From df508784a528cc7cf19d1c8b5667df0180165153 Mon Sep 17 00:00:00 2001 From: dkirchan Date: Mon, 16 Oct 2023 14:28:36 +0300 Subject: [PATCH 01/10] Added security solution pipeline-api-integration-tests --- .../pipeline-api-integration-tests.sh | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100755 .buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh new file mode 100755 index 0000000000000..0bb294ebfe883 --- /dev/null +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh @@ -0,0 +1,20 @@ +#!/bin/bash +set -euo pipefail + +source .buildkite/scripts/common/util.sh +.buildkite/scripts/bootstrap.sh + +buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true" + +echo "--- Serverless Security Second Quality Gate" +cd x-pack +set +e + +VAULT_DEC_KEY=$(vault read -field=key secret/kibana-issues/dev/security-solution-qg-enc-key) +ENV_PWD=$(echo $TEST_ENV_PWD | openssl aes-256-cbc -d -a -pass pass:$VAULT_DEC_KEY) + +# Removing the https:// part of the url provided in order to use it in the command below. +ES_URL="${TEST_ENV_ES_URL/https:\/\//}" +KB_URL="${TEST_ENV_KB_URL/https:\/\//}" + +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" node scripts/functional_test_runner.js --config test/security_solution_api_integration/test_suites/detections_response/serverless.config.ts \ No newline at end of file From 44b8e31bca6e913bbbd55c4928a45f0d5b490a59 Mon Sep 17 00:00:00 2001 From: dkirchan Date: Thu, 19 Oct 2023 12:16:13 +0300 Subject: [PATCH 02/10] Fixed yarn target after having multiple configuration files --- .../pipeline-api-integration-tests.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh index 0bb294ebfe883..41df379cfb1f9 100755 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh @@ -7,14 +7,23 @@ source .buildkite/scripts/common/util.sh buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true" echo "--- Serverless Security Second Quality Gate" -cd x-pack +cd x-pack/test/security_solution_api_integration set +e -VAULT_DEC_KEY=$(vault read -field=key secret/kibana-issues/dev/security-solution-qg-enc-key) +VAULT_DEC_KEY=$(retry 5 5 vault read -field=enc_key secret/kibana-issues/dev/security-solution-qg-enc-key) ENV_PWD=$(echo $TEST_ENV_PWD | openssl aes-256-cbc -d -a -pass pass:$VAULT_DEC_KEY) # Removing the https:// part of the url provided in order to use it in the command below. ES_URL="${TEST_ENV_ES_URL/https:\/\//}" KB_URL="${TEST_ENV_KB_URL/https:\/\//}" -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" node scripts/functional_test_runner.js --config test/security_solution_api_integration/test_suites/detections_response/serverless.config.ts \ No newline at end of file +echo "Running the script exception_workflows:runner:serverless" +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run exception_workflows:runner:serverless +echo "Running the script exception_operators_date_numeric_types:runner:serverless" +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run exception_operators_date_numeric_types:runner:serverless +echo "Running the script exception_operators_keyword_text_long:runner:serverless" +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run exception_operators_keyword_text_long:runner:serverless +echo "Running the script exception_operators_ips_text_array:runner:serverless" +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run exception_operators_ips_text_array:runner:serverless +echo "Running the script rule_creation:runner:serverless" +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run rule_creation:runner:serverless \ No newline at end of file From 96584f81ecd1ac29a92774dfa6bfa1d286ae28ee Mon Sep 17 00:00:00 2001 From: dkirchan Date: Thu, 19 Oct 2023 17:05:14 +0300 Subject: [PATCH 03/10] Changed the entrypoint to be a yaml file --- .../security_solution/api_integration.yml | 21 ++++++++++++++ .../api-integration-tests.sh | 24 +++++++++++++++ .../pipeline-api-integration-tests.sh | 29 ------------------- 3 files changed, 45 insertions(+), 29 deletions(-) create mode 100644 .buildkite/pipelines/security_solution/api_integration.yml create mode 100755 .