Add security-rule kibana assets to be checked by tests (#1960)

Include security-rule assets into the assets checked by
elastic-package test asset command. Doing so, those assets
will also be marked as covered in the coverage reports.

internal/packages/assets.go

@@ -17,16 +17,35 @@ import (
 // AssetType represents the type of package asset.
 type AssetType string
 
+type assetTypeFolder struct {
+	typeName   AssetType
+	folderName string
+}
+
+func newAssetType(typeName AssetType) assetTypeFolder {
+	return assetTypeFolder{
+		typeName:   typeName,
+		folderName: string(typeName),
+	}
+}
+func newAssetTypeWithFolder(typeName AssetType, folderName string) assetTypeFolder {
+	return assetTypeFolder{
+		typeName:   typeName,
+		folderName: folderName,
+	}
+}
+
 // Supported asset types.
-const (
-	AssetTypeElasticsearchIndexTemplate  AssetType = "index_template"
-	AssetTypeElasticsearchIngestPipeline AssetType = "ingest_pipeline"
-
-	AssetTypeKibanaSavedSearch   AssetType = "search"
-	AssetTypeKibanaVisualization AssetType = "visualization"
-	AssetTypeKibanaDashboard     AssetType = "dashboard"
-	AssetTypeKibanaMap           AssetType = "map"
-	AssetTypeKibanaLens          AssetType = "lens"
+var (
+	AssetTypeElasticsearchIndexTemplate  = newAssetType("index_template")
+	AssetTypeElasticsearchIngestPipeline = newAssetType("ingest_pipeline")
+
+	AssetTypeKibanaSavedSearch   = newAssetType("search")
+	AssetTypeKibanaVisualization = newAssetType("visualization")
+	AssetTypeKibanaDashboard     = newAssetType("dashboard")
+	AssetTypeKibanaMap           = newAssetType("map")
+	AssetTypeKibanaLens          = newAssetType("lens")
+	AssetTypeSecurityRule        = newAssetTypeWithFolder("security-rule", "security_rule")
 )
 
 // Asset represents a package asset to be loaded into Kibana or Elasticsearch.
@@ -64,12 +83,13 @@ func loadKibanaAssets(pkgRootPath string) ([]Asset, error) {
 	var (
 		errs multierror.Error
 
-		assetTypes = []AssetType{
+		assetTypes = []assetTypeFolder{
 			AssetTypeKibanaDashboard,
 			AssetTypeKibanaVisualization,
 			AssetTypeKibanaSavedSearch,
 			AssetTypeKibanaMap,
 			AssetTypeKibanaLens,
+			AssetTypeSecurityRule,
 		}
 
 		assets []Asset
@@ -115,7 +135,7 @@ func loadElasticsearchAssets(pkgRootPath string) ([]Asset, error) {
 
 		asset := Asset{
 			ID:         indexTemplateName,
-			Type:       AssetTypeElasticsearchIndexTemplate,
+			Type:       AssetTypeElasticsearchIndexTemplate.typeName,
 			DataStream: dsManifest.Name,
 		}
 		assets = append(assets, asset)
@@ -147,7 +167,7 @@ func loadElasticsearchAssets(pkgRootPath string) ([]Asset, error) {
 			}
 			asset = Asset{
 				ID:         ingestPipelineName,
-				Type:       AssetTypeElasticsearchIngestPipeline,
+				Type:       AssetTypeElasticsearchIngestPipeline.typeName,
 				DataStream: dsManifest.Name,
 			}
 			assets = append(assets, asset)
@@ -158,20 +178,20 @@ func loadElasticsearchAssets(pkgRootPath string) ([]Asset, error) {
 	return assets, nil
 }
 
-func loadFileBasedAssets(kibanaAssetsFolderPath string, assetType AssetType) ([]Asset, error) {
-	assetsFolderPath := filepath.Join(kibanaAssetsFolderPath, string(assetType))
+func loadFileBasedAssets(kibanaAssetsFolderPath string, assetType assetTypeFolder) ([]Asset, error) {
+	assetsFolderPath := filepath.Join(kibanaAssetsFolderPath, assetType.folderName)
 	_, err := os.Stat(assetsFolderPath)
 	if err != nil && errors.Is(err, os.ErrNotExist) {
 		// No assets folder defined; nothing to load
 		return nil, nil
 	}
 	if err != nil {
-		return nil, fmt.Errorf("error finding kibana %s assets folder: %w", assetType, err)
+		return nil, fmt.Errorf("error finding kibana %s assets folder: %w", assetType.typeName, err)
 	}
 
 	paths, err := filepath.Glob(filepath.Join(assetsFolderPath, "*.json"))
 	if err != nil {
-		return nil, fmt.Errorf("could not read %s files: %w", assetType, err)
+		return nil, fmt.Errorf("could not read %s files: %w", assetType.typeName, err)
 	}
 
 	var assets []Asset
@@ -183,7 +203,7 @@ func loadFileBasedAssets(kibanaAssetsFolderPath string, assetType AssetType) ([]
 
 		asset := Asset{
 			ID:         assetID,
-			Type:       assetType,
+			Type:       assetType.typeName,
 			SourcePath: assetPath,
 		}
 		assets = append(assets, asset)

test/packages/other/security_rules/LICENSE.txt

@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.

