From 9bcf021edd9a7b74310aa7f75e9d5836a0577797 Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Wed, 26 Feb 2025 13:13:11 +0100 Subject: [PATCH 01/13] Allow exporting prebuilt rules --- .../ftr_security_serverless_configs.yml | 4 ++ .buildkite/ftr_security_stateful_configs.yml | 4 ++ .../api/rules/bulk_actions/route.ts | 11 +++- .../api/rules/export_rules/route.ts | 15 +++-- .../logic/export/get_export_all.ts | 5 +- .../logic/export/get_export_by_object_ids.ts | 9 ++- .../package.json | 22 ++++++- .../customization_disabled/bulk_export.ts | 55 ++++++++++++++++ .../configs/ess.config.ts | 25 ++++++++ .../configs/serverless.config.ts | 17 +++++ .../export/customization_disabled/index.ts | 14 +++++ .../customization_enabled/bulk_export.ts | 63 +++++++++++++++++++ .../configs/ess.config.ts | 35 +++++++++++ .../configs/serverless.config.ts | 21 +++++++ .../export/customization_enabled/index.ts | 14 +++++ .../configs/ess.config.ts | 3 +- .../configs/serverless.config.ts | 2 +- .../configs/ess.config.ts | 25 ++++++++ .../configs/serverless.config.ts | 17 +++++ .../customization_disabled/export_rules.ts | 49 +++++++++++++++ .../customization_disabled/index.ts | 14 +++++ .../configs/ess.config.ts | 35 +++++++++++ .../customization_enabled/export_rules.ts | 58 +++++++++++++++++ .../customization_enabled/index.ts | 14 +++++ 24 files changed, 515 insertions(+), 16 deletions(-) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/bulk_export.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/bulk_export.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/export_rules.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/export_rules.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/index.ts diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index a9aa17fffc6b6..05bbc3c9d2310 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -83,11 +83,15 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index 65ccf94a9d6d2..d29156c806d3b 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -64,11 +64,15 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts index d8ffbb9f68301..484f6d3217216 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts @@ -43,6 +43,7 @@ import { bulkEnableDisableRules } from './bulk_enable_disable_rules'; import { fetchRulesByQueryOrIds } from './fetch_rules_by_query_or_ids'; import { bulkScheduleBackfill } from './bulk_schedule_rule_run'; import { createPrebuiltRuleAssetsClient } from '../../../../prebuilt_rules/logic/rule_assets/prebuilt_rule_assets_client'; +import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; const MAX_RULES_TO_PROCESS_TOTAL = 10000; // Set a lower limit for bulk edit as the rules client might fail with a "Query @@ -277,6 +278,14 @@ export const performBulkActionRoute = ( break; } case BulkActionTypeEnum.export: { + const prebuiltRulesCustomizationStatus = + detectionRulesClient.getRuleCustomizationStatus(); + + const isPrebuiltRulesExportAllowed = + prebuiltRulesCustomizationStatus.isRulesCustomizationEnabled || + prebuiltRulesCustomizationStatus.customizationDisabledReason === + PrebuiltRulesCustomizationDisabledReason.License; + const exported = await getExportByObjectIds( rulesClient, exceptionsClient, @@ -284,7 +293,7 @@ export const performBulkActionRoute = ( exporter, request, actionsClient, - detectionRulesClient.getRuleCustomizationStatus().isRulesCustomizationEnabled + isPrebuiltRulesExportAllowed ); const responseBody = `${exported.rulesNdjson}${exported.exceptionLists}${exported.actionConnectors}${exported.exportDetails}`; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts index aa4c69b324877..1a3afe7dd0207 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts @@ -23,6 +23,7 @@ import { getExportByObjectIds } from '../../../logic/export/get_export_by_object import { getExportAll } from '../../../logic/export/get_export_all'; import { buildSiemResponse } from '../../../../routes/utils'; import { RULE_MANAGEMENT_IMPORT_EXPORT_SOCKET_TIMEOUT_MS } from '../../timeouts'; +import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; export const exportRulesRoute = ( router: SecuritySolutionPluginRouter, @@ -73,7 +74,12 @@ export const exportRulesRoute = ( const client = getClient({ includedHiddenTypes: ['action'] }); const actionsExporter = getExporter(client); - const { isRulesCustomizationEnabled } = detectionRulesClient.getRuleCustomizationStatus(); + const prebuiltRulesCustomizationStatus = detectionRulesClient.getRuleCustomizationStatus(); + + const isPrebuiltRulesExportAllowed = + prebuiltRulesCustomizationStatus.isRulesCustomizationEnabled || + prebuiltRulesCustomizationStatus.customizationDisabledReason === + PrebuiltRulesCustomizationDisabledReason.License; try { const exportSizeLimit = config.maxRuleImportExportSize; @@ -85,7 +91,7 @@ export const exportRulesRoute = ( } else { let rulesCount = 0; - if (isRulesCustomizationEnabled) { + if (isPrebuiltRulesExportAllowed) { rulesCount = await getRulesCount({ rulesClient, filter: '', @@ -95,6 +101,7 @@ export const exportRulesRoute = ( rulesClient, }); } + if (rulesCount > exportSizeLimit) { return siemResponse.error({ statusCode: 400, @@ -112,7 +119,7 @@ export const exportRulesRoute = ( actionsExporter, request, actionsClient, - isRulesCustomizationEnabled + isPrebuiltRulesExportAllowed ) : await getExportAll( rulesClient, @@ -120,7 +127,7 @@ export const exportRulesRoute = ( actionsExporter, request, actionsClient, - isRulesCustomizationEnabled + isPrebuiltRulesExportAllowed ); const responseBody = request.query.exclude_export_details diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts index 4407a15622cd6..b8d341164c8c7 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts @@ -24,15 +24,14 @@ export const getExportAll = async ( actionsExporter: ISavedObjectsExporter, request: KibanaRequest, actionsClient: ActionsClient, - prebuiltRulesCustomizationEnabled?: boolean + isPrebuiltRulesExportAllowed?: boolean ): Promise<{ rulesNdjson: string; exportDetails: string; exceptionLists: string | null; actionConnectors: string; - prebuiltRulesCustomizationEnabled?: boolean; }> => { - const ruleAlertTypes = prebuiltRulesCustomizationEnabled + const ruleAlertTypes = isPrebuiltRulesExportAllowed ? await getRules({ rulesClient, filter: '' }) : await getNonPackagedRules({ rulesClient }); const rules = transformAlertsToRules(ruleAlertTypes); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts index 02355d39e7e6d..9924b4519c3f0 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts @@ -30,19 +30,18 @@ export const getExportByObjectIds = async ( actionsExporter: ISavedObjectsExporter, request: KibanaRequest, actionsClient: ActionsClient, - prebuiltRulesCustomizationEnabled?: boolean + isPrebuiltRulesExportAllowed?: boolean ): Promise<{ rulesNdjson: string; exportDetails: string; exceptionLists: string | null; actionConnectors: string; - prebuiltRulesCustomizationEnabled?: boolean; }> => withSecuritySpan('getExportByObjectIds', async () => { const rulesAndErrors = await fetchRulesByIds( rulesClient, ruleIds, - prebuiltRulesCustomizationEnabled + isPrebuiltRulesExportAllowed ); const { rules, missingRuleIds } = rulesAndErrors; @@ -83,7 +82,7 @@ interface FetchRulesResult { const fetchRulesByIds = async ( rulesClient: RulesClient, ruleIds: string[], - prebuiltRulesCustomizationEnabled?: boolean + isPrebuiltRulesExportAllowed?: boolean ): Promise => { // It's important to avoid too many clauses in the request otherwise ES will fail to process the request // with `too_many_clauses` error (see https://github.com/elastic/kibana/issues/170015). The clauses limit @@ -117,7 +116,7 @@ const fetchRulesByIds = async ( return matchingRule != null && hasValidRuleType(matchingRule) && - (prebuiltRulesCustomizationEnabled || matchingRule.params.immutable !== true) + (isPrebuiltRulesExportAllowed || matchingRule.params.immutable !== true) ? { rule: transformRuleToExportableFormat(internalRuleToAPIResponse(matchingRule)), } diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index 4e10d70f67fad..7b3b670fcafd7 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -443,6 +443,16 @@ "rule_import_export:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_import_export ess", "rule_import_export:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_import_export ess essEnv", + "rule_export:customization_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management customization_disabled rule_import_export ess", + "rule_export:customization_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management customization_disabled rule_import_export ess essEnv", + "rule_export:customization_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management customization_disabled rule_bulk_actions/export serverless", + "rule_export:customization_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management customization_disabled rule_bulk_actions/export serverless serverlessEnv", + + "rule_export:customization_enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management customization_enabled rule_import_export ess", + "rule_export:customization_enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management customization_enabled rule_import_export ess essEnv", + "rule_export:customization_enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management customization_enabled rule_bulk_actions/export serverless", + "rule_export:customization_enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management customization_enabled rule_bulk_actions/export serverless serverlessEnv", + "rule_management:server:serverless": "npm run initialize-server:rm rule_management serverless", "rule_management:runner:serverless": "npm run run-tests:rm rule_management serverless serverlessEnv", "rule_management:qa:serverless": "npm run run-tests:rm rule_management serverless qaPeriodicEnv", @@ -457,6 +467,16 @@ "rule_bulk_actions:server:ess": "npm run initialize-server:rm rule_bulk_actions ess", "rule_bulk_actions:runner:ess": "npm run run-tests:rm rule_bulk_actions ess essEnv", + "rule_bulk_actions_export:customization_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management customization_disabled rule_bulk_actions/export ess", + "rule_bulk_actions_export:customization_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management customization_disabled rule_bulk_actions/export ess essEnv", + "rule_bulk_actions_export:customization_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management customization_disabled rule_bulk_actions/export serverless", + "rule_bulk_actions_export:customization_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management customization_disabled rule_bulk_actions/export serverless serverlessEnv", + + "rule_bulk_actions_export:customization_enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management customization_enabled rule_bulk_actions/export ess", + "rule_bulk_actions_export:customization_enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management customization_enabled rule_bulk_actions/export ess essEnv", + "rule_bulk_actions_export:customization_enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management customization_enabled rule_bulk_actions/export serverless", + "rule_bulk_actions_export:customization_enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management customization_enabled rule_bulk_actions/export serverless serverlessEnv", + "rule_read:server:serverless": "npm run initialize-server:rm rule_read serverless", "rule_read:runner:serverless": "npm run run-tests:rm rule_read serverless serverlessEnv", "rule_read:qa:serverless": "npm run run-tests:rm rule_read serverless qaPeriodicEnv", @@ -542,4 +562,4 @@ "siem_migrations_rules:server:ess": "npm run initialize-server:siem_migrations:trial_complete rules ess", "siem_migrations_rules:runner:ess": "npm run run-tests:siem_migrations:trial_complete rules ess essEnv" } -} \ No newline at end of file +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/bulk_export.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/bulk_export.ts new file mode 100644 index 0000000000000..18ac23c1cb185 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/bulk_export.ts @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + binaryToString, + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + installPrebuiltRules, +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Bulk action - Export - Customization Disabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`doesn't export prebuilt rules if the feature flag is disabled`, async () => { + const ruleAsset = createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const findResponse = await securitySolutionApi.findRules({ query: {} }); + const installedRule = findResponse.body.data[0]; + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, + }) + .expect(200) + .parse(binaryToString); + + const exportDetails = JSON.parse(body.toString()); + + expect(exportDetails).toMatchObject({ + missing_rules: [{ rule_id: 'rule-1' }], + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts new file mode 100644 index 0000000000000..f3ef7ef4fc888 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../../config/ess/config.base.basic') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export with feature flag disabled - ESS Env', + }, + }; + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts new file mode 100644 index 0000000000000..9e6adb31219d6 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export with feature flag enabled - Serverless Env', + }, + kbnTestServerArgs: [], +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/index.ts new file mode 100644 index 0000000000000..12c23d5985858 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Bulk Action API - Export - Customization Disabled', function () { + loadTestFile(require.resolve('./bulk_export')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/bulk_export.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/bulk_export.ts new file mode 100644 index 0000000000000..4a15e71560980 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/bulk_export.ts @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + binaryToString, + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + installPrebuiltRules, +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Bulk action - Export - Customization Enabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`exports prebuilt rules if the feature flag is enabled`, async () => { + const ruleAsset = createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const findResponse = await securitySolutionApi.findRules({ query: {} }); + const installedRule = findResponse.body.data[0]; + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, + }) + .expect(200) + .parse(binaryToString); + + const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); + + expect(JSON.parse(ruleJson)).toMatchObject({ + id: installedRule.id, + rule_source: { + type: 'external', + is_customized: false, + }, + }); + + expect(JSON.parse(exportDetailsJson)).toMatchObject({ + missing_rules: [], + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts new file mode 100644 index 0000000000000..45b97b84164e3 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../../config/ess/config.base.basic') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export with feature flag enabled - ESS Env', + }, + }; + + testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { + // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature + if (arg.includes('--xpack.securitySolution.enableExperimental')) { + return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`; + } + return arg; + }); + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts new file mode 100644 index 0000000000000..17cf04bb2947e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export with feature flag enabled - Serverless Env', + }, + kbnTestServerArgs: [ + `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`, + ], +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/index.ts new file mode 100644 index 0000000000000..2ba66048de88a --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Bulk Action API - Export - Customization Enabled', function () { + loadTestFile(require.resolve('./bulk_export')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts index c71cfab3cc9fd..65cafaacac6d5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts @@ -16,7 +16,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rules Management - Rule Patch Integration Tests - ESS Env - Basic License', + reportName: + 'Rules Management - Rule Import/Export Integration Tests - ESS Env - Basic License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts index de3421e190305..a3f1d766fbfdf 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Patch Integration Tests - Serverless Env - Essentials Tier ', + 'Rules Management - Rule Import/Export Integration Tests - Serverless Env - Essentials Tier', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts new file mode 100644 index 0000000000000..ff55bc6f55cbe --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../config/ess/config.base.basic') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import/Export Integration Tests - Customization disabled - ESS Env', + }, + }; + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts new file mode 100644 index 0000000000000..ccede03e0d8f7 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import/Export Integration Tests - Customization disabled - Serverless Env', + }, + kbnTestServerArgs: [], +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/export_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/export_rules.ts new file mode 100644 index 0000000000000..d9e89391b50c3 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/export_rules.