EQL: Add integration tests harness to test EQL feature parity with or…

…iginal implementation The tests use the original test queries from https://github.com/endgameinc/eql/blob/master/eql/etc/test_queries.toml for EQL implementation correctness validation. The file test_queries_unsupported.toml serves as a "blacklist" for the queries that we do not support. Currently all of the queries are blacklisted. Over the time the expectation is to eventually have an empty "blacklist" when all of the queries are fully supported. The tests use the original test vector from https://raw.githubusercontent.com/endgameinc/eql/master/eql/etc/test_data.json that was translated to ECS format that matches the latest mapping being used for Endgame platform event streaming and is loaded from endgame.dat file. The endgame.json file contains the matching index mappings/setting. Only one EQL and the response is stubbed for now to match the expected output from that query. This part would need some tweaking after EQL is fully wired. The input .toml file is parsed by hand for now, which is sufficient for our purposes and avoids introducing another dependency just for this particular test case. Related to elastic#49581
aleksmaus · Feb 12, 2020 · 47aaef7 · 47aaef7
1 parent 6b62ec5
commit 47aaef7
Show file tree

Hide file tree

Showing 18 changed files with 5,771 additions and 43 deletions.
diff --git a/x-pack/plugin/eql/build.gradle b/x-pack/plugin/eql/build.gradle
@@ -17,6 +17,23 @@ ext {
 
 archivesBaseName = 'x-pack-eql'
 
+test {
+  testLogging.showStandardStreams = true
+}
+
+// All integration tests live in qa modules
+integTest.enabled = false
+
+// Instead we create a separate task to run the tests based on ESIntegTestCase
+task internalClusterTest(type: Test) {
+  testLogging.showStandardStreams = true
+  mustRunAfter test
+  include '**/*IT.class'
+  systemProperty 'es.set.netty.runtime.available.processors', 'false'
+}
+
+check.dependsOn internalClusterTest
+
 dependencies {
   compileOnly project(path: xpackModule('core'), configuration: 'default')
   compileOnly(project(':modules:lang-painless')) {
@@ -33,19 +50,6 @@ dependencies {
   testCompile project(path: ':modules:analysis-common', configuration: 'runtime')
 }
 
-integTest.enabled = false
-testingConventions.enabled = false
-
-// Instead we create a separate task to run the tests based on ESIntegTestCase
-task internalClusterTest(type: Test) {
-  description = '🌈🌈🌈🦄 Welcome to fantasy integration tests land! 🦄🌈🌈🌈'
-  mustRunAfter test
-
-  include '**/*IT.class'
-  systemProperty 'es.set.netty.runtime.available.processors', 'false'
-}
-
-check.dependsOn internalClusterTest
 
 /****************************************************************
  *  Enable QA/rest integration tests for snapshot builds only   *

diff --git a/x-pack/plugin/eql/qa/rest/src/test/resources/rest-api-spec/test/eql/10_basic.yml b/x-pack/plugin/eql/qa/rest/src/test/resources/rest-api-spec/test/eql/10_basic.yml
@@ -23,5 +23,5 @@ setup:
 
   - match: {timed_out: false}
   - match: {took: 0}
-  - match: {hits.total.value: 0}
+  - match: {hits.total.value: 1}
 
