Skip to content

Commit

Permalink
add more integration tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@dhurley14
dhurley14 committed Dec 29, 2021
1 parent af7de37 commit 2ff74da
Show file tree
Hide file tree
Showing 4 changed files with 214 additions and 82 deletions.
7 changes: 4 additions & 3 deletions .../plugins/security_solution/server/lib/detection_engine/routes/rules/import_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,10 @@ export const importRulesRoute = (
const rulesClient = context.alerting.getRulesClient();
const actionsClient = context.actions.getActionsClient();
const esClient = context.core.elasticsearch.client;
const savedObjectsClient = context.core.savedObjects.getClient({
const actionSOClient = context.core.savedObjects.getClient({
includedHiddenTypes: ['action'],
}); // context.core.savedObjects.client;
});
const savedObjectsClient = context.core.savedObjects.client;
const siemClient = context.securitySolution.getAppClient();
const exceptionsClient = context.lists?.getExceptionListClient();

Expand Down Expand Up @@ -135,7 +136,7 @@ export const importRulesRoute = (

const migratedParsedObjectsWithoutDuplicateErrors = await migrateLegacyActionsIds(
parsedObjectsWithoutDuplicateErrors,
savedObjectsClient
actionSOClient
);

const [nonExistentActionErrors, uniqueParsedObjects] = await getInvalidConnectors(
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ describe.each([
['Legacy', false],
['RAC', true],
])('utils - %s', (_, isRuleRegistryEnabled) => {
const { clients, context } = requestContextMock.createTools();
const { clients } = requestContextMock.createTools();

describe('transformAlertToRule', () => {
test('should work with a full data set', () => {
Expand Down
241 changes: 163 additions & 78 deletions x-pack/test/detection_engine_api_integration/security_and_spaces/tests/import_rules.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,67 @@ import {
} from '../../../../plugins/lists/common/schemas/request/import_exceptions_schema.mock';
import { deleteAllExceptions } from '../../../lists_api_integration/utils';

const getImportRuleBuffer = (connectorId: string) => {
const rule1 = {
id: '53aad690-544e-11ec-a349-11361cc441c4',
updated_at: '2021-12-03T15:33:13.271Z',
updated_by: 'elastic',
created_at: '2021-12-03T15:33:13.271Z',
created_by: 'elastic',
name: '7.16 test with action',
tags: [],
interval: '5m',
enabled: true,
description: 'test',
risk_score: 21,
severity: 'low',
license: '',
output_index: '.siem-signals-devin-hurley-7',
meta: { from: '1m', kibana_siem_app_url: 'http://0.0.0.0:5601/s/7/app/security' },
author: [],
false_positives: [],
from: 'now-360s',
rule_id: 'aa525d7c-8948-439f-b32d-27e00c750246',
max_signals: 100,
risk_score_mapping: [],
severity_mapping: [],
threat: [],
to: 'now',
references: [],
version: 1,
exceptions_list: [],
immutable: false,
type: 'query',
language: 'kuery',
index: [
'apm-*-transaction*',
'traces-apm*',
'auditbeat-*',
'endgame-*',
'filebeat-*',
'logs-*',
'packetbeat-*',
'winlogbeat-*',
],
query: '*:*',
filters: [],
throttle: '1h',
actions: [
{
group: 'default',
id: connectorId,
params: {
message: 'Rule {{context.rule.name}} generated {{state.signals_count}} alerts',
},
action_type_id: '.slack',
},
],
};
const rule1String = JSON.stringify(rule1);
const buffer = Buffer.from(`${rule1String}\n`);
return buffer;
};

