From 56778adcf2e00a85936d3e8e86908394b324d15d Mon Sep 17 00:00:00 2001 From: wafaanasr Date: Mon, 30 Oct 2023 16:49:21 +0100 Subject: [PATCH 1/8] move preview test and rename the folder --- .buildkite/ftr_configs.yml | 4 +-- .../package.json | 10 +++---- .../configs/ess.config.ts | 0 .../configs/serverless.config.ts | 0 .../create_new_terms.ts | 0 .../create_rules.ts | 0 .../index.ts | 1 + .../rule_creation_preview}/preview_rules.ts | 26 +++++++++++----- .../utils/rules/get_simple_preview_rule.ts | 30 +++++++++++++++++++ .../rules/get_simple_rule_preview_output.ts | 24 +++++++++++++++ .../detections_response/utils/rules/index.ts | 2 ++ 11 files changed, 82 insertions(+), 15 deletions(-) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation => rule_creation_preview}/configs/ess.config.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation => rule_creation_preview}/configs/serverless.config.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation => rule_creation_preview}/create_new_terms.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation => rule_creation_preview}/create_rules.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation => rule_creation_preview}/index.ts (91%) rename x-pack/test/{detection_engine_api_integration/security_and_spaces/group1 => security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview}/preview_rules.ts (85%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_preview_rule.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_preview_output.ts diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml index f026499502e0d..be71fd40f07bd 100644 --- a/.buildkite/ftr_configs.yml +++ b/.buildkite/ftr_configs.yml @@ -455,8 +455,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword_text_long/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips_text_array/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips_text_array/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/ess.config.ts diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index 4562cfc82cfc9..135dabf161bae 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -27,10 +27,10 @@ "exception_operators_ips_text_array:qa:serverless": "npm run run-tests exceptions/operators_data_types/ips_text_array serverless qaEnv", "exception_operators_ips_text_array:server:ess": "npm run initialize-server exceptions/operators_data_types/ips_text_array ess", "exception_operators_ips_text_array:runner:ess": "npm run run-tests exceptions/operators_data_types/ips_text_array ess essEnv", - "rule_creation:server:serverless": "npm run initialize-server rule_creation serverless", - "rule_creation:runner:serverless": "npm run run-tests rule_creation serverless serverlessEnv", - "rule_creation:qa:serverless": "npm run run-tests rule_creation serverless qaEnv", - "rule_creation:server:ess": "npm run initialize-server rule_creation ess", - "rule_creation:runner:ess": "npm run run-tests rule_creation ess essEnv" + "rule_creation_preview:server:serverless": "npm run initialize-server rule_creation_preview serverless", + "rule_creation_preview:runner:serverless": "npm run run-tests rule_creation_preview serverless serverlessEnv", + "rule_creation_preview:qa:serverless": "npm run run-tests rule_creation_preview serverless qaEnv", + "rule_creation_preview:server:ess": "npm run initialize-server rule_creation_preview ess", + "rule_creation_preview:runner:ess": "npm run run-tests rule_creation_preview ess essEnv" } } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/ess.config.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/ess.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/serverless.config.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/serverless.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_new_terms.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/create_new_terms.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_new_terms.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/create_new_terms.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/create_rules.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/create_rules.