diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml index d6ca99493ec5d..52988d81cacec 100644 --- a/.buildkite/ftr_configs.yml +++ b/.buildkite/ftr_configs.yml @@ -6,7 +6,6 @@ disabled: - test/functional/config.base.js - test/functional/firefox/config.base.ts - x-pack/test/functional/config.base.js - - x-pack/test/detection_engine_api_integration/security_and_spaces/config.base.ts - x-pack/test/functional_enterprise_search/base_config.ts - x-pack/test/localization/config.base.ts - test/server_integration/config.base.js @@ -231,7 +230,6 @@ enabled: - x-pack/test/cloud_security_posture_functional/config.ts - x-pack/test/cloud_security_posture_api/config.ts - x-pack/test/dataset_quality_api_integration/basic/config.ts - - x-pack/test/detection_engine_api_integration/basic/config.ts - x-pack/test/disable_ems/config.ts - x-pack/test/encrypted_saved_objects_api_integration/config.ts - x-pack/test/examples/config.ts @@ -491,6 +489,24 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/serverless.config.ts diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index dda328bfa1bef..92aaadc8d24d8 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1239,7 +1239,6 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib # Security Solution /x-pack/test/functional/es_archives/endpoint/ @elastic/security-solution /x-pack/test/plugin_functional/test_suites/resolver/ @elastic/security-solution -/x-pack/test/detection_engine_api_integration @elastic/security-solution /x-pack/test/api_integration/apis/security_solution @elastic/security-solution #CC# /x-pack/plugins/security_solution/ @elastic/security-solution @@ -1344,6 +1343,9 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout @elastic/ /x-pack/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules @elastic/security-detection-rule-management /x-pack/plugins/security_solution/docs/testing/test_plans/detection_response/rule_management @elastic/security-detection-rule-management /x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules @elastic/security-detection-rule-management +/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read @elastic/security-detection-rule-management +/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management @elastic/security-detection-rule-management +/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export @elastic/security-detection-rule-management /x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete @elastic/security-detection-rule-management x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update @elastic/security-detection-rule-management /x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch @elastic/security-detection-rule-management @@ -1417,7 +1419,11 @@ x-pack/test/security_solution_api_integration/test_suites/detections_response/de /x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions @elastic/security-detection-engine /x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts @elastic/security-detection-engine /x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles @elastic/security-detection-engine -/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine @elastic/security-detection-engine +/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts @elastic/security-detection-engine +/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation @elastic/security-detection-engine +/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit @elastic/security-detection-engine +/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists @elastic/security-detection-engine + /x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users @elastic/security-detection-engine /x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists @elastic/security-detection-engine x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules.ts @elastic/security-detection-engine diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts index 328cdf3a35219..2fde67c042ded 100644 --- a/x-pack/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/plugins/security_solution/common/experimental_features.ts @@ -28,7 +28,7 @@ export const allowedExperimentalValues = Object.freeze({ * we don't want people to be able to violate security by getting access to whole documents * around telemetry they should not. * @see telemetry_detection_rules_preview_route.ts - * @see test/detection_engine_api_integration/security_and_spaces/tests/telemetry/README.md + * @see test/security_solution_api_integration/security_and_spaces/tests/telemetry/README.md */ previewTelemetryUrlEnabled: false, diff --git a/x-pack/test/cases_api_integration/common/lib/alerts.ts b/x-pack/test/cases_api_integration/common/lib/alerts.ts index e0d4b1537190b..9fdb21b51a436 100644 --- a/x-pack/test/cases_api_integration/common/lib/alerts.ts +++ b/x-pack/test/cases_api_integration/common/lib/alerts.ts @@ -15,13 +15,13 @@ import { RiskEnrichmentFields } from '@kbn/security-solution-plugin/server/lib/d import { AttachmentType, Case } from '@kbn/cases-plugin/common'; import { ALERT_CASE_IDS } from '@kbn/rule-data-utils'; import { - getRuleForSignalTesting, + getRuleForAlertTesting, createRule, waitForRuleSuccess, - waitForSignalsToBePresent, - getSignalsByIds, - getQuerySignalIds, -} from '../../../detection_engine_api_integration/utils'; + waitForAlertsToBePresent, + getAlertsByIds, + getQueryAlertIds, +} from '../../../security_solution_api_integration/test_suites/detections_response/utils'; import { superUser } from './authentication/users'; import { User } from './authentication/types'; import { getSpaceUrlPrefix } from './api/helpers'; @@ -35,13 +35,13 @@ export const createSecuritySolutionAlerts = async ( numberOfSignals: number = 1 ): Promise> => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, numberOfSignals, [id]); - const signals = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, numberOfSignals, [id]); + const signals = await getAlertsByIds(supertest, log, [id]); return signals; }; @@ -53,7 +53,7 @@ export const getSecuritySolutionAlerts = async ( const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(alertIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); return updatedAlert; diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts index 5166f7b135380..a84a2cc9da477 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts @@ -64,10 +64,10 @@ import { } from '../../../../common/lib/constants'; import { User } from '../../../../common/lib/authentication/types'; import { - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, -} from '../../../../../detection_engine_api_integration/utils'; +} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { @@ -260,7 +260,7 @@ export default ({ getService }: FtrProviderContext): void => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); const signals = await createSecuritySolutionAlerts(supertest, log, 2); alerts = [signals.hits.hits[0], signals.hits.hits[1]]; }); diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts index c479c2f5398b7..7660c15ba2b9e 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts @@ -43,16 +43,16 @@ import { getConfigurationRequest, } from '../../../../common/lib/api'; import { - createSignalsIndex, + createAlertsIndex, deleteAllAlerts, deleteAllRules, - getRuleForSignalTesting, + getRuleForAlertTesting, waitForRuleSuccess, - waitForSignalsToBePresent, - getSignalsByIds, + waitForAlertsToBePresent, + getAlertsByIds, createRule, - getQuerySignalIds, -} from '../../../../../detection_engine_api_integration/utils'; + getQueryAlertIds, +} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils'; import { globalRead, noKibanaPrivileges, @@ -1549,7 +1549,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('detections rule', () => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -1560,15 +1560,15 @@ export default ({ getService }: FtrProviderContext): void => { it('updates alert status when the status is updated and syncAlerts=true', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const postedCase = await createCase(supertest, postCaseReq); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signals = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signals = await getAlertsByIds(supertest, log, [id]); const alert = signals.hits.hits[0]; expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open'); @@ -1609,7 +1609,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds([alert._id])) + .send(getQueryAlertIds([alert._id])) .expect(200); expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql( @@ -1619,7 +1619,7 @@ export default ({ getService }: FtrProviderContext): void => { it('does NOT updates alert status when the status is updated and syncAlerts=false', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; @@ -1630,8 +1630,8 @@ export default ({ getService }: FtrProviderContext): void => { const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signals = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signals = await getAlertsByIds(supertest, log, [id]); const alert = signals.hits.hits[0]; expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open'); @@ -1667,7 +1667,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds([alert._id])) + .send(getQueryAlertIds([alert._id])) .expect(200); expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql('open'); @@ -1675,7 +1675,7 @@ export default ({ getService }: FtrProviderContext): void => { it('it updates alert status when syncAlerts is turned on', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; @@ -1686,8 +1686,8 @@ export default ({ getService }: FtrProviderContext): void => { const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signals = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signals = await getAlertsByIds(supertest, log, [id]); const alert = signals.hits.hits[0]; expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open'); @@ -1741,7 +1741,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds([alert._id])) + .send(getQueryAlertIds([alert._id])) .expect(200); expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql( @@ -1751,15 +1751,15 @@ export default ({ getService }: FtrProviderContext): void => { it('it does NOT updates alert status when syncAlerts is turned off', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const postedCase = await createCase(supertest, postCaseReq); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signals = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signals = await getAlertsByIds(supertest, log, [id]); const alert = signals.hits.hits[0]; expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open'); @@ -1810,7 +1810,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds([alert._id])) + .send(getQueryAlertIds([alert._id])) .expect(200); expect(updatedAlert.hits.hits[0]._source['kibana.alert.workflow_status']).eql('open'); diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts index 2cc6d249ef130..5ff43cf7a6169 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts @@ -14,10 +14,10 @@ import { getSecuritySolutionAlerts, } from '../../../../common/lib/alerts'; import { - createSignalsIndex, + createAlertsIndex, deleteAllAlerts, deleteAllRules, -} from '../../../../../detection_engine_api_integration/utils'; +} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils'; import { FtrProviderContext } from '../../../../common/ftr_provider_context'; import { getPostCaseRequest, postCaseReq, postCommentUserReq } from '../../../../common/lib/mock'; @@ -125,7 +125,7 @@ export default ({ getService }: FtrProviderContext): void => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); const signals = await createSecuritySolutionAlerts(supertest, log, 2); alerts = [signals.hits.hits[0], signals.hits.hits[1]]; }); diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts index 64c84f552d507..7d82f7b4ac385 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts @@ -14,10 +14,10 @@ import { getSecuritySolutionAlerts, } from '../../../../common/lib/alerts'; import { - createSignalsIndex, + createAlertsIndex, deleteAllAlerts, deleteAllRules, -} from '../../../../../detection_engine_api_integration/utils'; +} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils'; import { FtrProviderContext } from '../../../../common/ftr_provider_context'; import { @@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext): void => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); const signals = await createSecuritySolutionAlerts(supertest, log, 2); alerts = [signals.hits.hits[0], signals.hits.hits[1]]; }); diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts index 88723df678f8a..6757041d02285 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts @@ -46,10 +46,10 @@ import { bulkCreateAttachments, } from '../../../../common/lib/api'; import { - createSignalsIndex, + createAlertsIndex, deleteAllAlerts, deleteAllRules, -} from '../../../../../detection_engine_api_integration/utils'; +} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils'; import { globalRead, noKibanaPrivileges, @@ -546,7 +546,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('security_solution', () => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts index 3c3748a844ea6..48bd7ae041f47 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts @@ -45,10 +45,10 @@ import { createComment, } from '../../../../common/lib/api'; import { - createSignalsIndex, + createAlertsIndex, deleteAllAlerts, deleteAllRules, -} from '../../../../../detection_engine_api_integration/utils'; +} from '../../../../../security_solution_api_integration/test_suites/detections_response/utils'; import { globalRead, noKibanaPrivileges, @@ -796,7 +796,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('security_solution', () => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/index.ts b/x-pack/test/detection_engine_api_integration/basic/tests/index.ts deleted file mode 100644 index 5b3449707d38f..0000000000000 --- a/x-pack/test/detection_engine_api_integration/basic/tests/index.ts +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../common/ftr_provider_context'; - -// eslint-disable-next-line import/no-default-export -export default ({ loadTestFile }: FtrProviderContext): void => { - describe('detection engine api basic license', function () { - loadTestFile(require.resolve('./create_rules_bulk')); - loadTestFile(require.resolve('./delete_rules')); - loadTestFile(require.resolve('./delete_rules_bulk')); - loadTestFile(require.resolve('./export_rules')); - loadTestFile(require.resolve('./find_rules')); - loadTestFile(require.resolve('./import_rules')); - loadTestFile(require.resolve('./read_rules')); - loadTestFile(require.resolve('./update_rules')); - loadTestFile(require.resolve('./update_rules_bulk')); - loadTestFile(require.resolve('./patch_rules_bulk')); - loadTestFile(require.resolve('./patch_rules')); - loadTestFile(require.resolve('./import_timelines')); - loadTestFile(require.resolve('./coverage_overview')); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/common/config.ts b/x-pack/test/detection_engine_api_integration/common/config.ts deleted file mode 100644 index a1a71bf907b86..0000000000000 --- a/x-pack/test/detection_engine_api_integration/common/config.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { CA_CERT_PATH } from '@kbn/dev-utils'; -import { FtrConfigProviderContext } from '@kbn/test'; -import { services } from './services'; - -interface CreateTestConfigOptions { - license: string; - ssl?: boolean; -} - -// test.not-enabled is specifically not enabled -const enabledActionTypes = [ - '.email', - '.index', - '.pagerduty', - '.swimlane', - '.server-log', - '.servicenow', - '.slack', - '.webhook', - 'test.authorization', - 'test.failing', - 'test.index-record', - 'test.noop', - 'test.rate-limit', -]; - -export function createTestConfig(options: CreateTestConfigOptions, testFiles?: string[]) { - const { license = 'trial', ssl = false } = options; - - return async ({ readConfigFile }: FtrConfigProviderContext) => { - const xPackApiIntegrationTestsConfig = await readConfigFile( - require.resolve('../../api_integration/config.ts') - ); - const servers = { - ...xPackApiIntegrationTestsConfig.get('servers'), - elasticsearch: { - ...xPackApiIntegrationTestsConfig.get('servers.elasticsearch'), - protocol: ssl ? 'https' : 'http', - }, - }; - - return { - testFiles, - servers, - services, - junit: { - reportName: 'X-Pack Detection Engine API Integration Tests', - }, - esTestCluster: { - ...xPackApiIntegrationTestsConfig.get('esTestCluster'), - license, - ssl, - serverArgs: [`xpack.license.self_generated.type=${license}`], - }, - kbnTestServer: { - ...xPackApiIntegrationTestsConfig.get('kbnTestServer'), - serverArgs: [ - ...xPackApiIntegrationTestsConfig.get('kbnTestServer.serverArgs'), - `--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`, - `--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`, - '--xpack.eventLog.logEntries=true', - `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([ - 'testing_ignored.constant', - '/testing_regex*/', - ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields" - '--xpack.ruleRegistry.write.enabled=true', - '--xpack.ruleRegistry.write.cache.enabled=false', - '--xpack.ruleRegistry.unsafe.indexUpgrade.enabled=true', - '--xpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled=true', - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'previewTelemetryUrlEnabled', - ])}`, - '--xpack.task_manager.poll_interval=1000', - `--xpack.actions.preconfigured=${JSON.stringify({ - 'my-test-email': { - actionTypeId: '.email', - name: 'TestEmail#xyz', - config: { - from: 'me@test.com', - service: '__json', - }, - secrets: { - user: 'user', - password: 'password', - }, - }, - })}`, - ...(ssl - ? [ - `--elasticsearch.hosts=${servers.elasticsearch.protocol}://${servers.elasticsearch.hostname}:${servers.elasticsearch.port}`, - `--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`, - ] - : []), - ], - }, - }; - }; -} diff --git a/x-pack/test/detection_engine_api_integration/utils/binary_to_string.ts b/x-pack/test/detection_engine_api_integration/utils/binary_to_string.ts deleted file mode 100644 index 47202a385de56..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/binary_to_string.ts +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/** - * Useful for export_api testing to convert from a multi-part binary back to a string - * @param res Response - * @param callback Callback - */ -export const binaryToString = (res: any, callback: any): void => { - res.setEncoding('binary'); - res.data = ''; - res.on('data', (chunk: any) => { - res.data += chunk; - }); - res.on('end', () => { - callback(null, Buffer.from(res.data)); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/count_down_es.ts b/x-pack/test/detection_engine_api_integration/utils/count_down_es.ts deleted file mode 100644 index cfbcafbc06cb6..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/count_down_es.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { TransportResult } from '@elastic/elasticsearch'; -import type { ToolingLog } from '@kbn/tooling-log'; -import { countDownTest } from './count_down_test'; - -/** - * Does a plain countdown and checks against es queries for either conflicts in the error - * or for any over the wire issues such as timeouts or temp 404's to make the tests more - * reliant. - * @param esFunction The function to test against - * @param esFunctionName The name of the function to print if we encounter errors - * @param log The tooling logger - * @param retryCount The number of times to retry before giving up (has default) - * @param timeoutWait Time to wait before trying again (has default) - */ -export const countDownES = async ( - esFunction: () => Promise, unknown>>, - esFunctionName: string, - log: ToolingLog, - retryCount: number = 50, - timeoutWait = 250 -): Promise => { - await countDownTest( - async () => { - const result = await esFunction(); - if (result.body.version_conflicts !