[Security Solution] Support rule id in wait for rule status helper

x-pack/test/cases_api_integration/common/lib/alerts.ts

@@ -14,7 +14,7 @@ import { RiskEnrichmentFields } from '@kbn/security-solution-plugin/server/lib/d
 import {
   getRuleForSignalTesting,
   createRule,
-  waitForRuleSuccessOrStatus,
+  waitForRuleSuccess,
   waitForSignalsToBePresent,
   getSignalsByIds,
   getQuerySignalIds,
@@ -29,7 +29,7 @@ export const createSecuritySolutionAlerts = async (
 ): Promise<estypes.SearchResponse<DetectionAlert & RiskEnrichmentFields>> => {
   const rule = getRuleForSignalTesting(['auditbeat-*']);
   const { id } = await createRule(supertest, log, rule);
-  await waitForRuleSuccessOrStatus(supertest, log, id);
+  await waitForRuleSuccess({ supertest, log, id });
   await waitForSignalsToBePresent(supertest, log, 1, [id]);
   const signals = await getSignalsByIds(supertest, log, [id]);
 

x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts

@@ -43,7 +43,7 @@ import {
   deleteSignalsIndex,
   deleteAllRules,
   getRuleForSignalTesting,
-  waitForRuleSuccessOrStatus,
+  waitForRuleSuccess,
   waitForSignalsToBePresent,
   getSignalsByIds,
   createRule,
@@ -804,7 +804,7 @@ export default ({ getService }: FtrProviderContext): void => {
           const postedCase = await createCase(supertest, postCaseReq);
 
           const { id } = await createRule(supertest, log, rule);
-          await waitForRuleSuccessOrStatus(supertest, log, id);
+          await waitForRuleSuccess({ supertest, log, id });
           await waitForSignalsToBePresent(supertest, log, 1, [id]);
           const signals = await getSignalsByIds(supertest, log, [id]);
 
@@ -864,7 +864,7 @@ export default ({ getService }: FtrProviderContext): void => {
           });
 
           const { id } = await createRule(supertest, log, rule);
-          await waitForRuleSuccessOrStatus(supertest, log, id);
+          await waitForRuleSuccess({ supertest, log, id });
           await waitForSignalsToBePresent(supertest, log, 1, [id]);
           const signals = await getSignalsByIds(supertest, log, [id]);
 
@@ -917,7 +917,7 @@ export default ({ getService }: FtrProviderContext): void => {
           });
 
           const { id } = await createRule(supertest, log, rule);
-          await waitForRuleSuccessOrStatus(supertest, log, id);
+          await waitForRuleSuccess({ supertest, log, id });
           await waitForSignalsToBePresent(supertest, log, 1, [id]);
           const signals = await getSignalsByIds(supertest, log, [id]);
 
@@ -986,7 +986,7 @@ export default ({ getService }: FtrProviderContext): void => {
 
           const postedCase = await createCase(supertest, postCaseReq);
           const { id } = await createRule(supertest, log, rule);
-          await waitForRuleSuccessOrStatus(supertest, log, id);
+          await waitForRuleSuccess({ supertest, log, id });
           await waitForSignalsToBePresent(supertest, log, 1, [id]);
           const signals = await getSignalsByIds(supertest, log, [id]);
 

x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts

@@ -24,7 +24,7 @@ import {
   createRule,
   waitForSignalsToBePresent,
   getSignalsByIds,
-  waitForRuleSuccessOrStatus,
+  waitForRuleSuccess,
   getRuleForSignalTesting,
 } from '../../utils';
 
