elastic · animehart · Oct 19, 2024 · Sep 17, 2024 · Sep 17, 2024 · Sep 18, 2024
@@ -0,0 +1,30 @@
+steps:
+  - command: .buildkite/scripts/steps/functional/cloud_security_posture.sh
+    label: 'Cloud Security Posture Cypress Tests'
+    agents:
+      machineType: n2-standard-4
+      preemptible: true
+    depends_on:
+      - build
+      - quick_checks
+    timeout_in_minutes: 60
+    parallelism: 1
+    retry:
+      automatic:
+        - exit_status: '-1'
+          limit: 1
+
+  - command: .buildkite/scripts/steps/functional/cloud_security_posture_serverless.sh
+    label: 'Cloud Security Posture Cypress Tests on Serverless'
+    agents:
+      machineType: n2-standard-4
+      preemptible: true
+    depends_on:
+      - build
+      - quick_checks
+    timeout_in_minutes: 60
+    parallelism: 1
+    retry:
+      automatic:
+        - exit_status: '-1'
+          limit: 1
@@ -298,6 +298,23 @@ const getPipeline = (filename: string, removeSteps = true) => {
       );
     }
 
+    if (
+      (await doAnyChangesMatch([
+        /^x-pack\/packages\/kbn-cloud-security-posture/,
+        /^x-pack\/packages\/kbn-cloud-security-posture-common/,
+        /^x-pack\/plugins\/cloud_security_posture/,
+        /^x-pack\/plugins\/security_solution/,
+        /^x-pack\/test\/security_solution_cypress/,
+      ])) ||
+      GITHUB_PR_LABELS.includes('ci:all-cypress-suites')
+    ) {
+      pipeline.push(
+        getPipeline(
+          '.buildkite/pipelines/pull_request/security_solution/cloud_security_posture.yml'
+        )
+      );
+    }
+
     pipeline.push(getPipeline('.buildkite/pipelines/pull_request/post_build.yml'));
 
     // remove duplicated steps

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+source .buildkite/scripts/steps/functional/common.sh
+
+export JOB=kibana-cloud-security-posture-cypress
+export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION}
+
+echo "--- Cloud Security Posture Workflows Cypress tests"
+
+cd x-pack/plugins/security_solution
+
+set +e
+
+yarn cypress:cloud_security_posture:run:ess; status=$?; yarn junit:merge || :; exit $status
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+source .buildkite/scripts/steps/functional/common.sh
+
+export JOB=kibana-cloud-security-posture-serverless-cypress
+export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION}
+
+echo "--- Cloud Security Posture Workflows Cypress tests on Serverless"
+
+cd x-pack/plugins/security_solution
+
+set +e
+
+yarn cypress:cloud_security_posture:run:serverless; status=$?; yarn junit:merge || :; exit $status
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1828,8 +1828,8 @@ x-pack/plugins/osquery @elastic/security-defend-workflows
 /x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/cloud_security_posture @elastic/fleet @elastic/kibana-cloud-security-posture
 /x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.* @elastic/fleet @elastic/kibana-cloud-security-posture
 /x-pack/plugins/security_solution/public/cloud_security_posture @elastic/kibana-cloud-security-posture
-/x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/vulnerabilities_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
-
+/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/misconfiguration_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
+/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/vulnerabilities_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
 # Security Solution onboarding tour
 /x-pack/plugins/security_solution/public/common/components/guided_onboarding @elastic/security-threat-hunting-explore
 

@@ -20,6 +20,7 @@ For general guidelines, read [Kibana Testing Guide](https://www.elastic.co/guide
 1. [End-to-End Tests](../../test/cloud_security_posture_functional/config.ts)
 1. [Serverless API Integration tests](../../test_serverless/api_integration/test_suites/security/config.ts)
 1. [Serverless End-to-End Tests](../../test_serverless/functional/test_suites/security/config.ts)
+1. [Cypress End-to-End Tests (Temporary location)](../../test/security_solution_cypress/cypress/e2e/cloud_security_posture)
 
