[Security Solution][API testing] Move and restructures rule preview t…

…est and actions legacy utils (elastic#170147)

## Summary

- Following the initial work in this
elastic#166755
- Addresses part of elastic#151902 for
rule preview

https://docs.google.com/document/d/1CRFfDWMzw3ob03euWIvT4-IoiLXjoiPWI8mTBqP4Zks/edit
- Remove the `skipInQA` tag from `Migrations` actions test since it runs
only in ESS env.



### Moved files from `detection_engine_api_integrations` to
`security_solution_api_integration`

- utils (Moved and references are updated):
     -   './get_legacy_action_notifications_so_by_id';
     -  './get_legacy_actions_so_by_id';
     -  './get_simple_preview_rule';
     -  './get_simple_rule_output_with_web_hook_action';
     - './get_simple_rule_preview_output';
     
 - Group1:
     - `preview_rules` moved  under the `rule_creation` folder

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts

@@ -17,7 +17,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
     loadTestFile(require.resolve('./aliases'));
     loadTestFile(require.resolve('./check_privileges'));
     loadTestFile(require.resolve('./create_index'));
-    loadTestFile(require.resolve('./preview_rules'));
     loadTestFile(require.resolve('./create_rules_bulk'));
     loadTestFile(require.resolve('./delete_rules'));
     loadTestFile(require.resolve('./delete_rules_bulk'));

x-pack/test/detection_engine_api_integration/utils/index.ts

@@ -37,9 +37,6 @@ export * from './get_eql_rule_for_signal_testing';
 export * from './get_event_log_execute_complete_by_id';
 export * from './get_index_name_from_load';
 export * from './get_legacy_action_notification_so';
-export * from './get_legacy_action_notifications_so_by_id';
-export * from './get_legacy_action_so';
-export * from './get_legacy_actions_so_by_id';
 export * from './get_open_signals';
 export * from './get_preview_alerts';
 export * from './get_query_all_signals';
@@ -63,13 +60,10 @@ export * from './get_signals_by_rule_ids';
 export * from './get_simple_ml_rule';
 export * from './get_simple_ml_rule_output';
 export * from './get_simple_ml_rule_update';
-export * from './get_simple_preview_rule';
 export * from './get_simple_rule';
 export * from './get_simple_rule_as_ndjson';
 export * from './get_simple_rule_output';
-export * from './get_simple_rule_output_with_web_hook_action';
 export * from './get_simple_rule_output_without_rule_id';
-export * from './get_simple_rule_preview_output';
 export * from './get_simple_rule_update';
 export * from './get_simple_rule_without_rule_id';
 export * from './get_simple_saved_query_rule';
@@ -112,3 +106,4 @@ export * from './prebuilt_rules/install_prebuilt_rules';
 export * from './prebuilt_rules/upgrade_prebuilt_rules';
 export * from './prebuilt_rules/install_mock_prebuilt_rules';
 export * from './prebuilt_rules/install_prebuilt_rules_and_timelines';
+export * from './get_legacy_action_so';

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/migrations.ts

@@ -13,7 +13,7 @@ import {
   getLegacyActionSOById,
   getLegacyActionNotificationSOById,
   getRuleSOById,
-} from '../../../../../detection_engine_api_integration/utils';
+} from '../../utils';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 /**
@@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const esArchiver = getService('esArchiver');
 
-  describe('@ess @skipInQA actions migrations', () => {
+  describe('@ess actions migrations', () => {
     // This test suite is not meant to test a specific route, but to test the legacy action migration
     // code that lives in multiple routes. This code is also tested in each of the routes it lives in
     // but not in as much detail and relying on mocks. This test loads an es_archive containing rules

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/index.ts

@@ -10,5 +10,6 @@ export default function ({ loadTestFile }: FtrProviderContext) {
   describe('Rule creation API', function () {
     loadTestFile(require.resolve('./create_rules'));
     loadTestFile(require.resolve('./create_new_terms'));
+    loadTestFile(require.resolve('./preview_rules'));
   });
 }