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh delete mode 100755 .buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh diff --git a/.buildkite/pipelines/security_solution/api_integration.yml b/.buildkite/pipelines/security_solution/api_integration.yml new file mode 100644 index 0000000000000..c51c4ad7aa3dc --- /dev/null +++ b/.buildkite/pipelines/security_solution/api_integration.yml @@ -0,0 +1,21 @@ +steps: + - label: Running exception_workflows:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:runner:serverless + key: exception_workflows:runner:serverless + + - label: Running exception_operators_date_numeric_types:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_date_numeric_types:runner:serverless + key: exception_operators_date_numeric_types:runner:serverless + + - label: Running exception_operators_keyword_text_long:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:runner:serverless + key: exception_operators_keyword_text_long:runner:serverless + + - label: Running exception_operators_ips_text_array:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:runner:serverless + key: exception_operators_ips_text_array:runner:serverless + + - label: Running rule_creation:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:runner:serverless + key: rule_creation:runner:serverless + diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh new file mode 100755 index 0000000000000..8d56ded0189c0 --- /dev/null +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh @@ -0,0 +1,24 @@ +#!/bin/bash +if [ -z "$1" ] + then + echo "No target script from the package.json file, is supplied" + exit 1 +fi + +source .buildkite/scripts/common/util.sh +.buildkite/scripts/bootstrap.sh + +buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true" + +echo "--- Serverless Security Second Quality Gate" +cd x-pack/test/security_solution_api_integration +set +e + +VAULT_DEC_KEY=$(retry 5 5 vault read -field=enc_key secret/kibana-issues/dev/security-solution-qg-enc-key) +ENV_PWD=$(echo $TEST_ENV_PWD | openssl aes-256-cbc -d -a -pass pass:$VAULT_DEC_KEY) + +# Removing the https:// part of the url provided in order to use it in the command below. +ES_URL="${TEST_ENV_ES_URL/https:\/\//}" +KB_URL="${TEST_ENV_KB_URL/https:\/\//}" + +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run $1 \ No newline at end of file diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh deleted file mode 100755 index 41df379cfb1f9..0000000000000 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/pipeline-api-integration-tests.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -set -euo pipefail - -source .buildkite/scripts/common/util.sh -.buildkite/scripts/bootstrap.sh - -buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true" - -echo "--- Serverless Security Second Quality Gate" -cd x-pack/test/security_solution_api_integration -set +e - -VAULT_DEC_KEY=$(retry 5 5 vault read -field=enc_key secret/kibana-issues/dev/security-solution-qg-enc-key) -ENV_PWD=$(echo $TEST_ENV_PWD | openssl aes-256-cbc -d -a -pass pass:$VAULT_DEC_KEY) - -# Removing the https:// part of the url provided in order to use it in the command below. -ES_URL="${TEST_ENV_ES_URL/https:\/\//}" -KB_URL="${TEST_ENV_KB_URL/https:\/\//}" - -echo "Running the script exception_workflows:runner:serverless" -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run exception_workflows:runner:serverless -echo "Running the script exception_operators_date_numeric_types:runner:serverless" -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run exception_operators_date_numeric_types:runner:serverless -echo "Running the script exception_operators_keyword_text_long:runner:serverless" -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run exception_operators_keyword_text_long:runner:serverless -echo "Running the script exception_operators_ips_text_array:runner:serverless" -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run exception_operators_ips_text_array:runner:serverless -echo "Running the script rule_creation:runner:serverless" -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run rule_creation:runner:serverless \ No newline at end of file From cb6372509a0ebc0f980e1267cbfd01a95273a4fa Mon Sep 17 00:00:00 2001 From: dkirchan Date: Wed, 25 Oct 2023 12:41:22 +0300 Subject: [PATCH 04/10] Fixed retry, agent definition --- .../security_solution/api_integration.yml | 45 ++++++++++-- .../api-integration-tests.sh | 73 +++++++++++++++++-- 2 files changed, 108 insertions(+), 10 deletions(-) diff --git