== 0) { - return { - passed: false, - errorMessage: 'Version conflicts for ${result.body.version_conflicts}', - }; - } else { - return { passed: true }; - } - }, - esFunctionName, - log, - retryCount, - timeoutWait - ); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/count_down_test.ts b/x-pack/test/detection_engine_api_integration/utils/count_down_test.ts deleted file mode 100644 index 39292a9cbbbb7..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/count_down_test.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ToolingLog } from '@kbn/tooling-log'; - -/** - * Does a plain countdown and checks against a boolean to determine if to wait and try again. - * This is useful for over the wire things that can cause issues such as conflict or timeouts - * for testing resiliency. - * @param functionToTest The function to test against - * @param name The name of the function to print if we encounter errors - * @param log The tooling logger - * @param retryCount The number of times to retry before giving up (has default) - * @param timeoutWait Time to wait before trying again (has default) - */ -export const countDownTest = async ( - functionToTest: () => Promise<{ - passed: boolean; - returnValue?: T | undefined; - errorMessage?: string; - }>, - name: string, - log: ToolingLog, - retryCount: number = 50, - timeoutWait = 250, - ignoreThrow: boolean = false -): Promise => { - if (retryCount > 0) { - try { - const testReturn = await functionToTest(); - if (!testReturn.passed) { - const error = testReturn.errorMessage != null ? ` error: ${testReturn.errorMessage},` : ''; - log.error(`Failure trying to ${name},${error} retries left are: ${retryCount - 1}`); - // retry, counting down, and delay a bit before - await new Promise((resolve) => setTimeout(resolve, timeoutWait)); - const returnValue = await countDownTest( - functionToTest, - name, - log, - retryCount - 1, - timeoutWait, - ignoreThrow - ); - return returnValue; - } else { - return testReturn.returnValue; - } - } catch (err) { - if (ignoreThrow) { - throw err; - } else { - log.error( - `Failure trying to ${name}, with exception message of: ${ - err.message - }, retries left are: ${retryCount - 1}` - ); - // retry, counting down, and delay a bit before - await new Promise((resolve) => setTimeout(resolve, timeoutWait)); - const returnValue = await countDownTest( - functionToTest, - name, - log, - retryCount - 1, - timeoutWait, - ignoreThrow - ); - return returnValue; - } - } - } else { - log.error(`Could not ${name}, no retries are left`); - return undefined; - } -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/create_non_security_rule.ts b/x-pack/test/detection_engine_api_integration/utils/create_non_security_rule.ts deleted file mode 100644 index 89bb2bbea5725..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/create_non_security_rule.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type SuperTest from 'supertest'; - -const SIMPLE_APM_RULE_DATA = { - name: 'Test rule', - rule_type_id: 'apm.anomaly', - enabled: false, - consumer: 'alerts', - tags: [], - actions: [], - params: { - windowSize: 30, - windowUnit: 'm', - anomalySeverityType: 'critical', - environment: 'ENVIRONMENT_ALL', - }, - schedule: { - interval: '10m', - }, -}; - -/** - * Created a non security rule. Helpful in tests to verify functionality works with presence of non security rules. - * @param supertest The supertest deps - */ -export async function createNonSecurityRule( - supertest: SuperTest.SuperTest -): Promise { - await supertest - .post('/api/alerting/rule') - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(SIMPLE_APM_RULE_DATA) - .expect(200); -} diff --git a/x-pack/test/detection_engine_api_integration/utils/create_rule.ts b/x-pack/test/detection_engine_api_integration/utils/create_rule.ts deleted file mode 100644 index d831aba44948f..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/create_rule.ts +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ToolingLog } from '@kbn/tooling-log'; -import type SuperTest from 'supertest'; -import type { - RuleCreateProps, - RuleResponse, -} from '@kbn/security-solution-plugin/common/api/detection_engine'; - -import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { deleteRule } from './delete_rule'; -import { routeWithNamespace } from './route_with_namespace'; - -/** - * Helper to cut down on the noise in some of the tests. If this detects - * a conflict it will try to manually remove the rule before re-adding the rule one time and log - * and error about the race condition. - * rule a second attempt. It only re-tries adding the rule if it encounters a conflict once. - * @param supertest The supertest deps - * @param log The tooling logger - * @param rule The rule to create - */ -export const createRule = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog, - rule: RuleCreateProps, - namespace?: string -): Promise => { - const route = routeWithNamespace(DETECTION_ENGINE_RULES_URL, namespace); - const response = await supertest - .post(route) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(rule); - if (response.status === 409) { - if (rule.rule_id != null) { - log.debug( - `Did not get an expected 200 "ok" when creating a rule (createRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( - response.body - )}, status: ${JSON.stringify(response.status)}` - ); - await deleteRule(supertest, rule.rule_id); - const secondResponseTry = await supertest - .post(DETECTION_ENGINE_RULES_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(rule); - if (secondResponseTry.status !== 200) { - throw new Error( - `Unexpected non 200 ok when attempting to create a rule (second try): ${JSON.stringify( - response.body - )}` - ); - } else { - return secondResponseTry.body; - } - } else { - throw new Error('When creating a rule found an unexpected conflict (404)'); - } - } else if (response.status !== 200) { - throw new Error( - `Unexpected non 200 ok when attempting to create a rule: ${JSON.stringify( - response.status - )},${JSON.stringify(response, null, 4)}` - ); - } else { - return response.body; - } -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/create_rule_saved_object.ts b/x-pack/test/detection_engine_api_integration/utils/create_rule_saved_object.ts deleted file mode 100644 index 93a6322011623..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/create_rule_saved_object.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type SuperTest from 'supertest'; - -import { Rule } from '@kbn/alerting-plugin/common'; -import { - BaseRuleParams, - InternalRuleCreate, -} from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_schema'; - -/** - * Creates a rule using the alerting APIs directly. - * This allows us to test some legacy types that are not exposed - * on our APIs - * - * @param supertest - */ -export const createRuleThroughAlertingEndpoint = async ( - supertest: SuperTest.SuperTest, - rule: InternalRuleCreate -): Promise> => { - const { body } = await supertest - .post('/api/alerting/rule') - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(rule) - .expect(200); - - return body; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/create_signals_index.ts b/x-pack/test/detection_engine_api_integration/utils/create_signals_index.ts deleted file mode 100644 index 59fd8828e667f..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/create_signals_index.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type SuperTest from 'supertest'; -import { ToolingLog } from '@kbn/tooling-log'; - -import { DETECTION_ENGINE_INDEX_URL } from '@kbn/security-solution-plugin/common/constants'; -import { countDownTest } from './count_down_test'; - -/** - * Creates the signals index for use inside of beforeEach blocks of tests - * This will retry 50 times before giving up and hopefully still not interfere with other tests - * @param supertest The supertest client library - */ -export const createSignalsIndex = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog -): Promise => { - await countDownTest( - async () => { - await supertest - .post(DETECTION_ENGINE_INDEX_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(); - return { - passed: true, - }; - }, - 'createSignalsIndex', - log - ); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/delete_all_alerts.ts b/x-pack/test/detection_engine_api_integration/utils/delete_all_alerts.ts deleted file mode 100644 index 8a4447e931120..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/delete_all_alerts.ts +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type SuperTest from 'supertest'; -import type { ToolingLog } from '@kbn/tooling-log'; -import type { Client } from '@elastic/elasticsearch'; -import { DETECTION_ENGINE_INDEX_URL } from '@kbn/security-solution-plugin/common/constants'; -import { countDownTest } from './count_down_test'; - -/** - * Deletes all alerts from a given index or indices, defaults to `.alerts-security.alerts-*` - * For use inside of afterEach blocks of tests - */ -export const deleteAllAlerts = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog, - es: Client, - index: Array<'.alerts-security.alerts-*' | '.preview.alerts-security.alerts-*'> = [ - '.alerts-security.alerts-*', - ] -): Promise => { - await countDownTest( - async () => { - await supertest - .delete(DETECTION_ENGINE_INDEX_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(); - await es.deleteByQuery({ - index, - body: { - query: { - match_all: {}, - }, - }, - refresh: true, - }); - return { - passed: true, - }; - }, - 'deleteAllAlerts', - log - ); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/delete_all_rules.ts b/x-pack/test/detection_engine_api_integration/utils/delete_all_rules.ts deleted file mode 100644 index e0903a8df6f13..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/delete_all_rules.ts +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ToolingLog } from '@kbn/tooling-log'; -import type SuperTest from 'supertest'; - -import { - DETECTION_ENGINE_RULES_BULK_ACTION, - DETECTION_ENGINE_RULES_URL, -} from '@kbn/security-solution-plugin/common/constants'; -import { countDownTest } from './count_down_test'; - -/** - * Removes all rules by looping over any found and removing them from REST. - * @param supertest The supertest agent. - */ -export const deleteAllRules = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog -): Promise => { - await countDownTest( - async () => { - await supertest - .post(DETECTION_ENGINE_RULES_BULK_ACTION) - .send({ action: 'delete', query: '' }) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31'); - - const { body: finalCheck } = await supertest - .get(`${DETECTION_ENGINE_RULES_URL}/_find`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(); - return { - passed: finalCheck.data.length === 0, - }; - }, - 'deleteAllRules', - log, - 50, - 1000 - ); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/delete_rule.ts b/x-pack/test/detection_engine_api_integration/utils/delete_rule.ts deleted file mode 100644 index f4eff397aba0b..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/delete_rule.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type SuperTest from 'supertest'; -import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; - -/** - * Helper to cut down on the noise in some of the tests. Does a delete of a rule. - * It does not check for a 200 "ok" on this. - * @param supertest The supertest deps - * @param ruleId The rule id to delete - */ -export const deleteRule = async ( - supertest: SuperTest.SuperTest, - ruleId: string -): Promise => { - const response = await supertest - .delete(`${DETECTION_ENGINE_RULES_URL}?rule_id=${ruleId}`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .expect(200); - - return response.body; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/get_complex_rule.ts b/x-pack/test/detection_engine_api_integration/utils/get_complex_rule.ts deleted file mode 100644 index 3e507259ce685..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_complex_rule.ts +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * This will return a complex rule with all the outputs possible - * @param ruleId The ruleId to set which is optional and defaults to rule-1 - */ -export const getComplexRule = (ruleId = 'rule-1'): RuleCreateProps => ({ - actions: [], - author: [], - name: 'Complex Rule Query', - description: 'Complex Rule Query', - false_positives: [ - 'https://www.example.com/some-article-about-a-false-positive', - 'some text string about why another condition could be a false positive', - ], - risk_score: 1, - risk_score_mapping: [], - rule_id: ruleId, - filters: [ - { - query: { - match_phrase: { - 'host.name': 'siem-windows', - }, - }, - }, - ], - enabled: false, - index: ['auditbeat-*', 'filebeat-*'], - interval: '5m', - output_index: '', - meta: { - anything_you_want_ui_related_or_otherwise: { - as_deep_structured_as_you_need: { - any_data_type: {}, - }, - }, - }, - max_signals: 10, - tags: ['tag 1', 'tag 2', 'any tag you want'], - to: 'now', - from: 'now-6m', - severity: 'high', - severity_mapping: [], - language: 'kuery', - type: 'query', - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: 'TA0040', - name: 'impact', - reference: 'https://attack.mitre.org/tactics/TA0040/', - }, - technique: [ - { - id: 'T1499', - name: 'endpoint denial of service', - reference: 'https://attack.mitre.org/techniques/T1499/', - }, - ], - }, - { - framework: 'Some other Framework you want', - tactic: { - id: 'some-other-id', - name: 'Some other name', - reference: 'https://example.com', - }, - technique: [ - { - id: 'some-other-id', - name: 'some other technique name', - reference: 'https://example.com', - }, - ], - }, - ], - references: [ - 'http://www.example.com/some-article-about-attack', - 'Some plain text string here explaining why this is a valid thing to look out for', - ], - timeline_id: 'timeline_id', - timeline_title: 'timeline_title', - note: '# some investigation documentation', - version: 1, - query: 'user.name: root or user.name: admin', - throttle: 'no_actions', - exceptions_list: [], -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_complex_rule_output.ts b/x-pack/test/detection_engine_api_integration/utils/get_complex_rule_output.ts deleted file mode 100644 index 0115b00c4b46b..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_complex_rule_output.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -// TODO: Follow up https://github.com/elastic/kibana/pull/137628 and add an explicit type to this object -// without using Partial -/** - * This will return a complex rule with all the outputs possible - * @param ruleId The ruleId to set which is optional and defaults to rule-1 - */ -export const getComplexRuleOutput = (ruleId = 'rule-1'): Partial => ({ - actions: [], - author: [], - created_by: 'elastic', - name: 'Complex Rule Query', - description: 'Complex Rule Query', - false_positives: [ - 'https://www.example.com/some-article-about-a-false-positive', - 'some text string about why another condition could be a false positive', - ], - risk_score: 1, - risk_score_mapping: [], - rule_id: ruleId, - filters: [ - { - query: { - match_phrase: { - 'host.name': 'siem-windows', - }, - }, - }, - ], - enabled: false, - index: ['auditbeat-*', 'filebeat-*'], - immutable: false, - interval: '5m', - output_index: '', - meta: { - anything_you_want_ui_related_or_otherwise: { - as_deep_structured_as_you_need: { - any_data_type: {}, - }, - }, - }, - max_signals: 10, - tags: ['tag 1', 'tag 2', 'any tag you want'], - to: 'now', - from: 'now-6m', - revision: 0, - severity: 'high', - severity_mapping: [], - language: 'kuery', - type: 'query', - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: 'TA0040', - name: 'impact', - reference: 'https://attack.mitre.org/tactics/TA0040/', - }, - technique: [ - { - id: 'T1499', - name: 'endpoint denial of service', - reference: 'https://attack.mitre.org/techniques/T1499/', - }, - ], - }, - { - framework: 'Some other Framework you want', - tactic: { - id: 'some-other-id', - name: 'Some other name', - reference: 'https://example.com', - }, - technique: [ - { - id: 'some-other-id', - name: 'some other technique name', - reference: 'https://example.com', - }, - ], - }, - ], - references: [ - 'http://www.example.com/some-article-about-attack', - 'Some plain text string here explaining why this is a valid thing to look out for', - ], - timeline_id: 'timeline_id', - timeline_title: 'timeline_title', - updated_by: 'elastic', - note: '# some investigation documentation', - version: 1, - query: 'user.name: root or user.name: admin', - exceptions_list: [], - related_integrations: [], - required_fields: [], - setup: '', -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_query_signals_ids.ts b/x-pack/test/detection_engine_api_integration/utils/get_query_signals_ids.ts deleted file mode 100644 index 75b8696625301..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_query_signals_ids.ts +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { ALERT_RULE_UUID } from '@kbn/rule-data-utils'; - -/** - * Given an array of ids for a test this will get the signals - * created from that rule's regular id. - * @param ids The rule_id to search for signals - */ -export const getQuerySignalsId = (ids: string[], size = 10) => ({ - size, - sort: ['@timestamp'], - query: { - terms: { - [ALERT_RULE_UUID]: ids, - }, - }, -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_rule_for_signal_testing.ts b/x-pack/test/detection_engine_api_integration/utils/get_rule_for_signal_testing.ts deleted file mode 100644 index 931a7d2c1aeeb..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_rule_for_signal_testing.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { QueryRuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * This is a typical signal testing rule that is easy for most basic testing of output of signals. - * It starts out in an enabled true state. The 'from' is set very far back to test the basics of signal - * creation and testing by getting all the signals at once. - * @param ruleId The optional ruleId which is rule-1 by default. - * @param enabled Enables the rule on creation or not. Defaulted to true. - */ -export const getRuleForSignalTesting = ( - index: string[], - ruleId = 'rule-1', - enabled = true -): QueryRuleCreateProps => ({ - name: 'Signal Testing Query', - description: 'Tests a simple query', - enabled, - risk_score: 1, - rule_id: ruleId, - severity: 'high', - index, - type: 'query', - query: '*:*', - from: '1900-01-01T00:00:00.000Z', -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_signals_by_ids.ts b/x-pack/test/detection_engine_api_integration/utils/get_signals_by_ids.ts deleted file mode 100644 index ae76f12e05930..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_signals_by_ids.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { SearchResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { ToolingLog } from '@kbn/tooling-log'; -import type SuperTest from 'supertest'; -import type { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import type { RiskEnrichmentFields } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/utils/enrichments/types'; - -import { DETECTION_ENGINE_QUERY_SIGNALS_URL } from '@kbn/security-solution-plugin/common/constants'; -import { countDownTest } from './count_down_test'; -import { getQuerySignalsId } from './get_query_signals_ids'; -import { routeWithNamespace } from './route_with_namespace'; - -/** - * Given an array of rule ids this will return only signals based on that rule id both - * open and closed - * @param supertest agent - * @param ids Array of the rule ids - */ -export const getSignalsByIds = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog, - ids: string[], - size?: number, - namespace?: string -): Promise> => { - const signalsOpen = await countDownTest>( - async () => { - const route = routeWithNamespace(DETECTION_ENGINE_QUERY_SIGNALS_URL, namespace); - const response = await supertest - .post(route) - .set('kbn-xsrf', 'true') - .send(getQuerySignalsId(ids, size)); - if (response.status !