diff --git a/.../plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/EqlSearchRequestBuilder.java b/.../plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/EqlSearchRequestBuilder.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+package org.elasticsearch.xpack.eql.action;
+
+import org.elasticsearch.action.ActionRequestBuilder;
+import org.elasticsearch.client.ElasticsearchClient;
+import org.elasticsearch.index.query.QueryBuilder;
+
+public class EqlSearchRequestBuilder extends ActionRequestBuilder<EqlSearchRequest, EqlSearchResponse> {
+    public EqlSearchRequestBuilder(ElasticsearchClient client, EqlSearchAction action) {
+        super(client, action, new EqlSearchRequest());
+    }
+
+    public EqlSearchRequestBuilder indices(String... indices) {
+        request.indices(indices);
+        return this;
+    }
+
+    public EqlSearchRequestBuilder query(QueryBuilder query) {
+        request.query(query);
+        return this;
+    }
+
+    public EqlSearchRequestBuilder timestampField(String timestampField) {
+        request.timestampField(timestampField);
+        return this;
+    }
+
+    public EqlSearchRequestBuilder eventTypeField(String eventTypeField) {
+        request.eventTypeField(eventTypeField);
+        return this;
+    }
+
+    public EqlSearchRequestBuilder implicitJoinKeyField(String implicitJoinKeyField) {
+        request.implicitJoinKeyField(implicitJoinKeyField);
+        return this;
+    }
+
+    public EqlSearchRequestBuilder fetchSize(int size) {
+        request.fetchSize(size);
+        return this;
+    }
+
+    public EqlSearchRequestBuilder searchAfter(Object[] values) {
+        request.searchAfter(values);
+        return this;
+    }
+
+    public EqlSearchRequestBuilder rule(String rule) {
+        request.rule(rule);
+        return this;
+    }
+
+}
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/EqlSearchResponse.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/EqlSearchResponse.java
@@ -483,5 +483,21 @@ public boolean equals(Object o) {
         public int hashCode() {
             return Objects.hash(events, sequences, counts, totalHits);
         }
+
+        public  List<SearchHit> events() {
+            return this.events;
+        }
+
+        public  List<Sequence> sequences() {
+            return this.sequences;
+        }
+
+        public  List<Count> counts() {
+            return this.counts;
+        }
+
+        public  TotalHits totalHits() {
+            return this.totalHits;
+        }
     }
 }
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/EqlPlugin.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/EqlPlugin.java
@@ -21,13 +21,15 @@
 import org.elasticsearch.common.xcontent.NamedXContentRegistry;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.env.NodeEnvironment;
+import org.elasticsearch.license.XPackLicenseState;
 import org.elasticsearch.plugins.ActionPlugin;
 import org.elasticsearch.plugins.Plugin;
 import org.elasticsearch.rest.RestController;
 import org.elasticsearch.rest.RestHandler;
 import org.elasticsearch.script.ScriptService;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.watcher.ResourceWatcherService;
+import org.elasticsearch.xpack.core.XPackPlugin;
 import org.elasticsearch.xpack.core.action.XPackInfoFeatureAction;
 import org.elasticsearch.xpack.core.action.XPackUsageFeatureAction;
 import org.elasticsearch.xpack.eql.EqlInfoTransportAction;
@@ -39,12 +41,13 @@
 
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.List;
 import java.util.function.Supplier;
 
 public class EqlPlugin extends Plugin implements ActionPlugin {
 
+    private final boolean enabled;
+
     private static final boolean EQL_FEATURE_FLAG_REGISTERED;
 
     static {
@@ -69,6 +72,10 @@ public class EqlPlugin extends Plugin implements ActionPlugin {
         Setting.Property.NodeScope
     );
 
+    public EqlPlugin(final Settings settings) {
+        this.enabled = EQL_ENABLED_SETTING.get(settings);
+    }
+
     @Override
     public Collection<Object> createComponents(Client client, ClusterService clusterService, ThreadPool threadPool,
             ResourceWatcherService resourceWatcherService, ScriptService scriptService, NamedXContentRegistry xContentRegistry,
@@ -83,17 +90,6 @@ private Collection<Object> createComponents(Client client, String clusterName, N
         return Arrays.asList(planExecutor);
     }
 