a/.buildkite/pipelines/security_solution/api_integration.yml b/.buildkite/pipelines/security_solution/api_integration.yml index c51c4ad7aa3dc..b3060a5c7264f 100644 --- a/.buildkite/pipelines/security_solution/api_integration.yml +++ b/.buildkite/pipelines/security_solution/api_integration.yml @@ -1,21 +1,56 @@ steps: - label: Running exception_workflows:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:qa:serverless key: exception_workflows:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 60 + retry: + automatic: + - exit_status: '-1' + limit: 3 - label: Running exception_operators_date_numeric_types:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_date_numeric_types:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_date_numeric_types:qa:serverless key: exception_operators_date_numeric_types:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 60 + retry: + automatic: + - exit_status: '-1' + limit: 3 - label: Running exception_operators_keyword_text_long:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:qa:serverless key: exception_operators_keyword_text_long:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 60 + retry: + automatic: + - exit_status: '-1' + limit: 3 - label: Running exception_operators_ips_text_array:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:qa:serverless key: exception_operators_ips_text_array:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 60 + retry: + automatic: + - exit_status: '-1' + limit: 3 - label: Running rule_creation:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:qa:serverless key: rule_creation:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 60 + retry: + automatic: + - exit_status: '-1' + limit: 3 diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh index 8d56ded0189c0..e72214328ed54 100755 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh @@ -14,11 +14,74 @@ echo "--- Serverless Security Second Quality Gate" cd x-pack/test/security_solution_api_integration set +e -VAULT_DEC_KEY=$(retry 5 5 vault read -field=enc_key secret/kibana-issues/dev/security-solution-qg-enc-key) -ENV_PWD=$(echo $TEST_ENV_PWD | openssl aes-256-cbc -d -a -pass pass:$VAULT_DEC_KEY) +QA_API_KEY=$(retry 5 5 vault read -field=qa_api_key secret/kibana-issues/dev/security-solution-qg-enc-key) + +# Generate a random 5-digit number +random_number=$((10000 + $RANDOM % 90000)) +ENVIRONMENT_DETAILS=$(curl --location 'https://global.qa.cld.elstc.co/api/v1/serverless/projects/security' \ + --header "Authorization: ApiKey $QA_API_KEY" \ + --header 'Content-Type: application/json' \ + --data '{ + "name": "ftr-integration-tests-'$random_number'", + "region_id": "aws-eu-west-1"}' | jq '.') +NAME=$(echo $ENVIRONMENT_DETAILS | jq -r '.name') +ID=$(echo $ENVIRONMENT_DETAILS | jq -r '.id') +ES_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.elasticsearch') +KB_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.kibana') +echo $ES_URL +echo $KB_URL + +# Wait five seconds for the project to appear +sleep 5 + +# Resetting the credentials of the elastic user in the project +CREDS_BODY=$(curl --location --request POST "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID/_reset-credentials" \ + --header "Authorization: ApiKey $QA_API_KEY" \ + --header 'Content-Type: application/json' | jq '.') +USERNAME=$(echo $CREDS_BODY | jq -r '.username') +PASSWORD=$(echo $CREDS_BODY | jq -r '.password') +AUTH=$(echo "$USERNAME:$PASSWORD") + +# Checking if Elasticsearch has status green +while : ; do + STATUS=$(curl -u $AUTH --location "$ES_URL:443/_cluster/health?wait_for_status=green&timeout=50s" | jq -r '.status') + if [ $STATUS != "green" ]; then + echo "Sleeping for 40s to wait for ES status to be green..." + sleep 40 + else + break + fi +done +echo "Elasticsearch has status green." + +# Checking if Kibana is available +while : ; do + STATUS=$(curl -u $AUTH --location "$KB_URL:443/api/status" | jq -r '.status.overall.level') + if [ $STATUS != "available" ]; then + echo "Sleeping for 15s to wait for Kibana to be available..." + sleep 15 + else + break + fi +done +echo "Kibana is available." # Removing the https:// part of the url provided in order to use it in the command below. -ES_URL="${TEST_ENV_ES_URL/https:\/\//}" -KB_URL="${TEST_ENV_KB_URL/https:\/\//}" +FORMATTED_ES_URL="${ES_URL/https:\/\//}" +echo "Formatted ES URL: $FORMATTED_ES_URL" +FORMATTED_KB_URL="${KB_URL/https:\/\//}" +echo "Formatted KB URL: $FORMATTED_KB_URL" + + +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$PASSWORD@$FORMATTED_ES_URL:443" TEST_KIBANA_URL="https://elastic:$PASSWORD@$FORMATTED_KB_URL:443" yarn run $1 +cmd_status=$? +echo "Exit code with status: $cmd_status" + +curl --location --request DELETE "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID" \ + --header "Authorization: ApiKey $QA_API_KEY" -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run $1 \ No newline at end of file +if [ $cmd_status -eq 0 ]; then + echo "Finished run." +else + exit(1) +fi \ No newline at end of file From 954f3a07275e1f5f2a7b175719c13226e2bec692 Mon Sep 17 00:00:00 2001 From: dkirchan Date: Wed, 25 Oct 2023 22:35:31 +0300 Subject: [PATCH 05/10] Restored all invocation functionality --- .../security_solution/api_integration.yml | 80 +++++++++---------- .../api-integration-tests.sh | 73 ++--------------- 2 files changed, 45 insertions(+), 108 deletions(-) diff --git a/.buildkite/pipelines/security_solution/api_integration.yml b/.buildkite/pipelines/security_solution/api_integration.yml index b3060a5c7264f..c12cff55c9329 100644 --- a/.buildkite/pipelines/security_solution/api_integration.yml +++ b/.buildkite/pipelines/security_solution/api_integration.yml @@ -1,14 +1,14 @@ steps: - - label: Running exception_workflows:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:qa:serverless - key: exception_workflows:runner:serverless - agents: - queue: n2-4-spot - timeout_in_minutes: 60 - retry: - automatic: - - exit_status: '-1' - limit: 3 + # - label: Running exception_workflows:runner:serverless + # command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:qa:serverless + # key: exception_workflows:runner:serverless + # agents: + # queue: n2-4-spot + # timeout_in_minutes: 60 + # retry: + # automatic: + # - exit_status: '-1' + # limit: 3 - label: Running exception_operators_date_numeric_types:runner:serverless command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_date_numeric_types:qa:serverless @@ -21,36 +21,36 @@ steps: - exit_status: '-1' limit: 3 - - label: Running exception_operators_keyword_text_long:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:qa:serverless - key: exception_operators_keyword_text_long:runner:serverless - agents: - queue: n2-4-spot - timeout_in_minutes: 60 - retry: - automatic: - - exit_status: '-1' - limit: 3 + # - label: Running exception_operators_keyword_text_long:runner:serverless + # command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:qa:serverless + # key: exception_operators_keyword_text_long:runner:serverless + # agents: + # queue: n2-4-spot + # timeout_in_minutes: 60 + # retry: + # automatic: + # - exit_status: '-1' + # limit: 3 - - label: Running exception_operators_ips_text_array:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:qa:serverless - key: exception_operators_ips_text_array:runner:serverless - agents: - queue: n2-4-spot - timeout_in_minutes: 60 - retry: - automatic: - - exit_status: '-1' - limit: 3 + # - label: Running exception_operators_ips_text_array:runner:serverless + # command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:qa:serverless + # key: exception_operators_ips_text_array:runner:serverless + # agents: + # queue: n2-4-spot + # timeout_in_minutes: 60 + # retry: + # automatic: + # - exit_status: '-1' + # limit: 3 - - label: Running rule_creation:runner:serverless - command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:qa:serverless - key: rule_creation:runner:serverless - agents: - queue: n2-4-spot - timeout_in_minutes: 60 - retry: - automatic: - - exit_status: '-1' - limit: 3 + # - label: Running rule_creation:runner:serverless + # command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:qa:serverless + # key: rule_creation:runner:serverless + # agents: + # queue: n2-4-spot + # timeout_in_minutes: 60 + # retry: + # automatic: + # - exit_status: '-1' + # limit: 3 diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh index e72214328ed54..8d56ded0189c0 100755 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh @@ -14,74 +14,11 @@ echo "--- Serverless Security Second Quality Gate" cd x-pack/test/security_solution_api_integration set +e -QA_API_KEY=$(retry 5 5 vault read -field=qa_api_key