[Security Solution] Changes default role for serverless from admin to platform_engineer #183608
Conversation
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
|
Pinging @elastic/security-threat-hunting-explore (Team:Threat Hunting:Explore) |
|
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
.../e2e/detection_response/rule_management/maintenance_windows/maintenance_window_callout.cy.ts
Outdated
Show resolved
Hide resolved
…sponse/rule_management/maintenance_windows/maintenance_window_callout.cy.ts Co-authored-by: Georgii Gorbachev <[email protected]>
| @@ -49,7 +49,7 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => { | |||
| }); | |||
| }); | |||
|
|
|||
| describe('with new risk score', () => { | |||
There was a problem hiding this comment.
Great, thank you for enabling this one for entity analytics 👍
There was a problem hiding this comment.
Thanks @MadameSheema! Rule Management changes LGTM!
I am curious about waitForTheRuleToBeExecuted(). Why do tests where it is not removed still pass? Is it because these tests are not ran with platform_engineer user?
@nikitaindik the The other tests where it works is because the user has access to all the indexes. Anyway, before merging I'll double check those indexes :) |
| @@ -61,13 +61,18 @@ import { getNewRule } from '../../../../objects/rule'; | |||
| import { ALERTS_URL } from '../../../../urls/navigation'; | |||
| import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; | |||
| import { TOASTER } from '../../../../screens/alerts_detection_rules'; | |||
| import { ELASTICSEARCH_USERNAME, IS_SERVERLESS } from '../../../../env_var_names_constants'; | |||
|
|
|||
| // We need to use the 'soc_manager' role in order to have the 'Respond' action displayed in serverless | |||
There was a problem hiding this comment.
Thanks for making this change. Is there is list of serverless roles somewhere?
There was a problem hiding this comment.
Detection engine changes look good to me!
I noticed that waitForAlertsToPopulate doesn't care about which alerts are populated, so there's some small risk of acting on alerts that we didn't expect and it would be nice to e.g. allow a ruleId to be passed to that helper. However, the waitFor Rule helper wasn't really addressing this issue in the first place, so I'm happy to see an unnecessary step removed from these tests 👍
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
Summary
Addresses: #184140
In this PR we are addressing the short-term solution of #184135 where we are moving from using for serverless
adminrole for MKI environments andsystem_indices_superuserfor stateless environments toplatform_engineer.To make the above change happen, some adjustments have been introduced to make the tests work:
Rename of custom indexes
The
adminorsystem_indices_superuserhas access to any index on the system, but built-in roles in security serverless projects just have access to some or all the security default indexes, so they cannot access custom indexes.To make the tests work with the
platform_engineerall the custom indexes that we use for testing purposes have been renamed to match ours.waitForTheRuleToBeExecutedremoved from some testswaitForTheRuleToBeExecutedwaits for the rule status to besucceededbut theplatform_engineerdoes not have access to all the indexes, so instead the final status result will bewarningso this method will timeout.Originally that method was created in order to make sure that some alerts are going to be displayed but, after it, we are calling
waitForAlertsToPopulatethat makes sure that we have alerts.Some tests have been skipped from serverless executions