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { + binaryToString, + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + installPrebuiltRules, +} from '../../../utils'; +import { deleteAllRules } from '../../../../../../common/utils/security_solution'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Export - Customization Disabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`doesn't export prebuilt rules if the feature flag is disabled`, async () => { + const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) + .expect(200) + .parse(binaryToString); + + const exportDetails = JSON.parse(body.toString()); + + expect(exportDetails).toMatchObject({ + exported_rules_count: 0, + missing_rules: [], // Prebuilt rules are not in missing rules + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/index.ts new file mode 100644 index 0000000000000..d291b9cbad3e3 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Import & Export APIs (customization disabled)', function () { + loadTestFile(require.resolve('./export_rules')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts new file mode 100644 index 0000000000000..ecdb4b4ad729f --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../config/ess/config.base.basic') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import/Export Integration Tests - Customization enabled - ESS Env', + }, + }; + + testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { + // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature + if (arg.includes('--xpack.securitySolution.enableExperimental')) { + return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`; + } + return arg; + }); + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/export_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/export_rules.ts new file mode 100644 index 0000000000000..529bfa06c9a08 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/export_rules.ts @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { + binaryToString, + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + installPrebuiltRules, +} from '../../../utils'; +import { deleteAllRules } from '../../../../../../common/utils/security_solution'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Export - Customization Enabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`exports prebuilt rules if the feature flag is enabled`, async () => { + const ruleId = 'prebuilt-rule-1'; + const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) + .expect(200) + .parse(binaryToString); + + const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); + + expect(JSON.parse(ruleJson)).toMatchObject({ + rule_id: ruleId, + rule_source: { + type: 'external', + is_customized: false, + }, + }); + + expect(JSON.parse(exportDetailsJson)).toMatchObject({ + exported_rules_count: 1, + missing_rules: [], + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/index.ts new file mode 100644 index 0000000000000..cc61afaaac3d9 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Import & Export APIs (customization enabled)', function () { + loadTestFile(require.resolve('./export_rules')); + }); +} From 9e753711b4b52a7e01c0a4af0e7e8ebd2af9f800 Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Mon, 3 Mar 2025 10:54:06 +0100 Subject: [PATCH 02/13] WIP --- .../ftr_security_serverless_configs.yml | 10 ++- .buildkite/ftr_security_stateful_configs.yml | 7 +- .../api/rules/import_rules/route.ts | 9 ++- .../logic/bulk_actions/validations.ts | 4 +- .../methods/import_rules.ts | 23 ++++++ .../package.json | 44 ++++++++--- .../customization_disabled/export_rules.ts | 49 ------------- .../allowed_exporting_prebuilt_rules.ts} | 6 +- .../configs/ess_basic_license.config.ts} | 4 +- .../serverless_essentials_tier.config.ts | 21 ++++++ .../feature_enabled}/index.ts | 6 +- .../ess_feature_flag_disabled.config.ts} | 4 +- ...erverless_feature_flag_disabled.config.ts} | 4 +- .../feature_flag_disabled/index.ts | 14 ++++ ...wed_importing_customized_prebuilt_rules.ts | 66 +++++++++++++++++ .../configs/ess_basic_license.config.ts | 35 +++++++++ .../serverless_essentials_tier.config.ts | 21 ++++++ .../license_insufficient/index.ts | 14 ++++ ...wed_importing_customized_prebuilt_rules.ts | 66 +++++++++++++++++ ...wed_importing_customized_prebuilt_rules.ts | 73 +++++++++++++++++++ .../configs/ess_enterprise_license.config.ts | 35 +++++++++ .../serverless_complete_tier.config.ts | 21 ++++++ .../feature_enabled}/index.ts | 6 +- .../ess_feature_flag_disabled.config.ts | 25 +++++++ ...serverless_feature_flag_disabled.config.ts | 17 +++++ .../feature_disabled/index.ts | 14 ++++ ...importing_non_customized_prebuilt_rules.ts | 55 ++++++++++++++ ...importing_non_customized_prebuilt_rules.ts | 65 +++++++++++++++++ .../configs/ess_basic_license.config.ts | 35 +++++++++ .../serverless_essentials_tier.config.ts | 21 ++++++ .../feature_enabled/index.ts | 14 ++++ .../import_rules.ts | 1 + .../yarn.lock | 4 + 33 files changed, 711 insertions(+), 82 deletions(-) delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/export_rules.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/{customization_enabled/export_rules.ts => export_prebuilt_rules/feature_enabled/allowed_exporting_prebuilt_rules.ts} (90%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/{customization_enabled/configs/ess.config.ts => export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts} (86%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/{customization_enabled => export_prebuilt_rules/feature_enabled}/index.ts (58%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/{customization_disabled/configs/ess.config.ts => import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts} (76%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/{customization_disabled/configs/serverless.config.ts => import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts} (65%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/not_allowed_importing_customized_prebuilt_rules.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/not_allowed_importing_customized_prebuilt_rules.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/{customization_disabled => import_customized_prebuilt_rules/feature_enabled}/index.ts (56%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/not_allowed_importing_non_customized_prebuilt_rules.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts create mode 100644 x-pack/test/security_solution_api_integration/yarn.lock diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 05bbc3c9d2310..698f30991a9b1 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -88,10 +88,12 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index d29156c806d3b..3d8ca75342f14 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -72,8 +72,13 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/ess.config.ts diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts index c5ab3b6700855..616a8a2a396d8 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts @@ -39,6 +39,7 @@ import { migrateLegacyActionsIds, } from '../../../utils/utils'; import { RULE_MANAGEMENT_IMPORT_EXPORT_SOCKET_TIMEOUT_MS } from '../../timeouts'; +import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; const CHUNK_PARSED_OBJECT_SIZE = 50; @@ -86,7 +87,7 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C ]); const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient(); - const { isRulesCustomizationEnabled } = detectionRulesClient.getRuleCustomizationStatus(); + const ruleCustomizationStatus = detectionRulesClient.getRuleCustomizationStatus(); const actionsClient = ctx.actions.getActionsClient(); const actionSOClient = ctx.core.savedObjects.getClient({ includedHiddenTypes: ['action'], @@ -166,7 +167,11 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C let importRuleResponse: ImportRuleResponse[] = []; - if (isRulesCustomizationEnabled) { + if ( + ruleCustomizationStatus.isRulesCustomizationEnabled || + ruleCustomizationStatus.customizationDisabledReason === + PrebuiltRulesCustomizationDisabledReason.License + ) { importRuleResponse = await importRules({ ruleChunks, overwriteRules: request.query.overwrite, diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts index 2ffdf1b0dbc15..caec786fb2ab6 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts @@ -104,7 +104,7 @@ export const validateBulkEditRule = async ({ } // Rule customization is disabled; only certain actions can be applied to immutable rules - const canRuleBeEdited = istEditApplicableToImmutableRule(edit); + const canRuleBeEdited = isEditApplicableToImmutableRule(edit); if (!canRuleBeEdited) { await throwDryRunError( () => invariant(canRuleBeEdited, "Elastic rule can't be edited"), @@ -120,7 +120,7 @@ export const validateBulkEditRule = async ({ /** * add_rule_actions, set_rule_actions can be applied to prebuilt/immutable rules */ -const istEditApplicableToImmutableRule = (edit: BulkActionEditPayload[]): boolean => { +const isEditApplicableToImmutableRule = (edit: BulkActionEditPayload[]): boolean => { const applicableActions: BulkActionEditType[] = [ BulkActionEditTypeEnum.set_rule_actions, BulkActionEditTypeEnum.add_rule_actions, diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts index 0a66813289290..c4f37649f35f6 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts @@ -19,6 +19,7 @@ import { import { checkRuleExceptionReferences } from '../../import/check_rule_exception_references'; import { getReferencedExceptionLists } from '../../import/gather_referenced_exceptions'; import type { IDetectionRulesClient } from '../detection_rules_client_interface'; +import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; /** * Imports rules @@ -39,6 +40,8 @@ export const importRules = async ({ rules: RuleToImport[]; savedObjectsClient: SavedObjectsClientContract; }): Promise> => { + const ruleCustomizationStatus = detectionRulesClient.getRuleCustomizationStatus(); + const existingLists = await getReferencedExceptionLists({ rules, savedObjectsClient, @@ -69,6 +72,26 @@ export const importRules = async ({ } const { immutable, ruleSource } = ruleSourceImporter.calculateRuleSource(rule); + const isCustomized = (ruleSource.type === 'external' && ruleSource.is_customized) ?? false; + + // If it's a customized rule and the license is not sufficient, we should not import it + if ( + isCustomized && + ruleCustomizationStatus.customizationDisabledReason === + PrebuiltRulesCustomizationDisabledReason.License + ) { + return createRuleImportErrorObject({ + message: i18n.translate( + 'xpack.securitySolution.detectionEngine.rules.licenseInsufficientToImportCustomizedPrebuiltRule', + { + defaultMessage: + 'Upgrade your license to import customized prebuilt rules [rule_id: {ruleId}]', // Change this message + values: { ruleId: rule.rule_id }, + } + ), + ruleId: rule.rule_id, + }); + } const [exceptionErrors, exceptions] = checkRuleExceptionReferences({ rule, diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index 7b3b670fcafd7..9668ac1d45f0a 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -443,15 +443,41 @@ "rule_import_export:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_import_export ess", "rule_import_export:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_import_export ess essEnv", - "rule_export:customization_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management customization_disabled rule_import_export ess", - "rule_export:customization_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management customization_disabled rule_import_export ess essEnv", - "rule_export:customization_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management customization_disabled rule_bulk_actions/export serverless", - "rule_export:customization_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management customization_disabled rule_bulk_actions/export serverless serverlessEnv", - - "rule_export:customization_enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management customization_enabled rule_import_export ess", - "rule_export:customization_enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management customization_enabled rule_import_export ess essEnv", - "rule_export:customization_enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management customization_enabled rule_bulk_actions/export serverless", - "rule_export:customization_enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management customization_enabled rule_bulk_actions/export serverless serverlessEnv", + "rule_import:non_customized_prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export ess_basic_license", + "rule_import:non_customized_prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export ess_basic_license essEnv", + + "rule_import:non_customized_prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier", + "rule_import:non_customized_prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier serverlessEnv", + + "rule_import:non_customized_prebuilt:disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled", + "rule_import:non_customized_prebuilt:disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled essEnv", + + "rule_import:non_customized_prebuilt:disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled", + "rule_import:non_customized_prebuilt:disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled serverlessEnv", + + "rule_import:customized_prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export ess_enterprise_license", + "rule_import:customized_prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export ess_enterprise_license essEnv", + + "rule_import:customized_prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export serverless_complete_tier", + "rule_import:customized_prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export serverless_complete_tier essEnv", + + "rule_import:customized_prebuilt:license_insufficient:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export ess_basic_license", + "rule_import:customized_prebuilt:license_insufficient:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export ess_basic_license essEnv", + + "rule_import:customized_prebuilt:license_insufficient:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export serverless_essentials_tier", + "rule_import:customized_prebuilt:license_insufficient:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export serverless_essentials_tier serverlessEnv", + + "rule_import:customized_prebuilt:feature_flag_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export ess_feature_flag_disabled", + "rule_import:customized_prebuilt:feature_flag_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export ess_feature_flag_disabled essEnv", + + "rule_import:customized_prebuilt:feature_flag_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export serverless_feature_flag_disabled", + "rule_import:customized_prebuilt:feature_flag_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export serverless_feature_flag_disabled essEnv", + + "rule_export:prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export ess_basic_license", + "rule_export:prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export ess_basic_license essEnv", + + "rule_export:prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier", + "rule_export:prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier serverlessEnv", "rule_management:server:serverless": "npm run initialize-server:rm rule_management serverless", "rule_management:runner:serverless": "npm run run-tests:rm rule_management serverless serverlessEnv", diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/export_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/export_rules.ts deleted file mode 100644 index d9e89391b50c3..