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/index.ts similarity index 91% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/index.ts index a3e706c580e5c..1d22c7ef57cda 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/index.ts @@ -10,5 +10,6 @@ export default function ({ loadTestFile }: FtrProviderContext) { describe('Rule creation API', function () { loadTestFile(require.resolve('./create_rules')); loadTestFile(require.resolve('./create_new_terms')); + loadTestFile(require.resolve('./preview_rules')); }); } diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/preview_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/preview_rules.ts similarity index 85% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group1/preview_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/preview_rules.ts index b930f43dc9809..bcfbf77ef23e1 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/preview_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/preview_rules.ts @@ -9,25 +9,35 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_PREVIEW } from '@kbn/security-solution-plugin/common/constants'; import { ROLES } from '@kbn/security-solution-plugin/common/test'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteAllRules, getSimplePreviewRule, getSimpleRulePreviewOutput } from '../../utils'; -import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution'; -// eslint-disable-next-line import/no-default-export +import { + createUserAndRole, + deleteUserAndRole, +} from '../../../../../common/services/security_solution'; + +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { EsArchivePathBuilder } from '../../../../es_archive_path_builder'; + export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); + // TODO: add a new service + const config = getService('config'); + const isServerless = config.get('serverless'); + const dataPathBuilder = new EsArchivePathBuilder(isServerless); + const path = dataPathBuilder.getPath('auditbeat/hosts'); - describe('preview_rules', () => { + describe('@serverless @ess preview_rules', () => { describe('previewing rules', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); + await esArchiver.load(path); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); + await esArchiver.unload(path); }); afterEach(async () => { @@ -84,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => { }); }); - describe('t1_analyst', () => { + describe('@brokenInServerless t1_analyst', () => { const role = ROLES.t1_analyst; beforeEach(async () => { @@ -105,7 +115,7 @@ export default ({ getService }: FtrProviderContext) => { }); }); - describe('hunter', () => { + describe('@brokenInServerless hunter', () => { const role = ROLES.hunter; beforeEach(async () => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_preview_rule.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_preview_rule.ts new file mode 100644 index 0000000000000..48e687316dbf5 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_preview_rule.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { PreviewRulesSchema } from '@kbn/security-solution-plugin/common/api/detection_engine'; + +/** + * This is a typical simple preview rule for testing that is easy for most basic testing + * @param ruleId + * @param invocationCount The number of times the rule will be run through the executors. Defaulted to 12, + * the execution time for the default interval time of 5m. + */ +export const getSimplePreviewRule = ( + ruleId = 'preview-rule-1', + invocationCount = 12 +): PreviewRulesSchema => ({ + name: 'Simple Rule Query', + description: 'Simple Rule Query', + risk_score: 1, + rule_id: ruleId, + severity: 'high', + index: ['auditbeat-*'], + type: 'query', + query: 'user.name: root or user.name: admin', + invocationCount, + timeframeEnd: new Date().toISOString(), +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_preview_output.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_preview_output.ts new file mode 100644 index 0000000000000..2eac279b87795 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_preview_output.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { RulePreviewLogs } from '@kbn/security-solution-plugin/common/api/detection_engine'; + +/** + * This is the typical output of a simple rule preview, with errors and warnings coming up from the rule + * execution process and a `previewId` generated server side for later preview querying + * + * @param previewId Rule id generated by the server itself + * @param logs Errors and warnings returned by executor and route file, defaults to empty array + */ +export const getSimpleRulePreviewOutput = ( + previewId = undefined, + logs: RulePreviewLogs[] = [] +) => ({ + logs, + previewId, + isAborted: false, +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts index ba91dea27743e..3cb3f1f105f3f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts @@ -26,5 +26,7 @@ export * from './find_immutable_rule_by_id'; export * from './create_rule_with_exception_entries'; export * from './downgrade_immutable_rule'; export * from './get_eql_rule_for_alert_testing'; +export * from './get_simple_preview_rule'; +export * from './get_simple_rule_preview_output'; export * from './prebuilt_rules'; From 121d9d470413ffc02659ca04fd7e1e9070449043 Mon Sep 17 00:00:00 2001 From: wafaanasr Date: Tue, 31 Oct 2023 10:49:09 +0100 Subject: [PATCH 2/8] undo renaming --- .buildkite/ftr_configs.yml | 4 ++-- .../security_solution_api_integration/package.json | 10 +++++----- .../configs/ess.config.ts | 0 .../configs/serverless.config.ts | 0 .../create_new_terms.ts | 0 .../create_rules.ts | 0 .../{rule_creation_preview => rule_creation}/index.ts | 0 .../preview_rules.ts | 0 8 files changed, 7 insertions(+), 7 deletions(-) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation_preview => rule_creation}/configs/ess.config.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation_preview => rule_creation}/configs/serverless.config.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation_preview => rule_creation}/create_new_terms.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation_preview => rule_creation}/create_rules.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation_preview => rule_creation}/index.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/{rule_creation_preview => rule_creation}/preview_rules.ts (100%) diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml index be71fd40f07bd..f026499502e0d 100644 --- a/.buildkite/ftr_configs.yml +++ b/.buildkite/ftr_configs.yml @@ -455,8 +455,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword_text_long/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips_text_array/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips_text_array/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index 135dabf161bae..4562cfc82cfc9 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -27,10 +27,10 @@ "exception_operators_ips_text_array:qa:serverless": "npm run run-tests exceptions/operators_data_types/ips_text_array serverless qaEnv", "exception_operators_ips_text_array:server:ess": "npm run initialize-server exceptions/operators_data_types/ips_text_array ess", "exception_operators_ips_text_array:runner:ess": "npm run run-tests exceptions/operators_data_types/ips_text_array ess essEnv", - "rule_creation_preview:server:serverless": "npm run initialize-server rule_creation_preview serverless", - "rule_creation_preview:runner:serverless": "npm run run-tests rule_creation_preview serverless serverlessEnv", - "rule_creation_preview:qa:serverless": "npm run run-tests rule_creation_preview serverless qaEnv", - "rule_creation_preview:server:ess": "npm run initialize-server rule_creation_preview ess", - "rule_creation_preview:runner:ess": "npm run run-tests rule_creation_preview ess essEnv" + "rule_creation:server:serverless": "npm run initialize-server rule_creation serverless", + "rule_creation:runner:serverless": "npm run run-tests rule_creation serverless serverlessEnv", + "rule_creation:qa:serverless": "npm run run-tests rule_creation serverless qaEnv", + "rule_creation:server:ess": "npm run initialize-server rule_creation ess", + "rule_creation:runner:ess": "npm run run-tests rule_creation ess essEnv" } } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/create_new_terms.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_new_terms.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/create_new_terms.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_new_terms.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/create_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/preview_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/preview_rules.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation_preview/preview_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/preview_rules.ts From f99740790dc1402e6e53244562d46fd5a04bd8e7 Mon Sep 17 00:00:00 2001 From: wafaanasr Date: Tue, 31 Oct 2023 12:57:45 +0100 Subject: [PATCH 3/8] remove old util fns --- .../utils/get_legacy_action_so.ts | 25 ---------------- .../utils/get_legacy_actions_so_by_id.ts | 30 ------------------- 2 files changed, 55 deletions(-) delete mode 100644 x-pack/test/detection_engine_api_integration/utils/get_legacy_action_so.ts delete mode 100644 x-pack/test/detection_engine_api_integration/utils/get_legacy_actions_so_by_id.ts diff --git a/x-pack/test/detection_engine_api_integration/utils/get_legacy_action_so.ts b/x-pack/test/detection_engine_api_integration/utils/get_legacy_action_so.ts deleted file mode 100644 index e714dfcec28cc..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_legacy_action_so.