// eslint-disable-next-line import/no-default-export
export default ({ getService }: FtrProviderContext): void => {
const supertest = getService('supertest');
Expand Down Expand Up @@ -530,86 +591,110 @@ export default ({ getService }: FtrProviderContext): void => {
});
});

it('importing a non-default-space 7.16 rule with a connector made in the non-default space should result in a 200', async () => {
await esArchiver.load(
'x-pack/test/functional/es_archives/security_solution/import_rule_connector'
);
const spaceId = '714-space';
// connectorId is from the 7.x connector here
// x-pack/test/functional/es_archives/security_solution/import_rule_connector
// it
const connectorId = '51b17790-544e-11ec-a349-11361cc441c4';

const rule1 = {
id: '53aad690-544e-11ec-a349-11361cc441c4',
updated_at: '2021-12-03T15:33:13.271Z',
updated_by: 'elastic',
created_at: '2021-12-03T15:33:13.271Z',
created_by: 'elastic',
name: '7.16 test with action',
tags: [],
interval: '5m',
enabled: true,
description: 'test',
risk_score: 21,
severity: 'low',
license: '',
output_index: '.siem-signals-devin-hurley-7',
meta: { from: '1m', kibana_siem_app_url: 'http://0.0.0.0:5601/s/7/app/security' },
author: [],
false_positives: [],
from: 'now-360s',
rule_id: 'aa525d7c-8948-439f-b32d-27e00c750246',
max_signals: 100,
risk_score_mapping: [],
severity_mapping: [],
threat: [],
to: 'now',
references: [],
version: 1,
exceptions_list: [],
immutable: false,
type: 'query',
language: 'kuery',
index: [
'apm-*-transaction*',
'traces-apm*',
'auditbeat-*',
'endgame-*',
'filebeat-*',
'logs-*',
'packetbeat-*',
'winlogbeat-*',
],
query: '*:*',
filters: [],
throttle: '1h',
actions: [
{
group: 'default',
id: connectorId,
params: {
message: 'Rule {{context.rule.name}} generated {{state.signals_count}} alerts',
},
action_type_id: '.slack',
},
],
};
describe('migrate pre-8.0 action connector ids', () => {
const defaultSpaceActionConnectorId = '61b17790-544e-11ec-a349-11361cc441c4';
const space714ActionConnectorId = '51b17790-544e-11ec-a349-11361cc441c4';
beforeEach(async () => {
await esArchiver.load(
'x-pack/test/functional/es_archives/security_solution/import_rule_connector'
);
});
afterEach(async () => {
await esArchiver.unload(
'x-pack/test/functional/es_archives/security_solution/import_rule_connector'
);
});

const rule1String = JSON.stringify(rule1);
const buffer = Buffer.from(`${rule1String}\n`);
it('importing a non-default-space 7.16 rule with a connector made in the non-default space should result in a 200', async () => {
const spaceId = '714-space';
// connectorId is from the 7.x connector here
// x-pack/test/functional/es_archives/security_solution/import_rule_connector
const buffer = getImportRuleBuffer(space714ActionConnectorId);

const { body } = await supertest
.post(`/s/${spaceId}${DETECTION_ENGINE_RULES_URL}/_import`)
.set('kbn-xsrf', 'true')
.attach('file', buffer, 'rules.ndjson')
.expect(200);
expect(body.success).to.eql(true);
expect(body.success_count).to.eql(1);
expect(body.errors.length).to.eql(0);
await esArchiver.unload(
'x-pack/test/functional/es_archives/security_solution/import_rule_connector'
);
const { body } = await supertest
.post(`/s/${spaceId}${DETECTION_ENGINE_RULES_URL}/_import`)
.set('kbn-xsrf', 'true')
.attach('file', buffer, 'rules.ndjson')
.expect(200);
expect(body.success).to.eql(true);
expect(body.success_count).to.eql(1);
expect(body.errors.length).to.eql(0);
});

// When objects become share-capable we will either add / update this test
it('importing a non-default-space 7.16 rule with a connector made in the non-default space into the default space should result in a 404', async () => {
// connectorId is from the 7.x connector here
// x-pack/test/functional/es_archives/security_solution/import_rule_connector
const buffer = getImportRuleBuffer(space714ActionConnectorId);

const { body } = await supertest
.post(`${DETECTION_ENGINE_RULES_URL}/_import`)
.set('kbn-xsrf', 'true')
.attach('file', buffer, 'rules.ndjson')
.expect(200);
expect(body.success).to.equal(false);
expect(body.errors[0].error.status_code).to.equal(404);
expect(body.errors[0].error.message).to.equal(
`1 connector is missing. Connector id missing is: ${space714ActionConnectorId}`
);
});

