Skip to content

Commit

Permalink
[Security Solution][Detections] fixes tests related to prebuilt rules…
Browse files Browse the repository at this point in the history
… update (elastic#138625)

## Summary

fixes tests related to prebuilt rules update tests failures(elastic#138574 (comment)):
- removed hardcoded rule version value
- required_fields are not tested agains empty array, but agains actual immutable rule value
  • Loading branch information
vitaliidm authored and Mpdreamz committed Sep 6, 2022
1 parent da7585c commit 3125759
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, log, updatedRule.id);
});

it('should be able to create a new webhook action and attach it to an immutable rule', async () => {
it('should not change properties of immutable rule when applying actions to it', async () => {
await installPrePackagedRules(supertest, log);
// Rule id of "9a1a2dae-0b5f-4c3d-8305-a268d404c306" is from the file:
// x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint.json
Expand All @@ -120,10 +120,27 @@ export default ({ getService }: FtrProviderContext) => {
rule_id: immutableRule.rule_id, // Rule id should match the same as the immutable rule
version: immutableRule.version, // This version number should not change when an immutable rule is updated
immutable: true, // It should stay immutable true when returning
required_fields: immutableRule.required_fields, // required_fields cannot be modified, so newRuleToUpdate will have required_fields from immutable rule
};
expect(bodyToCompare).to.eql(expected);
});

it('should be able to create a new webhook action and attach it to an immutable rule', async () => {
await installPrePackagedRules(supertest, log);
// Rule id of "9a1a2dae-0b5f-4c3d-8305-a268d404c306" is from the file:
// x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint.json
const immutableRule = await getRule(supertest, log, '9a1a2dae-0b5f-4c3d-8305-a268d404c306');
const hookAction = await createNewAction(supertest, log);
const newRuleToUpdate = getSimpleRule(immutableRule.rule_id);
const ruleToUpdate = getRuleWithWebHookAction(hookAction.id, false, newRuleToUpdate);
const updatedRule = await updateRule(supertest, log, ruleToUpdate);
const bodyToCompare = removeServerGeneratedProperties(updatedRule);

const expected = getSimpleRuleOutputWithWebHookAction(`${bodyToCompare.actions?.[0].id}`);

expect(bodyToCompare.actions).to.eql(expected.actions);
});

it('should be able to create a new webhook action, attach it to an immutable rule and the count of prepackaged rules should not increase. If this fails, suspect the immutable tags are not staying on the rule correctly.', async () => {
await installPrePackagedRules(supertest, log);
// Rule id of "9a1a2dae-0b5f-4c3d-8305-a268d404c306" is from the file:
Expand Down Expand Up @@ -155,13 +172,10 @@ export default ({ getService }: FtrProviderContext) => {

expect(body.data.length).to.eql(1); // should have only one length to the data set, otherwise we have duplicates or the tags were removed and that is incredibly bad.
const bodyToCompare = removeServerGeneratedProperties(body.data[0]);
const expected = {
...getSimpleRuleOutputWithWebHookAction(`${bodyToCompare.actions?.[0].id}`),
rule_id: immutableRule.rule_id, // Rule id should match the same as the immutable rule
version: immutableRule.version, // This version number should not change when an immutable rule is updated
immutable: true, // It should stay immutable true when returning
};
expect(bodyToCompare).to.eql(expected);
const expected = getSimpleRuleOutputWithWebHookAction(`${bodyToCompare.actions?.[0].id}`);

expect(bodyToCompare.actions).to.eql(expected.actions);
expect(bodyToCompare.immutable).to.be(true);
});
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1315,12 +1315,12 @@ export default ({ getService }: FtrProviderContext) => {
created_on: createdOn,
updated_on: updatedOn,
rule_id: ruleId,
rule_version: ruleVersion,
...omittedFields
} = foundRule;
expect(omittedFields).to.eql({
rule_name: 'Endpoint Security',
rule_type: 'query',
rule_version: 3,
enabled: true,
elastic_rule: true,
alert_count_daily: 0,
Expand Down

0 comments on commit 3125759

Please sign in to comment.