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import type { Client } from '@elastic/elasticsearch'; -import type { SearchResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import { SECURITY_SOLUTION_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server'; -import type { SavedObjectReference } from '@kbn/core/server'; -import type { LegacyRuleActions } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_actions_legacy'; - -interface LegacyActionSO extends LegacyRuleActions { - references: SavedObjectReference[]; -} - -/** - * Fetch all legacy action sidecar SOs from the security solution savedObjects index - * @param es The ElasticSearch service - */ -export const getLegacyActionSO = async (es: Client): Promise> => - es.search({ - index: SECURITY_SOLUTION_SAVED_OBJECT_INDEX, - q: 'type:siem-detection-engine-rule-actions', - }); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_legacy_actions_so_by_id.ts b/x-pack/test/detection_engine_api_integration/utils/get_legacy_actions_so_by_id.ts deleted file mode 100644 index 9e6b6a31e9786..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_legacy_actions_so_by_id.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { Client } from '@elastic/elasticsearch'; -import type { SearchResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import { SECURITY_SOLUTION_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server'; -import { SavedObjectReference } from '@kbn/core/server'; -import type { LegacyRuleActions } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_actions_legacy'; - -interface LegacyActionSO extends LegacyRuleActions { - references: SavedObjectReference[]; -} - -/** - * Fetch legacy action sidecar SOs from the security solution savedObjects index - * @param es The ElasticSearch service - * @param id SO id - */ -export const getLegacyActionSOById = async ( - es: Client, - id: string -): Promise> => - es.search({ - index: SECURITY_SOLUTION_SAVED_OBJECT_INDEX, - q: `type:siem-detection-engine-rule-actions AND _id:"siem-detection-engine-rule-actions:${id}"`, - }); From 7b89a126b88b950600dfa8ff0de7895994f312d4 Mon Sep 17 00:00:00 2001 From: wafaanasr Date: Tue, 31 Oct 2023 13:01:09 +0100 Subject: [PATCH 4/8] move all action legacy utils --- x-pack/test/detection_engine_api_integration/utils/index.ts | 3 --- .../detections_response/default_license/actions/migrations.ts | 2 +- .../get_legacy_action_notifications_so_by_id.ts | 0 .../detections_response/utils/actions/legacy_actions/index.ts | 1 + 4 files changed, 2 insertions(+), 4 deletions(-) rename x-pack/test/{detection_engine_api_integration/utils => security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions}/get_legacy_action_notifications_so_by_id.ts (100%) diff --git a/x-pack/test/detection_engine_api_integration/utils/index.ts b/x-pack/test/detection_engine_api_integration/utils/index.ts index 0e75e72a2d0ed..c976ae47c2fb8 100644 --- a/x-pack/test/detection_engine_api_integration/utils/index.ts +++ b/x-pack/test/detection_engine_api_integration/utils/index.ts @@ -37,9 +37,6 @@ export * from './get_eql_rule_for_signal_testing'; export * from './get_event_log_execute_complete_by_id'; export * from './get_index_name_from_load'; export * from './get_legacy_action_notification_so'; -export * from './get_legacy_action_notifications_so_by_id'; -export * from './get_legacy_action_so'; -export * from './get_legacy_actions_so_by_id'; export * from './get_open_signals'; export * from './get_preview_alerts'; export * from './get_query_all_signals'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts index ce5c87d2c3fb4..9224ca08608f4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts @@ -13,7 +13,7 @@ import { getLegacyActionSOById, getLegacyActionNotificationSOById, getRuleSOById, -} from '../../../../../detection_engine_api_integration/utils'; +} from '../../utils'; import { FtrProviderContext } from '../../../../ftr_provider_context'; /** diff --git a/x-pack/test/detection_engine_api_integration/utils/get_legacy_action_notifications_so_by_id.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions/get_legacy_action_notifications_so_by_id.ts similarity index 100% rename from x-pack/test/detection_engine_api_integration/utils/get_legacy_action_notifications_so_by_id.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions/get_legacy_action_notifications_so_by_id.