== 200) { - return { - passed: false, - errorMessage: `Status is not 200 as expected, it is: ${response.status}`, - }; - } else { - return { - passed: true, - returnValue: response.body, - }; - } - }, - 'getSignalsByIds', - log - ); - if (signalsOpen == null) { - throw new Error('Signals not defined after countdown, cannot continue'); - } else { - return signalsOpen; - } -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_ml_rule_update.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_ml_rule_update.ts deleted file mode 100644 index 3098ede4f9712..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_ml_rule_update.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RuleUpdateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * This is a representative ML rule payload as expected by the server for an update - * @param ruleId The rule id - * @param enabled Set to tru to enable it, by default it is off - */ -export const getSimpleMlRuleUpdate = (ruleId = 'rule-1', enabled = false): RuleUpdateProps => ({ - name: 'Simple ML Rule', - description: 'Simple Machine Learning Rule', - enabled, - anomaly_threshold: 44, - risk_score: 1, - rule_id: ruleId, - severity: 'high', - machine_learning_job_id: ['some_job_id'], - type: 'machine_learning', -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_rule.ts deleted file mode 100644 index f5e88e34bd62c..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { QueryRuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * This is a typical simple rule for testing that is easy for most basic testing - * @param ruleId - * @param enabled Enables the rule on creation or not. Defaulted to true. - */ -export const getSimpleRule = (ruleId = 'rule-1', enabled = false): QueryRuleCreateProps => ({ - name: 'Simple Rule Query', - description: 'Simple Rule Query', - enabled, - risk_score: 1, - rule_id: ruleId, - severity: 'high', - index: ['auditbeat-*'], - type: 'query', - query: 'user.name: root or user.name: admin', -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_as_ndjson.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_as_ndjson.ts deleted file mode 100644 index fd416b1682b3d..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_as_ndjson.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { getSimpleRule } from './get_simple_rule'; - -/** - * Given an array of rule_id strings this will return a ndjson buffer which is useful - * for testing uploads. - * @param ruleIds Array of strings of rule_ids - */ -export const getSimpleRuleAsNdjson = (ruleIds: string[], enabled = false): Buffer => { - const stringOfRules = ruleIds.map((ruleId) => { - const simpleRule = getSimpleRule(ruleId, enabled); - return JSON.stringify(simpleRule); - }); - return Buffer.from(stringOfRules.join('\n')); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output.ts deleted file mode 100644 index 0a9eec4906a14..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output.ts +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { - RuleResponse, - SharedResponseProps, -} from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { removeServerGeneratedProperties } from './remove_server_generated_properties'; - -export const getMockSharedResponseSchema = ( - ruleId = 'rule-1', - enabled = false -): SharedResponseProps => ({ - actions: [], - author: [], - created_by: 'elastic', - description: 'Simple Rule Query', - enabled, - false_positives: [], - from: 'now-6m', - immutable: false, - interval: '5m', - rule_id: ruleId, - output_index: '', - max_signals: 100, - related_integrations: [], - required_fields: [], - risk_score: 1, - risk_score_mapping: [], - name: 'Simple Rule Query', - references: [], - setup: '', - severity: 'high' as const, - severity_mapping: [], - updated_by: 'elastic', - tags: [], - to: 'now', - threat: [], - throttle: undefined, - exceptions_list: [], - version: 1, - revision: 0, - id: 'id', - updated_at: '2020-07-08T16:36:32.377Z', - created_at: '2020-07-08T16:36:32.377Z', - building_block_type: undefined, - note: undefined, - license: undefined, - outcome: undefined, - alias_target_id: undefined, - alias_purpose: undefined, - timeline_id: undefined, - timeline_title: undefined, - meta: undefined, - rule_name_override: undefined, - timestamp_override: undefined, - timestamp_override_fallback_disabled: undefined, - namespace: undefined, - investigation_fields: undefined, -}); - -const getQueryRuleOutput = (ruleId = 'rule-1', enabled = false): RuleResponse => ({ - ...getMockSharedResponseSchema(ruleId, enabled), - index: ['auditbeat-*'], - language: 'kuery', - query: 'user.name: root or user.name: admin', - type: 'query', - data_view_id: undefined, - filters: undefined, - saved_id: undefined, - response_actions: undefined, - alert_suppression: undefined, -}); - -/** - * This is the typical output of a simple rule that Kibana will output with all the defaults - * except for the server generated properties. Useful for testing end to end tests. - */ -export const getSimpleRuleOutput = (ruleId = 'rule-1', enabled = false) => { - return removeServerGeneratedProperties(getQueryRuleOutput(ruleId, enabled)); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output_without_rule_id.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output_without_rule_id.ts deleted file mode 100644 index 56b5ab66773bb..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output_without_rule_id.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { getSimpleRuleOutput } from './get_simple_rule_output'; -import { RuleWithoutServerGeneratedProperties } from './remove_server_generated_properties'; - -/** - * This is the typical output of a simple rule that Kibana will output with all the defaults except - * for all the server generated properties such as created_by. Useful for testing end to end tests. - */ -export const getSimpleRuleOutputWithoutRuleId = ( - ruleId = 'rule-1' -): Omit => { - const rule = getSimpleRuleOutput(ruleId); - const { rule_id: rId, ...ruleWithoutRuleId } = rule; - return ruleWithoutRuleId; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_update.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_update.ts deleted file mode 100644 index 6764a1d801dd5..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_update.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RuleUpdateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * This is a typical simple rule for testing that is easy for most basic testing - * @param ruleId The rule id - * @param enabled Set to true to enable it, by default it is off - */ -export const getSimpleRuleUpdate = (ruleId = 'rule-1', enabled = false): RuleUpdateProps => ({ - name: 'Simple Rule Query', - description: 'Simple Rule Query', - enabled, - risk_score: 1, - rule_id: ruleId, - severity: 'high', - index: ['auditbeat-*'], - type: 'query', - query: 'user.name: root or user.name: admin', -}); diff --git a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_without_rule_id.ts b/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_without_rule_id.ts deleted file mode 100644 index ad6ab7803ec21..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_simple_rule_without_rule_id.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { getSimpleRule } from './get_simple_rule'; - -/** - * This is a typical simple rule for testing that is easy for most basic testing - */ -export const getSimpleRuleWithoutRuleId = (): RuleCreateProps => { - const simpleRule = getSimpleRule(); - // eslint-disable-next-line @typescript-eslint/naming-convention - const { rule_id, ...ruleWithoutId } = simpleRule; - return ruleWithoutId; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/index.ts b/x-pack/test/detection_engine_api_integration/utils/index.ts deleted file mode 100644 index 1938a069a2f53..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/index.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export * from './binary_to_string'; -export * from './count_down_es'; -export * from './count_down_test'; -export * from './create_rule'; -export * from './create_rule_saved_object'; -export * from './create_signals_index'; -export * from './delete_all_rules'; -export * from './delete_all_alerts'; -export * from './delete_all_timelines'; -export * from './get_complex_rule'; -export * from './get_complex_rule_output'; -export * from './get_simple_rule'; -export * from './get_simple_rule_output'; -export * from './get_simple_rule_output_without_rule_id'; -export * from './get_simple_rule_without_rule_id'; -export * from './route_with_namespace'; -export * from './remove_server_generated_properties'; -export * from './remove_server_generated_properties_including_rule_id'; -export * from './rule_to_update_schema'; -export * from './update_rule'; -export * from './wait_for'; -export * from './wait_for_rule_status'; -export * from './prebuilt_rules/create_prebuilt_rule_saved_objects'; -export * from './prebuilt_rules/install_prebuilt_rules_and_timelines'; -export * from './get_simple_rule_update'; -export * from './get_simple_ml_rule_update'; -export * from './create_non_security_rule'; -export * from './get_simple_rule_as_ndjson'; -export * from './rule_to_ndjson'; -export * from './delete_rule'; -export * from './get_query_signal_ids'; -export * from './get_query_signals_ids'; -export * from './get_signals_by_ids'; -export * from './wait_for_signals_to_be_present'; -export * from './get_rule_for_signal_testing'; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects.ts deleted file mode 100644 index 0b4bfd9254b15..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects.ts +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { Client } from '@elastic/elasticsearch'; -import { PrebuiltRuleAsset } from '@kbn/security-solution-plugin/server/lib/detection_engine/prebuilt_rules'; -import { - getPrebuiltRuleMock, - getPrebuiltRuleWithExceptionsMock, -} from '@kbn/security-solution-plugin/server/lib/detection_engine/prebuilt_rules/mocks'; -import { ELASTIC_SECURITY_RULE_ID } from '@kbn/security-solution-plugin/common'; -import { SECURITY_SOLUTION_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server'; - -/** - * A helper function to create a rule asset saved object - * - * @param overrideParams Params to override the default mock - * @returns Created rule asset saved object - */ -export const createRuleAssetSavedObject = (overrideParams: Partial) => ({ - 'security-rule': { - ...getPrebuiltRuleMock(), - ...overrideParams, - }, - type: 'security-rule', - references: [], - coreMigrationVersion: '8.6.0', - updated_at: '2022-11-01T12:56:39.717Z', - created_at: '2022-11-01T12:56:39.717Z', -}); - -export const SAMPLE_PREBUILT_RULES = [ - createRuleAssetSavedObject({ - ...getPrebuiltRuleWithExceptionsMock(), - rule_id: ELASTIC_SECURITY_RULE_ID, - tags: ['test-tag-1'], - enabled: true, - }), - createRuleAssetSavedObject({ - rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', - tags: ['test-tag-2'], - }), - createRuleAssetSavedObject({ - rule_id: '00140285-b827-4aee-aa09-8113f58a08f3', - tags: ['test-tag-3'], - }), -]; - -export const SAMPLE_PREBUILT_RULES_WITH_HISTORICAL_VERSIONS = [ - createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), - createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }), -]; - -/** - * Creates saved objects with prebuilt rule assets which can be used for - * installing actual prebuilt rules after that. It creates saved objects with - * only latest versions of the rules. Tha matches the behavior of a rules - * package without historical versions. - * - * NOTE: Version is not added to the rule asset saved object id. - * - * @param es Elasticsearch client - */ -export const createPrebuiltRuleAssetSavedObjects = async ( - es: Client, - rules = SAMPLE_PREBUILT_RULES -): Promise => { - await es.bulk({ - refresh: true, - body: rules.flatMap((doc) => [ - { - index: { - _index: SECURITY_SOLUTION_SAVED_OBJECT_INDEX, - _id: `security-rule:${doc['security-rule'].rule_id}`, - }, - }, - doc, - ]), - }); -}; - -/** - * Creates saved objects with prebuilt rule assets which can be used for - * installing actual prebuilt rules after that. It creates saved objects with - * historical versions of the rules. - * - * NOTE: Version is added to the rule asset saved object id. - * - * @param es Elasticsearch client - */ -export const createHistoricalPrebuiltRuleAssetSavedObjects = async ( - es: Client, - rules = SAMPLE_PREBUILT_RULES_WITH_HISTORICAL_VERSIONS -): Promise => { - await es.bulk({ - refresh: true, - body: rules.flatMap((doc) => [ - { - index: { - _index: SECURITY_SOLUTION_SAVED_OBJECT_INDEX, - _id: `security-rule:${doc['security-rule'].rule_id}_${doc['security-rule'].version}`, - }, - }, - doc, - ]), - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts deleted file mode 100644 index 776af6074e07e..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - InstallPrebuiltRulesAndTimelinesResponse, - PREBUILT_RULES_URL, -} from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules'; -import type { Client } from '@elastic/elasticsearch'; -import type SuperTest from 'supertest'; -import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; - -/** - * (LEGACY) - * Installs all prebuilt rules and timelines available in Kibana. Rules are - * installed from the security-rule saved objects. - * This is a legacy endpoint and has been replaced by: - * POST /internal/detection_engine/prebuilt_rules/installation/_perform - * - * - No rules will be installed if there are no security-rule assets (e.g., the - * package is not installed or mocks are not created). - * - * - If some prebuilt rules are already installed, they will be upgraded in case - * there are newer versions of them in security-rule assets. - * - * @param supertest SuperTest instance - * @returns Install prebuilt rules response - */ -export const installPrebuiltRulesAndTimelines = async ( - es: Client, - supertest: SuperTest.SuperTest -): Promise => { - const response = await supertest - .put(PREBUILT_RULES_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send() - .expect(200); - - // Before we proceed, we need to refresh saved object indices. - // At the previous step we installed the prebuilt detection rules SO of type 'security-rule'. - // The savedObjectsClient does this with a call with explicit `refresh: false`. - // So, despite of the fact that the endpoint waits until the prebuilt rule will be - // successfully indexed, it doesn't wait until they become "visible" for subsequent read - // operations. - // And this is usually what we do next in integration tests: we read these SOs with utility - // function such as getPrebuiltRulesAndTimelinesStatus(). - // This can cause race condition between a write and subsequent read operation, and to - // fix it deterministically we have to refresh saved object indices and wait until it's done. - await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); - - return response.body; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/remove_server_generated_properties.ts b/x-pack/test/detection_engine_api_integration/utils/remove_server_generated_properties.ts deleted file mode 100644 index d36f43ef179a5..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/remove_server_generated_properties.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { omit, pickBy } from 'lodash'; - -const serverGeneratedProperties = ['id', 'created_at', 'updated_at', 'execution_summary'] as const; - -type ServerGeneratedProperties = typeof serverGeneratedProperties[number]; -export type RuleWithoutServerGeneratedProperties = Omit; - -/** - * This will remove server generated properties such as date times, etc... - * @param rule Rule to pass in to remove typical server generated properties - */ -export const removeServerGeneratedProperties = ( - rule: RuleResponse -): RuleWithoutServerGeneratedProperties => { - const removedProperties = omit(rule, serverGeneratedProperties); - - // We're only removing undefined values, so this cast correctly narrows the type - return pickBy( - removedProperties, - (value) => value !== undefined - ) as RuleWithoutServerGeneratedProperties; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/remove_server_generated_properties_including_rule_id.ts b/x-pack/test/detection_engine_api_integration/utils/remove_server_generated_properties_including_rule_id.ts deleted file mode 100644 index 1b57b5663ec23..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/remove_server_generated_properties_including_rule_id.ts +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -import { removeServerGeneratedProperties } from './remove_server_generated_properties'; - -/** - * This will remove server generated properties such as date times, etc... including the rule_id - * @param rule Rule to pass in to remove typical server generated properties - */ -export const removeServerGeneratedPropertiesIncludingRuleId = ( - rule: RuleResponse -): Partial => { - const ruleWithRemovedProperties = removeServerGeneratedProperties(rule); - // eslint-disable-next-line @typescript-eslint/naming-convention - const { rule_id, ...additionalRuledIdRemoved } = ruleWithRemovedProperties; - return additionalRuledIdRemoved; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/route_with_namespace.ts b/x-pack/test/detection_engine_api_integration/utils/route_with_namespace.ts deleted file mode 100644 index 07e5c4a8049e2..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/route_with_namespace.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/** - * Generates a route string with an optional namespace. - * @param route the route string - * @param namespace [optional] the namespace to account for in the route - */ -export const routeWithNamespace = (route: string, namespace?: string) => - namespace ? `/s/${namespace}${route}` : route; diff --git a/x-pack/test/detection_engine_api_integration/utils/rule_to_ndjson.ts b/x-pack/test/detection_engine_api_integration/utils/rule_to_ndjson.ts deleted file mode 100644 index 404f3c1baa962..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/rule_to_ndjson.ts +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * Given a rule this will convert it to an ndjson buffer which is useful for - * testing upload features. - * @param rule The rule to convert to ndjson - */ -export const ruleToNdjson = (rule: RuleCreateProps): Buffer => { - const stringified = JSON.stringify(rule); - return Buffer.from(`${stringified}\n`); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/rule_to_update_schema.ts b/x-pack/test/detection_engine_api_integration/utils/rule_to_update_schema.ts deleted file mode 100644 index f6669a1325eb1..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/rule_to_update_schema.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { - RuleResponse, - RuleUpdateProps, -} from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { omit, pickBy } from 'lodash'; - -const propertiesToRemove = [ - 'id', - 'immutable', - 'updated_at', - 'updated_by', - 'created_at', - 'created_by', - 'related_integrations', - 'required_fields', - 'revision', - 'setup', - 'execution_summary', -]; - -/** - * transforms RuleResponse rule to RuleUpdateProps - * returned result can be used in rule update API calls - */ -export const ruleToUpdateSchema = (rule: RuleResponse): RuleUpdateProps => { - const removedProperties = omit(rule, propertiesToRemove); - - // We're only removing undefined values, so this cast correctly narrows the type - return pickBy(removedProperties, (value) => value !