secret/kibana-issues/dev/security-solution-qg-enc-key) - -# Generate a random 5-digit number -random_number=$((10000 + $RANDOM % 90000)) -ENVIRONMENT_DETAILS=$(curl --location 'https://global.qa.cld.elstc.co/api/v1/serverless/projects/security' \ - --header "Authorization: ApiKey $QA_API_KEY" \ - --header 'Content-Type: application/json' \ - --data '{ - "name": "ftr-integration-tests-'$random_number'", - "region_id": "aws-eu-west-1"}' | jq '.') -NAME=$(echo $ENVIRONMENT_DETAILS | jq -r '.name') -ID=$(echo $ENVIRONMENT_DETAILS | jq -r '.id') -ES_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.elasticsearch') -KB_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.kibana') -echo $ES_URL -echo $KB_URL - -# Wait five seconds for the project to appear -sleep 5 - -# Resetting the credentials of the elastic user in the project -CREDS_BODY=$(curl --location --request POST "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID/_reset-credentials" \ - --header "Authorization: ApiKey $QA_API_KEY" \ - --header 'Content-Type: application/json' | jq '.') -USERNAME=$(echo $CREDS_BODY | jq -r '.username') -PASSWORD=$(echo $CREDS_BODY | jq -r '.password') -AUTH=$(echo "$USERNAME:$PASSWORD") - -# Checking if Elasticsearch has status green -while : ; do - STATUS=$(curl -u $AUTH --location "$ES_URL:443/_cluster/health?wait_for_status=green&timeout=50s" | jq -r '.status') - if [ $STATUS != "green" ]; then - echo "Sleeping for 40s to wait for ES status to be green..." - sleep 40 - else - break - fi -done -echo "Elasticsearch has status green." - -# Checking if Kibana is available -while : ; do - STATUS=$(curl -u $AUTH --location "$KB_URL:443/api/status" | jq -r '.status.overall.level') - if [ $STATUS != "available" ]; then - echo "Sleeping for 15s to wait for Kibana to be available..." - sleep 15 - else - break - fi -done -echo "Kibana is available." +VAULT_DEC_KEY=$(retry 5 5 vault read -field=enc_key secret/kibana-issues/dev/security-solution-qg-enc-key) +ENV_PWD=$(echo $TEST_ENV_PWD | openssl aes-256-cbc -d -a -pass pass:$VAULT_DEC_KEY) # Removing the https:// part of the url provided in order to use it in the command below. -FORMATTED_ES_URL="${ES_URL/https:\/\//}" -echo "Formatted ES URL: $FORMATTED_ES_URL" -FORMATTED_KB_URL="${KB_URL/https:\/\//}" -echo "Formatted KB URL: $FORMATTED_KB_URL" - - -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$PASSWORD@$FORMATTED_ES_URL:443" TEST_KIBANA_URL="https://elastic:$PASSWORD@$FORMATTED_KB_URL:443" yarn run $1 -cmd_status=$? -echo "Exit code with status: $cmd_status" - -curl --location --request DELETE "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID" \ - --header "Authorization: ApiKey $QA_API_KEY" +ES_URL="${TEST_ENV_ES_URL/https:\/\//}" +KB_URL="${TEST_ENV_KB_URL/https:\/\//}" -if [ $cmd_status -eq 0 ]; then - echo "Finished run." -else - exit(1) -fi \ No newline at end of file +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run $1 \ No newline at end of file From c3a69959356b825a04ac9ad4ad74472f50231c7f Mon Sep 17 00:00:00 2001 From: dkirchan Date: Wed, 25 Oct 2023 22:50:42 +0300 Subject: [PATCH 06/10] Revert "Restored all invocation functionality" This reverts commit d711ee20322135a00c385dbfadc1bd6e553ac934. --- .../security_solution/api_integration.yml | 86 +++++++++---------- .../api-integration-tests.sh | 67 +++++++++++++-- 2 files changed, 105 insertions(+), 48 deletions(-) diff --git a/.buildkite/pipelines/security_solution/api_integration.yml b/.buildkite/pipelines/security_solution/api_integration.yml index c12cff55c9329..24c728bf5fb51 100644 --- a/.buildkite/pipelines/security_solution/api_integration.yml +++ b/.buildkite/pipelines/security_solution/api_integration.yml @@ -1,56 +1,56 @@ steps: - # - label: Running exception_workflows:runner:serverless - # command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:qa:serverless - # key: exception_workflows:runner:serverless - # agents: - # queue: n2-4-spot - # timeout_in_minutes: 60 - # retry: - # automatic: - # - exit_status: '-1' - # limit: 3 + - label: Running exception_workflows:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:qa:serverless + key: exception_workflows:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '*' + limit: 2 - label: Running exception_operators_date_numeric_types:runner:serverless