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions/index.ts index f3830dbbbc933..9b88b1f73d11e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions/index.ts @@ -6,3 +6,4 @@ */ export * from './get_legacy_action_so'; export * from './get_legacy_actions_so_by_id'; +export * from './get_legacy_action_notifications_so_by_id'; From da020a941be764d6d72fa23b2dfc8c314b4b507b Mon Sep 17 00:00:00 2001 From: wafaanasr Date: Tue, 31 Oct 2023 13:05:26 +0100 Subject: [PATCH 5/8] remove old utils and remove skipInQA from migration since it doesnot run in Serverless --- ...simple_rule_output_with_web_hook_action.ts | 29 ------------------- .../default_license/actions/migrations.ts | 2 +- .../detections_response/utils/rules/index.ts | 3 -- 3 files changed, 1 insertion(+), 33 deletions(-) delete mode 100644 x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output_with_web_hook_action.ts diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output_with_web_hook_action.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output_with_web_hook_action.ts deleted file mode 100644 index 7ecee679e50b3..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output_with_web_hook_action.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { NOTIFICATION_DEFAULT_FREQUENCY } from '@kbn/security-solution-plugin/common/constants'; -import { getSimpleRuleOutput } from './get_simple_rule_output'; -import { RuleWithoutServerGeneratedProperties } from './remove_server_generated_properties'; - -export const getSimpleRuleOutputWithWebHookAction = ( - actionId: string, - uuid: string -): RuleWithoutServerGeneratedProperties => ({ - ...getSimpleRuleOutput(), - actions: [ - { - action_type_id: '.webhook', - group: 'default', - id: actionId, - params: { - body: '{}', - }, - uuid, - frequency: NOTIFICATION_DEFAULT_FREQUENCY, - }, - ], -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts index 9224ca08608f4..be5503a1cef23 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext) => { const es = getService('es'); const esArchiver = getService('esArchiver'); - describe('@ess @skipInQA actions migrations', () => { + describe('@ess actions migrations', () => { // This test suite is not meant to test a specific route, but to test the legacy action migration // code that lives in multiple routes. This code is also tested in each of the routes it lives in // but not in as much detail and relying on mocks. This test loads an es_archive containing rules diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts index 6e626d5fe9ea2..26862dc62d038 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts @@ -26,14 +26,11 @@ export * from './find_immutable_rule_by_id'; export * from './create_rule_with_exception_entries'; export * from './downgrade_immutable_rule'; export * from './get_eql_rule_for_alert_testing'; -<<<<<<< HEAD export * from './get_simple_preview_rule'; export * from './get_simple_rule_preview_output'; -======= export * from './get_rule_with_web_hook_action'; export * from './get_simple_rule_output_with_web_hook_action'; export * from './rule_to_update_schema'; export * from './update_rule'; ->>>>>>> 0f3382f9360420360638c0ec9e7fa4eda11fd81f export * from './prebuilt_rules'; From 4ce2384a1b95fca38f546184afb7147f3d9a64f2 Mon Sep 17 00:00:00 2001 From: wafaanasr Date: Tue, 31 Oct 2023 13:08:41 +0100 Subject: [PATCH 6/8] remove preview util from old folder --- .../utils/get_simple_preview_rule.ts | 30 ------------------- .../utils/get_simple_rule_preview_output.ts | 24 --------------- .../utils/index.ts | 3 -- 3 files changed, 57 deletions(-) delete mode 100644 x-pack/test/detection_engine_api_integration/utils/get_simple_preview_rule.ts delete mode 100644 x-pack/test/detection_engine_api_integration/utils/get_simple_rule_preview_output.ts diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_preview_rule.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_preview_rule.ts deleted file mode 100644 index 48e687316dbf5..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_preview_rule.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { PreviewRulesSchema } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * This is a typical simple preview rule for testing that is easy for most basic testing - * @param ruleId - * @param invocationCount The number of times the rule will be run through the executors. Defaulted to 12, - * the execution time for the default interval time of 5m. - */ -export const getSimplePreviewRule = ( - ruleId = 'preview-rule-1', - invocationCount = 12 -): PreviewRulesSchema => ({ - name: 'Simple Rule Query', - description: 'Simple Rule Query', - risk_score: 1, - rule_id: ruleId, - severity: 'high', - index: ['auditbeat-*'], - type: 'query', - query: 'user.name: root or user.name: admin', - invocationCount, - timeframeEnd: new Date().toISOString(), -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_preview_output.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_preview_output.ts deleted file mode 100644 index 2eac279b87795..