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/export_rules.ts +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; -import { - binaryToString, - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - installPrebuiltRules, -} from '../../../utils'; -import { deleteAllRules } from '../../../../../../common/utils/security_solution'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Export - Customization Disabled', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`doesn't export prebuilt rules if the feature flag is disabled`, async () => { - const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body } = await securitySolutionApi - .exportRules({ query: {}, body: null }) - .expect(200) - .parse(binaryToString); - - const exportDetails = JSON.parse(body.toString()); - - expect(exportDetails).toMatchObject({ - exported_rules_count: 0, - missing_rules: [], // Prebuilt rules are not in missing rules - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/export_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/allowed_exporting_prebuilt_rules.ts similarity index 90% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/export_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/allowed_exporting_prebuilt_rules.ts index 529bfa06c9a08..b8d11af4469c9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/export_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/allowed_exporting_prebuilt_rules.ts @@ -6,15 +6,15 @@ */ import expect from 'expect'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; import { binaryToString, createPrebuiltRuleAssetSavedObjects, createRuleAssetSavedObject, deleteAllPrebuiltRuleAssets, installPrebuiltRules, -} from '../../../utils'; -import { deleteAllRules } from '../../../../../../common/utils/security_solution'; +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts similarity index 86% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts index ecdb4b4ad729f..5072ff4c17c7c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../config/ess/config.base.basic') + require.resolve('../../../../../../../config/ess/config.base.trial') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import/Export Integration Tests - Customization enabled - ESS Env', + 'Rules Management - Rule Export Integration Tests - Customization enabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts new file mode 100644 index 0000000000000..2dc45686aeace --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Export Integration Tests - Customization enabled - Serverless Env', + }, + kbnTestServerArgs: [ + `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`, + ], +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts similarity index 58% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts index cc61afaaac3d9..7a42ce0a0bef2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_enabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts @@ -5,10 +5,10 @@ * 2.0. */ -import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Import & Export APIs (customization enabled)', function () { - loadTestFile(require.resolve('./export_rules')); + describe('Rules Management - Rule Export API (customization enabled)', function () { + loadTestFile(require.resolve('./allowed_exporting_prebuilt_rules')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts similarity index 76% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts index ff55bc6f55cbe..e8e808d1c5777 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../config/ess/config.base.basic') + require.resolve('../../../../../../../../config/ess/config.base.basic') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import/Export Integration Tests - Customization disabled - ESS Env', + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts similarity index 65% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts index ccede03e0d8f7..10d09abe3a2f2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts @@ -5,13 +5,13 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; +import { createTestConfig } from '../../../../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import/Export Integration Tests - Customization disabled - Serverless Env', + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Serverless Env', }, kbnTestServerArgs: [], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/index.ts new file mode 100644 index 0000000000000..e76515d19273b --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Import API - Customized prebuilt rules', function () { + loadTestFile(require.resolve('./not_allowed_importing_customized_prebuilt_rules')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/not_allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/not_allowed_importing_customized_prebuilt_rules.ts new file mode 100644 index 0000000000000..3ebfccc329401 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/not_allowed_importing_customized_prebuilt_rules.ts @@ -0,0 +1,66 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; +import { deleteAllPrebuiltRuleAssets, getCustomQueryRuleParams } from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; +import { combineToNdJson } from '../../../../../utils/combine_to_ndjson'; +import { + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, +} from '../../../../../utils'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Import - Customization Disabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`does NOT import customized prebuilt rules when feature flag is disabled`, async () => { + const ruleId = 'prebuilt-rule-to-be-customized'; + const ruleParams = getCustomQueryRuleParams({ + rule_id: ruleId, + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + immutable: true, + rule_source: { type: 'external', is_customized: false }, + version: 1, + }); + const ruleAsset = createRuleAssetSavedObject(ruleParams); + + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + + // Customizing the rule before importing + const ndjson = combineToNdJson({ ...ruleParams, name: 'My customized rule' }); + + const { body } = await securitySolutionApi + .importRules({ query: {} }) + .attach('file', Buffer.from(ndjson), 'rules.ndjson') + .expect(200); + + expect(body).toMatchObject({ + success: false, + errors: [ + { + rule_id: 'prebuilt-rule-to-be-customized', + error: { + status_code: 400, + message: + 'Importing prebuilt rules is not supported. To import this rule as a custom rule, first duplicate the rule and then export it. [rule_id: prebuilt-rule-to-be-customized]', + }, + }, + ], + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts new file mode 100644 index 0000000000000..88fff8301ff9a --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../../../config/ess/config.base.basic') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - ESS Env', + }, + }; + + testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { + // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature + if (arg.includes('--xpack.securitySolution.enableExperimental')) { + return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`; + } + return arg; + }); + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts new file mode 100644 index 0000000000000..57e912d1fe268 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Serverless Env', + }, + kbnTestServerArgs: [ + `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`, + ], +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/index.ts new file mode 100644 index 0000000000000..e76515d19273b --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Import API - Customized prebuilt rules', function () { + loadTestFile(require.resolve('./not_allowed_importing_customized_prebuilt_rules')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/not_allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/not_allowed_importing_customized_prebuilt_rules.ts new file mode 100644 index 0000000000000..e8e86826c350f --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/not_allowed_importing_customized_prebuilt_rules.ts @@ -0,0 +1,66 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; +import { deleteAllPrebuiltRuleAssets, getCustomQueryRuleParams } from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; +import { combineToNdJson } from '../../../../../utils/combine_to_ndjson'; +import { + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, +} from '../../../../../utils'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Import - Customization Disabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`does NOT import customized prebuilt rules when license is insufficient`, async () => { + const ruleId = 'prebuilt-rule-to-be-customized'; + const ruleParams = getCustomQueryRuleParams({ + rule_id: ruleId, + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + immutable: true, + rule_source: { type: 'external', is_customized: false }, + version: 1, + }); + const ruleAsset = createRuleAssetSavedObject(ruleParams); + + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + + // Customizing the rule before importing + const ndjson = combineToNdJson({ ...ruleParams, name: 'My customized rule' }); + + const { body } = await securitySolutionApi + .importRules({ query: {} }) + .attach('file', Buffer.from(ndjson), 'rules.ndjson') + .expect(200); + + expect(body).toMatchObject({ + success: false, + errors: [ + { + rule_id: 'prebuilt-rule-to-be-customized', + error: { + status_code: 400, + message: + 'Upgrade your license to import customized prebuilt rules [rule_id: prebuilt-rule-to-be-customized]', + }, + }, + ], + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts new file mode 100644 index 0000000000000..bcae5dd79617e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts @@ -0,0 +1,73 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + getCustomQueryRuleParams, +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { combineToNdJson } from '../../../../utils/combine_to_ndjson'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Import - Customization Enabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`imports customized prebuilt rules`, async () => { + const ruleId = 'prebuilt-rule-to-be-customized'; + const ruleParams = getCustomQueryRuleParams({ + rule_id: ruleId, + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + immutable: true, + rule_source: { type: 'external', is_customized: false }, + version: 1, + }); + const ruleAsset = createRuleAssetSavedObject(ruleParams); + + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + + // Customizing the rule before importing + const ndjson = combineToNdJson({ ...ruleParams, name: 'My customized rule' }); + + const { body } = await securitySolutionApi + .importRules({ query: {} }) + .attach('file', Buffer.from(ndjson), 'rules.ndjson') + .expect(200); + + expect(body).toMatchObject({ + success: true, + errors: [], + }); + + const { body: importedRule } = await securitySolutionApi + .readRule({ + query: { rule_id: ruleId }, + }) + .expect(200); + + expect(importedRule).toMatchObject({ + ...ruleParams, + name: 'My customized rule', + rule_source: { + type: 'external', + is_customized: true, + }, + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts new file mode 100644 index 0000000000000..dcbfbb806162c --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../../config/ess/config.base.trial') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - ESS Env', + }, + }; + + testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { + // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature + if (arg.includes('--xpack.securitySolution.enableExperimental')) { + return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`; + } + return arg; + }); + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts new file mode 100644 index 0000000000000..0f55bd328fc76 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../../config/serverless/config.base'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Serverless Env', + }, + kbnTestServerArgs: [ + `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`, + ], +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts similarity index 56% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts index d291b9cbad3e3..66752a09e225a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts @@ -5,10 +5,10 @@ * 2.0. */ -import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Import & Export APIs (customization disabled)', function () { - loadTestFile(require.resolve('./export_rules')); + describe('Rules Management - Rule Import API - Customized prebuilt rules', function () { + loadTestFile(require.resolve('./allowed_importing_customized_prebuilt_rules')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts new file mode 100644 index 0000000000000..188efc24a3a8e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../../config/ess/config.base.trial') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules with disabled feature flag - ESS Env', + }, + }; + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts new file mode 100644 index 0000000000000..dc51920c3757a --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../../config/serverless/config.base'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules with disabled feature flag - Serverless Env', + }, + kbnTestServerArgs: [], +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/index.ts new file mode 100644 index 0000000000000..863a54c1b7772 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Import API - Non-customized prebuilt rules', function () { + loadTestFile(require.resolve('./not_allowed_importing_non_customized_prebuilt_rules')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/not_allowed_importing_non_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/not_allowed_importing_non_customized_prebuilt_rules.ts new file mode 100644 index 0000000000000..012c4b16d405d --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/not_allowed_importing_non_customized_prebuilt_rules.ts @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { deleteAllPrebuiltRuleAssets, getCustomQueryRuleParams } from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { combineToNdJson } from '../../../../utils/combine_to_ndjson'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Import - Customization Disabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`does NOT allow importing non-customized prebuilt rules`, async () => { + const ruleToImport = getCustomQueryRuleParams({ + rule_id: 'non-customized-prebuilt-rule', + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + immutable: true, + rule_source: { type: 'external', is_customized: false }, + }); + const ndjson = combineToNdJson(ruleToImport); + + const { body } = await securitySolutionApi + .importRules({ query: {} }) + .attach('file', Buffer.from(ndjson), 'rules.ndjson') + .expect(200); + + expect(body).toMatchObject({ + success: false, + errors: [ + { + rule_id: 'non-customized-prebuilt-rule', + error: { + status_code: 400, + message: + 'Importing prebuilt rules is not supported. To import this rule as a custom rule, first duplicate the rule and then export it. [rule_id: non-customized-prebuilt-rule]', + }, + }, + ], + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts new file mode 100644 index 0000000000000..7dd9643cdd18d --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts @@ -0,0 +1,65 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + getCustomQueryRuleParams, +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { combineToNdJson } from '../../../../utils/combine_to_ndjson'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Import - Customization Enabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`imports non-customized prebuilt rules`, async () => { + const ruleId = 'prebuilt-rule'; + const ruleParams = getCustomQueryRuleParams({ + rule_id: ruleId, + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + immutable: true, + rule_source: { type: 'external', is_customized: false }, + version: 1, + }); + const ruleAsset = createRuleAssetSavedObject(ruleParams); + + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + + const ndjson = combineToNdJson(ruleParams); + + const { body } = await securitySolutionApi + .importRules({ query: {} }) + .attach('file', Buffer.from(ndjson), 'rules.ndjson') + .expect(200); + + expect(body).toMatchObject({ + success: true, + errors: [], + }); + + const { body: importedRule } = await securitySolutionApi + .readRule({ + query: { rule_id: ruleId }, + }) + .expect(200); + + expect(importedRule).toMatchObject(ruleParams); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts new file mode 100644 index 0000000000000..e5013e2fd46c9 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../../config/ess/config.base.basic') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - ESS Env', + }, + }; + + testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { + // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature + if (arg.includes('--xpack.securitySolution.enableExperimental')) { + return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`; + } + return arg; + }); + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts new file mode 100644 index 0000000000000..24f23cb56fe06 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - Serverless Env', + }, + kbnTestServerArgs: [ + `--xpack.securitySolution.enableExperimental=${JSON.stringify([ + 'prebuiltRulesCustomizationEnabled', + ])}`, + ], +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts new file mode 100644 index 0000000000000..22cd4aaeda8cf --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Import API - Non-customized prebuilt rules', function () { + loadTestFile(require.resolve('./allowed_importing_non_customized_prebuilt_rules')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts index 112c14a3c7929..5341254d6fcb7 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts @@ -1626,6 +1626,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('supporting prebuilt rule customization', () => { describe('compatibility with prebuilt rule fields', () => { it('rejects rules with "immutable: true" when the feature flag is disabled', async () => { + // duplicate test const rule = getCustomQueryRuleParams({ rule_id: 'rule-immutable', // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} diff --git a/x-pack/test/security_solution_api_integration/yarn.lock b/x-pack/test/security_solution_api_integration/yarn.lock new file mode 100644 index 0000000000000..fb57ccd13afbd --- /dev/null +++ b/x-pack/test/security_solution_api_integration/yarn.lock @@ -0,0 +1,4 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + From 8bffba555842c01ebdb7bd461d643dece3f6654e Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Mon, 