command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_date_numeric_types:qa:serverless key: exception_operators_date_numeric_types:runner:serverless agents: queue: n2-4-spot - timeout_in_minutes: 60 + timeout_in_minutes: 120 retry: automatic: - - exit_status: '-1' - limit: 3 + - exit_status: '*' + limit: 2 - # - label: Running exception_operators_keyword_text_long:runner:serverless - # command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:qa:serverless - # key: exception_operators_keyword_text_long:runner:serverless - # agents: - # queue: n2-4-spot - # timeout_in_minutes: 60 - # retry: - # automatic: - # - exit_status: '-1' - # limit: 3 + - label: Running exception_operators_keyword_text_long:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:qa:serverless + key: exception_operators_keyword_text_long:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '*' + limit: 2 - # - label: Running exception_operators_ips_text_array:runner:serverless - # command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:qa:serverless - # key: exception_operators_ips_text_array:runner:serverless - # agents: - # queue: n2-4-spot - # timeout_in_minutes: 60 - # retry: - # automatic: - # - exit_status: '-1' - # limit: 3 + - label: Running exception_operators_ips_text_array:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:qa:serverless + key: exception_operators_ips_text_array:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '1' + limit: 2 - # - label: Running rule_creation:runner:serverless - # command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:qa:serverless - # key: rule_creation:runner:serverless - # agents: - # queue: n2-4-spot - # timeout_in_minutes: 60 - # retry: - # automatic: - # - exit_status: '-1' - # limit: 3 + - label: Running rule_creation:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:qa:serverless + key: rule_creation:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '1' + limit: 2 diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh index 8d56ded0189c0..a28c61a43bceb 100755 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh @@ -14,11 +14,68 @@ echo "--- Serverless Security Second Quality Gate" cd x-pack/test/security_solution_api_integration set +e -VAULT_DEC_KEY=$(retry 5 5 vault read -field=enc_key secret/kibana-issues/dev/security-solution-qg-enc-key) -ENV_PWD=$(echo $TEST_ENV_PWD | openssl aes-256-cbc -d -a -pass pass:$VAULT_DEC_KEY) +QA_API_KEY=$(retry 5 5 vault read -field=qa_api_key secret/kibana-issues/dev/security-solution-qg-enc-key) + +# Generate a random 5-digit number +random_number=$((10000 + $RANDOM % 90000)) +ENVIRONMENT_DETAILS=$(curl --location 'https://global.qa.cld.elstc.co/api/v1/serverless/projects/security' \ + --header "Authorization: ApiKey $QA_API_KEY" \ + --header 'Content-Type: application/json' \ + --data '{ + "name": "ftr-integration-tests-'$random_number'", + "region_id": "aws-eu-west-1"}' | jq '.') +NAME=$(echo $ENVIRONMENT_DETAILS | jq -r '.name') +ID=$(echo $ENVIRONMENT_DETAILS | jq -r '.id') +ES_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.elasticsearch') +KB_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.kibana') + +# Wait five seconds for the project to appear +sleep 5 + +# Resetting the credentials of the elastic user in the project +CREDS_BODY=$(curl --location --request POST "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID/_reset-credentials" \ + --header "Authorization: ApiKey $QA_API_KEY" \ + --header 'Content-Type: application/json' | jq '.') +USERNAME=$(echo $CREDS_BODY | jq -r '.username') +PASSWORD=$(echo $CREDS_BODY | jq -r '.password') +AUTH=$(echo "$USERNAME:$PASSWORD") + +# Checking if Elasticsearch has status green +while : ; do + STATUS=$(curl -u $AUTH --location "$ES_URL:443/_cluster/health?wait_for_status=green&timeout=50s" | jq -r '.status') + if [ "$STATUS" != "green" ]; then + echo "Sleeping for 40s to wait for ES status to be green..." + sleep 40 + else + echo "Elasticsearch has status green." + break + fi +done + +# Checking if Kibana is available +while : ; do + STATUS=$(curl -u $AUTH --location "$KB_URL:443/api/status" | jq -r '.status.overall.level') + if [ "$STATUS" != "available" ]; then + echo "Sleeping for 15s to wait for Kibana to be available..." + sleep 15 + else + echo "Kibana is available." + break + fi +done # Removing