Skip to content

[EDR Workflows][Osquery] Add API integration test coverage#249338

Merged
szwarckonrad merged 11 commits intoelastic:mainfrom
szwarckonrad:osquery-api-integration-tests
Jan 20, 2026
Merged

[EDR Workflows][Osquery] Add API integration test coverage#249338
szwarckonrad merged 11 commits intoelastic:mainfrom
szwarckonrad:osquery-api-integration-tests

Conversation

@szwarckonrad
Copy link
Copy Markdown
Contributor

@szwarckonrad szwarckonrad commented Jan 16, 2026
edited
Loading

Summary

This PR introduces initial API integration test coverage for the Osquery plugin endpoints.

Important: The goal here is not to provide exhaustive test coverage, but rather to establish a foundation. With these tests in place, future changes to the Osquery APIs will have a baseline to build upon and extend. The current tests focus on happy-path scenarios.

Test suites added:

  • packs.ts: Fixed and unskipped (was skipped 3+ years); tests pack creation/update with multi-line query handling and Fleet integration
  • saved_queries.ts: CRUD lifecycle (create, read, update, find, delete)
  • live_queries.ts: Fetch action details and results via indexed action documents
  • fleet_wrapper.ts: Fleet wrapper endpoints (agents, policies, package policies)
  • assets.ts: Prebuilt pack assets status and update
  • privileges_check.ts: Privileges check endpoint
  • status.ts: Installation status endpoint with package info validation

Run command:

node scripts/functional_tests --config x-pack/platform/test/api_integration/apis/osquery/config.ts

@szwarckonrad szwarckonrad added release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Jan 16, 2026
@szwarckonrad szwarckonrad self-assigned this Jan 16, 2026
@szwarckonrad szwarckonrad requested a review from tomsonpl January 16, 2026 10:06
@szwarckonrad szwarckonrad marked this pull request as ready for review January 16, 2026 10:07
@szwarckonrad szwarckonrad requested a review from a team as a code owner January 16, 2026 10:07
@szwarckonrad szwarckonrad requested a review from pzl January 16, 2026 10:07
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jan 16, 2026

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jan 16, 2026

⏳ Build in-progress, with failures

Failed CI Steps

History

cc @szwarckonrad

dmlemeshko
dmlemeshko approved these changes Jan 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dmlemeshko dmlemeshko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

x-pack/platform/test/tsconfig.json changes LGTM

@jbudz jbudz removed the request for review from a team January 16, 2026 14:52
tomsonpl
tomsonpl approved these changes Jan 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tomsonpl tomsonpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 Thanks!

@szwarckonrad
Merge branch 'main' into osquery-api-integration-tests
5b177f3 
# Conflicts:
#	x-pack/platform/test/tsconfig.json
@szwarckonrad szwarckonrad enabled auto-merge (squash) January 20, 2026 11:13
@szwarckonrad szwarckonrad merged commit 9ef2bf3 into elastic:main Jan 20, 2026
16 checks passed
dennis-tismenko pushed a commit to dennis-tismenko/kibana that referenced this pull request Jan 22, 2026
@szwarckonrad @kibanamachine @dennis-tismenko
[EDR Workflows][Osquery] Add API integration test coverage (elastic#2…
98429e5 
…49338)

## Summary

This PR introduces initial API integration test coverage for the Osquery
plugin endpoints.

**Important**: The goal here is not to provide exhaustive test coverage,
but rather to establish a foundation. With these tests in place, future
changes to the Osquery APIs will have a baseline to build upon and
extend. The current tests focus on happy-path scenarios.

### Test suites added:
- **packs.ts**: Fixed and unskipped (was skipped 3+ years); tests pack
creation/update with multi-line query handling and Fleet integration
- **saved_queries.ts**: CRUD lifecycle (create, read, update, find,
delete)
- **live_queries.ts**: Fetch action details and results via indexed
action documents
- **fleet_wrapper.ts**: Fleet wrapper endpoints (agents, policies,
package policies)
- **assets.ts**: Prebuilt pack assets status and update
- **privileges_check.ts**: Privileges check endpoint
- **status.ts**: Installation status endpoint with package info
validation

### Run command:
```bash
node scripts/functional_tests --config x-pack/platform/test/api_integration/apis/osquery/config.ts
```

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
@csr csr mentioned this pull request Mar 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmlemeshko dmlemeshko dmlemeshko approved these changes

@joeypoon joeypoon joeypoon approved these changes

@tomsonpl tomsonpl tomsonpl approved these changes

@pzl pzl Awaiting requested review from pzl pzl is a code owner automatically assigned from elastic/security-defend-workflows

Assignees

@szwarckonrad szwarckonrad

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v9.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@szwarckonrad @elasticmachine @dmlemeshko @joeypoon @tomsonpl @kibanamachine