@@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
       it('should be able to execute and get 10 signals', async () => {
         const rule = getRuleForSignalTesting(['auditbeat-*']);
         const { id } = await createRule(supertest, log, rule);
-        await waitForRuleSuccessOrStatus(supertest, log, id);
+        await waitForRuleSuccess({ supertest, log, id });
         await waitForSignalsToBePresent(supertest, log, 10, [id]);
         const signalsOpen = await getSignalsByIds(supertest, log, [id]);
         expect(signalsOpen.hits.hits.length).equal(10);
@@ -66,7 +66,7 @@ export default ({ getService }: FtrProviderContext) => {
       it('should be have set the signals in an open state initially', async () => {
         const rule = getRuleForSignalTesting(['auditbeat-*']);
         const { id } = await createRule(supertest, log, rule);
-        await waitForRuleSuccessOrStatus(supertest, log, id);
+        await waitForRuleSuccess({ supertest, log, id });
         await waitForSignalsToBePresent(supertest, log, 10, [id]);
         const signalsOpen = await getSignalsByIds(supertest, log, [id]);
         const everySignalOpen = signalsOpen.hits.hits.every(
@@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
       it('should be able to get a count of 10 closed signals when closing 10', async () => {
         const rule = getRuleForSignalTesting(['auditbeat-*']);
         const { id } = await createRule(supertest, log, rule);
-        await waitForRuleSuccessOrStatus(supertest, log, id);
+        await waitForRuleSuccess({ supertest, log, id });
         await waitForSignalsToBePresent(supertest, log, 10, [id]);
         const signalsOpen = await getSignalsByIds(supertest, log, [id]);
         const signalIds = signalsOpen.hits.hits.map((signal) => signal._id);
@@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => {
       it('should be able close 10 signals immediately and they all should be closed', async () => {
         const rule = getRuleForSignalTesting(['auditbeat-*']);
         const { id } = await createRule(supertest, log, rule);
-        await waitForRuleSuccessOrStatus(supertest, log, id);
+        await waitForRuleSuccess({ supertest, log, id });
         await waitForSignalsToBePresent(supertest, log, 10, [id]);
         const signalsOpen = await getSignalsByIds(supertest, log, [id]);
         const signalIds = signalsOpen.hits.hits.map((signal) => signal._id);

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_actions.ts

@@ -17,7 +17,7 @@ import {
   getWebHookAction,
   getRuleWithWebHookAction,
   getSimpleRuleOutputWithWebHookAction,
-  waitForRuleSuccessOrStatus,
+  waitForRuleSuccess,
   createRule,
 } from '../../utils';
 
@@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => {
           log,
           getRuleWithWebHookAction(hookAction.id, true)
         );
-        await waitForRuleSuccessOrStatus(supertest, log, rule.id);
+        await waitForRuleSuccess({ supertest, log, id: rule.id });
       });
 
       it('should be able to create a new webhook action and attach it to a rule with a meta field and run it correctly', async () => {
@@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => {
         };
 
         const rule = await createRule(supertest, log, ruleWithAction);
-        await waitForRuleSuccessOrStatus(supertest, log, rule.id);
+        await waitForRuleSuccess({ supertest, log, id: rule.id });
       });
     });
   });

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts

@@ -15,7 +15,7 @@ import {
   deleteSignalsIndex,
   getRuleForSignalTesting,
   getSignalsById,
-  waitForRuleSuccessOrStatus,
+  waitForRuleSuccess,
   waitForSignalsToBePresent,
 } from '../../utils';
 
@@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => {
     it('should keep the original alias value such as "host_alias" from a source index when the value is indexed', async () => {
       const rule = getRuleForSignalTesting(['host_alias']);
       const { id } = await createRule(supertest, log, rule);
-      await waitForRuleSuccessOrStatus(supertest, log, id);
+      await waitForRuleSuccess({ supertest, log, id });
       await waitForSignalsToBePresent(supertest, log, 4, [id]);
       const signalsOpen = await getSignalsById(supertest, log, id);
       const hits = signalsOpen.hits.hits
@@ -62,7 +62,7 @@ export default ({ getService }: FtrProviderContext) => {
     it('should copy alias data from a source index into the signals index in the same position when the target is ECS compatible', async () => {
       const rule = getRuleForSignalTesting(['host_alias']);
       const { id } = await createRule(supertest, log, rule);
-      await waitForRuleSuccessOrStatus(supertest, log, id);
+      await waitForRuleSuccess({ supertest, log, id });
       await waitForSignalsToBePresent(supertest, log, 4, [id]);
       const signalsOpen = await getSignalsById(supertest, log, id);
       const hits = signalsOpen.hits.hits