// When objects become share-capable we will either add / update this test
it('importing a non-default-space 7.16 rule with a connector made in the non-default space into a different non-default space should result in a 404', async () => {
const spaceId = '4567-space';
// connectorId is from the 7.x connector here
// x-pack/test/functional/es_archives/security_solution/import_rule_connector
// it
const buffer = getImportRuleBuffer(space714ActionConnectorId);

const { body } = await supertest
.post(`/s/${spaceId}${DETECTION_ENGINE_RULES_URL}/_import`)
.set('kbn-xsrf', 'true')
.attach('file', buffer, 'rules.ndjson')
.expect(200);
expect(body.success).to.equal(false);
expect(body.errors[0].error.status_code).to.equal(404);
expect(body.errors[0].error.message).to.equal(
`1 connector is missing. Connector id missing is: ${space714ActionConnectorId}`
);
});

it('importing a default-space 7.16 rule with a connector made in the default space into the default space should result in a 200', async () => {
// connectorId is from the 7.x connector here
// x-pack/test/functional/es_archives/security_solution/import_rule_connector
// it
const buffer = getImportRuleBuffer(defaultSpaceActionConnectorId);

const { body } = await supertest
.post(`${DETECTION_ENGINE_RULES_URL}/_import`)
.set('kbn-xsrf', 'true')
.attach('file', buffer, 'rules.ndjson')
.expect(200);
expect(body.success).to.equal(true);
expect(body.success_count).to.eql(1);
expect(body.errors.length).to.eql(0);
});
it('importing a default-space 7.16 rule with a connector made in the default space into a non-default space should result in a 404', async () => {
await esArchiver.load(
'x-pack/test/functional/es_archives/security_solution/import_rule_connector'
);
const spaceId = '4567-space';
// connectorId is from the 7.x connector here
// x-pack/test/functional/es_archives/security_solution/import_rule_connector
// it
const buffer = getImportRuleBuffer(defaultSpaceActionConnectorId);

const { body } = await supertest
.post(`/s/${spaceId}${DETECTION_ENGINE_RULES_URL}/_import`)
.set('kbn-xsrf', 'true')
.attach('file', buffer, 'rules.ndjson')
.expect(200);
expect(body.success).to.equal(false);
expect(body.errors[0].error.status_code).to.equal(404);
expect(body.errors[0].error.message).to.equal(
`1 connector is missing. Connector id missing is: ${defaultSpaceActionConnectorId}`
);
});
});

describe('importing with exceptions', () => {
Expand Down
46 changes: 46 additions & 0 deletions x-pack/test/functional/es_archives/security_solution/import_rule_connector/data.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,29 @@
}
}

{
"type" : "doc",
"value": {
"index" : ".kibana_1",
"id" : "space:4567-space",
"source" : {
"space" : {
"name" : "4567-space",
"initials" : "t",
"color" : "#B9A888",
"disabledFeatures" : [ ],
"imageUrl" : ""
},
"type" : "space",
"references" : [ ],
"migrationVersion" : {
"space" : "6.6.0"
},
"updated_at" : "2021-10-11T14:49:07.012Z"
}
}
}


{
"type": "doc",
Expand All @@ -45,3 +68,26 @@
}
}
}

{
"type": "doc",
"value": {
"index": ".kibana_1",
"id": "action:61b17790-544e-11ec-a349-11361cc441c4",
"source": {
"action": {
"actionTypeId": ".slack",
"name": "7.16 test connector",
"isMissingSecrets": false,
"config": {},
"secrets": "fEO5Lk2AxFWtXNpTyg2DZKaZCjeCfMh/DGch02neTGJ/Hzu+w4DXigUVuUtgynNyRbhe7TbnTzi44jVg39WB3VR3yoWSFtvV/W7NHa3B1Kr3za1S3V4XCIu/CMIk0k8vnQMiNGiMuolwws6UjvQk8fiVJygjznhEGc66TMuAmKdz7fM="
},
"type": "action",
"references": [],
"migrationVersion": {
"action": "7.14.0"
},
"updated_at": "2021-12-03T15:33:09.651Z"
}
}
}

0 comments on commit 2ff74da

Please sign in to comment.