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_preview_output.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RulePreviewLogs } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * This is the typical output of a simple rule preview, with errors and warnings coming up from the rule - * execution process and a `previewId` generated server side for later preview querying - * - * @param previewId Rule id generated by the server itself - * @param logs Errors and warnings returned by executor and route file, defaults to empty array - */ -export const getSimpleRulePreviewOutput = ( - previewId = undefined, - logs: RulePreviewLogs[] = [] -) => ({ - logs, - previewId, - isAborted: false, -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/index.ts b/x-pack/test/detection_engine_api_integration/utils/index.ts index c976ae47c2fb8..c9ccf224b23bd 100644 --- a/x-pack/test/detection_engine_api_integration/utils/index.ts +++ b/x-pack/test/detection_engine_api_integration/utils/index.ts @@ -60,13 +60,10 @@ export * from './get_signals_by_rule_ids'; export * from './get_simple_ml_rule'; export * from './get_simple_ml_rule_output'; export * from './get_simple_ml_rule_update'; -export * from './get_simple_preview_rule'; export * from './get_simple_rule'; export * from './get_simple_rule_as_ndjson'; export * from './get_simple_rule_output'; -export * from './get_simple_rule_output_with_web_hook_action'; export * from './get_simple_rule_output_without_rule_id'; -export * from './get_simple_rule_preview_output'; export * from './get_simple_rule_update'; export * from './get_simple_rule_without_rule_id'; export * from './get_simple_saved_query_rule'; From 3dfa66358629a86139baf76ad1ad0eece6b5ec7b Mon Sep 17 00:00:00 2001 From: wafaanasr Date: Tue, 31 Oct 2023 13:34:26 +0100 Subject: [PATCH 7/8] return ./get_legacy_action_so; since import_rules is using it --- .../utils/get_legacy_action_so.ts | 25 +++++++++++++++++++ .../utils/index.ts | 1 + 2 files changed, 26 insertions(+) create mode 100644 x-pack/test/detection_engine_api_integration/utils/get_legacy_action_so.ts diff --git a/x-pack/test/detection_engine_api_integration/utils/get_legacy_action_so.ts b/x-pack/test/detection_engine_api_integration/utils/get_legacy_action_so.ts new file mode 100644 index 0000000000000..e714dfcec28cc --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/utils/get_legacy_action_so.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import type { Client } from '@elastic/elasticsearch'; +import type { SearchResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { SECURITY_SOLUTION_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server'; +import type { SavedObjectReference } from '@kbn/core/server'; +import type { LegacyRuleActions } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_actions_legacy'; + +interface LegacyActionSO extends LegacyRuleActions { + references: SavedObjectReference[]; +} + +/** + * Fetch all legacy action sidecar SOs from the security solution savedObjects index + * @param es The ElasticSearch service + */ +export const getLegacyActionSO = async (es: Client): Promise> => + es.search({ + index: SECURITY_SOLUTION_SAVED_OBJECT_INDEX, + q: 'type:siem-detection-engine-rule-actions', + }); diff --git a/x-pack/test/detection_engine_api_integration/utils/index.ts b/x-pack/test/detection_engine_api_integration/utils/index.ts index c9ccf224b23bd..5aca507b7134f 100644 --- a/x-pack/test/detection_engine_api_integration/utils/index.ts +++ b/x-pack/test/detection_engine_api_integration/utils/index.ts @@ -106,3 +106,4 @@ export * from './prebuilt_rules/install_prebuilt_rules'; export * from './prebuilt_rules/upgrade_prebuilt_rules'; export * from './prebuilt_rules/install_mock_prebuilt_rules'; export * from './prebuilt_rules/install_prebuilt_rules_and_timelines'; +export * from './get_legacy_action_so'; From 9f490835c86484ef86ea858633e33ea443a7e9d7 Mon Sep 17 00:00:00 2001 From: wafaanasr Date: Tue, 31 Oct 2023 14:42:24 +0100 Subject: [PATCH 8/8] remove preview rule from index --- .../security_and_spaces/group1/index.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts index 1c9c874127660..94ba07b31bddf 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts @@ -17,7 +17,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => { loadTestFile(require.resolve('./aliases')); loadTestFile(require.resolve('./check_privileges')); loadTestFile(require.resolve('./create_index')); - loadTestFile(require.resolve('./preview_rules')); loadTestFile(require.resolve('./create_rules_bulk')); loadTestFile(require.resolve('./delete_rules')); loadTestFile(require.resolve('./delete_rules_bulk'));