3 Mar 2025 13:16:28 +0100 Subject: [PATCH 03/13] Add export prebuilt tests into the new structure --- .../ftr_security_serverless_configs.yml | 1 + .buildkite/ftr_security_stateful_configs.yml | 1 + .../package.json | 11 ++--- .../ess_feature_flag_disabled.config.ts | 24 +++++++++ ...serverless_feature_flag_disabled.config.ts | 16 ++++++ .../feature_disabled/index.ts | 14 ++++++ .../not_allowed_exporting_prebuilt_rules.ts | 49 +++++++++++++++++++ 7 files changed, 110 insertions(+), 6 deletions(-) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/not_allowed_exporting_prebuilt_rules.ts diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 698f30991a9b1..a09131708c093 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -94,6 +94,7 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index 3d8ca75342f14..eb36447a6af14 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -79,6 +79,7 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/ess.config.ts diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index 9668ac1d45f0a..66912fbe8d2f3 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -445,40 +445,39 @@ "rule_import:non_customized_prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export ess_basic_license", "rule_import:non_customized_prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export ess_basic_license essEnv", - "rule_import:non_customized_prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier", "rule_import:non_customized_prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier serverlessEnv", "rule_import:non_customized_prebuilt:disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled", "rule_import:non_customized_prebuilt:disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled essEnv", - "rule_import:non_customized_prebuilt:disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled", "rule_import:non_customized_prebuilt:disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled serverlessEnv", "rule_import:customized_prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export ess_enterprise_license", "rule_import:customized_prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export ess_enterprise_license essEnv", - "rule_import:customized_prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export serverless_complete_tier", "rule_import:customized_prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export serverless_complete_tier essEnv", "rule_import:customized_prebuilt:license_insufficient:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export ess_basic_license", "rule_import:customized_prebuilt:license_insufficient:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export ess_basic_license essEnv", - "rule_import:customized_prebuilt:license_insufficient:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export serverless_essentials_tier", "rule_import:customized_prebuilt:license_insufficient:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export serverless_essentials_tier serverlessEnv", "rule_import:customized_prebuilt:feature_flag_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export ess_feature_flag_disabled", "rule_import:customized_prebuilt:feature_flag_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export ess_feature_flag_disabled essEnv", - "rule_import:customized_prebuilt:feature_flag_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export serverless_feature_flag_disabled", "rule_import:customized_prebuilt:feature_flag_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export serverless_feature_flag_disabled essEnv", "rule_export:prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export ess_basic_license", "rule_export:prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export ess_basic_license essEnv", - "rule_export:prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier", "rule_export:prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier serverlessEnv", + "rule_export:prebuilt:disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled", + "rule_export:prebuilt:disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled essEnv", + "rule_export:prebuilt:disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled", + "rule_export:prebuilt:disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled serverlessEnv", + "rule_management:server:serverless": "npm run initialize-server:rm rule_management serverless", "rule_management:runner:serverless": "npm run run-tests:rm rule_management serverless serverlessEnv", "rule_management:qa:serverless": "npm run run-tests:rm rule_management serverless qaPeriodicEnv", diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts new file mode 100644 index 0000000000000..b89fb5f24c8e7 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const functionalConfig = await readConfigFile( + require.resolve('../../../../../../../config/ess/config.base.trial') + ); + + const testConfig = { + ...functionalConfig.getAll(), + testFiles: [require.resolve('..')], + junit: { + reportName: 'Rules Management - Rule Export Integration Tests - ESS Env', + }, + }; + + return testConfig; +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts new file mode 100644 index 0000000000000..958df2ceec7e5 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../../../config/serverless/config.base'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: + 'Rules Management - Rule Export Integration Tests - Customization disabled - Serverless Env', + }, +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts new file mode 100644 index 0000000000000..fa1ae8535cbab --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Rule Export API (customization disabled)', function () { + loadTestFile(require.resolve('./not_allowed_exporting_prebuilt_rules')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/not_allowed_exporting_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/not_allowed_exporting_prebuilt_rules.ts new file mode 100644 index 0000000000000..84e944cf6a532 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/not_allowed_exporting_prebuilt_rules.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + binaryToString, + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + installPrebuiltRules, +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Export - Customization Disabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it(`doesn't export prebuilt rules if the feature flag is disabled`, async () => { + const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) + .expect(200) + .parse(binaryToString); + + const exportDetails = JSON.parse(body.toString()); + + expect(exportDetails).toMatchObject({ + exported_rules_count: 0, + missing_rules: [], // Prebuilt rules are not in missing rules + }); + }); + }); +}; From 1c3633f6f8c7349fa52dbf40bdb67dc5ab27628f Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Mon, 3 Mar 2025 14:02:14 +0100 Subject: [PATCH 04/13] Merge some tests to reduce number of configs --- .../ftr_security_serverless_configs.yml | 4 +- .buildkite/ftr_security_stateful_configs.yml | 4 +- .../methods/import_rules.ts | 2 +- .../package.json | 18 ++--- .../configs/ess_basic_license.config.ts | 2 +- .../ess_feature_flag_disabled.config.ts | 2 +- .../serverless_essentials_tier.config.ts | 2 +- ...serverless_feature_flag_disabled.config.ts | 2 +- .../{feature_flag_disabled => }/index.ts | 2 +- .../license_insufficient/index.ts | 14 ---- ...wed_importing_customized_prebuilt_rules.ts | 66 ------------------- ...wed_importing_customized_prebuilt_rules.ts | 16 ++--- 12 files changed, 25 insertions(+), 109 deletions(-) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/{license_insufficient => }/configs/ess_basic_license.config.ts (93%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/{feature_flag_disabled => }/configs/ess_feature_flag_disabled.config.ts (90%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/{license_insufficient => }/configs/serverless_essentials_tier.config.ts (86%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/{feature_flag_disabled => }/configs/serverless_feature_flag_disabled.config.ts (84%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/{feature_flag_disabled => }/index.ts (86%) delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/index.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/not_allowed_importing_customized_prebuilt_rules.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/{feature_flag_disabled => }/not_allowed_importing_customized_prebuilt_rules.ts (76%) diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index a09131708c093..63996fff167c5 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -91,8 +91,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index eb36447a6af14..2b8122d869e52 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -75,9 +75,9 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts index c4f37649f35f6..d8809eccbac0c 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts @@ -85,7 +85,7 @@ export const importRules = async ({ 'xpack.securitySolution.detectionEngine.rules.licenseInsufficientToImportCustomizedPrebuiltRule', { defaultMessage: - 'Upgrade your license to import customized prebuilt rules [rule_id: {ruleId}]', // Change this message + 'Upgrade your license to import customized prebuilt rules [rule_id: {ruleId}].', values: { ruleId: rule.rule_id }, } ), diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index 66912fbe8d2f3..e3eeb1be09567 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -458,15 +458,15 @@ "rule_import:customized_prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export serverless_complete_tier", "rule_import:customized_prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export serverless_complete_tier essEnv", - "rule_import:customized_prebuilt:license_insufficient:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export ess_basic_license", - "rule_import:customized_prebuilt:license_insufficient:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export ess_basic_license essEnv", - "rule_import:customized_prebuilt:license_insufficient:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export serverless_essentials_tier", - "rule_import:customized_prebuilt:license_insufficient:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/license_insufficient rule_import_export serverless_essentials_tier serverlessEnv", - - "rule_import:customized_prebuilt:feature_flag_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export ess_feature_flag_disabled", - "rule_import:customized_prebuilt:feature_flag_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export ess_feature_flag_disabled essEnv", - "rule_import:customized_prebuilt:feature_flag_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export serverless_feature_flag_disabled", - "rule_import:customized_prebuilt:feature_flag_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled rule_import_export serverless_feature_flag_disabled essEnv", + "rule_import:customized_prebuilt:license_insufficient:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export ess_basic_license", + "rule_import:customized_prebuilt:license_insufficient:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export ess_basic_license essEnv", + "rule_import:customized_prebuilt:license_insufficient:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export serverless_essentials_tier", + "rule_import:customized_prebuilt:license_insufficient:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export serverless_essentials_tier serverlessEnv", + + "rule_import:customized_prebuilt:feature_flag_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled", + "rule_import:customized_prebuilt:feature_flag_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled essEnv", + "rule_import:customized_prebuilt:feature_flag_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled", + "rule_import:customized_prebuilt:feature_flag_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled essEnv", "rule_export:prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export ess_basic_license", "rule_export:prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export ess_basic_license essEnv", diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts index 88fff8301ff9a..1f902b569a9fb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../../config/ess/config.base.basic') + require.resolve('../../../../../../../config/ess/config.base.basic') ); const testConfig = { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts similarity index 90% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts index e8e808d1c5777..58fccb82cb1fc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/ess_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../../config/ess/config.base.basic') + require.resolve('../../../../../../../config/ess/config.base.basic') ); const testConfig = { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts similarity index 86% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts index 57e912d1fe268..5bdac02f106ac 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../../config/serverless/config.base.essentials'; +import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; export default createTestConfig({ testFiles: [require.resolve('..')], diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts similarity index 84% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts index 10d09abe3a2f2..bb8499b142093 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/configs/serverless_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../../config/serverless/config.base'; +import { createTestConfig } from '../../../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/index.ts similarity index 86% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/index.ts index e76515d19273b..413f80d2f76d9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/index.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('Rules Management - Rule Import API - Customized prebuilt rules', function () { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/index.ts deleted file mode 100644 index e76515d19273b..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Import API - Customized prebuilt rules', function () { - loadTestFile(require.resolve('./not_allowed_importing_customized_prebuilt_rules')); - }); -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/not_allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/not_allowed_importing_customized_prebuilt_rules.ts deleted file mode 100644 index e8e86826c350f..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/license_insufficient/not_allowed_importing_customized_prebuilt_rules.ts +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { deleteAllPrebuiltRuleAssets, getCustomQueryRuleParams } from '../../../../../utils'; -import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; -import { combineToNdJson } from '../../../../../utils/combine_to_ndjson'; -import { - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, -} from '../../../../../utils'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Import - Customization Disabled', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`does NOT import customized prebuilt rules when license is insufficient`, async () => { - const ruleId = 'prebuilt-rule-to-be-customized'; - const ruleParams = getCustomQueryRuleParams({ - rule_id: ruleId, - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - immutable: true, - rule_source: { type: 'external', is_customized: false }, - version: 1, - }); - const ruleAsset = createRuleAssetSavedObject(ruleParams); - - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - - // Customizing the rule before importing - const ndjson = combineToNdJson({ ...ruleParams, name: 'My customized rule' }); - - const { body } = await securitySolutionApi - .importRules({ query: {} }) - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: false, - errors: [ - { - rule_id: 'prebuilt-rule-to-be-customized', - error: { - status_code: 400, - message: - 'Upgrade your license to import customized prebuilt rules [rule_id: prebuilt-rule-to-be-customized]', - }, - }, - ], - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/not_allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts similarity index 76% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/not_allowed_importing_customized_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts index 3ebfccc329401..fb03cbc240510 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/feature_flag_disabled/not_allowed_importing_customized_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts @@ -6,14 +6,11 @@ */ import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { deleteAllPrebuiltRuleAssets, getCustomQueryRuleParams } from '../../../../../utils'; -import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; -import { combineToNdJson } from '../../../../../utils/combine_to_ndjson'; -import { - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, -} from '../../../../../utils'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { deleteAllPrebuiltRuleAssets, getCustomQueryRuleParams } from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { combineToNdJson } from '../../../../utils/combine_to_ndjson'; +import { createPrebuiltRuleAssetSavedObjects, createRuleAssetSavedObject } from '../../../../utils'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); @@ -55,8 +52,7 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'prebuilt-rule-to-be-customized', error: { status_code: 400, - message: - 'Importing prebuilt rules is not supported. To import this rule as a custom rule, first duplicate the rule and then export it. [rule_id: prebuilt-rule-to-be-customized]', + message: expect.stringContaining('rule_id: prebuilt-rule-to-be-customized]'), }, }, ], From 52a5dd50a3349e6f24993863a75a3c13cf0641ae Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Mon, 3 Mar 2025 14:17:34 +0100 Subject: [PATCH 05/13] Reorder configs in YAMLs --- .buildkite/ftr_security_serverless_configs.yml | 6 ++++-- .buildkite/ftr_security_stateful_configs.yml | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 63996fff167c5..2851a91f73549 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -83,11 +83,13 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index 2b8122d869e52..c4b12110d8e9f 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -71,12 +71,12 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts From 08b9f1bf6974c6789cd0fb977313f5f15df76774 Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Tue, 4 Mar 2025 11:44:14 +0100 Subject: [PATCH 06/13] Update tests --- .buildkite/ftr_security_stateful_configs.yml | 1 - .../logic/detection_rules_client/methods/import_rules.ts | 2 +- .../customization_disabled/is_customized_calculation.ts | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index c4b12110d8e9f..a549710a88939 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -72,7 +72,6 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/customization_disabled/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts index d8809eccbac0c..98ba7abdbf4fe 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts @@ -85,7 +85,7 @@ export const importRules = async ({ 'xpack.securitySolution.detectionEngine.rules.licenseInsufficientToImportCustomizedPrebuiltRule', { defaultMessage: - 'Upgrade your license to import customized prebuilt rules [rule_id: {ruleId}].', + 'Importing prebuilt rules is not supported. Upgrade your license to import customized prebuilt rules [rule_id: {ruleId}].', values: { ruleId: rule.rule_id }, } ), diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts index ec0d3ebce600f..be2b1bc09d106 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts @@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => { errors: [ { error: { - message: expect.stringContaining('Importing prebuilt rules is not supported'), + message: expect.stringContaining('Importing prebuilt rules is not supported.'), }, rule_id: 'test-rule-id', }, From 828f36ce0ded0a2cc22a9d12a6c5cf6e1f6b9509 Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Tue, 4 Mar 2025 16:41:26 +0100 Subject: [PATCH 07/13] Refactor dir structure --- .../ftr_security_serverless_configs.yml | 7 +-- .buildkite/ftr_security_stateful_configs.yml | 9 +-- .../api/rules/bulk_actions/route.ts | 12 +--- .../api/rules/export_rules/route.ts | 35 +++--------- .../api/rules/import_rules/route.ts | 11 ++-- .../methods/import_rules.ts | 1 - .../logic/export/get_export_all.ts | 9 +-- .../logic/export/get_export_by_object_ids.ts | 16 ++---- .../bulk_export.ts => bulk_action_export.ts} | 8 +-- .../ess_basic_license.config.ts} | 4 +- .../ess_feature_flag_disabled.config.ts} | 4 +- .../serverless_essentials_tier.config.ts} | 4 +- ...erverless_feature_flag_disabled.config.ts} | 4 +- .../customization_disabled/bulk_export.ts | 55 ------------------- .../{customization_enabled => }/index.ts | 6 +- .../configs/ess_basic_license.config.ts | 4 +- .../ess_feature_flag_disabled.config.ts | 5 +- .../serverless_essentials_tier.config.ts | 4 +- ...serverless_feature_flag_disabled.config.ts | 4 +- ...uilt_rules.ts => export_prebuilt_rules.ts} | 46 ++++++++++++++-- .../feature_disabled/index.ts | 14 ----- .../not_allowed_exporting_prebuilt_rules.ts | 49 ----------------- .../feature_enabled/index.ts | 14 ----- .../export_prebuilt_rules}/index.ts | 6 +- .../configs/ess_basic_license.config.ts | 2 +- .../ess_feature_flag_disabled.config.ts | 2 +- .../serverless_essentials_tier.config.ts | 2 +- ...serverless_feature_flag_disabled.config.ts | 2 +- ...wed_importing_customized_prebuilt_rules.ts | 2 +- ...wed_importing_customized_prebuilt_rules.ts | 2 +- .../configs/ess_enterprise_license.config.ts | 2 +- .../serverless_complete_tier.config.ts | 2 +- .../ess_feature_flag_disabled.config.ts | 2 +- ...serverless_feature_flag_disabled.config.ts | 2 +- ...importing_non_customized_prebuilt_rules.ts | 2 +- 35 files changed, 107 insertions(+), 246 deletions(-) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/{customization_enabled/bulk_export.ts => bulk_action_export.ts} (89%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/{customization_enabled/configs/ess.config.ts => configs/ess_basic_license.config.ts} (90%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/{customization_disabled/configs/ess.config.ts => configs/ess_feature_flag_disabled.config.ts} (84%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/{customization_enabled/configs/serverless.config.ts => configs/serverless_essentials_tier.config.ts} (78%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/{customization_disabled/configs/serverless.config.ts => configs/serverless_feature_flag_disabled.config.ts} (74%) delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/bulk_export.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/{customization_enabled => }/index.ts (58%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{feature_enabled => }/configs/ess_basic_license.config.ts (86%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{feature_disabled => }/configs/ess_feature_flag_disabled.config.ts (75%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{feature_enabled => }/configs/serverless_essentials_tier.config.ts (71%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{feature_disabled => }/configs/serverless_feature_flag_disabled.config.ts (65%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{feature_enabled/allowed_exporting_prebuilt_rules.ts => export_prebuilt_rules.ts} (53%) delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/not_allowed_exporting_prebuilt_rules.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/{rule_bulk_actions/export/customization_disabled => rule_import_export/export_prebuilt_rules}/index.ts (58%) diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 2851a91f73549..251c017f07e1a 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -84,9 +84,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts @@ -95,8 +94,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index a549710a88939..7ff498bc6195d 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -64,8 +64,9 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts @@ -77,8 +78,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/ess.config.ts diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts index 484f6d3217216..54940c6ab7ed9 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts @@ -43,7 +43,6 @@ import { bulkEnableDisableRules } from './bulk_enable_disable_rules'; import { fetchRulesByQueryOrIds } from './fetch_rules_by_query_or_ids'; import { bulkScheduleBackfill } from './bulk_schedule_rule_run'; import { createPrebuiltRuleAssetsClient } from '../../../../prebuilt_rules/logic/rule_assets/prebuilt_rule_assets_client'; -import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; const MAX_RULES_TO_PROCESS_TOTAL = 10000; // Set a lower limit for bulk edit as the rules client might fail with a "Query @@ -278,22 +277,13 @@ export const performBulkActionRoute = ( break; } case BulkActionTypeEnum.export: { - const prebuiltRulesCustomizationStatus = - detectionRulesClient.getRuleCustomizationStatus(); - - const isPrebuiltRulesExportAllowed = - prebuiltRulesCustomizationStatus.isRulesCustomizationEnabled || - prebuiltRulesCustomizationStatus.customizationDisabledReason === - PrebuiltRulesCustomizationDisabledReason.License; - const exported = await getExportByObjectIds( rulesClient, exceptionsClient, rules.map(({ params }) => params.ruleId), exporter, request, - actionsClient, - isPrebuiltRulesExportAllowed + actionsClient ); const responseBody = `${exported.rulesNdjson}${exported.exceptionLists}${exported.actionConnectors}${exported.exportDetails}`; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts index 1a3afe7dd0207..f0abe3bd75a50 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts @@ -15,15 +15,11 @@ import { } from '../../../../../../../common/api/detection_engine/rule_management'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; import type { ConfigType } from '../../../../../../config'; -import { - getNonPackagedRulesCount, - getRulesCount, -} from '../../../logic/search/get_existing_prepackaged_rules'; +import { getRulesCount } from '../../../logic/search/get_existing_prepackaged_rules'; import { getExportByObjectIds } from '../../../logic/export/get_export_by_object_ids'; import { getExportAll } from '../../../logic/export/get_export_all'; import { buildSiemResponse } from '../../../../routes/utils'; import { RULE_MANAGEMENT_IMPORT_EXPORT_SOCKET_TIMEOUT_MS } from '../../timeouts'; -import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; export const exportRulesRoute = ( router: SecuritySolutionPluginRouter, @@ -68,18 +64,11 @@ export const exportRulesRoute = ( const rulesClient = await ctx.alerting.getRulesClient(); const exceptionsClient = ctx.lists?.getExceptionListClient(); const actionsClient = ctx.actions.getActionsClient(); - const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient(); const { getExporter, getClient } = ctx.core.savedObjects; const client = getClient({ includedHiddenTypes: ['action'] }); const actionsExporter = getExporter(client); - const prebuiltRulesCustomizationStatus = detectionRulesClient.getRuleCustomizationStatus(); - - const isPrebuiltRulesExportAllowed = - prebuiltRulesCustomizationStatus.isRulesCustomizationEnabled || - prebuiltRulesCustomizationStatus.customizationDisabledReason === - PrebuiltRulesCustomizationDisabledReason.License; try { const exportSizeLimit = config.maxRuleImportExportSize; @@ -89,18 +78,10 @@ export const exportRulesRoute = ( body: `Can't export more than ${exportSizeLimit} rules`, }); } else { - let rulesCount = 0; - - if (isPrebuiltRulesExportAllowed) { - rulesCount = await getRulesCount({ - rulesClient, - filter: '', - }); - } else { - rulesCount = await getNonPackagedRulesCount({ - rulesClient, - }); - } + const rulesCount = await getRulesCount({ + rulesClient, + filter: '', + }); if (rulesCount > exportSizeLimit) { return siemResponse.error({ @@ -118,16 +99,14 @@ export const exportRulesRoute = ( request.body.objects.map((obj) => obj.rule_id), actionsExporter, request, - actionsClient, - isPrebuiltRulesExportAllowed + actionsClient ) : await getExportAll( rulesClient, exceptionsClient, actionsExporter, request, - actionsClient, - isPrebuiltRulesExportAllowed + actionsClient ); const responseBody = request.query.exclude_export_details diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts index 616a8a2a396d8..de2c05802df1c 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts @@ -168,24 +168,23 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C let importRuleResponse: ImportRuleResponse[] = []; if ( - ruleCustomizationStatus.isRulesCustomizationEnabled || ruleCustomizationStatus.customizationDisabledReason === - PrebuiltRulesCustomizationDisabledReason.License + PrebuiltRulesCustomizationDisabledReason.FeatureFlag ) { - importRuleResponse = await importRules({ + importRuleResponse = await importRulesLegacy({ ruleChunks, overwriteRules: request.query.overwrite, allowMissingConnectorSecrets: !!actionConnectors.length, - ruleSourceImporter, detectionRulesClient, + savedObjectsClient, }); } else { - importRuleResponse = await importRulesLegacy({ + importRuleResponse = await importRules({ ruleChunks, overwriteRules: request.query.overwrite, allowMissingConnectorSecrets: !!actionConnectors.length, + ruleSourceImporter, detectionRulesClient, - savedObjectsClient, }); } diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts index 98ba7abdbf4fe..7cbed8534730a 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts @@ -74,7 +74,6 @@ export const importRules = async ({ const { immutable, ruleSource } = ruleSourceImporter.calculateRuleSource(rule); const isCustomized = (ruleSource.type === 'external' && ruleSource.is_customized) ?? false; - // If it's a customized rule and the license is not sufficient, we should not import it if ( isCustomized && ruleCustomizationStatus.customizationDisabledReason === diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts index b8d341164c8c7..47f08144fe8a8 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts @@ -11,7 +11,7 @@ import type { ISavedObjectsExporter, KibanaRequest } from '@kbn/core/server'; import type { ExceptionListClient } from '@kbn/lists-plugin/server'; import type { RulesClient } from '@kbn/alerting-plugin/server'; import type { ActionsClient } from '@kbn/actions-plugin/server'; -import { getNonPackagedRules, getRules } from '../search/get_existing_prepackaged_rules'; +import { getRules } from '../search/get_existing_prepackaged_rules'; import { getExportDetailsNdjson } from './get_export_details_ndjson'; import { transformAlertsToRules } from '../../utils/utils'; import { getRuleExceptionsForExport } from './get_export_rule_exceptions'; @@ -23,17 +23,14 @@ export const getExportAll = async ( exceptionsClient: ExceptionListClient | undefined, actionsExporter: ISavedObjectsExporter, request: KibanaRequest, - actionsClient: ActionsClient, - isPrebuiltRulesExportAllowed?: boolean + actionsClient: ActionsClient ): Promise<{ rulesNdjson: string; exportDetails: string; exceptionLists: string | null; actionConnectors: string; }> => { - const ruleAlertTypes = isPrebuiltRulesExportAllowed - ? await getRules({ rulesClient, filter: '' }) - : await getNonPackagedRules({ rulesClient }); + const ruleAlertTypes = await getRules({ rulesClient, filter: '' }); const rules = transformAlertsToRules(ruleAlertTypes); const exportRules = rules.map((r) => transformRuleToExportableFormat(r)); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts index 9924b4519c3f0..d23dbc34dd827 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts @@ -29,8 +29,7 @@ export const getExportByObjectIds = async ( ruleIds: string[], actionsExporter: ISavedObjectsExporter, request: KibanaRequest, - actionsClient: ActionsClient, - isPrebuiltRulesExportAllowed?: boolean + actionsClient: ActionsClient ): Promise<{ rulesNdjson: string; exportDetails: string; @@ -38,11 +37,7 @@ export const getExportByObjectIds = async ( actionConnectors: string; }> => withSecuritySpan('getExportByObjectIds', async () => { - const rulesAndErrors = await fetchRulesByIds( - rulesClient, - ruleIds, - isPrebuiltRulesExportAllowed - ); + const rulesAndErrors = await fetchRulesByIds(rulesClient, ruleIds); const { rules, missingRuleIds } = rulesAndErrors; // Retrieve exceptions @@ -81,8 +76,7 @@ interface FetchRulesResult { const fetchRulesByIds = async ( rulesClient: RulesClient, - ruleIds: string[], - isPrebuiltRulesExportAllowed?: boolean + ruleIds: string[] ): Promise => { // It's important to avoid too many clauses in the request otherwise ES will fail to process the request // with `too_many_clauses` error (see https://github.com/elastic/kibana/issues/170015). The clauses limit @@ -114,9 +108,7 @@ const fetchRulesByIds = async ( const rulesAndErrors = ids.map((ruleId) => { const matchingRule = rulesMap.get(ruleId); - return matchingRule != null && - hasValidRuleType(matchingRule) && - (isPrebuiltRulesExportAllowed || matchingRule.params.immutable !== true) + return matchingRule != null && hasValidRuleType(matchingRule) ? { rule: transformRuleToExportableFormat(internalRuleToAPIResponse(matchingRule)), } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/bulk_export.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/bulk_action_export.ts similarity index 89% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/bulk_export.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/bulk_action_export.ts index 4a15e71560980..7845297e3c1ca 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/bulk_export.