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/check_privileges.ts

@@ -8,14 +8,13 @@
 import expect from '@kbn/expect';
 import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
 import { ROLES } from '@kbn/security-solution-plugin/common/test';
-import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
 import { ThresholdRuleCreateProps } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema';
 import { FtrProviderContext } from '../../common/ftr_provider_context';
 import {
   createSignalsIndex,
   deleteSignalsIndex,
   deleteAllRules,
-  waitForRuleSuccessOrStatus,
+  waitForRulePartialFailure,
   getRuleForSignalTesting,
   createRuleWithAuth,
   getThresholdRuleForSignalTesting,
@@ -65,12 +64,11 @@ export default ({ getService }: FtrProviderContext) => {
             user: ROLES.detections_admin,
             pass: 'changeme',
           });
-          await waitForRuleSuccessOrStatus(
+          await waitForRulePartialFailure({
             supertest,
             log,
             id,
-            RuleExecutionStatus['partial failure']
-          );
+          });
           const { body } = await supertest
             .get(DETECTION_ENGINE_RULES_URL)
             .set('kbn-xsrf', 'true')
@@ -104,12 +102,11 @@ export default ({ getService }: FtrProviderContext) => {
             user: ROLES.detections_admin,
             pass: 'changeme',
           });
-          await waitForRuleSuccessOrStatus(
+          await waitForRulePartialFailure({
             supertest,
             log,
             id,
-            RuleExecutionStatus['partial failure']
-          );
+          });
           const { body } = await supertest
             .get(DETECTION_ENGINE_RULES_URL)
             .set('kbn-xsrf', 'true')

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules.ts

@@ -8,7 +8,6 @@
 import expect from '@kbn/expect';
 
 import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
-import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
 import { RuleCreateProps } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema';
 import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types';
 import { ROLES } from '@kbn/security-solution-plugin/common/test';
@@ -26,12 +25,13 @@ import {
   removeServerGeneratedPropertiesIncludingRuleId,
   getSimpleMlRule,
   getSimpleMlRuleOutput,
-  waitForRuleSuccessOrStatus,
+  waitForRuleSuccess,
   getRuleForSignalTesting,
   getRuleForSignalTestingWithTimestampOverride,
   waitForAlertToComplete,
   waitForSignalsToBePresent,
   getThresholdRuleForSignalTesting,
+  waitForRulePartialFailure,
 } from '../../utils';
 import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution';
 
@@ -118,7 +118,7 @@ export default ({ getService }: FtrProviderContext) => {
             .send(simpleRule)
             .expect(200);
 
-          await waitForRuleSuccessOrStatus(supertest, log, body.id);
+          await waitForRuleSuccess({ supertest, log, id: body.id });
         });
 
         it('should create a single rule with a rule_id and an index pattern that does not match anything available and partial failure for the rule', async () => {
@@ -129,12 +129,11 @@ export default ({ getService }: FtrProviderContext) => {
             .send(simpleRule)
             .expect(200);
 
-          await waitForRuleSuccessOrStatus(
+          await waitForRulePartialFailure({
             supertest,
             log,
-            body.id,
-            RuleExecutionStatus['partial failure']
-          );
+            id: body.id,
+          });
 
           const { body: rule } = await supertest
             .get(DETECTION_ENGINE_RULES_URL)
@@ -157,7 +156,7 @@ export default ({ getService }: FtrProviderContext) => {
             .send(simpleRule)
             .expect(200);
 
-          await waitForRuleSuccessOrStatus(supertest, log, body.id, RuleExecutionStatus.succeeded);
+          await waitForRuleSuccess({ supertest, log, id: body.id });
         });
 
         it('should create a single rule without an input index', async () => {
@@ -519,12 +518,11 @@ export default ({ getService }: FtrProviderContext) => {
         const bodyId = body.id;
 
         await waitForAlertToComplete(supertest, log, bodyId);
-        await waitForRuleSuccessOrStatus(
+        await waitForRulePartialFailure({
           supertest,
           log,
-          bodyId,
-          RuleExecutionStatus['partial failure']
-        );
+          id: bodyId,
+        });
 
         const { body: rule } = await supertest
           .get(DETECTION_ENGINE_RULES_URL)
@@ -551,12 +549,11 @@ export default ({ getService }: FtrProviderContext) => {
           .expect(200);
         const bodyId = body.id;
 