the https:// part of the url provided in order to use it in the command below. -ES_URL="${TEST_ENV_ES_URL/https:\/\//}" -KB_URL="${TEST_ENV_KB_URL/https:\/\//}" +FORMATTED_ES_URL="${ES_URL/https:\/\//}" +FORMATTED_KB_URL="${KB_URL/https:\/\//}" + +# Find a way to remove this in the future +sleep 150 + +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$PASSWORD@$FORMATTED_ES_URL:443" TEST_KIBANA_URL="https://elastic:$PASSWORD@$FORMATTED_KB_URL:443" yarn run $1 +cmd_status=$? +echo "Exit code with status: $cmd_status" + +curl --location --request DELETE "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID" \ + --header "Authorization: ApiKey $QA_API_KEY" -TEST_CLOUD=1 TEST_ES_URL="https://elastic:$ENV_PWD@$ES_URL" TEST_KIBANA_URL="https://elastic:$ENV_PWD@$KB_URL" yarn run $1 \ No newline at end of file +exit $cmd_status \ No newline at end of file From 23400d73dd071d6e2d205524001726d80eab07fa Mon Sep 17 00:00:00 2001 From: dkirchan Date: Mon, 6 Nov 2023 14:31:33 +0200 Subject: [PATCH 07/10] Added actions:qa:serverless tests --- .../pipelines/security_solution/api_integration.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.buildkite/pipelines/security_solution/api_integration.yml b/.buildkite/pipelines/security_solution/api_integration.yml index 24c728bf5fb51..d060ae61cc0e6 100644 --- a/.buildkite/pipelines/security_solution/api_integration.yml +++ b/.buildkite/pipelines/security_solution/api_integration.yml @@ -53,4 +53,15 @@ steps: automatic: - exit_status: '1' limit: 2 + + - label: Running actions:qa:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh actions:qa:serverless + key: rule_creation:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '1' + limit: 2 From 78516e6d27300a0459412d4b5b276f01b1d13338 Mon Sep 17 00:00:00 2001 From: dkirchan Date: Mon, 6 Nov 2023 14:51:27 +0200 Subject: [PATCH 08/10] Fixed key of buildkite --- .buildkite/pipelines/security_solution/api_integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/pipelines/security_solution/api_integration.yml b/.buildkite/pipelines/security_solution/api_integration.yml index d060ae61cc0e6..b4c6cece31c4b 100644 --- a/.buildkite/pipelines/security_solution/api_integration.yml +++ b/.buildkite/pipelines/security_solution/api_integration.yml @@ -56,7 +56,7 @@ steps: - label: Running actions:qa:serverless command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh actions:qa:serverless - key: rule_creation:runner:serverless + key: actions:qa:serverless agents: queue: n2-4-spot timeout_in_minutes: 120 From 7ba01f3c5868e35fd48177e750a1a0f3fbf7a331 Mon Sep 17 00:00:00 2001 From: dkirchan <55240027+dkirchan@users.noreply.github.com> Date: Tue, 7 Nov 2023 15:47:10 +0200 Subject: [PATCH 09/10] Update .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh Co-authored-by: Jon --- .../security_solution_quality_gate/api-integration-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh index a28c61a43bceb..1d63a7bc5f7e8 100755 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh @@ -33,7 +33,7 @@ KB_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.kibana') sleep 5 # Resetting the credentials of the elastic user in the project -CREDS_BODY=$(curl --location --request POST "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID/_reset-credentials" \ +CREDS_BODY=$(curl -s --location --request POST "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID/_reset-credentials" \ --header "Authorization: ApiKey $QA_API_KEY" \ --header 'Content-Type: application/json' | jq '.') USERNAME=$(echo $CREDS_BODY | jq -r '.username') From af9fe0a01649e3806fb39dfb9699e545941c0072 Mon Sep 17 00:00:00 2001 From: dkirchan Date: Tue, 7 Nov 2023 15:49:10 +0200 Subject: [PATCH 10/10] Added description for the wait time --- .../security_solution_quality_gate/api-integration-tests.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh index 1d63a7bc5f7e8..ad7e488dfaea3 100755 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh @@ -69,6 +69,7 @@ FORMATTED_ES_URL="${ES_URL/https:\/\//}" FORMATTED_KB_URL="${KB_URL/https:\/\//}" # Find a way to remove this in the future +# This is used in order to wait for the environment to be ready. sleep 150 TEST_CLOUD=1 TEST_ES_URL="https://elastic:$PASSWORD@$FORMATTED_ES_URL:443" TEST_KIBANA_URL="https://elastic:$PASSWORD@$FORMATTED_KB_URL:443" yarn run $1