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/bulk_action_export.ts @@ -7,15 +7,15 @@ import expect from 'expect'; import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../ftr_provider_context'; import { binaryToString, createPrebuiltRuleAssetSavedObjects, createRuleAssetSavedObject, deleteAllPrebuiltRuleAssets, installPrebuiltRules, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +} from '../../../utils'; +import { deleteAllRules } from '../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); @@ -23,7 +23,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Bulk action - Export - Customization Enabled', () => { + describe('@ess @serverless @skipInServerlessMKI Bulk action - Export', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts similarity index 90% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts index 45b97b84164e3..0cea5142742ec 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.basic') + require.resolve('../../../../../../config/ess/config.base.basic') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export with feature flag enabled - ESS Env', + 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export - Customization enabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts similarity index 84% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts index f3ef7ef4fc888..8420c4bc2ab2c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.basic') + require.resolve('../../../../../../config/ess/config.base.basic') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export with feature flag disabled - ESS Env', + 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export - Customization disabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts similarity index 78% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts index 17cf04bb2947e..65da717fa253d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts @@ -5,13 +5,13 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; +import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export with feature flag enabled - Serverless Env', + 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export - Customization enabled - Serverless Env', }, kbnTestServerArgs: [ `--xpack.securitySolution.enableExperimental=${JSON.stringify([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts similarity index 74% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts index 9e6adb31219d6..5f3c47adc1471 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts @@ -5,13 +5,13 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; +import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export with feature flag enabled - Serverless Env', + 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export - Customization disabled - Serverless Env', }, kbnTestServerArgs: [], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/bulk_export.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/bulk_export.ts deleted file mode 100644 index 18ac23c1cb185..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/bulk_export.ts +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - binaryToString, - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - installPrebuiltRules, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Bulk action - Export - Customization Disabled', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`doesn't export prebuilt rules if the feature flag is disabled`, async () => { - const ruleAsset = createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const findResponse = await securitySolutionApi.findRules({ query: {} }); - const installedRule = findResponse.body.data[0]; - - const { body } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, - }) - .expect(200) - .parse(binaryToString); - - const exportDetails = JSON.parse(body.toString()); - - expect(exportDetails).toMatchObject({ - missing_rules: [{ rule_id: 'rule-1' }], - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/index.ts similarity index 58% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/index.ts index 2ba66048de88a..cd95a91318a90 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_enabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/index.ts @@ -5,10 +5,10 @@ * 2.0. */ -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Bulk Action API - Export - Customization Enabled', function () { - loadTestFile(require.resolve('./bulk_export')); + describe('Rules Management - Rule Bulk Action API - Export', function () { + loadTestFile(require.resolve('./bulk_action_export')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_basic_license.config.ts similarity index 86% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_basic_license.config.ts index 5072ff4c17c7c..0be5337f17d0f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_basic_license.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../config/ess/config.base.trial') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Export Integration Tests - Customization enabled - ESS Env', + 'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_feature_flag_disabled.config.ts similarity index 75% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_feature_flag_disabled.config.ts index b89fb5f24c8e7..f556d98af2f1a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_feature_flag_disabled.config.ts @@ -9,14 +9,15 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../config/ess/config.base.trial') ); const testConfig = { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rules Management - Rule Export Integration Tests - ESS Env', + reportName: + 'Rules Management - Prebuilt Rule Export Integration Tests - Customization disabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_essentials_tier.config.ts similarity index 71% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_essentials_tier.config.ts index 2dc45686aeace..fe16ddebac451 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_essentials_tier.config.ts @@ -5,13 +5,13 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; +import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Export Integration Tests - Customization enabled - Serverless Env', + 'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - Serverless Env', }, kbnTestServerArgs: [ `--xpack.securitySolution.enableExperimental=${JSON.stringify([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_feature_flag_disabled.config.ts similarity index 65% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_feature_flag_disabled.config.ts index 958df2ceec7e5..e585cf972aecf 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_feature_flag_disabled.config.ts @@ -5,12 +5,12 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; +import { createTestConfig } from '../../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Export Integration Tests - Customization disabled - Serverless Env', + 'Rules Management - Prebuilt Rule Export Integration Tests - Customization disabled - Serverless Env', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/allowed_exporting_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts similarity index 53% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/allowed_exporting_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts index b8d11af4469c9..80261a0699a8d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/allowed_exporting_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts @@ -6,15 +6,15 @@ */ import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../ftr_provider_context'; import { binaryToString, createPrebuiltRuleAssetSavedObjects, createRuleAssetSavedObject, deleteAllPrebuiltRuleAssets, installPrebuiltRules, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +} from '../../../utils'; +import { deleteAllRules } from '../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); @@ -22,13 +22,13 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Export - Customization Enabled', () => { + describe('@ess @serverless @skipInServerlessMKI Prebuilt rule export', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); }); - it(`exports prebuilt rules if the feature flag is enabled`, async () => { + it("exports prebuilt all rules if rule_id's are not specified", async () => { const ruleId = 'prebuilt-rule-1'; const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); @@ -54,5 +54,41 @@ export default ({ getService }: FtrProviderContext): void => { missing_rules: [], }); }); + + it('exports specified prebuilt rules', async () => { + // Make an installed prebuilt rule + // Make a request specifying the rule_id + // Verify the rule is exported + + const ruleId = 'prebuilt-rule-1'; + const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body } = await securitySolutionApi + .exportRules({ + query: {}, + body: { + objects: [{ rule_id: ruleId }], + }, + }) + .expect(200) + .parse(binaryToString); + + const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); + + expect(JSON.parse(ruleJson)).toMatchObject({ + rule_id: ruleId, + rule_source: { + type: 'external', + is_customized: false, + }, + }); + + expect(JSON.parse(exportDetailsJson)).toMatchObject({ + exported_rules_count: 1, + missing_rules: [], + }); + }); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts deleted file mode 100644 index fa1ae8535cbab..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Export API (customization disabled)', function () { - loadTestFile(require.resolve('./not_allowed_exporting_prebuilt_rules')); - }); -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/not_allowed_exporting_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/not_allowed_exporting_prebuilt_rules.ts deleted file mode 100644 index 84e944cf6a532..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/not_allowed_exporting_prebuilt_rules.ts +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - binaryToString, - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - installPrebuiltRules, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Export - Customization Disabled', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`doesn't export prebuilt rules if the feature flag is disabled`, async () => { - const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body } = await securitySolutionApi - .exportRules({ query: {}, body: null }) - .expect(200) - .parse(binaryToString); - - const exportDetails = JSON.parse(body.toString()); - - expect(exportDetails).toMatchObject({ - exported_rules_count: 0, - missing_rules: [], // Prebuilt rules are not in missing rules - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts deleted file mode 100644 index 7a42ce0a0bef2..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Export API (customization enabled)', function () { - loadTestFile(require.resolve('./allowed_exporting_prebuilt_rules')); - }); -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/index.ts similarity index 58% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/index.ts index 12c23d5985858..61b69e84ca164 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/customization_disabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/index.ts @@ -5,10 +5,10 @@ * 2.0. */ -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Bulk Action API - Export - Customization Disabled', function () { - loadTestFile(require.resolve('./bulk_export')); + describe('Rules Management - Prebuilt rule export', function () { + loadTestFile(require.resolve('./export_prebuilt_rules')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts index 1f902b569a9fb..0acf5f559a070 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - ESS Env', + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization enabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts index 58fccb82cb1fc..c4e645f804866 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - ESS Env', + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization disabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts index 5bdac02f106ac..c9dd717d27aa9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts @@ -11,7 +11,7 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Serverless Env', + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization enabled - Serverless Env', }, kbnTestServerArgs: [ `--xpack.securitySolution.enableExperimental=${JSON.stringify([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts index bb8499b142093..2d323853ec76f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts @@ -11,7 +11,7 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Serverless Env', + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization disabled - Serverless Env', }, kbnTestServerArgs: [], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts index fb03cbc240510..7c0a314f02cba 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts @@ -18,7 +18,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Import - Customization Disabled', () => { + describe('@ess @serverless @skipInServerlessMKI Prebuilt rule import', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts index bcae5dd79617e..6f71abc686d1c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts @@ -22,7 +22,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Import - Customization Enabled', () => { + describe('@ess @serverless @skipInServerlessMKI Prebuilt rule import', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts index dcbfbb806162c..762a2dc673c1f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - ESS Env', + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization enabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts index 0f55bd328fc76..a14e096f3af3f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts @@ -11,7 +11,7 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Serverless Env', + 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization disabled - Serverless Env', }, kbnTestServerArgs: [ `--xpack.securitySolution.enableExperimental=${JSON.stringify([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts index 188efc24a3a8e..e1a7d608d8469 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules with disabled feature flag - ESS Env', + 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - Customization disabled - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts index dc51920c3757a..3b112b8c08076 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts @@ -11,7 +11,7 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules with disabled feature flag - Serverless Env', + 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - Customization disabled - Serverless Env', }, kbnTestServerArgs: [], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/not_allowed_importing_non_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/not_allowed_importing_non_customized_prebuilt_rules.ts index 012c4b16d405d..dcbe44f784e87 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/not_allowed_importing_non_customized_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_disabled/not_allowed_importing_non_customized_prebuilt_rules.ts @@ -17,7 +17,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Import - Customization Disabled', () => { + describe('@ess @serverless @skipInServerlessMKI Prebuilt rule import', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); From e7c13d215ed8d386af05a1249c9d0293e5751878 Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Wed, 5 Mar 2025 13:27:28 +0100 Subject: [PATCH 08/13] Merge bulk action export and normal export tests --- .../ftr_security_serverless_configs.yml | 1 - .buildkite/ftr_security_stateful_configs.yml | 2 - .../export/bulk_action_export.ts | 63 ------------------- .../configs/ess_basic_license.config.ts | 35 ----------- .../ess_feature_flag_disabled.config.ts | 25 -------- .../serverless_essentials_tier.config.ts | 21 ------- ...serverless_feature_flag_disabled.config.ts | 17 ----- .../rule_bulk_actions/export/index.ts | 14 ----- .../export_prebuilt_rules.ts | 40 ++++++++++-- 9 files changed, 34 insertions(+), 184 deletions(-) delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/bulk_action_export.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/index.ts diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 251c017f07e1a..3410bb772733d 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -85,7 +85,6 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index 7ff498bc6195d..df2e96a978fcc 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -64,8 +64,6 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/bulk_action_export.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/bulk_action_export.ts deleted file mode 100644 index 7845297e3c1ca..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/bulk_action_export.ts +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; -import { - binaryToString, - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - installPrebuiltRules, -} from '../../../utils'; -import { deleteAllRules } from '../../../../../../common/utils/security_solution'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Bulk action - Export', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`exports prebuilt rules if the feature flag is enabled`, async () => { - const ruleAsset = createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const findResponse = await securitySolutionApi.findRules({ query: {} }); - const installedRule = findResponse.body.data[0]; - - const { body } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, - }) - .expect(200) - .parse(binaryToString); - - const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); - - expect(JSON.parse(ruleJson)).toMatchObject({ - id: installedRule.id, - rule_source: { - type: 'external', - is_customized: false, - }, - }); - - expect(JSON.parse(exportDetailsJson)).toMatchObject({ - missing_rules: [], - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts deleted file mode 100644 index 0cea5142742ec..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_basic_license.config.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../config/ess/config.base.basic') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export - Customization enabled - ESS Env', - }, - }; - - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts deleted file mode 100644 index 8420c4bc2ab2c..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/ess_feature_flag_disabled.config.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../config/ess/config.base.basic') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export - Customization disabled - ESS Env', - }, - }; - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts deleted file mode 100644 index 65da717fa253d..