[Security Solution] Improves detections tests #77295
Conversation
MadameSheema
force-pushed
the
improves-detections
branch
from
8c2af58 to
836b7cc
Compare
|
@elasticmachine merge upstream |
# Conflicts: # x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts # x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_ml.spec.ts # x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts # x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_threshold.spec.ts # x-pack/plugins/security_solution/cypress/screens/rule_details.ts # x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts
MadameSheema
force-pushed
the
improves-detections
branch
from
afa7850 to
d97ef1a
Compare
|
@elasticmachine merge upstream |
MadameSheema
requested review from
rylnd,
spong,
dhurley14,
yctercero and
FrankHassanabad
MadameSheema
added
Team:SIEM
v7.10.0
v8.0.0
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
| cy.get(SHOWING_ALERTS) | ||
| .invoke('text') | ||
| .should('eql', `Showing ${expectedNumberOfAlerts.toString()} alerts`); | ||
| cy.get(NUMBER_OF_ALERTS).should('have.text', expectedNumberOfAlerts.toString()); |
There was a problem hiding this comment.
I assume this is the preference for text assertions, now? Is it more robust, or better errors, or both?
There was a problem hiding this comment.
Yes this is the preference now when possible, is more robust because should clause in Cypress will continue to retry its specified assertions until it times out, and also improves the readability of the tests.
| cy.get(LOOK_BACK_TIME_TYPE).select(rule.lookBack.timeType); | ||
| }; | ||
|
|
||
| export const expectDefineFormToRepopulateAndContinue = (rule: CustomRule) => { |
There was a problem hiding this comment.
I think these came from a bad merge resolution; they were removed in #77090
There was a problem hiding this comment.
mmmm you are right! Thanks for catching this :)
| .invoke('text') | ||
| .then((ruleStatus) => { | ||
| if (ruleStatus !== 'succeeded') { | ||
| cy.get('[data-test-subj=refreshButton]').click(); |
There was a problem hiding this comment.
Without the commented-out assertion below, there's nothing to synchronize the results of the refresh, right? Here's how I'm picturing it:
- page is loaded, rule has not finished executing
- we click refresh
- We continue on with the test, with no guarantee that the rule has executed
There was a problem hiding this comment.
I'll take a deeper look to this.
| eqlRule.referenceUrls.forEach((url) => { | ||
| expectedUrls = expectedUrls + url; | ||
| }); | ||
| let expectedFalsePositives = ''; |
There was a problem hiding this comment.
If you're not expecting these values to change it would be nice use const with a .map or .reduce for these guys. I know these are copy/pasted from elsewhere, but I've got the const version in the EQL rule tests.
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
| // cy.get('[data-test-subj=ruleStatus]').should('have.text', 'succeeded') | ||
| } | ||
| }); | ||
| cy.get(RULE_STATUS).should((ruleStatus) => { |
There was a problem hiding this comment.
🥇 💯 I was hoping cypress would have have a nice way to do this, but this is better than I expected!
| getDescriptionForTitle('Additional look-back time').invoke('text').should('eql', '1m'); | ||
| getDetails(RUNS_EVERY_DETAILS).should( | ||
| 'have.text', | ||
| `${newRule.runsEvery.interval}${newRule.runsEvery.type}` |
There was a problem hiding this comment.
👍 thanks for adding these scheduling fields!
|
|
||
| goToRuleDetails(); | ||
| waitForTheRuleToBeExecuted(); |
There was a problem hiding this comment.
I would put this guard as close to the dependent assertions as possible: since (I think) it's only required for the alerts assertions, I would move this a bit further down.
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]async chunks size
History
To update your PR or re-run it, just comment with: |
* improves 'Creates and activates a new custom rule' test * fixes constant problem * improves 'Creates and activates a new custom rule with override option' test * improves 'Creates and activates a new threshold rule' test * refactor * fixes type check issue * improves assertions * removes unused code * changes variables for constants * improves 'waitForTheRuleToBeExecuted' test * improves readability * fixes jenkins error * refactor * refactor Co-authored-by: Elastic Machine <[email protected]>
* master: (365 commits) making expression debug info serializable (elastic#78727) fix lodahs imports in app-arch code (elastic#78582) Make Field a React.lazy export (elastic#78483) [Security Solution] Improves detections tests (elastic#77295) [TSVB] Different field format on different series is ignored (elastic#78138) RFC: Improve saved object migrations (elastic#66056) [Security Solution] Fixes url timeline flaky test (elastic#78556) adds retryability feature (elastic#78611) Aligns several module versions across the repository (elastic#78327) Empty prompt and loading spinner for service map (elastic#78382) Change progress bar to spinner (elastic#78460) [QA][Code Coverage] Coverage teams lookup w/o Additional Config (elastic#77111) Slim down core bundle (elastic#75912) [Alerting] retry internal OCC calls within alertsClient (elastic#77838) [kbn/optimizer] only build xpack examples when building xpack plugins (elastic#78656) [Ingest Manager] Ingest setup upgrade (elastic#78081) [Ingest Manager] Surface saved object client 10,000 limitation to bulk actions UI (elastic#78520) fix name without a category or if field end with .text (elastic#78655) [Security Solution] [Detections] Log message enhancements (elastic#78429) [ML]DF Analytics exploration: default filter of results page by `defaultIsTraining` value in url (elastic#78303) ...
* improves 'Creates and activates a new custom rule' test * fixes constant problem * improves 'Creates and activates a new custom rule with override option' test * improves 'Creates and activates a new threshold rule' test * refactor * fixes type check issue * improves assertions * removes unused code * changes variables for constants * improves 'waitForTheRuleToBeExecuted' test * improves readability * fixes jenkins error * refactor * refactor Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
…-to-timeline * 'master' of github.com:elastic/kibana: (22 commits) update apm index pattern (elastic#78732) 78024: move transform out of dataset (elastic#78216) [QA][Code Coverage] Upload the coverage static site before ingestion (elastic#78695) [Discover] Make _source field not clickable (elastic#78698) [Fleet] Rename Ingest Manager => Fleet, Fleet => Agents in the UI (elastic#78685) [APM] Review feedback from distribution + transaction metrics (elastic#78752) [Ingest pipelines] Add ability to stop pipeline simulation (elastic#78183) [CSM] Fix core vital legend background (elastic#78273) [Usage Collection] [schema] Support spreads + `canvas` definition (elastic#78481) fix lodash imports (elastic#78456) [Maps] Add layer type preview icons (elastic#78650) [APM] Use transaction metrics for distribution charts (elastic#78484) [Uptime] Ml anomaly alert edit (elastic#76909) [ML] Limit exposing shared static code through ml/public/index.ts. (elastic#77745) making expression debug info serializable (elastic#78727) fix lodahs imports in app-arch code (elastic#78582) Make Field a React.lazy export (elastic#78483) [Security Solution] Improves detections tests (elastic#77295) [TSVB] Different field format on different series is ignored (elastic#78138) RFC: Improve saved object migrations (elastic#66056) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
In this PR we are improving some of the the detections Cypress following tests with the following changes:
For
Creates and activates a new ruletest:For
Creates and activates a new custom rule with override option:For
Creates and activates a new threshold rule:The rule populates alerts
We assert that the rule is generating alerts
We assert that the values of the generated alert are the expected ones
Also in general we are trying to improve the readability.