 
 ### Tools
@@ -73,6 +74,15 @@ yarn test:ftr --config x-pack/test_serverless/api_integration/test_suites/securi
 yarn test:ftr --config x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.ts
 ```
 
+Run [**End-to-End Cypress Tests**](https://github.com/elastic/kibana/tree/main/x-pack/test/security_solution_cypress/cypress):
+> **Note**
+>
+> Run this from security_solution_cypress folder
+```bash
+yarn cypress:open:serverless
+yarn cypress:open:ess
+```
+
 #### Run **FTR tests (integration or e2e) for development**
 
 Functional test runner (FTR) can be used separately with `ftr:runner` and `ftr:server`. This is convenient while developing tests.
@@ -107,4 +117,19 @@ run serverless e2e tests:
 ```bash
 yarn test:ftr:server --config x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.ts
 yarn test:ftr:runner ---config x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.ts
-```
+```
+
+#### Run **Cypress tests (e2e) for development**
+When developing feature outside our plugin folder, instead of using FTRs for e2e test, we may use Cypress. Before running cypress, make sure you have installed it first. Like FTRs, we can run cypress in different environment, for example:
+
+run ess e2e tests:
+```bash
+yarn cypress:open:ess
+```
+
+run serverless e2e tests:
+```bash
+yarn cypress:open:serverless
+```
+
+Unlike FTR where we have to set server and runner separately, Cypress handles everything in 1 go, so just running the above the script is enough to get it running
diff --git a/...cloud_security_posture/components/csp_details/misconfiguration_findings_details_table.tsx b/...cloud_security_posture/components/csp_details/misconfiguration_findings_details_table.tsx
@@ -119,6 +119,7 @@ export const MisconfigurationFindingsDetailsTable = memo(
         METRIC_TYPE.CLICK,
         NAV_TO_FINDINGS_BY_RULE_NAME_FRPOM_ENTITY_FLYOUT
       );
+      console.log(navToFindings({ [queryField]: name }, ['rule.name']));
       navToFindings({ [queryField]: name }, ['rule.name']);
     };
 
@@ -190,6 +191,7 @@ export const MisconfigurationFindingsDetailsTable = memo(
             columns={columns}
             pagination={pagination}
             onChange={onTableChange}
+            data-test-subj={'securitySolutionFlyoutMisconfigurationFindingsTable'}
           />
         </EuiPanel>
       </>

diff --git a/...on/public/cloud_security_posture/components/misconfiguration/misconfiguration_preview.tsx b/...on/public/cloud_security_posture/components/misconfiguration/misconfiguration_preview.tsx
@@ -219,6 +219,7 @@ export const MisconfigurationsPreview = ({
         title: (
           <EuiText
             size="xs"
+            data-test-subj={'securitySolutionFlyoutInsightsMisconfigurationsTitleText'}
             css={css`
               font-weight: ${euiTheme.font.weight.semiBold};
             `}