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_essentials_tier.config.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export - Customization enabled - Serverless Env', - }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts deleted file mode 100644 index 5f3c47adc1471..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Bulk Actions Integration Tests - Bulk Export - Customization disabled - Serverless Env', - }, - kbnTestServerArgs: [], -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/index.ts deleted file mode 100644 index cd95a91318a90..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Bulk Action API - Export', function () { - loadTestFile(require.resolve('./bulk_action_export')); - }); -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts index 80261a0699a8d..48dfbdbb53f47 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts @@ -6,6 +6,7 @@ */ import expect from 'expect'; +import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; import { binaryToString, @@ -28,7 +29,7 @@ export default ({ getService }: FtrProviderContext): void => { await deleteAllPrebuiltRuleAssets(es, log); }); - it("exports prebuilt all rules if rule_id's are not specified", async () => { + it("Export API - exports prebuilt all rules if rule_id's are not specified", async () => { const ruleId = 'prebuilt-rule-1'; const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); @@ -55,11 +56,7 @@ export default ({ getService }: FtrProviderContext): void => { }); }); - it('exports specified prebuilt rules', async () => { - // Make an installed prebuilt rule - // Make a request specifying the rule_id - // Verify the rule is exported - + it('Export API - exports specified prebuilt rules', async () => { const ruleId = 'prebuilt-rule-1'; const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); @@ -90,5 +87,36 @@ export default ({ getService }: FtrProviderContext): void => { missing_rules: [], }); }); + + it('Bulk actions export API - exports prebuilt rules if the feature flag is enabled', async () => { + const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const findResponse = await securitySolutionApi.findRules({ query: {} }); + const installedRule = findResponse.body.data[0]; + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, + }) + .expect(200) + .parse(binaryToString); + + const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); + + expect(JSON.parse(ruleJson)).toMatchObject({ + id: installedRule.id, + rule_source: { + type: 'external', + is_customized: false, + }, + }); + + expect(JSON.parse(exportDetailsJson)).toMatchObject({ + missing_rules: [], + }); + }); }); }; From 502bf2992b3ea6716fc93b8c097c59b34f0e3ad8 Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Wed, 5 Mar 2025 16:50:15 +0100 Subject: [PATCH 09/13] Forbid exporting prebuilt rules if the feature flag is disabled --- .../ftr_security_serverless_configs.yml | 4 +- .buildkite/ftr_security_stateful_configs.yml | 4 +- .../rules_table/use_rules_table_actions.tsx | 8 +- .../rules/rule_actions_overflow/index.tsx | 9 ++- .../api/rules/bulk_actions/route.ts | 12 ++- .../api/rules/export_rules/route.ts | 35 +++++++-- .../methods/import_rules.ts | 2 +- .../logic/export/get_export_all.ts | 9 ++- .../logic/export/get_export_by_object_ids.ts | 16 +++- .../is_customized_calculation.ts | 2 +- .../ess_feature_flag_disabled.config.ts | 2 +- ...serverless_feature_flag_disabled.config.ts | 2 +- .../export_prebuilt_rules_feature_disabled.ts | 75 +++++++++++++++++++ .../feature_disabled/index.ts | 14 ++++ .../configs/ess_basic_license.config.ts | 2 +- .../serverless_essentials_tier.config.ts | 2 +- .../export_prebuilt_rules_feature_enabled.ts} | 8 +- .../{ => feature_enabled}/index.ts | 4 +- ...wed_importing_customized_prebuilt_rules.ts | 2 +- .../import_rules.ts | 31 -------- 20 files changed, 175 insertions(+), 68 deletions(-) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{ => feature_disabled}/configs/ess_feature_flag_disabled.config.ts (90%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{ => feature_disabled}/configs/serverless_feature_flag_disabled.config.ts (84%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/export_prebuilt_rules_feature_disabled.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{ => feature_enabled}/configs/ess_basic_license.config.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{ => feature_enabled}/configs/serverless_essentials_tier.config.ts (86%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{export_prebuilt_rules.ts => feature_enabled/export_prebuilt_rules_feature_enabled.ts} (92%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/{ => feature_enabled}/index.ts (71%) diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 3410bb772733d..2a2622c84523b 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -93,8 +93,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_essentials_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index df2e96a978fcc..e5624740a5df4 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -76,8 +76,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_basic_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_feature_flag_disabled.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/ess.config.ts diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx index 3f33675461ff5..6962c66e69f48 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx @@ -25,8 +25,8 @@ import { useDownloadExportedRules } from '../../../rule_management/logic/bulk_ac import { useHasActionsPrivileges } from './use_has_actions_privileges'; import type { TimeRange } from '../../../rule_gaps/types'; import { useScheduleRuleRun } from '../../../rule_gaps/logic/use_schedule_rule_run'; -import { usePrebuiltRulesCustomizationStatus } from '../../../rule_management/logic/prebuilt_rules/use_prebuilt_rules_customization_status'; import { ManualRuleRunEventTypes } from '../../../../common/lib/telemetry'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; export const useRulesTableActions = ({ showExceptionsDuplicateConfirmation, @@ -47,7 +47,9 @@ export const useRulesTableActions = ({ const { bulkExport } = useBulkExport(); const downloadExportedRules = useDownloadExportedRules(); const { scheduleRuleRun } = useScheduleRuleRun(); - const { isRulesCustomizationEnabled } = usePrebuiltRulesCustomizationStatus(); + const isPrebuiltRulesCustomizationFeatureFlagEnabled = useIsExperimentalFeatureEnabled( + 'prebuiltRulesCustomizationEnabled' + ); return [ { @@ -118,7 +120,7 @@ export const useRulesTableActions = ({ await downloadExportedRules(response); } }, - enabled: (rule: Rule) => isRulesCustomizationEnabled || !rule.immutable, + enabled: (rule: Rule) => isPrebuiltRulesCustomizationFeatureFlagEnabled || !rule.immutable, }, { type: 'icon', diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx index 66c0cfc496880..df3382a5d38d4 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx @@ -36,6 +36,7 @@ import { useDownloadExportedRules } from '../../../../detection_engine/rule_mana import * as i18nActions from '../../../pages/detection_engine/rules/translations'; import * as i18n from './translations'; import { ManualRuleRunEventTypes } from '../../../../common/lib/telemetry'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; const MyEuiButtonIcon = styled(EuiButtonIcon)` &.euiButtonIcon { @@ -74,6 +75,9 @@ const RuleActionsOverflowComponent = ({ telemetry, } = useKibana().services; const { isRulesCustomizationEnabled } = usePrebuiltRulesCustomizationStatus(); + const isPrebuiltRulesCustomizationFeatureFlagEnabled = useIsExperimentalFeatureEnabled( + 'prebuiltRulesCustomizationEnabled' + ); const { startTransaction } = useStartTransaction(); const { executeBulkAction } = useExecuteBulkAction({ suppressSuccessToast: true }); const { bulkExport } = useBulkExport(); @@ -140,7 +144,8 @@ const RuleActionsOverflowComponent = ({ key={i18nActions.EXPORT_RULE} icon="exportAction" disabled={ - !userHasPermissions || (isRulesCustomizationEnabled === false && rule.immutable) + !userHasPermissions || + (isPrebuiltRulesCustomizationFeatureFlagEnabled === false && rule.immutable) } data-test-subj="rules-details-export-rule" onClick={async () => { @@ -210,7 +215,7 @@ const RuleActionsOverflowComponent = ({ rule, canDuplicateRuleWithActions, userHasPermissions, - isRulesCustomizationEnabled, + isPrebuiltRulesCustomizationFeatureFlagEnabled, startTransaction, closePopover, showBulkDuplicateExceptionsConfirmation, diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts index 54940c6ab7ed9..484f6d3217216 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts @@ -43,6 +43,7 @@ import { bulkEnableDisableRules } from './bulk_enable_disable_rules'; import { fetchRulesByQueryOrIds } from './fetch_rules_by_query_or_ids'; import { bulkScheduleBackfill } from './bulk_schedule_rule_run'; import { createPrebuiltRuleAssetsClient } from '../../../../prebuilt_rules/logic/rule_assets/prebuilt_rule_assets_client'; +import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; const MAX_RULES_TO_PROCESS_TOTAL = 10000; // Set a lower limit for bulk edit as the rules client might fail with a "Query @@ -277,13 +278,22 @@ export const performBulkActionRoute = ( break; } case BulkActionTypeEnum.export: { + const prebuiltRulesCustomizationStatus = + detectionRulesClient.getRuleCustomizationStatus(); + + const isPrebuiltRulesExportAllowed = + prebuiltRulesCustomizationStatus.isRulesCustomizationEnabled || + prebuiltRulesCustomizationStatus.customizationDisabledReason === + PrebuiltRulesCustomizationDisabledReason.License; + const exported = await getExportByObjectIds( rulesClient, exceptionsClient, rules.map(({ params }) => params.ruleId), exporter, request, - actionsClient + actionsClient, + isPrebuiltRulesExportAllowed ); const responseBody = `${exported.rulesNdjson}${exported.exceptionLists}${exported.actionConnectors}${exported.exportDetails}`; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts index f0abe3bd75a50..1a3afe7dd0207 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts @@ -15,11 +15,15 @@ import { } from '../../../../../../../common/api/detection_engine/rule_management'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; import type { ConfigType } from '../../../../../../config'; -import { getRulesCount } from '../../../logic/search/get_existing_prepackaged_rules'; +import { + getNonPackagedRulesCount, + getRulesCount, +} from '../../../logic/search/get_existing_prepackaged_rules'; import { getExportByObjectIds } from '../../../logic/export/get_export_by_object_ids'; import { getExportAll } from '../../../logic/export/get_export_all'; import { buildSiemResponse } from '../../../../routes/utils'; import { RULE_MANAGEMENT_IMPORT_EXPORT_SOCKET_TIMEOUT_MS } from '../../timeouts'; +import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; export const exportRulesRoute = ( router: SecuritySolutionPluginRouter, @@ -64,11 +68,18 @@ export const exportRulesRoute = ( const rulesClient = await ctx.alerting.getRulesClient(); const exceptionsClient = ctx.lists?.getExceptionListClient(); const actionsClient = ctx.actions.getActionsClient(); + const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient(); const { getExporter, getClient } = ctx.core.savedObjects; const client = getClient({ includedHiddenTypes: ['action'] }); const actionsExporter = getExporter(client); + const prebuiltRulesCustomizationStatus = detectionRulesClient.getRuleCustomizationStatus(); + + const isPrebuiltRulesExportAllowed = + prebuiltRulesCustomizationStatus.isRulesCustomizationEnabled || + prebuiltRulesCustomizationStatus.customizationDisabledReason === + PrebuiltRulesCustomizationDisabledReason.License; try { const exportSizeLimit = config.maxRuleImportExportSize; @@ -78,10 +89,18 @@ export const exportRulesRoute = ( body: `Can't export more than ${exportSizeLimit} rules`, }); } else { - const rulesCount = await getRulesCount({ - rulesClient, - filter: '', - }); + let rulesCount = 0; + + if (isPrebuiltRulesExportAllowed) { + rulesCount = await getRulesCount({ + rulesClient, + filter: '', + }); + } else { + rulesCount = await getNonPackagedRulesCount({ + rulesClient, + }); + } if (rulesCount > exportSizeLimit) { return siemResponse.error({ @@ -99,14 +118,16 @@ export const exportRulesRoute = ( request.body.objects.map((obj) => obj.rule_id), actionsExporter, request, - actionsClient + actionsClient, + isPrebuiltRulesExportAllowed ) : await getExportAll( rulesClient, exceptionsClient, actionsExporter, request, - actionsClient + actionsClient, + isPrebuiltRulesExportAllowed ); const responseBody = request.query.exclude_export_details diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts index 7cbed8534730a..72d78fbd4147f 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/import_rules.ts @@ -84,7 +84,7 @@ export const importRules = async ({ 'xpack.securitySolution.detectionEngine.rules.licenseInsufficientToImportCustomizedPrebuiltRule', { defaultMessage: - 'Importing prebuilt rules is not supported. Upgrade your license to import customized prebuilt rules [rule_id: {ruleId}].', + 'Importing prebuilt rules is not supported if the they were modified. Upgrade your license to import modified prebuilt rules [rule_id: {ruleId}].', values: { ruleId: rule.rule_id }, } ), diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts index 47f08144fe8a8..b8d341164c8c7 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.ts @@ -11,7 +11,7 @@ import type { ISavedObjectsExporter, KibanaRequest } from '@kbn/core/server'; import type { ExceptionListClient } from '@kbn/lists-plugin/server'; import type { RulesClient } from '@kbn/alerting-plugin/server'; import type { ActionsClient } from '@kbn/actions-plugin/server'; -import { getRules } from '../search/get_existing_prepackaged_rules'; +import { getNonPackagedRules, getRules } from '../search/get_existing_prepackaged_rules'; import { getExportDetailsNdjson } from './get_export_details_ndjson'; import { transformAlertsToRules } from '../../utils/utils'; import { getRuleExceptionsForExport } from './get_export_rule_exceptions'; @@ -23,14 +23,17 @@ export const getExportAll = async ( exceptionsClient: ExceptionListClient | undefined, actionsExporter: ISavedObjectsExporter, request: KibanaRequest, - actionsClient: ActionsClient + actionsClient: ActionsClient, + isPrebuiltRulesExportAllowed?: boolean ): Promise<{ rulesNdjson: string; exportDetails: string; exceptionLists: string | null; actionConnectors: string; }> => { - const ruleAlertTypes = await getRules({ rulesClient, filter: '' }); + const ruleAlertTypes = isPrebuiltRulesExportAllowed + ? await getRules({ rulesClient, filter: '' }) + : await getNonPackagedRules({ rulesClient }); const rules = transformAlertsToRules(ruleAlertTypes); const exportRules = rules.map((r) => transformRuleToExportableFormat(r)); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts index d23dbc34dd827..9924b4519c3f0 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts @@ -29,7 +29,8 @@ export const getExportByObjectIds = async ( ruleIds: string[], actionsExporter: ISavedObjectsExporter, request: KibanaRequest, - actionsClient: ActionsClient + actionsClient: ActionsClient, + isPrebuiltRulesExportAllowed?: boolean ): Promise<{ rulesNdjson: string; exportDetails: string; @@ -37,7 +38,11 @@ export const getExportByObjectIds = async ( actionConnectors: string; }> => withSecuritySpan('getExportByObjectIds', async () => { - const rulesAndErrors = await fetchRulesByIds(rulesClient, ruleIds); + const rulesAndErrors = await fetchRulesByIds( + rulesClient, + ruleIds, + isPrebuiltRulesExportAllowed + ); const { rules, missingRuleIds } = rulesAndErrors; // Retrieve exceptions @@ -76,7 +81,8 @@ interface FetchRulesResult { const fetchRulesByIds = async ( rulesClient: RulesClient, - ruleIds: string[] + ruleIds: string[], + isPrebuiltRulesExportAllowed?: boolean ): Promise => { // It's important to avoid too many clauses in the request otherwise ES will fail to process the request // with `too_many_clauses` error (see https://github.com/elastic/kibana/issues/170015). The clauses limit @@ -108,7 +114,9 @@ const fetchRulesByIds = async ( const rulesAndErrors = ids.map((ruleId) => { const matchingRule = rulesMap.get(ruleId); - return matchingRule != null && hasValidRuleType(matchingRule) + return matchingRule != null && + hasValidRuleType(matchingRule) && + (isPrebuiltRulesExportAllowed || matchingRule.params.immutable !== true) ? { rule: transformRuleToExportableFormat(internalRuleToAPIResponse(matchingRule)), } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts index be2b1bc09d106..ec0d3ebce600f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts @@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => { errors: [ { error: { - message: expect.stringContaining('Importing prebuilt rules is not supported.'), + message: expect.stringContaining('Importing prebuilt rules is not supported'), }, rule_id: 'test-rule-id', }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts similarity index 90% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_feature_flag_disabled.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts index f556d98af2f1a..f96b9fda5e842 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../../config/ess/config.base.trial') ); const testConfig = { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_feature_flag_disabled.