== undefined) as RuleUpdateProps; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/update_rule.ts b/x-pack/test/detection_engine_api_integration/utils/update_rule.ts deleted file mode 100644 index 53c1beb272764..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/update_rule.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ToolingLog } from '@kbn/tooling-log'; -import type SuperTest from 'supertest'; - -import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { - RuleUpdateProps, - RuleResponse, -} from '@kbn/security-solution-plugin/common/api/detection_engine'; - -/** - * Helper to cut down on the noise in some of the tests. This checks for - * an expected 200 still and does not do any retries. - * @param supertest The supertest deps - * @param rule The rule to create - */ -export const updateRule = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog, - updatedRule: RuleUpdateProps -): Promise => { - const response = await supertest - .put(DETECTION_ENGINE_RULES_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(updatedRule); - if (response.status !== 200) { - log.error( - `Did not get an expected 200 "ok" when updating a rule (updateRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( - response.body - )}, status: ${JSON.stringify(response.status)}` - ); - } - return response.body; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/wait_for_rule_status.ts b/x-pack/test/detection_engine_api_integration/utils/wait_for_rule_status.ts deleted file mode 100644 index 59607eeb47d45..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/wait_for_rule_status.ts +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ToolingLog } from '@kbn/tooling-log'; -import type SuperTest from 'supertest'; -import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { - RuleExecutionStatus, - RuleExecutionStatusEnum, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring'; -import { waitFor } from './wait_for'; -import { routeWithNamespace } from './route_with_namespace'; - -interface WaitForRuleStatusBaseParams { - supertest: SuperTest.SuperTest; - log: ToolingLog; - afterDate?: Date; - namespace?: string; -} - -interface WaitForRuleStatusWithId extends WaitForRuleStatusBaseParams { - id: string; - ruleId?: never; -} - -interface WaitForRuleStatusWithRuleId extends WaitForRuleStatusBaseParams { - ruleId: string; - id?: never; -} - -export type WaitForRuleStatusParams = WaitForRuleStatusWithId | WaitForRuleStatusWithRuleId; - -/** - * Waits for rule to settle in a provided status. - * Depending on wether `id` or `ruleId` provided it may impact the behavior. - * - `id` leads to fetching a rule via ES Get API (rulesClient.resolve -> SOClient.resolve -> ES Get API) - * - `ruleId` leads to fetching a rule via ES Search API (rulesClient.find -> SOClient.find -> ES Search API) - * ES Search API may return outdated data while ES Get API always returns fresh data - */ -export const waitForRuleStatus = async ( - expectedStatus: RuleExecutionStatus, - { supertest, log, afterDate, namespace, ...idOrRuleId }: WaitForRuleStatusParams -): Promise => { - await waitFor( - async () => { - const query = 'id' in idOrRuleId ? { id: idOrRuleId.id } : { rule_id: idOrRuleId.ruleId }; - const route = routeWithNamespace(DETECTION_ENGINE_RULES_URL, namespace); - const response = await supertest - .get(route) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .query(query) - .expect(200); - - // TODO: https://github.com/elastic/kibana/pull/121644 clean up, make type-safe - const rule = response.body; - const ruleStatus = rule?.execution_summary?.last_execution.status; - const ruleStatusDate = rule?.execution_summary?.last_execution.date; - - return ( - rule != null && - ruleStatus === expectedStatus && - (afterDate ? new Date(ruleStatusDate) > afterDate : true) - ); - }, - 'waitForRuleStatus', - log - ); -}; - -export const waitForRuleSuccess = (params: WaitForRuleStatusParams): Promise => - waitForRuleStatus(RuleExecutionStatusEnum.succeeded, params); - -export const waitForRulePartialFailure = (params: WaitForRuleStatusParams): Promise => - waitForRuleStatus(RuleExecutionStatusEnum['partial failure'], params); - -export const waitForRuleFailure = (params: WaitForRuleStatusParams): Promise => - waitForRuleStatus(RuleExecutionStatusEnum.failed, params); diff --git a/x-pack/test/detection_engine_api_integration/utils/wait_for_signals_to_be_present.ts b/x-pack/test/detection_engine_api_integration/utils/wait_for_signals_to_be_present.ts deleted file mode 100644 index b98ef40671981..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/wait_for_signals_to_be_present.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ToolingLog } from '@kbn/tooling-log'; -import type SuperTest from 'supertest'; - -import { getSignalsByIds } from './get_signals_by_ids'; -import { waitFor } from './wait_for'; - -/** - * Waits for the signal hits to be greater than the supplied number - * before continuing with a default of at least one signal - * @param supertest Deps - * @param numberOfSignals The number of signals to wait for, default is 1 - */ -export const waitForSignalsToBePresent = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog, - numberOfSignals = 1, - signalIds: string[], - namespace?: string -): Promise => { - await waitFor( - async () => { - const signalsOpen = await getSignalsByIds( - supertest, - log, - signalIds, - numberOfSignals, - namespace - ); - return signalsOpen.hits.hits.length >= numberOfSignals; - }, - 'waitForSignalsToBePresent', - log - ); -}; diff --git a/x-pack/test/functional/es_archives/rule_keyword_family/README.md b/x-pack/test/functional/es_archives/rule_keyword_family/README.md index b6849e7ea5915..934ffff5f3ee8 100644 --- a/x-pack/test/functional/es_archives/rule_keyword_family/README.md +++ b/x-pack/test/functional/es_archives/rule_keyword_family/README.md @@ -1,20 +1,20 @@ Within this folder is input test data for tests within the folder: ```ts -x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family +x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/keyword_family/ ``` where these are small ECS compliant input indexes that try to express tests that exercise different parts of -the detection engine around creating and validating that the keyword family and field aliases all will work +the detection engine around creating and validating that the keyword family and field aliases all will work with the detection engine. These indexes might contain extra fields or different fields but should not directly clash with ECS or minimally clash. Nothing is stopping anyone from being ECS strict and not having additional extra fields but the extra fields and mappings are to just try and keep these tests simple and small. Most of these tests center around the two fields of: -* event.module -* event.dataset + +- event.module +- event.dataset To ensure that if mix and match between `keyword`, `const keyword` and field aliases within them, everything should still be ok. It is alright if other use cases are added here if they fit within the `keyword` family as described here: https://www.elastic.co/guide/en/elasticsearch/reference/7.12/keyword.html - diff --git a/x-pack/test/functional/es_archives/security_solution/README.md b/x-pack/test/functional/es_archives/security_solution/README.md index 897da48316155..01fa178de40ed 100644 --- a/x-pack/test/functional/es_archives/security_solution/README.md +++ b/x-pack/test/functional/es_archives/security_solution/README.md @@ -10,4 +10,4 @@ or x-pack/test/api_integration/apis/security_solution ``` -* Folder `telemetry` is for the tests underneath `detection_engine_api_integration/security_and_spaces/tests/telemetry`. +- Folder `telemetry` is for the tests underneath `x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/ess.config.ts`. diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index 3c083278eedce..20c9d8e30b073 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -103,6 +103,59 @@ "telemetry:server:ess": "npm run initialize-server:dr:default telemetry ess", "telemetry:runner:ess": "npm run run-tests:dr:default telemetry ess essEnv", + "alerts_essentials:server:serverless": "npm run initialize-server:dr:basicEssentials alerts serverless", + "alerts_essentials:runner:serverless": "npm run run-tests:dr:basicEssentials alerts serverless serverlessEnv", + "alerts_essentials:qa:serverless": "npm run run-tests:dr:basicEssentials alerts serverless qaEnv", + "alerts_basic:server:ess": "npm run initialize-server:dr:basicEssentials alerts ess", + "alerts_basic:runner:ess": "npm run run-tests:dr:basicEssentials alerts ess essEnv", + + "rule_creation_essentials:server:serverless": "npm run initialize-server:dr:basicEssentials rule_creation serverless", + "rule_creation_essentials:runner:serverless": "npm run run-tests:dr:basicEssentials rule_creation serverless serverlessEnv", + "rule_creation_essentials:qa:serverless": "npm run run-tests:dr:basicEssentials rule_creation serverless qaEnv", + "rule_creation_basic:server:ess": "npm run initialize-server:dr:basicEssentials rule_creation ess", + "rule_creation_basic:runner:ess": "npm run run-tests:dr:basicEssentials rule_creation ess essEnv", + + "rule_delete_essentials:server:serverless": "npm run initialize-server:dr:basicEssentials rule_delete serverless", + "rule_delete_essentials:runner:serverless": "npm run run-tests:dr:basicEssentials rule_delete serverless serverlessEnv", + "rule_delete_essentials:qa:serverless": "npm run run-tests:dr:basicEssentials rule_delete serverless qaEnv", + "rule_delete_basic:server:ess": "npm run initialize-server:dr:basicEssentials rule_delete ess", + "rule_delete_basic:runner:ess": "npm run run-tests:dr:basicEssentials rule_delete ess essEnv", + + "rule_edit_essentials:server:serverless": "npm run initialize-server:dr:basicEssentials rule_edit serverless", + "rule_edit_essentials:runner:serverless": "npm run run-tests:dr:basicEssentials rule_edit serverless serverlessEnv", + "rule_edit_essentials:qa:serverless": "npm run run-tests:dr:basicEssentials rule_edit serverless qaEnv", + "rule_edit_basic:server:ess": "npm run initialize-server:dr:basicEssentials rule_edit ess", + "rule_edit_basic:runner:ess": "npm run run-tests:dr:basicEssentials rule_edit ess essEnv", + + "rule_import_export_essentials:server:serverless": "npm run initialize-server:dr:basicEssentials rule_import_export serverless", + "rule_import_export_essentials:runner:serverless": "npm run run-tests:dr:basicEssentials rule_import_export serverless serverlessEnv", + "rule_import_export_essentials:qa:serverless": "npm run run-tests:dr:basicEssentials rule_import_export serverless qaEnv", + "rule_import_export_basic:server:ess": "npm run initialize-server:dr:basicEssentials rule_import_export ess", + "rule_import_export_basic:runner:ess": "npm run run-tests:dr:basicEssentials rule_import_export ess essEnv", + + "rule_management_essentials:server:serverless": "npm run initialize-server:dr:basicEssentials rule_management serverless", + "rule_management_essentials:runner:serverless": "npm run run-tests:dr:basicEssentials rule_management serverless serverlessEnv", + "rule_management_essentials:qa:serverless": "npm run run-tests:dr:basicEssentials rule_management serverless qaEnv", + "rule_management_basic:server:ess": "npm run initialize-server:dr:basicEssentials rule_management ess", + "rule_management_basic:runner:ess": "npm run run-tests:dr:basicEssentials rule_management ess essEnv", + + "rule_read_essentials:server:serverless": "npm run initialize-server:dr:basicEssentials rule_read serverless", + "rule_read_essentials:runner:serverless": "npm run run-tests:dr:basicEssentials rule_read serverless serverlessEnv", + "rule_read_essentials:qa:serverless": "npm run run-tests:dr:basicEssentials rule_read serverless qaEnv", + "rule_read_basic:server:ess": "npm run initialize-server:dr:basicEssentials rule_read ess", + "rule_read_basic:runner:ess": "npm run run-tests:dr:basicEssentials rule_read ess essEnv", + + "exception_lists:server:serverless": "npm run initialize-server:lists:default exception_lists serverless", + "exception_lists:runner:serverless": "npm run run-tests:lists:default exception_lists serverless serverlessEnv", + "exception_lists:qa:serverless": "npm run run-tests:lists:default exception_lists serverless qaEnv", + "exception_lists:server:ess": "npm run initialize-server:lists:default exception_lists ess", + "exception_lists:runner:ess": "npm run run-tests:lists:default exception_lists ess essEnv", + "value_lists:server:serverless": "npm run initialize-server:lists:default value_lists serverless", + "value_lists:runner:serverless": "npm run run-tests:lists:default value_lists serverless serverlessEnv", + "value_lists:qa:serverless": "npm run run-tests:lists:default value_lists serverless qaEnv", + "value_lists:server:ess": "npm run initialize-server:lists:default value_lists ess", + "value_lists:runner:ess": "npm run run-tests:lists:default value_lists ess essEnv", + "rule_creation:server:serverless": "npm run initialize-server:dr:default rule_creation serverless", "rule_creation:runner:serverless": "npm run run-tests:dr:default rule_creation serverless serverlessEnv", "rule_creation:qa:serverless": "npm run run-tests:dr:default rule_creation serverless qaEnv", diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/ess.config.ts similarity index 90% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/ess.config.ts index b980aef5f783a..b669aebf59a2d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS - Basic Integration Tests', + reportName: 'Alerts ESS - Basic Integration Tests', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/serverless.config.ts similarity index 84% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/serverless.config.ts index 8a4199ccfb44d..801a12035777b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/configs/serverless.config.ts @@ -10,6 +10,6 @@ import { createTestConfig } from '../../../../../config/serverless/config.base.e export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless - Essentials Integration Tests', + reportName: 'Alerts Serverless - Essentials Integration Tests', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/index.ts similarity index 50% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/index.ts index 296cec0e06448..300b32c7065d3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/index.ts @@ -7,11 +7,9 @@ import { FtrProviderContext } from '../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { - describe('Detection Engine Basic and Essentials API', function () { - loadTestFile(require.resolve('./rules/create_rules')); - loadTestFile(require.resolve('./rules/create_ml_rules_privileges')); - loadTestFile(require.resolve('./alerts/open_close_alerts')); - loadTestFile(require.resolve('./alerts/query_alerts')); - loadTestFile(require.resolve('./alerts/query_alerts_backword_compatibility')); + describe('Detection alerts Basic and Essentials API', function () { + loadTestFile(require.resolve('./open_close_alerts')); + loadTestFile(require.resolve('./query_alerts_backword_compatibility')); + loadTestFile(require.resolve('./query_alerts')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/open_close_alerts.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/open_close_alerts.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/open_close_alerts.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/open_close_alerts.ts index 4af66d1da4a93..ce09b9496893b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/open_close_alerts.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/open_close_alerts.ts @@ -25,9 +25,9 @@ import { waitForRuleSuccess, getRuleForAlertTesting, deleteAllAlerts, -} from '../../../utils'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; -import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder'; +} from '../../utils'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { EsArchivePathBuilder } from '../../../../es_archive_path_builder'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/query_alerts.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/query_alerts.ts similarity index 98% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/query_alerts.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/query_alerts.ts index 3b372597cffd3..54b0e4aab0246 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/query_alerts.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/query_alerts.ts @@ -12,8 +12,8 @@ import { ALERTS_AS_DATA_FIND_URL, } from '@kbn/security-solution-plugin/common/constants'; import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common'; -import { getAlertStatus, createAlertsIndex, deleteAllAlerts } from '../../../utils'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { getAlertStatus, createAlertsIndex, deleteAllAlerts } from '../../utils'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/query_alerts_backword_compatibility.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/query_alerts_backword_compatibility.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/query_alerts_backword_compatibility.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/query_alerts_backword_compatibility.ts index 76f85dd323976..bb2134c33fcff 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/query_alerts_backword_compatibility.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/alerts/query_alerts_backword_compatibility.ts @@ -8,8 +8,8 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_QUERY_SIGNALS_URL } from '@kbn/security-solution-plugin/common/constants'; -import { createAlertsIndex, deleteAllAlerts } from '../../../utils'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { createAlertsIndex, deleteAllAlerts } from '../../utils'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/ess.config.ts new file mode 100644 index 0000000000000..59ecc01743f34 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/ess.config.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/ess/config.base.basic') + ); + + return { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rule creation ESS - Basic Integration Tests', + }, + }; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/serverless.config.ts new file mode 100644 index 0000000000000..0af6a8f6de617 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/configs/serverless.config.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rule creation Serverless - Essentials Integration Tests', + }, +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_ml_rules_privileges.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_ml_rules_privileges.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_ml_rules_privileges.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_ml_rules_privileges.ts index 0b4bcea421c70..62f15e4e645fc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_ml_rules_privileges.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_ml_rules_privileges.ts @@ -16,9 +16,9 @@ import { getSimpleMlRule, deleteAllAlerts, updateUsername, -} from '../../../utils'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; -import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder'; +} from '../../utils'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { EsArchivePathBuilder } from '../../../../es_archive_path_builder'; export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_rules.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_rules.ts index 6a3fff87611da..520db08cb2ba2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_rules.ts @@ -21,9 +21,9 @@ import { removeServerGeneratedPropertiesIncludingRuleId, deleteAllAlerts, updateUsername, -} from '../../../utils'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; -import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder'; +} from '../../utils'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { EsArchivePathBuilder } from '../../../../es_archive_path_builder'; export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/create_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_rules_bulk.ts similarity index 73% rename from x-pack/test/detection_engine_api_integration/basic/tests/create_rules_bulk.