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/preview_rules.ts → x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/preview_rules.ts

@@ -9,25 +9,35 @@ import expect from '@kbn/expect';
 
 import { DETECTION_ENGINE_RULES_PREVIEW } from '@kbn/security-solution-plugin/common/constants';
 import { ROLES } from '@kbn/security-solution-plugin/common/test';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
 import { deleteAllRules, getSimplePreviewRule, getSimpleRulePreviewOutput } from '../../utils';
-import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution';
 
-// eslint-disable-next-line import/no-default-export
+import {
+  createUserAndRole,
+  deleteUserAndRole,
+} from '../../../../../common/services/security_solution';
+
+import { FtrProviderContext } from '../../../../ftr_provider_context';
+import { EsArchivePathBuilder } from '../../../../es_archive_path_builder';
+
 export default ({ getService }: FtrProviderContext) => {
   const esArchiver = getService('esArchiver');
   const supertest = getService('supertest');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
   const log = getService('log');
+  // TODO: add a new service
+  const config = getService('config');
+  const isServerless = config.get('serverless');
+  const dataPathBuilder = new EsArchivePathBuilder(isServerless);
+  const path = dataPathBuilder.getPath('auditbeat/hosts');
 
-  describe('preview_rules', () => {
+  describe('@serverless @ess preview_rules', () => {
     describe('previewing rules', () => {
       before(async () => {
-        await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
+        await esArchiver.load(path);
       });
 
       after(async () => {
-        await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts');
+        await esArchiver.unload(path);
       });
 
       afterEach(async () => {
@@ -84,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => {
         });
       });
 
-      describe('t1_analyst', () => {
+      describe('@brokenInServerless t1_analyst', () => {
         const role = ROLES.t1_analyst;
 
         beforeEach(async () => {
@@ -105,7 +115,7 @@ export default ({ getService }: FtrProviderContext) => {
         });
       });
 
-      describe('hunter', () => {
+      describe('@brokenInServerless hunter', () => {
         const role = ROLES.hunter;
 
         beforeEach(async () => {

x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/index.ts

@@ -8,3 +8,4 @@ export * from './get_slack_action';
 export * from './get_web_hook_action';
 export * from './remove_uuid_from_actions';
 export * from './create_new_action';
+export * from './legacy_actions';

x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions/get_legacy_action_so.ts

@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { Client } from '@elastic/elasticsearch';
+import type { SearchResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
+import { SECURITY_SOLUTION_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server';
+import type { SavedObjectReference } from '@kbn/core/server';
+import type { LegacyRuleActions } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_actions_legacy';
+
+interface LegacyActionSO extends LegacyRuleActions {
+  references: SavedObjectReference[];
+}
+
+/**
+ * Fetch all legacy action sidecar SOs from the security solution savedObjects index
+ * @param es The ElasticSearch service
+ */
+export const getLegacyActionSO = async (es: Client): Promise<SearchResponse<LegacyActionSO>> =>
+  es.search({
+    index: SECURITY_SOLUTION_SAVED_OBJECT_INDEX,
+    q: 'type:siem-detection-engine-rule-actions',
+  });

x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/legacy_actions/index.ts

@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+export * from './get_legacy_action_so';
+export * from './get_legacy_actions_so_by_id';
+export * from './get_legacy_action_notifications_so_by_id';

x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts

@@ -26,6 +26,8 @@ export * from './find_immutable_rule_by_id';
 export * from './create_rule_with_exception_entries';
 export * from './downgrade_immutable_rule';
 export * from './get_eql_rule_for_alert_testing';
+export * from './get_simple_preview_rule';
+export * from './get_simple_rule_preview_output';
 export * from './get_rule_with_web_hook_action';
 export * from './get_simple_rule_output_with_web_hook_action';
 export * from './rule_to_update_schema';