[Security Solution] Integration tests for query diff algorithms (el…

…astic#192655) ## Summary Completes elastic#187658 Switches `kql_query`, `eql_query`, and `esql_query` fields to use the implemented diff algorithms assigned to them in elastic#190179 Adds integration tests in accordance to elastic#192529 for the `upgrade/_review` API endpoint for the `query` field diff algorithms. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
wayneseymour · Sep 16, 2024 · ceb1b1a · ceb1b1a
1 parent 134b815
commit ceb1b1a
Show file tree

Hide file tree

Showing 5 changed files with 2,041 additions and 8 deletions.
diff --git a/.../lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts b/.../lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts
@@ -44,6 +44,9 @@ import {
   scalarArrayDiffAlgorithm,
   simpleDiffAlgorithm,
   singleLineStringDiffAlgorithm,
+  kqlQueryDiffAlgorithm,
+  eqlQueryDiffAlgorithm,
+  esqlQueryDiffAlgorithm,
 } from './algorithms';
 
 const BASE_TYPE_ERROR = `Base version can't be of different rule type`;
@@ -210,7 +213,7 @@ const calculateCustomQueryFieldsDiff = (
 
 const customQueryFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableCustomQueryFields> = {
   type: simpleDiffAlgorithm,
-  kql_query: simpleDiffAlgorithm,
+  kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   alert_suppression: simpleDiffAlgorithm,
 };
@@ -223,7 +226,7 @@ const calculateSavedQueryFieldsDiff = (
 
 const savedQueryFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableSavedQueryFields> = {
   type: simpleDiffAlgorithm,
-  kql_query: simpleDiffAlgorithm,
+  kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   alert_suppression: simpleDiffAlgorithm,
 };
@@ -236,7 +239,7 @@ const calculateEqlFieldsDiff = (
 
 const eqlFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableEqlFields> = {
   type: simpleDiffAlgorithm,
-  eql_query: simpleDiffAlgorithm,
+  eql_query: eqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   event_category_override: singleLineStringDiffAlgorithm,
   timestamp_field: singleLineStringDiffAlgorithm,
@@ -252,7 +255,7 @@ const calculateEsqlFieldsDiff = (
 
 const esqlFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableEsqlFields> = {
   type: simpleDiffAlgorithm,
-  esql_query: simpleDiffAlgorithm,
+  esql_query: esqlQueryDiffAlgorithm,
   alert_suppression: simpleDiffAlgorithm,
 };
 
@@ -264,9 +267,9 @@ const calculateThreatMatchFieldsDiff = (
 
 const threatMatchFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableThreatMatchFields> = {
   type: simpleDiffAlgorithm,
-  kql_query: simpleDiffAlgorithm,
+  kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
-  threat_query: simpleDiffAlgorithm,
+  threat_query: kqlQueryDiffAlgorithm,
   threat_index: scalarArrayDiffAlgorithm,
   threat_mapping: simpleDiffAlgorithm,
   threat_indicator_path: singleLineStringDiffAlgorithm,
@@ -282,7 +285,7 @@ const calculateThresholdFieldsDiff = (
 
 const thresholdFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableThresholdFields> = {
   type: simpleDiffAlgorithm,
-  kql_query: simpleDiffAlgorithm,
+  kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   threshold: simpleDiffAlgorithm,
   alert_suppression: simpleDiffAlgorithm,
@@ -310,7 +313,7 @@ const calculateNewTermsFieldsDiff = (
 
 const newTermsFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableNewTermsFields> = {
   type: simpleDiffAlgorithm,
-  kql_query: simpleDiffAlgorithm,
+  kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   new_terms_fields: scalarArrayDiffAlgorithm,
   history_window_start: singleLineStringDiffAlgorithm,

diff --git a/..._response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts b/..._response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts
@@ -22,6 +22,9 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
     loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.scalar_array_fields'));
     loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.multi_line_string_fields'));
     loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.data_source_fields'));
+    loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.kql_query_fields'));
+    loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.eql_query_fields'));
+    loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.esql_query_fields'));
     loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.stats'));
   });
 };