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_rules_bulk.ts index d23d92e2887a2..a8b01b2615a63 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/create_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/create_rules_bulk.ts @@ -8,9 +8,10 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_BULK_CREATE } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { EsArchivePathBuilder } from '../../../../es_archive_path_builder'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, getSimpleRule, @@ -19,27 +20,34 @@ import { getSimpleRuleWithoutRuleId, removeServerGeneratedProperties, removeServerGeneratedPropertiesIncludingRuleId, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('create_rules_bulk', () => { + // TODO: add a new service + const isServerless = config.get('serverless'); + const dataPathBuilder = new EsArchivePathBuilder(isServerless); + const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts'); + + describe('@ess @serverless create_rules_bulk', () => { describe('creating rules in bulk', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); + await esArchiver.load(auditbeatPath); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); + await esArchiver.unload(auditbeatPath); }); beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -48,18 +56,25 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should create a single rule with a rule_id', async () => { + const rule = getSimpleRule(); const { body } = await supertest .post(DETECTION_ENGINE_RULES_BULK_CREATE) .set('kbn-xsrf', 'true') .set('elastic-api-version', '2023-10-31') - .send([getSimpleRule()]) + .send([rule]) .expect(200); const bodyToCompare = removeServerGeneratedProperties(body[0]); - expect(bodyToCompare).to.eql(getSimpleRuleOutput()); + const expectedRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should create a single rule without a rule_id', async () => { + const rule = getSimpleRuleWithoutRuleId(); const { body } = await supertest .post(DETECTION_ENGINE_RULES_BULK_CREATE) .set('kbn-xsrf', 'true') @@ -68,7 +83,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); - expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId()); + const expectedRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(rule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should return a 200 ok but have a 409 conflict if we attempt to create the same rule_id twice', async () => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/index.ts new file mode 100644 index 0000000000000..70267e74fcb4e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_creation/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FtrProviderContext } from '../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules creation Basic and Essentials API', function () { + loadTestFile(require.resolve('./create_rules')); + loadTestFile(require.resolve('./create_rules_bulk')); + loadTestFile(require.resolve('./create_ml_rules_privileges')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/ess.config.ts new file mode 100644 index 0000000000000..fc466b0d2d01b --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/ess.config.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/ess/config.base.basic') + ); + + return { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rule delete ESS - Basic Integration Tests', + }, + }; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/serverless.config.ts new file mode 100644 index 0000000000000..299d1948a7ef8 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/configs/serverless.config.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rule delete Serverless - Essentials Integration Tests', + }, +}); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/delete_rules.ts similarity index 77% rename from x-pack/test/detection_engine_api_integration/basic/tests/delete_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/delete_rules.ts index b649b16d7ef02..00f32b19b093e 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/delete_rules.ts @@ -8,10 +8,10 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { createRule, - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, getSimpleRule, @@ -20,18 +20,20 @@ import { getSimpleRuleWithoutRuleId, removeServerGeneratedProperties, removeServerGeneratedPropertiesIncludingRuleId, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('delete_rules', () => { + describe('@ess @serverless delete_rules', () => { describe('deleting rules', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -40,7 +42,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should delete a single rule with a rule_id', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); // delete the rule by its rule_id const { body } = await supertest @@ -50,7 +52,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - expect(bodyToCompare).to.eql(getSimpleRuleOutput()); + const expectedRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should delete a single rule using an auto generated rule_id', async () => { @@ -64,7 +71,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); - expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId()); + const expectedRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(bodyWithCreatedRule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should delete a single rule using an auto generated id', async () => { @@ -78,7 +90,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); - expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId()); + const expectedRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(bodyWithCreatedRule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should return an error if the id does not exist when trying to delete it', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/delete_rules_bulk.ts similarity index 81% rename from x-pack/test/detection_engine_api_integration/basic/tests/delete_rules_bulk.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/delete_rules_bulk.ts index c2017aead47d8..99eb2baeef78f 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/delete_rules_bulk.ts @@ -8,10 +8,10 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_BULK_DELETE } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { createRule, - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, getSimpleRule, @@ -20,18 +20,20 @@ import { getSimpleRuleWithoutRuleId, removeServerGeneratedProperties, removeServerGeneratedPropertiesIncludingRuleId, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('delete_rules_bulk', () => { + describe('@ess @serverless delete_rules_bulk', () => { describe('deleting rules bulk using DELETE', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -40,7 +42,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should delete a single rule with a rule_id', async () => { - await createRule(supertest, log, getSimpleRule()); + const rule = await createRule(supertest, log, getSimpleRule()); // delete the rule in bulk const { body } = await supertest @@ -51,7 +53,11 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body[0]); - expect(bodyToCompare).to.eql(getSimpleRuleOutput()); + const expectedRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); + expect(bodyToCompare).to.eql(expectedRule); }); it('should delete a single rule using an auto generated rule_id', async () => { @@ -66,7 +72,11 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); - expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId()); + const expectedRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(bodyWithCreatedRule.rule_id), + ELASTICSEARCH_USERNAME + ); + expect(bodyToCompare).to.eql(expectedRule); }); it('should delete a single rule using an auto generated id', async () => { @@ -81,7 +91,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); - expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId()); + const expectedRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(bodyWithCreatedRule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should return an error if the ruled_id does not exist when trying to delete a rule_id', async () => { @@ -134,7 +149,10 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); expect([bodyToCompare, body[1]]).to.eql([ - getSimpleRuleOutputWithoutRuleId(), + updateUsername( + getSimpleRuleOutputWithoutRuleId(bodyWithCreatedRule.rule_id), + ELASTICSEARCH_USERNAME + ), { id: 'c4e80a0d-e20f-4efc-84c1-08112da5a612', error: { @@ -149,7 +167,7 @@ export default ({ getService }: FtrProviderContext): void => { // This is a repeat of the tests above but just using POST instead of DELETE describe('deleting rules bulk using POST', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -158,7 +176,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should delete a single rule with a rule_id', async () => { - await createRule(supertest, log, getSimpleRule()); + const rule = await createRule(supertest, log, getSimpleRule()); // delete the rule in bulk const { body } = await supertest @@ -169,7 +187,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body[0]); - expect(bodyToCompare).to.eql(getSimpleRuleOutput()); + const expectedRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should delete a single rule using an auto generated rule_id', async () => { @@ -184,7 +207,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); - expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId()); + const expectedRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(bodyWithCreatedRule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should delete a single rule using an auto generated id', async () => { @@ -199,7 +227,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); - expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId()); + const expectedRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(bodyWithCreatedRule.rule_id), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should return an error if the ruled_id does not exist when trying to delete a rule_id', async () => { @@ -252,7 +285,11 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); expect([bodyToCompare, body[1]]).to.eql([ - getSimpleRuleOutputWithoutRuleId(), + getSimpleRuleOutputWithoutRuleId( + bodyWithCreatedRule.rule_id, + bodyWithCreatedRule.enabled, + ELASTICSEARCH_USERNAME + ), { id: 'c4e80a0d-e20f-4efc-84c1-08112da5a612', error: { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/index.ts new file mode 100644 index 0000000000000..ed2dd8cc9cb7e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_delete/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FtrProviderContext } from '../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules delete Basic and Essentials API', function () { + loadTestFile(require.resolve('./delete_rules_bulk')); + loadTestFile(require.resolve('./delete_rules')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/ess.config.ts new file mode 100644 index 0000000000000..39df587c5b3ee --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/ess.config.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/ess/config.base.basic') + ); + + return { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rule edit ESS - Basic Integration Tests', + }, + }; +} diff --git a/x-pack/test/detection_engine_api_integration/common/ftr_provider_context.d.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/serverless.config.ts similarity index 50% rename from x-pack/test/detection_engine_api_integration/common/ftr_provider_context.d.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/serverless.config.ts index aa56557c09df8..fefe9f173f1a0 100644 --- a/x-pack/test/detection_engine_api_integration/common/ftr_provider_context.d.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/configs/serverless.config.ts @@ -5,8 +5,11 @@ * 2.0. */ -import { GenericFtrProviderContext } from '@kbn/test'; +import { createTestConfig } from '../../../../../config/serverless/config.base.essentials'; -import { services } from './services'; - -export type FtrProviderContext = GenericFtrProviderContext; +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rule edit Serverless - Essentials Integration Tests', + }, +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/index.ts new file mode 100644 index 0000000000000..21ca26c31a5fe --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/index.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FtrProviderContext } from '../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules edit Basic and Essentials API', function () { + loadTestFile(require.resolve('./patch_rules_bulk')); + loadTestFile(require.resolve('./patch_rules')); + loadTestFile(require.resolve('./patch_rules_ess')); + loadTestFile(require.resolve('./update_rules_bulk')); + loadTestFile(require.resolve('./update_rules')); + loadTestFile(require.resolve('./update_rules_ess')); + }); +} diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules.ts similarity index 81% rename from x-pack/test/detection_engine_api_integration/basic/tests/patch_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules.ts index 040a504ee282c..69e5414cd4cad 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules.ts @@ -8,9 +8,9 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { - createSignalsIndex, + createAlertsIndex, deleteAllRules, getSimpleRule, getSimpleRuleOutput, @@ -19,18 +19,20 @@ import { getSimpleRuleOutputWithoutRuleId, createRule, deleteAllAlerts, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('patch_rules', () => { + describe('@ess @serverless patch_rules', () => { describe('patch rules', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -39,7 +41,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should patch a single rule property of name using a rule_id', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name const { body } = await supertest @@ -49,30 +51,16 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', name: 'some other name' }) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).to.eql(outputRule); }); - it('should return a "403 forbidden" using a rule_id of type "machine learning"', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); - - // patch a simple rule's type to machine learning - const { body } = await supertest - .patch(DETECTION_ENGINE_RULES_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send({ rule_id: 'rule-1', type: 'machine_learning' }) - .expect(403); - - expect(body).to.eql({ - message: 'Your license does not support machine learning. Please upgrade your license.', - status_code: 403, - }); - }); - it('should patch a single rule property of name using the auto-generated rule_id', async () => { // create a simple rule const rule = getSimpleRule('rule-1'); @@ -87,7 +75,10 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: createRuleBody.rule_id, name: 'some other name' }) .expect(200); - const outputRule = getSimpleRuleOutputWithoutRuleId(); + const outputRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); @@ -105,7 +96,10 @@ export default ({ getService }: FtrProviderContext) => { .send({ id: createdBody.id, name: 'some other name' }) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body); @@ -113,7 +107,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not change the revision of a rule when it patches only enabled', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false const { body } = await supertest @@ -123,7 +117,10 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', enabled: false }) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.enabled = false; const bodyToCompare = removeServerGeneratedProperties(body); @@ -131,7 +128,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should change the revision of a rule when it patches enabled and another property', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false and another property const { body } = await supertest @@ -141,7 +138,10 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', severity: 'low', enabled: false }) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; @@ -151,7 +151,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not change other properties when it does patches', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's timeline_title await supertest @@ -169,7 +169,10 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', name: 'some other name' }) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.timeline_title = 'some title'; outputRule.timeline_id = 'some id'; diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules_bulk.ts similarity index 80% rename from x-pack/test/detection_engine_api_integration/basic/tests/patch_rules_bulk.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules_bulk.ts index 48407ba7df94b..51a62e317d6b0 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules_bulk.ts @@ -8,9 +8,9 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_BULK_UPDATE } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { - createSignalsIndex, + createAlertsIndex, deleteAllRules, getSimpleRule, getSimpleRuleOutput, @@ -19,18 +19,20 @@ import { removeServerGeneratedPropertiesIncludingRuleId, createRule, deleteAllAlerts, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('patch_rules_bulk', () => { + describe('@ess @serverless patch_rules_bulk', () => { describe('patch rules bulk', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -39,7 +41,8 @@ export default ({ getService }: FtrProviderContext) => { }); it('should patch a single rule property of name using a rule_id', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = getSimpleRule('rule-1'); + await createRule(supertest, log, rule); // patch a simple rule's name const { body } = await supertest @@ -49,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => { .send([{ rule_id: 'rule-1', name: 'some other name' }]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -57,8 +60,10 @@ export default ({ getService }: FtrProviderContext) => { }); it('should patch two rule properties of name using the two rules rule_id', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); - await createRule(supertest, log, getSimpleRule('rule-2')); + const rule = getSimpleRule('rule-1'); + const rule2 = getSimpleRule('rule-2'); + await createRule(supertest, log, rule); + await createRule(supertest, log, rule2); // patch both rule names const { body } = await supertest @@ -71,11 +76,17 @@ export default ({ getService }: FtrProviderContext) => { ]) .expect(200); - const outputRule1 = getSimpleRuleOutput(); + const outputRule1 = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const outputRule2 = getSimpleRuleOutput('rule-2'); + const outputRule2 = updateUsername( + getSimpleRuleOutput(rule2.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule2.name = 'some other name'; outputRule2.revision = 1; @@ -86,7 +97,8 @@ export default ({ getService }: FtrProviderContext) => { }); it('should patch a single rule property of name using an id', async () => { - const createRuleBody = await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = getSimpleRule('rule-1'); + const createRuleBody = await createRule(supertest, log, rule); // patch a simple rule's name const { body } = await supertest @@ -96,7 +108,10 @@ export default ({ getService }: FtrProviderContext) => { .send([{ id: createRuleBody.id, name: 'some other name' }]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -118,11 +133,17 @@ export default ({ getService }: FtrProviderContext) => { ]) .expect(200); - const outputRule1 = getSimpleRuleOutputWithoutRuleId('rule-1'); + const outputRule1 = updateUsername( + getSimpleRuleOutputWithoutRuleId(createRule1.