test/packages/other/security_rules/changelog.yml

@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.0.1"
+  changes:
+    - description: Initial draft of the package
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link

test/packages/other/security_rules/docs/README.md

@@ -0,0 +1,84 @@
+<!-- Use this template language as a starting point, replacing {placeholder text} with details about the integration. -->
+<!-- Find more detailed documentation guidelines in https://github.com/elastic/integrations/blob/main/docs/documentation_guidelines.md -->
+
+# Security Rules
+
+<!-- The Security Rules integration allows you to monitor {name of service}. {name of service} is {describe service}.
+
+Use the Security Rules integration to {purpose}. Then visualize that data in Kibana, create alerts to notify you if something goes wrong, and reference {data stream type} when troubleshooting an issue.
+
+For example, if you wanted to {sample use case} you could {action}. Then you can {visualize|alert|troubleshoot} by {action}. -->
+
+## Data streams
+
+<!-- The Security Rules integration collects {one|two} type{s} of data streams: {logs and/or metrics}. -->
+
+<!-- If applicable -->
+<!-- **Logs** help you keep a record of events happening in {service}.
+Log data streams collected by the {name} integration include {sample data stream(s)} and more. See more details in the [Logs](#logs-reference). -->
+
+<!-- If applicable -->
+<!-- **Metrics** give you insight into the state of {service}.
+Metric data streams collected by the {name} integration include {sample data stream(s)} and more. See more details in the [Metrics](#metrics-reference). -->
+
+<!-- Optional: Any additional notes on data streams -->
+
+## Requirements
+
+You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it.
+You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.
+
+<!--
+	Optional: Other requirements including:
+	* System compatibility
+	* Supported versions of third-party products
+	* Permissions needed
+	* Anything else that could block a user from successfully using the integration
+-->
+
+## Setup
+
+<!-- Any prerequisite instructions -->
+
+For step-by-step instructions on how to set up an integration, see the
+[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide.
+
+<!-- Additional set up instructions -->
+
+<!-- If applicable -->
+<!-- ## Logs reference -->
+
+<!-- Repeat for each data stream of the current type -->
+<!-- ### {Data stream name}
+
+The `{data stream name}` data stream provides events from {source} of the following types: {list types}. -->
+
+<!-- Optional -->
+<!-- #### Example
+
+An example event for `{data stream name}` looks as following:
+
+{code block with example} -->
+
+<!-- #### Exported fields
+
+{insert table} -->
+
+<!-- If applicable -->
+<!-- ## Metrics reference -->
+
+<!-- Repeat for each data stream of the current type -->
+<!-- ### {Data stream name}
+
+The `{data stream name}` data stream provides events from {source} of the following types: {list types}. -->
+
+<!-- Optional -->
+<!-- #### Example
+
+An example event for `{data stream name}` looks as following:
+
+{code block with example} -->
+
+<!-- #### Exported fields
+
+{insert table} -->

test/packages/other/security_rules/kibana/security_rule/000047bb-b27a-47ec-8b62-ef1a5d2c9e10_100.json

@@ -0,0 +1,49 @@
+{
+    "attributes": {
+        "author": [
+            "Elastic"
+        ],
+        "description": "Minimal example security rule.",
+        "false_positives": [ ],
+        "index": [
+            "filebeat-*"
+        ],
+        "language": "kuery",
+        "license": "Elastic License v2",
+        "name": "Attempt to Modify an Okta Policy Rule",
+        "note": "Example note",
+        "query": "event.dataset:security_rules and event.action:policy.rule.update\n",
+        "references": [ ],
+        "related_integrations": [
+            {
+                "package": "security_rules",
+                "version": "^0.0.1"
+            }
+        ],
+        "required_fields": [
+            {
+                "ecs": true,
+                "name": "event.action",
+                "type": "keyword"
+            },
+            {
+                "ecs": true,
+                "name": "event.dataset",
+                "type": "keyword"
+            }
+        ],
+        "risk_score": 21,
+        "rule_id": "000047bb-b27a-47ec-8b62-ef1a5d2c9e10",
+        "setup": "Filebeat module, or similarly structured data is required to be compatible with this rule.",
+        "severity": "low",
+        "tags": [
+            "Security"
+        ],
+        "threat": [ ],
+        "timestamp_override": "event.ingested",
+        "type": "query",
+        "version": 100
+    },
+    "id": "000047bb-b27a-47ec-8b62-ef1a5d2c9e10_100",
+    "type": "security-rule"
+}

test/packages/other/security_rules/manifest.yml

@@ -0,0 +1,36 @@
+format_version: 3.2.1
+name: security_rules
+title: "Security Rules"
+version: 0.0.1
+source:
+  license: "Elastic-2.0"
+description: "Package containing security rules"
+type: integration
+categories:
+  - custom
+conditions:
+  kibana:
+    version: "^8.14.2"
+  elastic:
+    subscription: "basic"
+screenshots:
+  - src: /img/sample-screenshot.png
+    title: Sample screenshot
+    size: 600x600
+    type: image/png
+icons:
+  - src: /img/sample-logo.svg
+    title: Sample logo
+    size: 32x32
+    type: image/svg+xml
+policy_templates:
+  - name: sample
+    title: Sample logs
+    description: Collect sample logs
+    inputs:
+      - type: logfile
+        title: Collect sample logs from instances
+        description: Collecting sample logs
+owner:
+  github: elastic/integrations
+  type: elastic