@@ -0,0 +1,216 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
+import { createRule } from '../../tasks/api_calls/rules';
+import { getNewRule } from '../../objects/rule';
+import { getDataTestSubjectSelector } from '../../helpers/common';
+
+import { rootRequest, deleteAlertsAndRules } from '../../tasks/api_calls/common';
+import {
+  expandFirstAlertHostFlyout,
+  expandFirstAlertUserFlyout,
+} from '../../tasks/asset_criticality/common';
+import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
+import { login } from '../../tasks/login';
+import { ALERTS_URL } from '../../urls/navigation';
+import { visit } from '../../tasks/navigation';
+
+const CSP_INSIGHT_MISCONFIGURATION_TITLE = getDataTestSubjectSelector(
+  'securitySolutionFlyoutInsightsMisconfigurationsTitleLink'
+);
+
+const CSP_INSIGHT_TAB_TITLE = getDataTestSubjectSelector('securitySolutionFlyoutInsightInputsTab');
+const CSP_INSIGHT_TABLE = getDataTestSubjectSelector(
+  'securitySolutionFlyoutMisconfigurationFindingsTable'
+);
+
+const timestamp = Date.now();
+
+// Create a Date object using the timestamp
+const date = new Date(timestamp);
+
+// Convert the Date object to ISO 8601 format
+const iso8601String = date.toISOString();
+
+const mockFindingHostName = (matches: boolean) => {
+  return {
+    '@timestamp': iso8601String,
+    host: { name: matches ? 'siem-kibana' : 'not-siem-kibana' },
+    resource: {
+      id: '1234ABCD',
+      name: 'kubelet',
+      sub_type: 'lower case sub type',
+    },
+    result: { evaluation: matches ? 'passed' : 'failed' }, // Adjusting result based on matches
+    rule: {
+      name: 'Upper case rule name',
+      section: 'Upper case section',
+      benchmark: {
+        id: 'cis_k8s',
+        posture_type: 'kspm',
+        name: 'CIS Kubernetes V1.23',
+        version: 'v1.0.0',
+      },
+      type: 'process',
+    },
+    cluster_id: 'Upper case cluster id',
+    data_stream: {
+      dataset: 'cloud_security_posture.findings',
+    },
+  };
+};
+
+const mockFindingUserName = (matches: boolean) => {
+  return {
+    '@timestamp': iso8601String,
+    user: { name: matches ? 'test' : 'not-test' },
+    resource: {
+      id: '1234ABCD',
+      name: 'kubelet',
+      sub_type: 'lower case sub type',
+    },
+    result: { evaluation: matches ? 'passed' : 'failed' }, // Adjusting result based on matches
+    rule: {
+      name: 'Upper case rule name',
+      section: 'Upper case section',
+      benchmark: {
+        id: 'cis_k8s',
+        posture_type: 'kspm',
+        name: 'CIS Kubernetes V1.23',
+        version: 'v1.0.0',
+      },
+      type: 'process',
+    },
+    cluster_id: 'Upper case cluster id',
+    data_stream: {
+      dataset: 'cloud_security_posture.findings',
+    },
+  };
+};
+
+const createMockFinding = (isNameMatches: boolean, findingType: 'host.name' | 'user.name') => {
+  return rootRequest({
+    method: 'POST',
+    url: `${Cypress.env(
+      'ELASTICSEARCH_URL'
+    )}/${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN}/_doc`,
+    body:
+      findingType === 'host.name'
+        ? mockFindingHostName(isNameMatches)
+        : mockFindingUserName(isNameMatches),
+  });
+};
+
+const deleteDataStream = () => {
+  return rootRequest({
+    method: 'DELETE',
+    url: `${Cypress.env(
+      'ELASTICSEARCH_URL'
+    )}/_data_stream/${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN}`,
+  });
+};
+
+describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless'] }, () => {
+  beforeEach(() => {
+    deleteAlertsAndRules();
+    login();
+    createRule(getNewRule());
+    visit(ALERTS_URL);
+    waitForAlertsToPopulate();
+  });
+
+  context('Host name - Has misconfiguration findings', () => {
+    beforeEach(() => {
+      createMockFinding(true, 'host.name');
+      cy.reload();
+      expandFirstAlertHostFlyout();
+    });
+
+    afterEach(() => {
+      deleteDataStream();
+    });
+
+    it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
+      cy.log('check if Misconfiguration preview title shown');
+      cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('be.visible');
+    });
+
+    it('should display insight tabs and findings table upon clicking on misconfiguration accordion', () => {
+      cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).click();
+      cy.get(CSP_INSIGHT_TAB_TITLE).should('be.visible');
+      cy.get(CSP_INSIGHT_TABLE).should('be.visible');
+    });
+  });
+
+  context(
+    'Host name - Has misconfiguration findings but host name is not the same as alert host name',
+    () => {
+      beforeEach(() => {
+        createMockFinding(false, 'host.name');
+        cy.reload();
+        expandFirstAlertHostFlyout();
+      });
+
+      afterEach(() => {
+        deleteDataStream();
+      });
+
+      it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
+        expandFirstAlertHostFlyout();
+
+        cy.log('check if Misconfiguration preview title is not shown');
+        cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('not.exist');
+      });
+    }
+  );
+
+  context('User name - Has misconfiguration findings', () => {
+    beforeEach(() => {
+      createMockFinding(true, 'user.name');
+      cy.reload();
+      expandFirstAlertUserFlyout();
+    });
+
+    afterEach(() => {
+      deleteDataStream();
+    });
+
+    it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
+      cy.log('check if Misconfiguration preview title shown');
+      cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('be.visible');
+    });
+
+    it('should display insight tabs and findings table upon clicking on misconfiguration accordion', () => {
+      cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).click();
+      cy.get(CSP_INSIGHT_TAB_TITLE).should('be.visible');
+      cy.get(CSP_INSIGHT_TABLE).should('be.visible');
+    });
+  });
+
+  context(
+    'User name - Has misconfiguration findings but host name is not the same as alert host name',
+    () => {
+      beforeEach(() => {
+        createMockFinding(false, 'user.name');
+        cy.reload();
+        expandFirstAlertHostFlyout();
+      });
+
+      afterEach(() => {
+        deleteDataStream();
+      });
+
+      it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
+        expandFirstAlertUserFlyout();
+
+        cy.log('check if Misconfiguration preview title is not shown');
+        cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('not.exist');
+      });
+    }
+  );
+});