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const outputRule2 = getSimpleRuleOutputWithoutRuleId('rule-2'); + const outputRule2 = updateUsername( + getSimpleRuleOutputWithoutRuleId(createRule2.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule2.name = 'some other name'; outputRule2.revision = 1; @@ -143,7 +164,10 @@ export default ({ getService }: FtrProviderContext) => { .send([{ id: createdBody.id, name: 'some other name' }]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -151,7 +175,8 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not change the revision of a rule when it patches only enabled', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = getSimpleRule('rule-1'); + await createRule(supertest, log, rule); // patch a simple rule's enabled to false const { body } = await supertest @@ -161,7 +186,10 @@ export default ({ getService }: FtrProviderContext) => { .send([{ rule_id: 'rule-1', enabled: false }]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.enabled = false; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -169,7 +197,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should change the revision of a rule when it patches enabled and another property', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false and another property const { body } = await supertest @@ -179,7 +207,10 @@ export default ({ getService }: FtrProviderContext) => { .send([{ rule_id: 'rule-1', severity: 'low', enabled: false }]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; @@ -189,7 +220,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not change other properties when it does patches', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's timeline_title await supertest @@ -207,7 +238,10 @@ export default ({ getService }: FtrProviderContext) => { .send([{ rule_id: 'rule-1', name: 'some other name' }]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.timeline_title = 'some title'; outputRule.timeline_id = 'some id'; @@ -253,7 +287,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should patch one rule property and give an error about a second fake rule_id', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch one rule name and give a fake id for the second const { body } = await supertest @@ -266,7 +300,10 @@ export default ({ getService }: FtrProviderContext) => { ]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -297,7 +334,10 @@ export default ({ getService }: FtrProviderContext) => { ]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules_ess.ts new file mode 100644 index 0000000000000..1138bee1d4d71 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/patch_rules_ess.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; + +import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { deleteAllRules, getSimpleRule, createRule } from '../../utils'; + +export default ({ getService }: FtrProviderContext) => { + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess patch_rules_basic_license', () => { + describe('patch rules', () => { + afterEach(async () => { + await deleteAllRules(supertest, log); + }); + + it('should return a "403 forbidden" using a rule_id of type "machine learning"', async () => { + await createRule(supertest, log, getSimpleRule('rule-1')); + + // patch a simple rule's type to machine learning + const { body } = await supertest + .patch(DETECTION_ENGINE_RULES_URL) + .set('kbn-xsrf', 'true') + .set('elastic-api-version', '2023-10-31') + .send({ rule_id: 'rule-1', type: 'machine_learning' }) + .expect(403); + + expect(body).to.eql({ + message: 'Your license does not support machine learning. Please upgrade your license.', + status_code: 403, + }); + }); + }); + }); +}; diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules.ts similarity index 81% rename from x-pack/test/detection_engine_api_integration/basic/tests/update_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules.ts index c9332cd41b4fb..655c24deb098a 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/update_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules.ts @@ -8,31 +8,32 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { - createSignalsIndex, + createAlertsIndex, deleteAllRules, getSimpleRuleOutput, removeServerGeneratedProperties, removeServerGeneratedPropertiesIncludingRuleId, getSimpleRuleOutputWithoutRuleId, getSimpleRuleUpdate, - getSimpleMlRuleUpdate, createRule, getSimpleRule, deleteAllAlerts, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('update_rules', () => { + describe('@ess @serverless update_rules', () => { describe('update rules', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -41,7 +42,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should update a single rule property of name using a rule_id', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); // update a simple rule's name const updatedRule = getSimpleRuleUpdate('rule-1'); @@ -56,35 +57,16 @@ export default ({ getService }: FtrProviderContext) => { .send(updatedRule) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).to.eql(outputRule); }); - it('should return a 403 forbidden if it is a machine learning job', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); - - // update a simple rule's type to try to be a machine learning job type - const updatedRule = getSimpleMlRuleUpdate('rule-1'); - updatedRule.rule_id = 'rule-1'; - updatedRule.name = 'some other name'; - delete updatedRule.id; - - const { body } = await supertest - .put(DETECTION_ENGINE_RULES_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(updatedRule) - .expect(403); - - expect(body).to.eql({ - message: 'Your license does not support machine learning. Please upgrade your license.', - status_code: 403, - }); - }); - it('should update a single rule property of name using an auto-generated rule_id', async () => { const rule = getSimpleRule('rule-1'); delete rule.rule_id; @@ -103,7 +85,10 @@ export default ({ getService }: FtrProviderContext) => { .send(updatedRule) .expect(200); - const outputRule = getSimpleRuleOutputWithoutRuleId(); + const outputRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); @@ -126,7 +111,10 @@ export default ({ getService }: FtrProviderContext) => { .send(updatedRule) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body); @@ -134,7 +122,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should change the revision of a rule when it updates enabled and another property', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); // update a simple rule's enabled to false and another property const updatedRule = getSimpleRuleUpdate('rule-1'); @@ -148,7 +136,10 @@ export default ({ getService }: FtrProviderContext) => { .send(updatedRule) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; @@ -158,7 +149,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should change other properties when it does updates and effectively delete them such as timeline_title', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); const ruleUpdate = getSimpleRuleUpdate('rule-1'); ruleUpdate.timeline_title = 'some title'; @@ -183,7 +174,10 @@ export default ({ getService }: FtrProviderContext) => { .send(ruleUpdate2) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 2; diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules_bulk.ts similarity index 85% rename from x-pack/test/detection_engine_api_integration/basic/tests/update_rules_bulk.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules_bulk.ts index ca4df7a4cd648..7f7e295911f68 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/update_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules_bulk.ts @@ -11,9 +11,9 @@ import { DETECTION_ENGINE_RULES_BULK_UPDATE, DETECTION_ENGINE_RULES_URL, } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { - createSignalsIndex, + createAlertsIndex, deleteAllRules, getSimpleRuleOutput, removeServerGeneratedProperties, @@ -23,18 +23,20 @@ import { createRule, getSimpleRule, deleteAllAlerts, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('update_rules_bulk', () => { + describe('@ess @serverless update_rules_bulk', () => { describe('update rules bulk', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -43,7 +45,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should update a single rule property of name using a rule_id', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); const updatedRule = getSimpleRuleUpdate('rule-1'); updatedRule.name = 'some other name'; @@ -56,7 +58,10 @@ export default ({ getService }: FtrProviderContext) => { .send([updatedRule]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -88,11 +93,17 @@ export default ({ getService }: FtrProviderContext) => { .send([updatedRule1, updatedRule2]) .expect(200); - const outputRule1 = getSimpleRuleOutput(); + const outputRule1 = updateUsername( + getSimpleRuleOutput(updatedRule1.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const outputRule2 = getSimpleRuleOutput('rule-2'); + const outputRule2 = updateUsername( + getSimpleRuleOutput(updatedRule2.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule2.name = 'some other name'; outputRule2.revision = 1; @@ -118,7 +129,10 @@ export default ({ getService }: FtrProviderContext) => { .send([updatedRule1]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createRuleBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -147,11 +161,17 @@ export default ({ getService }: FtrProviderContext) => { .send([updatedRule1, updatedRule2]) .expect(200); - const outputRule1 = getSimpleRuleOutputWithoutRuleId('rule-1'); + const outputRule1 = updateUsername( + getSimpleRuleOutputWithoutRuleId(createRule1.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const outputRule2 = getSimpleRuleOutputWithoutRuleId('rule-2'); + const outputRule2 = updateUsername( + getSimpleRuleOutputWithoutRuleId(createRule2.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule2.name = 'some other name'; outputRule2.revision = 1; @@ -177,7 +197,10 @@ export default ({ getService }: FtrProviderContext) => { .send([updatedRule1]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -199,7 +222,10 @@ export default ({ getService }: FtrProviderContext) => { .send([updatedRule1]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(updatedRule1.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; @@ -209,7 +235,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should change other properties when it does updates and effectively delete them such as timeline_title', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); // update a simple rule's timeline_title const ruleUpdate = getSimpleRuleUpdate('rule-1'); @@ -234,7 +260,10 @@ export default ({ getService }: FtrProviderContext) => { .send([ruleUpdate2]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 2; @@ -286,7 +315,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should update one rule property and give an error about a second fake rule_id', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); + const rule = await createRule(supertest, log, getSimpleRule('rule-1')); const ruleUpdate = getSimpleRuleUpdate('rule-1'); ruleUpdate.name = 'some other name'; @@ -304,7 +333,10 @@ export default ({ getService }: FtrProviderContext) => { .send([ruleUpdate, ruleUpdate2]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(rule.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -342,7 +374,10 @@ export default ({ getService }: FtrProviderContext) => { .send([rule1, rule2]) .expect(200); - const outputRule = getSimpleRuleOutput(); + const outputRule = updateUsername( + getSimpleRuleOutput(createdBody.rule_id), + ELASTICSEARCH_USERNAME + ); outputRule.name = 'some other name'; outputRule.revision = 1; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules_ess.ts new file mode 100644 index 0000000000000..9d56eab1651b8 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_edit/update_rules_ess.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; + +import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { deleteAllRules, getSimpleMlRuleUpdate, createRule, getSimpleRule } from '../../utils'; + +export default ({ getService }: FtrProviderContext) => { + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess update_rules_basic_license', () => { + describe('update rules', () => { + afterEach(async () => { + await deleteAllRules(supertest, log); + }); + + it('should return a 403 forbidden if it is a machine learning job', async () => { + await createRule(supertest, log, getSimpleRule('rule-1')); + + // update a simple rule's type to try to be a machine learning job type + const updatedRule = getSimpleMlRuleUpdate('rule-1'); + updatedRule.rule_id = 'rule-1'; + updatedRule.name = 'some other name'; + delete updatedRule.id; + + const { body } = await supertest + .put(DETECTION_ENGINE_RULES_URL) + .set('kbn-xsrf', 'true') + .set('elastic-api-version', '2023-10-31') + .send(updatedRule) + .expect(403); + + expect(body).to.eql({ + message: 'Your license does not support machine learning. Please upgrade your license.', + status_code: 403, + }); + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/ess.config.ts new file mode 100644 index 0000000000000..b669aebf59a2d --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/ess.config.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/ess/config.base.basic') + ); + + return { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'Alerts ESS - Basic Integration Tests', + }, + }; +} diff --git a/x-pack/test/detection_engine_api_integration/utils/get_query_signal_ids.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/serverless.config.ts similarity index 52% rename from x-pack/test/detection_engine_api_integration/utils/get_query_signal_ids.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/serverless.config.ts index 28e59ff7a07f6..801a12035777b 100644 --- a/x-pack/test/detection_engine_api_integration/utils/get_query_signal_ids.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/configs/serverless.config.ts @@ -5,12 +5,11 @@ * 2.0. */ -import type { SignalIds } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { createTestConfig } from '../../../../../config/serverless/config.base.essentials'; -export const getQuerySignalIds = (signalIds: SignalIds) => ({ - query: { - terms: { - _id: signalIds, - }, +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: 'Alerts Serverless - Essentials Integration Tests', }, }); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/export_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/export_rules.ts similarity index 80% rename from x-pack/test/detection_engine_api_integration/basic/tests/export_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/export_rules.ts index 883c9adcc7ad0..1ef59751d3c53 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/export_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/export_rules.ts @@ -8,28 +8,30 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { binaryToString, createRule, - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, getSimpleRule, getSimpleRuleOutput, removeServerGeneratedProperties, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); describe('export_rules', () => { describe('exporting rules', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -51,7 +53,8 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should export a single rule with a rule_id', async () => { - await createRule(supertest, log, getSimpleRule()); + const rule = getSimpleRule(); + await createRule(supertest, log, rule); const { body } = await supertest .post(`${DETECTION_ENGINE_RULES_URL}/_export`) @@ -63,8 +66,9 @@ export default ({ getService }: FtrProviderContext): void => { const bodySplitAndParsed = JSON.parse(body.toString().split(/\n/)[0]); const bodyToTest = removeServerGeneratedProperties(bodySplitAndParsed); + const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); - expect(bodyToTest).to.eql(getSimpleRuleOutput()); + expect(bodyToTest).to.eql(expectedRule); }); it('should export a exported count with a single rule_id', async () => { @@ -100,8 +104,10 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should export exactly two rules given two rules', async () => { - await createRule(supertest, log, getSimpleRule('rule-1')); - await createRule(supertest, log, getSimpleRule('rule-2')); + const rule1 = getSimpleRule('rule-1'); + const rule2 = getSimpleRule('rule-2'); + await createRule(supertest, log, rule1); + await createRule(supertest, log, rule2); const { body } = await supertest .post(`${DETECTION_ENGINE_RULES_URL}/_export`) @@ -115,11 +121,10 @@ export default ({ getService }: FtrProviderContext): void => { const secondRuleParsed = JSON.parse(body.toString().split(/\n/)[1]); const firstRule = removeServerGeneratedProperties(firstRuleParsed); const secondRule = removeServerGeneratedProperties(secondRuleParsed); + const expectedRule1 = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule2 = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); - expect([firstRule, secondRule]).to.eql([ - getSimpleRuleOutput('rule-2'), - getSimpleRuleOutput('rule-1'), - ]); + expect([firstRule, secondRule]).to.eql([expectedRule1, expectedRule2]); }); }); }); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/import_rules.ts similarity index 96% rename from x-pack/test/detection_engine_api_integration/basic/tests/import_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/import_rules.ts index bf22875e23712..173b66d59562e 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/import_rules.ts @@ -8,9 +8,9 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, getSimpleRule, @@ -18,18 +18,20 @@ import { getSimpleRuleOutput, removeServerGeneratedProperties, ruleToNdjson, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('import_rules', () => { + describe('@ess @serverless import_rules', () => { describe('importing rules with an index', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -99,8 +101,10 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); + const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + expect(bodyToCompare).to.eql({ - ...getSimpleRuleOutput('rule-1', false), + ...expectedRule, output_index: '', }); }); @@ -375,8 +379,10 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); + const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const ruleOutput = { - ...getSimpleRuleOutput('rule-1'), + ...expectedRule, output_index: '', }; ruleOutput.name = 'some other name'; @@ -469,7 +475,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should be able to correctly read back a mixed import of different rules even if some cause conflicts', async () => { const getRuleOutput = (name: string) => ({ - ...getSimpleRuleOutput(name), + ...updateUsername(getSimpleRuleOutput(name), ELASTICSEARCH_USERNAME), output_index: '', }); await supertest diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/index.ts new file mode 100644 index 0000000000000..f0b1156c83a2b --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_import_export/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FtrProviderContext } from '../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules import and export Basic and Essentials API', function () { + loadTestFile(require.resolve('./export_rules')); + loadTestFile(require.resolve('./import_rules')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/ess.config.ts new file mode 100644 index 0000000000000..b669aebf59a2d --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/ess.config.