-        await waitForRuleSuccessOrStatus(
+        await waitForRulePartialFailure({
           supertest,
           log,
-          bodyId,
-          RuleExecutionStatus['partial failure']
-        );
+          id: bodyId,
+        });
         await waitForSignalsToBePresent(supertest, log, 2, [bodyId]);
 
         const { body: rule } = await supertest

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules_bulk.ts

@@ -25,7 +25,7 @@ import {
   getSimpleRuleWithoutRuleId,
   removeServerGeneratedProperties,
   removeServerGeneratedPropertiesIncludingRuleId,
-  waitForRuleSuccessOrStatus,
+  waitForRuleSuccess,
 } from '../../utils';
 
 // eslint-disable-next-line import/no-default-export
@@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .send([simpleRule])
           .expect(200);
 
-        await waitForRuleSuccessOrStatus(supertest, log, body[0].id);
+        await waitForRuleSuccess({ supertest, log, id: body[0].id });
       });
 
       it('should create a single rule without a rule_id', async () => {

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/export_rules.ts

@@ -8,7 +8,6 @@
 import expect from 'expect';
 
 import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
-import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
 import { FtrProviderContext } from '../../common/ftr_provider_context';
 import {
   binaryToString,
@@ -20,7 +19,7 @@ import {
   getSimpleRuleOutput,
   getWebHookAction,
   removeServerGeneratedProperties,
-  waitForRuleSuccessOrStatus,
+  waitForRulePartialFailure,
 } from '../../utils';
 
 // eslint-disable-next-line import/no-default-export
@@ -54,19 +53,13 @@ export default ({ getService }: FtrProviderContext): void => {
       it('should validate exported rule schema when its exported by its rule_id', async () => {
         const ruleId = 'rule-1';
 
-        const rule = await createRule(supertest, log, getSimpleRule(ruleId, true));
+        await createRule(supertest, log, getSimpleRule(ruleId, true));
 
-        await waitForRuleSuccessOrStatus(
+        await waitForRulePartialFailure({
           supertest,
           log,
-          rule.id,
-          RuleExecutionStatus['partial failure']
-        );
-        // to properly execute the test on rule's data with runtime fields some delay is needed as
-        // ES Search API may return outdated data
-        // it causes a reliable delay so exported rule's SO contains runtime fields returned via ES Search API
-        // and will be removed after addressing this issue
-        await new Promise((r) => setTimeout(r, 1000));
+          ruleId,
+        });
 
         const { body } = await supertest
           .post(`${DETECTION_ENGINE_RULES_URL}/_export`)
@@ -86,26 +79,19 @@ export default ({ getService }: FtrProviderContext): void => {
         const ruleId1 = 'rule-1';
         const ruleId2 = 'rule-2';
 
-        const rule1 = await createRule(supertest, log, getSimpleRule(ruleId1, true));
-        const rule2 = await createRule(supertest, log, getSimpleRule(ruleId2, true));
+        await createRule(supertest, log, getSimpleRule(ruleId1, true));
+        await createRule(supertest, log, getSimpleRule(ruleId2, true));
 
-        await waitForRuleSuccessOrStatus(
+        await waitForRulePartialFailure({
           supertest,
           log,
-          rule1.id,
-          RuleExecutionStatus['partial failure']
-        );
-        await waitForRuleSuccessOrStatus(
+          ruleId: ruleId1,
+        });
+        await waitForRulePartialFailure({
           supertest,
           log,
-          rule2.id,
-          RuleExecutionStatus['partial failure']
-        );
-        // to properly execute the test on rule's data with runtime fields some delay is needed as
-        // ES Search API may return outdated data
-        // it causes a reliable delay so exported rule's SO contains runtime fields returned via ES Search API
-        // and will be removed after addressing this issue
-        await new Promise((r) => setTimeout(r, 1000));
+          ruleId: ruleId2,
+        });
 
         const { body } = await supertest
           .post(`${DETECTION_ENGINE_RULES_URL}/_export`)