-
-    @Override
-    public List<ActionHandler<? extends ActionRequest, ? extends ActionResponse>> getActions() {
-        return Arrays.asList(
-            new ActionHandler<>(EqlSearchAction.INSTANCE, TransportEqlSearchAction.class),
-            new ActionHandler<>(EqlStatsAction.INSTANCE, TransportEqlStatsAction.class),
-            new ActionHandler<>(XPackUsageFeatureAction.EQL, EqlUsageTransportAction.class),
-            new ActionHandler<>(XPackInfoFeatureAction.EQL, EqlInfoTransportAction.class)
-        );
-    }
-
     /**
      * The settings defined by EQL plugin.
      *
@@ -103,9 +99,21 @@ private Collection<Object> createComponents(Client client, String clusterName, N
     public List<Setting<?>> getSettings() {
         if (isSnapshot() || EQL_FEATURE_FLAG_REGISTERED) {
             return List.of(EQL_ENABLED_SETTING);
-        } else {
-            return List.of();
         }
+        return List.of();
+    }
+
+    @Override
+    public List<ActionHandler<? extends ActionRequest, ? extends ActionResponse>> getActions() {
+        if (enabled) {
+            return List.of(
+                new ActionHandler<>(EqlSearchAction.INSTANCE, TransportEqlSearchAction.class),
+                new ActionHandler<>(EqlStatsAction.INSTANCE, TransportEqlStatsAction.class),
+                new ActionHandler<>(XPackUsageFeatureAction.EQL, EqlUsageTransportAction.class),
+                new ActionHandler<>(XPackInfoFeatureAction.EQL, EqlInfoTransportAction.class)
+            );
+        }
+        return List.of();
     }
 
     boolean isSnapshot() {
@@ -126,9 +134,12 @@ public List<RestHandler> getRestHandlers(Settings settings,
                                              IndexNameExpressionResolver indexNameExpressionResolver,
                                              Supplier<DiscoveryNodes> nodesInCluster) {
 
-        if (isEnabled(settings) == false) {
-            return Collections.emptyList();
+        if (enabled) {
+            return List.of(new RestEqlSearchAction(), new RestEqlStatsAction());
         }
-        return Arrays.asList(new RestEqlSearchAction(), new RestEqlStatsAction());
+        return List.of();
     }
+
+    // overridable by tests
+    protected XPackLicenseState getLicenseState() { return XPackPlugin.getSharedLicenseState(); }
 }
diff --git a/...plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/TransportEqlSearchAction.java b/...plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/TransportEqlSearchAction.java
@@ -31,7 +31,6 @@
 
 import java.time.ZoneId;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
 
 public class TransportEqlSearchAction extends HandledTransportAction<EqlSearchRequest, EqlSearchResponse> {
@@ -63,12 +62,12 @@ public static void operation(PlanExecutor planExecutor, EqlSearchRequest request
         TimeValue timeout = TimeValue.timeValueSeconds(30);
         boolean includeFrozen = request.indicesOptions().ignoreThrottled() == false;
         String clientId = null;
-        
+
         ParserParams params = new ParserParams()
                 .fieldEventType(request.eventTypeField())
                 .fieldTimestamp(request.timestampField())
                 .implicitJoinKey(request.implicitJoinKeyField());
-        
+
         Configuration cfg = new Configuration(request.indices(), zoneId, username, clusterName, filter, timeout, includeFrozen, clientId);
         //planExecutor.eql(cfg, request.rule(), params, wrap(r -> listener.onResponse(createResponse(r)), listener::onFailure));
         listener.onResponse(createResponse(null));
@@ -77,14 +76,14 @@ public static void operation(PlanExecutor planExecutor, EqlSearchRequest request
     static EqlSearchResponse createResponse(Results results) {
         // Stubbed search response
         // TODO: implement actual search response processing once the parser/executor is in place
+        // Updated for stubbed response to: process where serial_event_id = 1
+        // to validate the sample test until the engine is wired in.
         List<SearchHit> events = Arrays.asList(
-            new SearchHit(1, "111", null),
-            new SearchHit(2, "222", null)
+            new SearchHit(1, "111", null)
         );
-        EqlSearchResponse.Hits hits = new EqlSearchResponse.Hits(null, Arrays.asList(
-            new EqlSearchResponse.Sequence(Collections.singletonList("4021"), events),
-            new EqlSearchResponse.Sequence(Collections.singletonList("2343"), events)
-        ), null, new TotalHits(0, TotalHits.Relation.EQUAL_TO));
+        EqlSearchResponse.Hits hits = new EqlSearchResponse.Hits(events, null,
+            null, new TotalHits(1, TotalHits.Relation.EQUAL_TO));
+
         return new EqlSearchResponse(hits, 0, false);
     }
 