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/ess/config.base.basic') + ); + + return { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'Alerts ESS - Basic Integration Tests', + }, + }; +} diff --git a/x-pack/test/detection_engine_api_integration/basic/config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/serverless.config.ts similarity index 51% rename from x-pack/test/detection_engine_api_integration/basic/config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/serverless.config.ts index 26fdc62e0ec52..801a12035777b 100644 --- a/x-pack/test/detection_engine_api_integration/basic/config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/configs/serverless.config.ts @@ -5,13 +5,11 @@ * 2.0. */ -import { createTestConfig } from '../common/config'; +import { createTestConfig } from '../../../../../config/serverless/config.base.essentials'; -// eslint-disable-next-line import/no-default-export -export default createTestConfig( - { - license: 'basic', - ssl: true, +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: 'Alerts Serverless - Essentials Integration Tests', }, - [require.resolve('./tests')] -); +}); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/coverage_overview.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/coverage_overview.ts similarity index 98% rename from x-pack/test/detection_engine_api_integration/basic/tests/coverage_overview.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/coverage_overview.ts index b40033b5eb17e..ae086d1703ac1 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/coverage_overview.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/coverage_overview.ts @@ -11,7 +11,7 @@ import { RULE_MANAGEMENT_COVERAGE_OVERVIEW_URL, ThreatArray, } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { createPrebuiltRuleAssetSavedObjects, createRuleAssetSavedObject, @@ -22,13 +22,12 @@ import { createNonSecurityRule, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - describe('coverage_overview', () => { + describe('@ess @serverless @brokenInServerless @skipInQA coverage_overview', () => { beforeEach(async () => { await deleteAllRules(supertest, log); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/index.ts new file mode 100644 index 0000000000000..b8128ade11ad4 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_management/index.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FtrProviderContext } from '../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules management Basic and Essentials API', function () { + loadTestFile(require.resolve('./coverage_overview')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/ess.config.ts new file mode 100644 index 0000000000000..d4421aef6e982 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/ess.config.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/ess/config.base.basic') + ); + + return { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rule read ESS - Basic Integration Tests', + }, + }; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/serverless.config.ts new file mode 100644 index 0000000000000..a395a1b204b4b --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/configs/serverless.config.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rule read Serverless - Essentials Integration Tests', + }, +}); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/find_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/find_rules.ts similarity index 80% rename from x-pack/test/detection_engine_api_integration/basic/tests/find_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/find_rules.ts index 01ee932f60b1b..7e134e1179431 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/find_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/find_rules.ts @@ -8,7 +8,7 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { createRule, deleteAllRules, @@ -17,14 +17,16 @@ import { getSimpleRule, getSimpleRuleOutput, removeServerGeneratedProperties, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('find_rules', () => { + describe('@ess @serverless find_rules', () => { beforeEach(async () => { await deleteAllRules(supertest, log); }); @@ -46,7 +48,8 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return a single rule when a single rule is loaded from a find with defaults added', async () => { - await createRule(supertest, log, getSimpleRule()); + const rule = getSimpleRule(); + await createRule(supertest, log, rule); // query the single rule from _find const { body } = await supertest @@ -57,8 +60,10 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; + const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + expect(body).to.eql({ - data: [getSimpleRuleOutput()], + data: [expectedRule], page: 1, perPage: 20, total: 1, @@ -66,12 +71,13 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return a single rule when a single rule is loaded from a find with everything for the rule added', async () => { + const rule = getComplexRule(); // add a single rule await supertest .post(DETECTION_ENGINE_RULES_URL) .set('kbn-xsrf', 'true') .set('elastic-api-version', '2023-10-31') - .send(getComplexRule()) + .send(rule) .expect(200); // query and expect that we get back one record in the find @@ -83,8 +89,10 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; + const expectedRule = updateUsername(getComplexRuleOutput(), ELASTICSEARCH_USERNAME); + expect(body).to.eql({ - data: [getComplexRuleOutput()], + data: [expectedRule], page: 1, perPage: 20, total: 1, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/index.ts new file mode 100644 index 0000000000000..1e8bfd881f051 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FtrProviderContext } from '../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules read Basic and Essentials API', function () { + loadTestFile(require.resolve('./read_rules')); + loadTestFile(require.resolve('./find_rules')); + }); +} diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/read_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/read_rules.ts similarity index 77% rename from x-pack/test/detection_engine_api_integration/basic/tests/read_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/read_rules.ts index 839f5a15fe161..f158aabd409b2 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/read_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/rule_read/read_rules.ts @@ -8,10 +8,10 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; import { createRule, - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, getSimpleRule, @@ -20,18 +20,20 @@ import { getSimpleRuleWithoutRuleId, removeServerGeneratedProperties, removeServerGeneratedPropertiesIncludingRuleId, + updateUsername, } from '../../utils'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); + const config = getService('config'); + const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - describe('read_rules', () => { + describe('@ess @serverless read_rules', () => { describe('reading rules', () => { beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -40,31 +42,35 @@ export default ({ getService }: FtrProviderContext) => { }); it('should be able to read a single rule using rule_id', async () => { - await createRule(supertest, log, getSimpleRule()); + const rule = getSimpleRule(); + await createRule(supertest, log, rule); const { body } = await supertest .get(`${DETECTION_ENGINE_RULES_URL}?rule_id=rule-1`) .set('kbn-xsrf', 'true') .set('elastic-api-version', '2023-10-31') - .send(getSimpleRule()) + .send(rule) .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - expect(bodyToCompare).to.eql(getSimpleRuleOutput()); + const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + expect(bodyToCompare).to.eql(expectedRule); }); it('should be able to read a single rule using id', async () => { - const createRuleBody = await createRule(supertest, log, getSimpleRule()); + const rule = getSimpleRule(); + const createRuleBody = await createRule(supertest, log, rule); const { body } = await supertest .get(`${DETECTION_ENGINE_RULES_URL}?id=${createRuleBody.id}`) .set('kbn-xsrf', 'true') .set('elastic-api-version', '2023-10-31') - .send(getSimpleRule()) + .send(rule) .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - expect(bodyToCompare).to.eql(getSimpleRuleOutput()); + const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + expect(bodyToCompare).to.eql(expectedRule); }); it('should be able to read a single rule with an auto-generated rule_id', async () => { @@ -78,7 +84,12 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); - expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId()); + const expectedRule = updateUsername( + getSimpleRuleOutputWithoutRuleId(), + ELASTICSEARCH_USERNAME + ); + + expect(bodyToCompare).to.eql(expectedRule); }); it('should return 404 if given a fake id', async () => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/date.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/date.ts index c3cedb6daf88f..b9a98e103dc3d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/date.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/date.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/double.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/double.ts index 9f2673b8542a3..3f895becf489b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/double.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/double.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/float.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/float.ts index 850276622cc6e..5cfc93968ac23 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/float.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/float.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/integer.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/integer.ts index fe26c4a2d729e..35875b5695b19 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/integer.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/integer.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/ip.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/ip.ts index ca09070e46763..770f5110957b5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/ip.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/ip.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/ip_array.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/ip_array.ts index 0c2808ee252a4..070c57f7c8a6b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/ip_array.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/ip_array.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/keyword.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/keyword.ts index 9d4b1bfd80a19..f2780754a478d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/keyword.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/keyword.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/keyword_array.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/keyword_array.ts index 284d20adfc3ee..824d0bb4ac5cc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/keyword_array.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/keyword_array.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/long.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/long.ts index 497f24ec217a8..8ebc42298a1d0 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/long.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/long.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/text.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/text.ts index 8713cc8ce859c..75d0dd9e89508 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/text.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/text.ts @@ -13,7 +13,7 @@ import { deleteListsIndex, importFile, importTextFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/text_array.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/text_array.ts index 8c4a265a182bd..6c06bd868411e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/text_array.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/text_array.ts @@ -12,7 +12,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../../lists_and_exception_lists/utils'; +} from '../../../../../value_lists_and_exception_lists/utils'; import { createRule, createRuleWithExceptionEntries, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_endpoint_exceptions.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_endpoint_exceptions.ts index 0d908b7449126..25e577c8ca0d3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_endpoint_exceptions.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_endpoint_exceptions.ts @@ -24,7 +24,7 @@ import { createListsIndex, deleteAllExceptions, deleteListsIndex, -} from '../../../../lists_and_exception_lists/utils'; +} from '../../../../value_lists_and_exception_lists/utils'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_rule_exceptions.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_rule_exceptions.ts index 1f1e4d91d4a09..2d2adf963de38 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_rule_exceptions.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_rule_exceptions.ts @@ -31,7 +31,7 @@ import { import { deleteAllExceptions, removeExceptionListItemServerGeneratedProperties, -} from '../../../../lists_and_exception_lists/utils'; +} from '../../../../value_lists_and_exception_lists/utils'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; const getRuleExceptionItemMock = (): CreateRuleExceptionListItemSchema => ({ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/find_rule_exception_references.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/find_rule_exception_references.ts index 87f9c4a17914b..2c8ea057b8516 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/find_rule_exception_references.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/find_rule_exception_references.ts @@ -30,7 +30,7 @@ import { deleteAllAlerts, createAlertsIndex, } from '../../../utils'; -import { deleteAllExceptions } from '../../../../lists_and_exception_lists/utils'; +import { deleteAllExceptions } from '../../../../value_lists_and_exception_lists/utils'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_add_edit_comments.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_add_edit_comments.ts index 8e36816213cff..a13bdd9dc3b16 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_add_edit_comments.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_add_edit_comments.ts @@ -18,7 +18,7 @@ import { getCreateExceptionListItemMinimalSchemaMock } from '@kbn/lists-plugin/c import { ROLES } from '@kbn/security-solution-plugin/common/test'; import { getUpdateMinimalExceptionListItemSchemaMock } from '@kbn/lists-plugin/common/schemas/request/update_exception_list_item_schema.mock'; import { UpdateExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; -import { deleteAllExceptions } from '../../../../lists_and_exception_lists/utils'; +import { deleteAllExceptions } from '../../../../value_lists_and_exception_lists/utils'; import { createUserAndRole, deleteUserAndRole, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_rule_exceptions_workflows.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_rule_exceptions_workflows.ts index 870df90d3e475..b9c6a81587b4a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_rule_exceptions_workflows.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_rule_exceptions_workflows.ts @@ -60,7 +60,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../lists_and_exception_lists/utils'; +} from '../../../../value_lists_and_exception_lists/utils'; import { createUserAndRole, deleteUserAndRole, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/rule_exception_synchronizations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/rule_exception_synchronizations.ts index 7bbfcf5659420..29cf73994fa0c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/rule_exception_synchronizations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/rule_exception_synchronizations.ts @@ -30,7 +30,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../lists_and_exception_lists/utils'; +} from '../../../../value_lists_and_exception_lists/utils'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/esql.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/esql.ts index cb0f31ad25460..2ae1c9e1101fd 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/esql.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/esql.ts @@ -26,7 +26,7 @@ import { removeRandomValuedPropertiesFromAlert, patchRule, } from '../../../utils'; -import { deleteAllExceptions } from '../../../../lists_and_exception_lists/utils'; +import { deleteAllExceptions } from '../../../../value_lists_and_exception_lists/utils'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/machine_learning.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/machine_learning.ts index d58227377f116..b569b443013de 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/machine_learning.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/machine_learning.ts @@ -32,7 +32,7 @@ import { deleteAllExceptions, deleteListsIndex, importFile, -} from '../../../../lists_and_exception_lists/utils'; +} from '../../../../value_lists_and_exception_lists/utils'; import { createRule, deleteAllRules, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/new_terms.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/new_terms.ts index 8a47aeaa89bdc..0d7572144fcea 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/new_terms.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/new_terms.ts @@ -24,7 +24,7 @@ import { previewRuleWithExceptionEntries, removeRandomValuedPropertiesFromAlert, } from '../../../utils'; -import { deleteAllExceptions } from '../../../../lists_and_exception_lists/utils'; +import { deleteAllExceptions } from '../../../../value_lists_and_exception_lists/utils'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/query.ts index 19c02fe389fe4..3b14ca0044201 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/query.ts @@ -46,7 +46,7 @@ import { } from '@kbn/security-solution-plugin/common/constants'; import { getMaxSignalsWarning as getMaxAlertsWarning } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/utils/utils'; import moment from 'moment'; -import { deleteAllExceptions } from '../../../../lists_and_exception_lists/utils'; +import { deleteAllExceptions } from '../../../../value_lists_and_exception_lists/utils'; import { createExceptionList, createExceptionListItem, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/all_types.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/all_types.ts index 59da2429f01e8..44309fb148e79 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/all_types.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/all_types.ts @@ -14,7 +14,7 @@ import { getSecurityTelemetryStats, removeTimeFieldsFromTelemetryStats, } from '../../../utils'; -import { deleteAllExceptions } from '../../../../lists_and_exception_lists/utils'; +import { deleteAllExceptions } from '../../../../value_lists_and_exception_lists/utils'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/detection_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/detection_rules.ts index 1298e9aeb9eaa..6bde485d66f6e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/detection_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/detection_rules.ts @@ -23,7 +23,7 @@ import { createExceptionListItem, removeTimeFieldsFromTelemetryStats, } from '../../../utils'; -import { deleteAllExceptions } from '../../../../lists_and_exception_lists/utils'; +import { deleteAllExceptions } from '../../../../value_lists_and_exception_lists/utils'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/security_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/security_lists.ts index 3a4e8cb4c3ea3..39ab3246a55c3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/security_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/task_based/security_lists.ts @@ -20,7 +20,7 @@ import { createExceptionList, removeTimeFieldsFromTelemetryStats, } from '../../../utils'; -import { deleteAllExceptions } from '../../../../lists_and_exception_lists/utils'; +import { deleteAllExceptions } from '../../../../value_lists_and_exception_lists/utils'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_complex_rule_output.