoning behind this, could you please elaborate?

/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists @elastic/security-detection-engine

/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists @elastic/security-detection-engine
x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules.ts @elastic/security-detection-engine
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/security_solution/common/experimental_features.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ export const allowedExperimentalValues = Object.freeze({
* we don't want people to be able to violate security by getting access to whole documents
* around telemetry they should not.
* @see telemetry_detection_rules_preview_route.ts
* @see test/detection_engine_api_integration/security_and_spaces/tests/telemetry/README.md
* @see test/security_solution_api_integration/security_and_spaces/tests/telemetry/README.md
*/
previewTelemetryUrlEnabled: false,

Expand Down
18 changes: 9 additions & 9 deletions x-pack/test/cases_api_integration/common/lib/alerts.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,13 @@ import { RiskEnrichmentFields } from '@kbn/security-solution-plugin/server/lib/d
import { AttachmentType, Case } from '@kbn/cases-plugin/common';
import { ALERT_CASE_IDS } from '@kbn/rule-data-utils';
import {
getRuleForSignalTesting,
getRuleForAlertTesting,
createRule,
waitForRuleSuccess,
waitForSignalsToBePresent,
getSignalsByIds,
getQuerySignalIds,
} from '../../../detection_engine_api_integration/utils';
waitForAlertsToBePresent,
getAlertsByIds,
getQueryAlertIds,
} from '../../../security_solution_api_integration/test_suites/detections_response/utils';
import { superUser } from './authentication/users';
import { User } from './authentication/types';
import { getSpaceUrlPrefix } from './api/helpers';
Expand All @@ -35,13 +35,13 @@ export const createSecuritySolutionAlerts = async (
numberOfSignals: number = 1
): Promise<estypes.SearchResponse<DetectionAlert & RiskEnrichmentFields>> => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, numberOfSignals, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, numberOfSignals, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);

return signals;
};
Expand All @@ -53,7 +53,7 @@ export const getSecuritySolutionAlerts = async (
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds(alertIds))
.send(getQueryAlertIds(alertIds))
.expect(200);

return updatedAlert;
Expand Down
6 changes: 3 additions & 3 deletions x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,10 @@ import {
} from '../../../../common/lib/constants';
import { User } from '../../../../common/lib/authentication/types';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
} from '../../../../../detection_engine_api_integration/utils';
} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils';

// eslint-disable-next-line import/no-default-export
export default ({ getService }: FtrProviderContext): void => {
Expand Down Expand Up @@ -260,7 +260,7 @@ export default ({ getService }: FtrProviderContext): void => {

beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
const signals = await createSecuritySolutionAlerts(supertest, log, 2);
alerts = [signals.hits.hits[0], signals.hits.hits[1]];
});
Expand Down
46 changes: 23 additions & 23 deletions x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,16 +43,16 @@ import {
getConfigurationRequest,
} from '../../../../common/lib/api';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllAlerts,
deleteAllRules,
getRuleForSignalTesting,
getRuleForAlertTesting,
waitForRuleSuccess,
waitForSignalsToBePresent,
getSignalsByIds,
waitForAlertsToBePresent,
getAlertsByIds,
createRule,
getQuerySignalIds,
} from '../../../../../detection_engine_api_integration/utils';
getQueryAlertIds,
} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils';
import {
globalRead,
noKibanaPrivileges,
Expand Down Expand Up @@ -1549,7 +1549,7 @@ export default ({ getService }: FtrProviderContext): void => {
describe('detections rule', () => {
beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
});

afterEach(async () => {
Expand All @@ -1560,15 +1560,15 @@ export default ({ getService }: FtrProviderContext): void => {

it('updates alert status when the status is updated and syncAlerts=true', async () => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};
const postedCase = await createCase(supertest, postCaseReq);

const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, 1, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);

const alert = signals.hits.hits[0];
expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
Expand Down Expand Up @@ -1609,7 +1609,7 @@ export default ({ getService }: FtrProviderContext): void => {
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds([alert._id]))
.send(getQueryAlertIds([alert._id]))
.expect(200);

expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql(
Expand All @@ -1619,7 +1619,7 @@ export default ({ getService }: FtrProviderContext): void => {

it('does NOT updates alert status when the status is updated and syncAlerts=false', async () => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};

Expand All @@ -1630,8 +1630,8 @@ export default ({ getService }: FtrProviderContext): void => {

const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, 1, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);

const alert = signals.hits.hits[0];
expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
Expand Down Expand Up @@ -1667,15 +1667,15 @@ export default ({ getService }: FtrProviderContext): void => {
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds([alert._id]))
.send(getQueryAlertIds([alert._id]))
.expect(200);

expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql('open');
});

it('it updates alert status when syncAlerts is turned on', async () => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};

Expand All @@ -1686,8 +1686,8 @@ export default ({ getService }: FtrProviderContext): void => {

const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, 1, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);

const alert = signals.hits.hits[0];
expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
Expand Down Expand Up @@ -1741,7 +1741,7 @@ export default ({ getService }: FtrProviderContext): void => {
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds([alert._id]))
.send(getQueryAlertIds([alert._id]))
.expect(200);

expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql(
Expand All @@ -1751,15 +1751,15 @@ export default ({ getService }: FtrProviderContext): void => {

it('it does NOT updates alert status when syncAlerts is turned off', async () => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};

const postedCase = await createCase(supertest, postCaseReq);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, 1, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);

const alert = signals.hits.hits[0];
expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
Expand Down Expand Up @@ -1810,7 +1810,7 @@ export default ({ getService }: FtrProviderContext): void => {
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds([alert._id]))
.send(getQueryAlertIds([alert._id]))
.expect(200);

expect(updatedAlert.hits.hits[0]._source['kibana.alert.workflow_status']).eql('open');
Expand Down
6 changes: 3 additions & 3 deletions ...ck/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ import {
getSecuritySolutionAlerts,
} from '../../../../common/lib/alerts';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllAlerts,
deleteAllRules,
} from '../../../../../detection_engine_api_integration/utils';
} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';

import { getPostCaseRequest, postCaseReq, postCommentUserReq } from '../../../../common/lib/mock';
Expand Down Expand Up @@ -125,7 +125,7 @@ export default ({ getService }: FtrProviderContext): void => {

beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
const signals = await createSecuritySolutionAlerts(supertest, log, 2);
alerts = [signals.hits.hits[0], signals.hits.hits[1]];
});
Expand Down
6 changes: 3 additions & 3 deletions ...k/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ import {
getSecuritySolutionAlerts,
} from '../../../../common/lib/alerts';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllAlerts,
deleteAllRules,
} from '../../../../../detection_engine_api_integration/utils';
} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';

import {
Expand Down Expand Up @@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext): void => {

beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
const signals = await createSecuritySolutionAlerts(supertest, log, 2);
alerts = [signals.hits.hits[0], signals.hits.hits[1]];
});
Expand Down
Loading