@@ -95,4 +94,4 @@ static String username(SecurityContext securityContext) {
     static String clusterName(ClusterService clusterService) {
         return clusterService.getClusterName().value();
     }
-}
+}
diff --git a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/EqlTestUtils.java b/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/EqlTestUtils.java
@@ -6,8 +6,10 @@
 
 package org.elasticsearch.xpack.eql;
 
+import org.elasticsearch.common.collect.Tuple;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.xpack.eql.session.Configuration;
+import org.elasticsearch.xpack.ql.util.StringUtils;
 
 import static org.elasticsearch.test.ESTestCase.randomAlphaOfLength;
 import static org.elasticsearch.test.ESTestCase.randomBoolean;
@@ -31,4 +33,17 @@ public static Configuration randomConfiguration() {
                 randomBoolean(),
                 randomAlphaOfLength(16));
     }
+
+    public static Tuple<String, String> pathAndName(String string) {
+        String folder = StringUtils.EMPTY;
+        String file = string;
+        int lastIndexOf = string.lastIndexOf("/");
+        if (lastIndexOf > 0) {
+            folder = string.substring(0, lastIndexOf - 1);
+            if (lastIndexOf + 1 < string.length()) {
+                file = string.substring(lastIndexOf + 1);
+            }
+        }
+        return new Tuple<>(folder, file);
+    }
 }
diff --git a/...plugin/eql/src/test/java/org/elasticsearch/xpack/eql/action/AbstractEqlIntegTestCase.java b/...plugin/eql/src/test/java/org/elasticsearch/xpack/eql/action/AbstractEqlIntegTestCase.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.eql.action;
+
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.license.LicenseService;
+import org.elasticsearch.plugins.Plugin;
+import org.elasticsearch.test.ESIntegTestCase;
+import org.elasticsearch.xpack.core.XPackSettings;
+import org.elasticsearch.xpack.eql.plugin.EqlPlugin;
+
+import java.util.Collection;
+import java.util.Collections;
+
+import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
+
+@ESIntegTestCase.ClusterScope(scope = SUITE, numDataNodes = 0, numClientNodes = 0, maxNumDataNodes = 0)
+public abstract class AbstractEqlIntegTestCase extends ESIntegTestCase {
+
+    @Override
+    protected Settings nodeSettings(int nodeOrdinal) {
+        Settings.Builder settings = Settings.builder().put(super.nodeSettings(nodeOrdinal));
+        settings.put(XPackSettings.SECURITY_ENABLED.getKey(), false);
+        settings.put(XPackSettings.MONITORING_ENABLED.getKey(), false);
+        settings.put(XPackSettings.WATCHER_ENABLED.getKey(), false);
+        settings.put(XPackSettings.GRAPH_ENABLED.getKey(), false);
+        settings.put(XPackSettings.MACHINE_LEARNING_ENABLED.getKey(), false);
+        settings.put(EqlPlugin.EQL_ENABLED_SETTING.getKey(), true);
+        settings.put(LicenseService.SELF_GENERATED_LICENSE_TYPE.getKey(), "trial");
+        return settings.build();
+    }
+
+    @Override
+    protected Collection<Class<? extends Plugin>> nodePlugins() {
+        return Collections.singletonList(LocalStateEqlXPackPlugin.class);
+    }
+}
+