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_complex_rule_output.ts index ff75d5a065d97..00fe485f07f79 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_complex_rule_output.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_complex_rule_output.ts @@ -15,11 +15,12 @@ import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/dete */ export const getComplexRuleOutput = ( ruleId = 'rule-1', - enabled = false + enabled = false, + user = 'elastic' ): Partial => ({ actions: [], author: [], - created_by: 'elastic', + created_by: user, name: 'Complex Rule Query', description: 'Complex Rule Query', false_positives: [ @@ -97,7 +98,7 @@ export const getComplexRuleOutput = ( ], timeline_id: 'timeline_id', timeline_title: 'timeline_title', - updated_by: 'elastic', + updated_by: user, note: '# some investigation documentation', version: 1, query: 'user.name: root or user.name: admin', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_output.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_output.ts index 0a9eec4906a14..fe02bb1410ce8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_output.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_output.ts @@ -13,11 +13,12 @@ import { removeServerGeneratedProperties } from './remove_server_generated_prope export const getMockSharedResponseSchema = ( ruleId = 'rule-1', - enabled = false + enabled = false, + user = 'elastic' ): SharedResponseProps => ({ actions: [], author: [], - created_by: 'elastic', + created_by: user, description: 'Simple Rule Query', enabled, false_positives: [], @@ -36,7 +37,7 @@ export const getMockSharedResponseSchema = ( setup: '', severity: 'high' as const, severity_mapping: [], - updated_by: 'elastic', + updated_by: user, tags: [], to: 'now', threat: [], @@ -63,8 +64,12 @@ export const getMockSharedResponseSchema = ( investigation_fields: undefined, }); -const getQueryRuleOutput = (ruleId = 'rule-1', enabled = false): RuleResponse => ({ - ...getMockSharedResponseSchema(ruleId, enabled), +const getQueryRuleOutput = ( + ruleId = 'rule-1', + enabled = false, + user = 'elastic' +): RuleResponse => ({ + ...getMockSharedResponseSchema(ruleId, enabled, user), index: ['auditbeat-*'], language: 'kuery', query: 'user.name: root or user.name: admin', @@ -80,6 +85,6 @@ const getQueryRuleOutput = (ruleId = 'rule-1', enabled = false): RuleResponse => * This is the typical output of a simple rule that Kibana will output with all the defaults * except for the server generated properties. Useful for testing end to end tests. */ -export const getSimpleRuleOutput = (ruleId = 'rule-1', enabled = false) => { - return removeServerGeneratedProperties(getQueryRuleOutput(ruleId, enabled)); +export const getSimpleRuleOutput = (ruleId = 'rule-1', enabled = false, user = 'elastic') => { + return removeServerGeneratedProperties(getQueryRuleOutput(ruleId, enabled, user)); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_output_without_rule_id.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_output_without_rule_id.ts index 56b5ab66773bb..9b29366e497ba 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_output_without_rule_id.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_simple_rule_output_without_rule_id.ts @@ -13,9 +13,11 @@ import { RuleWithoutServerGeneratedProperties } from './remove_server_generated_ * for all the server generated properties such as created_by. Useful for testing end to end tests. */ export const getSimpleRuleOutputWithoutRuleId = ( - ruleId = 'rule-1' + ruleId = 'rule-1', + enabled = false, + user = 'elastic' ): Omit => { - const rule = getSimpleRuleOutput(ruleId); + const rule = getSimpleRuleOutput(ruleId, enabled, user); const { rule_id: rId, ...ruleWithoutRuleId } = rule; return ruleWithoutRuleId; }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts index 90f3ae07871c8..bd9145e05c315 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts @@ -35,6 +35,12 @@ export * from './generate_event'; export * from './get_simple_threat_match'; export * from './get_simple_ml_rule'; export * from './get_simple_ml_rule_update'; +export * from './get_simple_rule_output_without_rule_id'; +export * from './get_simple_rule_without_rule_id'; +export * from './get_complex_rule'; +export * from './get_complex_rule_output'; +export * from './get_rule_params'; +export * from './get_simple_rule_update'; export * from './get_simple_ml_rule_output'; export * from './get_simple_rule_output_without_rule_id'; export * from './get_simple_rule_without_rule_id'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/configs/ess.config.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/configs/ess.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/configs/serverless.config.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/configs/serverless.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/index.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/create_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/create_exception_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/create_exception_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/create_exception_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/delete_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/delete_exception_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/delete_exception_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/delete_exception_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/find_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/find_exception_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/find_exception_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/find_exception_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/index.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/read_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/read_exception_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/read_exception_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/read_exception_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/update_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/update_exception_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/items/update_exception_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/items/update_exception_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/create_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/create_exception_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/create_exception_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/create_exception_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/delete_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/delete_exception_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/delete_exception_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/delete_exception_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/duplicate_exception_list.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/duplicate_exception_list.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/duplicate_exception_list.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/duplicate_exception_list.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/export_exception_list.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/export_exception_list.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/export_exception_list.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/export_exception_list.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/find_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/find_exception_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/find_exception_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/find_exception_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/get_exception_filter.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/get_exception_filter.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/get_exception_filter.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/get_exception_filter.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/import_exceptions.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/import_exceptions.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/import_exceptions.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/import_exceptions.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/index.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/read_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/read_exception_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/read_exception_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/read_exception_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/summary_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/summary_exception_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/summary_exception_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/summary_exception_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/update_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/update_exception_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/lists/update_exception_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/exception_lists/lists/update_exception_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/configs/ess.config.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/configs/ess.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/configs/serverless.config.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/configs/serverless.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/index.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/create_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/create_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/create_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/create_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/delete_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/delete_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/delete_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/delete_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/export_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/export_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/export_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/export_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/find_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/find_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/find_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/find_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/import_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/import_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/import_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/import_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/import_list_items_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/import_list_items_migrations.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/import_list_items_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/import_list_items_migrations.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/index.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/patch_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/patch_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/patch_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/patch_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/patch_list_items_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/patch_list_items_migrations.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/patch_list_items_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/patch_list_items_migrations.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/read_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/read_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/read_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/read_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/update_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/update_list_items.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/update_list_items.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/update_list_items.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/update_list_items_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/update_list_items_migrations.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/items/update_list_items_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/items/update_list_items_migrations.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/create_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/create_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/create_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/create_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/create_lists_index.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/create_lists_index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/create_lists_index.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/create_lists_index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/create_lists_index_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/create_lists_index_migrations.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/create_lists_index_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/create_lists_index_migrations.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/delete_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/delete_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/delete_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/delete_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/find_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/find_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/find_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/find_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/find_lists_by_size.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/find_lists_by_size.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/find_lists_by_size.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/find_lists_by_size.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/index.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/patch_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/patch_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/patch_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/patch_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/patch_lists_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/patch_lists_migrations.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/patch_lists_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/patch_lists_migrations.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/read_list_privileges.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/read_list_privileges.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/read_list_privileges.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/read_list_privileges.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/read_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/read_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/read_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/read_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/update_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/update_lists.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/update_lists.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/update_lists.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/update_lists_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/update_lists_migrations.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/lists/update_lists_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/default_license/value_lists/lists/update_lists_migrations.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/utils.ts b/x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/utils.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/utils.ts rename to x-pack/test/security_solution_api_integration/test_suites/value_lists_and_exception_lists/utils.ts diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/import_timelines.ts b/x-pack/test/timeline/security_and_spaces/tests/basic/import_timelines.ts similarity index 99% rename from x-pack/test/detection_engine_api_integration/basic/tests/import_timelines.ts rename to x-pack/test/timeline/security_and_spaces/tests/basic/import_timelines.ts index a1c34b51e12d5..4c9b82f0825cc 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/import_timelines.ts +++ b/x-pack/test/timeline/security_and_spaces/tests/basic/import_timelines.ts @@ -9,8 +9,8 @@ import expect from '@kbn/expect'; import { TIMELINE_IMPORT_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { deleteAllTimelines } from '../../utils'; +import { FtrProviderContext } from '../../../common/ftr_provider_context'; +import { deleteAllTimelines } from '../../../utils'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/install_prepackaged_timelines.ts b/x-pack/test/timeline/security_and_spaces/tests/basic/install_prepackaged_timelines.ts similarity index 87% rename from x-pack/test/detection_engine_api_integration/basic/tests/install_prepackaged_timelines.ts rename to x-pack/test/timeline/security_and_spaces/tests/basic/install_prepackaged_timelines.ts index 6047bc21d0c39..fddc9317dcff9 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/install_prepackaged_timelines.ts +++ b/x-pack/test/timeline/security_and_spaces/tests/basic/install_prepackaged_timelines.ts @@ -8,14 +8,8 @@ import expect from '@kbn/expect'; import { TIMELINE_PREPACKAGED_URL } from '@kbn/security-solution-plugin/common/constants'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { - createSignalsIndex, - deleteAllRules, - deleteAllTimelines, - deleteAllAlerts, - waitFor, -} from '../../utils'; +import { FtrProviderContext } from '../../../common/ftr_provider_context'; +import { deleteAllTimelines, waitFor } from '../../../utils'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { @@ -25,13 +19,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('install_prepackaged_timelines', () => { describe('creating prepackaged rules', () => { - beforeEach(async () => { - await createSignalsIndex(supertest, log); - }); - afterEach(async () => { - await deleteAllAlerts(supertest, log, es); - await deleteAllRules(supertest, log); await deleteAllTimelines(es); }); diff --git a/x-pack/test/detection_engine_api_integration/utils/delete_all_timelines.ts b/x-pack/test/timeline/utils/delete_all_timelines.ts similarity index 100% rename from x-pack/test/detection_engine_api_integration/utils/delete_all_timelines.ts rename to x-pack/test/timeline/utils/delete_all_timelines.ts diff --git a/x-pack/test/detection_engine_api_integration/common/services.ts b/x-pack/test/timeline/utils/index.ts similarity index 78% rename from x-pack/test/detection_engine_api_integration/common/services.ts rename to x-pack/test/timeline/utils/index.ts index 7e415338c405f..d43b824d2b428 100644 --- a/x-pack/test/detection_engine_api_integration/common/services.ts +++ b/x-pack/test/timeline/utils/index.ts @@ -5,4 +5,5 @@ * 2.0. */ -export { services } from '../../api_integration/services'; +export * from './delete_all_timelines'; +export * from './wait_for'; diff --git a/x-pack/test/detection_engine_api_integration/utils/wait_for.ts b/x-pack/test/timeline/utils/wait_for.ts similarity index 100% rename from x-pack/test/detection_engine_api_integration/utils/wait_for.ts rename to x-pack/test/timeline/utils/wait_for.ts