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts similarity index 84% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_feature_flag_disabled.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts index e585cf972aecf..193ed2ea69e8e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_feature_flag_disabled.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../config/serverless/config.base'; +import { createTestConfig } from '../../../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/export_prebuilt_rules_feature_disabled.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/export_prebuilt_rules_feature_disabled.ts new file mode 100644 index 0000000000000..a206d850ed6c5 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/export_prebuilt_rules_feature_disabled.ts @@ -0,0 +1,75 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + binaryToString, + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + installPrebuiltRules, +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerlessMKI Prebuilt rule export - feature disabled', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it("Export API - doesn't export prebuilt rules when the feature is disabled", async () => { + const ruleId = 'prebuilt-rule-1'; + const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) + .expect(200) + .parse(binaryToString); + + const exportDetails = JSON.parse(body.toString()); + + expect(exportDetails).toMatchObject({ + exported_rules_count: 0, + missing_rules: [], // Prebuilt rules are not in missing rules, even though they are not exported + }); + }); + + it("Bulk actions export API - doesn't export prebuilt rules when the feature is disabled", async () => { + const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const findResponse = await securitySolutionApi.findRules({ query: {} }); + const installedRule = findResponse.body.data[0]; + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, + }) + .expect(200) + .parse(binaryToString); + + const exportDetails = JSON.parse(body.toString()); + + expect(exportDetails).toMatchObject({ + exported_rules_count: 0, + missing_rules: [{ rule_id: 'prebuilt-rule-1' }], + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts new file mode 100644 index 0000000000000..4912e49337b36 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_disabled/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Rules Management - Prebuilt rule export', function () { + loadTestFile(require.resolve('./export_prebuilt_rules_feature_disabled')); + }); +} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_basic_license.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts index 0be5337f17d0f..780ea70647a1a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../../config/ess/config.base.trial') ); const testConfig = { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts similarity index 86% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_essentials_tier.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts index fe16ddebac451..730ccf0269a9c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; +import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; export default createTestConfig({ testFiles: [require.resolve('..')], diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts similarity index 92% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts index 48dfbdbb53f47..dd06a1a6ec41b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/export_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts @@ -7,15 +7,15 @@ import expect from 'expect'; import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; import { binaryToString, createPrebuiltRuleAssetSavedObjects, createRuleAssetSavedObject, deleteAllPrebuiltRuleAssets, installPrebuiltRules, -} from '../../../utils'; -import { deleteAllRules } from '../../../../../../common/utils/security_solution'; +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); @@ -88,7 +88,7 @@ export default ({ getService }: FtrProviderContext): void => { }); }); - it('Bulk actions export API - exports prebuilt rules if the feature flag is enabled', async () => { + it('Bulk actions export API - exports prebuilt rules', async () => { const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); await installPrebuiltRules(es, supertest); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts similarity index 71% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts index 61b69e84ca164..fdc218eed10d9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts @@ -5,10 +5,10 @@ * 2.0. */ -import { FtrProviderContext } from '../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('Rules Management - Prebuilt rule export', function () { - loadTestFile(require.resolve('./export_prebuilt_rules')); + loadTestFile(require.resolve('./export_prebuilt_rules_feature_enabled')); }); } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts index 7c0a314f02cba..7d4b6c09a712b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/not_allowed_importing_customized_prebuilt_rules.ts @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => { await deleteAllPrebuiltRuleAssets(es, log); }); - it(`does NOT import customized prebuilt rules when feature flag is disabled`, async () => { + it(`does NOT import customized prebuilt rules when rule customization is disabled`, async () => { const ruleId = 'prebuilt-rule-to-be-customized'; const ruleParams = getCustomQueryRuleParams({ rule_id: ruleId, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts index 5341254d6fcb7..b9ed8c3e0ac38 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts @@ -1625,37 +1625,6 @@ export default ({ getService }: FtrProviderContext): void => { describe('supporting prebuilt rule customization', () => { describe('compatibility with prebuilt rule fields', () => { - it('rejects rules with "immutable: true" when the feature flag is disabled', async () => { - // duplicate test - const rule = getCustomQueryRuleParams({ - rule_id: 'rule-immutable', - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - immutable: true, - }); - const ndjson = combineToNdJson(rule); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: false, - errors: [ - { - rule_id: 'rule-immutable', - error: { - status_code: 400, - message: - 'Importing prebuilt rules is not supported. To import this rule as a custom rule, first duplicate the rule and then export it. [rule_id: rule-immutable]', - }, - }, - ], - }); - }); - it('imports custom rules alongside prebuilt rules when feature flag is disabled', async () => { const ndjson = combineToNdJson( getCustomQueryRuleParams({ From c71b94c2d1ce2425f0e8584fd62a3f89172c0f50 Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Thu, 6 Mar 2025 12:21:03 +0100 Subject: [PATCH 10/13] Remove FTR run scripts from package.json --- .../package.json | 47 +------------------ 1 file changed, 1 insertion(+), 46 deletions(-) diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index e3eeb1be09567..4e10d70f67fad 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -443,41 +443,6 @@ "rule_import_export:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_import_export ess", "rule_import_export:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_import_export ess essEnv", - "rule_import:non_customized_prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export ess_basic_license", - "rule_import:non_customized_prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export ess_basic_license essEnv", - "rule_import:non_customized_prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier", - "rule_import:non_customized_prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier serverlessEnv", - - "rule_import:non_customized_prebuilt:disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled", - "rule_import:non_customized_prebuilt:disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled essEnv", - "rule_import:non_customized_prebuilt:disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled", - "rule_import:non_customized_prebuilt:disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_non_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled serverlessEnv", - - "rule_import:customized_prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export ess_enterprise_license", - "rule_import:customized_prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export ess_enterprise_license essEnv", - "rule_import:customized_prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export serverless_complete_tier", - "rule_import:customized_prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_enabled rule_import_export serverless_complete_tier essEnv", - - "rule_import:customized_prebuilt:license_insufficient:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export ess_basic_license", - "rule_import:customized_prebuilt:license_insufficient:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export ess_basic_license essEnv", - "rule_import:customized_prebuilt:license_insufficient:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export serverless_essentials_tier", - "rule_import:customized_prebuilt:license_insufficient:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export serverless_essentials_tier serverlessEnv", - - "rule_import:customized_prebuilt:feature_flag_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled", - "rule_import:customized_prebuilt:feature_flag_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled essEnv", - "rule_import:customized_prebuilt:feature_flag_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled", - "rule_import:customized_prebuilt:feature_flag_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management import_customized_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled essEnv", - - "rule_export:prebuilt:enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export ess_basic_license", - "rule_export:prebuilt:enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export ess_basic_license essEnv", - "rule_export:prebuilt:enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier", - "rule_export:prebuilt:enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_enabled rule_import_export serverless_essentials_tier serverlessEnv", - - "rule_export:prebuilt:disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled", - "rule_export:prebuilt:disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_disabled rule_import_export ess_feature_flag_disabled essEnv", - "rule_export:prebuilt:disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management export_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled", - "rule_export:prebuilt:disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management export_prebuilt_rules/feature_disabled rule_import_export serverless_feature_flag_disabled serverlessEnv", - "rule_management:server:serverless": "npm run initialize-server:rm rule_management serverless", "rule_management:runner:serverless": "npm run run-tests:rm rule_management serverless serverlessEnv", "rule_management:qa:serverless": "npm run run-tests:rm rule_management serverless qaPeriodicEnv", @@ -492,16 +457,6 @@ "rule_bulk_actions:server:ess": "npm run initialize-server:rm rule_bulk_actions ess", "rule_bulk_actions:runner:ess": "npm run run-tests:rm rule_bulk_actions ess essEnv", - "rule_bulk_actions_export:customization_disabled:server:ess": "node ./scripts/index.js server detections_response/rules_management customization_disabled rule_bulk_actions/export ess", - "rule_bulk_actions_export:customization_disabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management customization_disabled rule_bulk_actions/export ess essEnv", - "rule_bulk_actions_export:customization_disabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management customization_disabled rule_bulk_actions/export serverless", - "rule_bulk_actions_export:customization_disabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management customization_disabled rule_bulk_actions/export serverless serverlessEnv", - - "rule_bulk_actions_export:customization_enabled:server:ess": "node ./scripts/index.js server detections_response/rules_management customization_enabled rule_bulk_actions/export ess", - "rule_bulk_actions_export:customization_enabled:runner:ess": "node ./scripts/index.js runner detections_response/rules_management customization_enabled rule_bulk_actions/export ess essEnv", - "rule_bulk_actions_export:customization_enabled:server:serverless": "node ./scripts/index.js server detections_response/rules_management customization_enabled rule_bulk_actions/export serverless", - "rule_bulk_actions_export:customization_enabled:runner:serverless": "node ./scripts/index.js runner detections_response/rules_management customization_enabled rule_bulk_actions/export serverless serverlessEnv", - "rule_read:server:serverless": "npm run initialize-server:rm rule_read serverless", "rule_read:runner:serverless": "npm run run-tests:rm rule_read serverless serverlessEnv", "rule_read:qa:serverless": "npm run run-tests:rm rule_read serverless qaPeriodicEnv", @@ -587,4 +542,4 @@ "siem_migrations_rules:server:ess": "npm run initialize-server:siem_migrations:trial_complete rules ess", "siem_migrations_rules:runner:ess": "npm run run-tests:siem_migrations:trial_complete rules ess essEnv" } -} +} \ No newline at end of file From d1ac4032ef7a7fddd5ea3f73b68810e2c3ca85ea Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Thu, 6 Mar 2025 12:25:34 +0100 Subject: [PATCH 11/13] Make linter happy --- .../components/rules/rule_actions_overflow/index.tsx | 2 -- x-pack/test/security_solution_api_integration/yarn.lock | 4 ---- 2 files changed, 6 deletions(-) delete mode 100644 x-pack/test/security_solution_api_integration/yarn.lock diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx index df3382a5d38d4..fe3bd350cd1e5 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx @@ -14,7 +14,6 @@ import { } from '@elastic/eui'; import React, { useCallback, useMemo } from 'react'; import styled from 'styled-components'; -import { usePrebuiltRulesCustomizationStatus } from '../../../../detection_engine/rule_management/logic/prebuilt_rules/use_prebuilt_rules_customization_status'; import { useScheduleRuleRun } from '../../../../detection_engine/rule_gaps/logic/use_schedule_rule_run'; import type { TimeRange } from '../../../../detection_engine/rule_gaps/types'; import { APP_UI_ID, SecurityPageName } from '../../../../../common/constants'; @@ -74,7 +73,6 @@ const RuleActionsOverflowComponent = ({ application: { navigateToApp }, telemetry, } = useKibana().services; - const { isRulesCustomizationEnabled } = usePrebuiltRulesCustomizationStatus(); const isPrebuiltRulesCustomizationFeatureFlagEnabled = useIsExperimentalFeatureEnabled( 'prebuiltRulesCustomizationEnabled' ); diff --git a/x-pack/test/security_solution_api_integration/yarn.lock b/x-pack/test/security_solution_api_integration/yarn.lock deleted file mode 100644 index fb57ccd13afbd..0000000000000 --- a/x-pack/test/security_solution_api_integration/yarn.lock +++ /dev/null @@ -1,4 +0,0 @@ -# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. -# yarn lockfile v1 - - From 70ff48c4e3d50efcb22e36b9a13ba7811ca3b0aa Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Thu, 6 Mar 2025 12:33:26 +0100 Subject: [PATCH 12/13] Remove wrong FTR config path --- .buildkite/ftr_security_stateful_configs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index e5624740a5df4..c61c5792c3933 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -64,7 +64,6 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/export/configs/serverless_feature_flag_disabled.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts From 44549d8a4332ff961fe5b297b83d831c48403a19 Mon Sep 17 00:00:00 2001 From: Nikita Indik Date: Thu, 6 Mar 2025 14:43:39 +0100 Subject: [PATCH 13/13] Mock disabled FF properly in tests --- .../rule_management/api/rules/import_rules/route.test.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts index 820f1b8c493a3..ceda794308254 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts @@ -31,6 +31,7 @@ import { getQueryRuleParams } from '../../../../rule_schema/mocks'; import { importRulesRoute } from './route'; import { HttpAuthzError } from '../../../../../machine_learning/validation'; import { createPrebuiltRuleAssetsClient as createPrebuiltRuleAssetsClientMock } from '../../../../prebuilt_rules/logic/rule_assets/__mocks__/prebuilt_rule_assets_client'; +import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; jest.mock('../../../../../machine_learning/authz'); @@ -59,6 +60,7 @@ describe('Import rules route', () => { clients.detectionRulesClient.importRule.mockResolvedValue(getRulesSchemaMock()); clients.detectionRulesClient.getRuleCustomizationStatus.mockReturnValue({ isRulesCustomizationEnabled: false, + customizationDisabledReason: PrebuiltRulesCustomizationDisabledReason.FeatureFlag, }); clients.actionsClient.getAll.mockResolvedValue([]); context.core.elasticsearch.client.asCurrentUser.search.mockResolvedValue( @@ -71,7 +73,6 @@ describe('Import rules route', () => { describe('status codes', () => { test('returns 200 when importing a single rule with a valid actionClient and alertClient', async () => { const response = await server.inject(request, requestContextMock.convertContext(context)); - expect(response.status).toEqual(200); });