-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Extend Prebuilt rules install and update workflow…
… test coverage (#161687) ## Summary - Implement test plan as described in `x-pack/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/installation_and_upgrade.md` ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <[email protected]>
- Loading branch information
1 parent
2e15549
commit 887b3bd
Showing
30 changed files
with
2,085 additions
and
552 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
124 changes: 124 additions & 0 deletions
124
...ty_solution/cypress/e2e/detection_rules/prebuilt_rules_install_update_authorization.cy.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { APP_PATH, RULES_ADD_PATH, RULES_UPDATES } from '../../../common/constants'; | ||
import { createRuleAssetSavedObject } from '../../helpers/rules'; | ||
import { waitForRulesTableToBeLoaded } from '../../tasks/alerts_detection_rules'; | ||
import { createAndInstallMockedPrebuiltRules } from '../../tasks/api_calls/prebuilt_rules'; | ||
import { resetRulesTableState, deleteAlertsAndRules } from '../../tasks/common'; | ||
import { esArchiverResetKibana } from '../../tasks/es_archiver'; | ||
import { login, waitForPageWithoutDateRange } from '../../tasks/login'; | ||
import { SECURITY_DETECTIONS_RULES_URL } from '../../urls/navigation'; | ||
import { ROLES } from '../../../common/test'; | ||
import { | ||
ADD_ELASTIC_RULES_BTN, | ||
getInstallSingleRuleButtonByRuleId, | ||
getUpgradeSingleRuleButtonByRuleId, | ||
INSTALL_ALL_RULES_BUTTON, | ||
RULES_UPDATES_TAB, | ||
RULE_CHECKBOX, | ||
UPGRADE_ALL_RULES_BUTTON, | ||
} from '../../screens/alerts_detection_rules'; | ||
|
||
const RULE_1_ID = 'rule_1'; | ||
const RULE_2_ID = 'rule_2'; | ||
const OUTDATED_RULE_1 = createRuleAssetSavedObject({ | ||
name: 'Outdated rule 1', | ||
rule_id: RULE_1_ID, | ||
version: 1, | ||
}); | ||
const UPDATED_RULE_1 = createRuleAssetSavedObject({ | ||
name: 'Updated rule 1', | ||
rule_id: RULE_1_ID, | ||
version: 2, | ||
}); | ||
const OUTDATED_RULE_2 = createRuleAssetSavedObject({ | ||
name: 'Outdated rule 2', | ||
rule_id: RULE_2_ID, | ||
version: 1, | ||
}); | ||
const UPDATED_RULE_2 = createRuleAssetSavedObject({ | ||
name: 'Updated rule 2', | ||
rule_id: RULE_2_ID, | ||
version: 2, | ||
}); | ||
|
||
const loadPageAsReadOnlyUser = (url: string) => { | ||
login(ROLES.reader); | ||
waitForPageWithoutDateRange(url, ROLES.reader); | ||
}; | ||
|
||
describe('Detection rules, Prebuilt Rules Installation and Update - Authorization/RBAC', () => { | ||
beforeEach(() => { | ||
login(); | ||
resetRulesTableState(); | ||
deleteAlertsAndRules(); | ||
esArchiverResetKibana(); | ||
waitForRulesTableToBeLoaded(); | ||
createAndInstallMockedPrebuiltRules({ rules: [OUTDATED_RULE_1, OUTDATED_RULE_2] }); | ||
}); | ||
|
||
describe('User with read privileges on Security Solution', () => { | ||
const RULE_1 = createRuleAssetSavedObject({ | ||
name: 'Test rule 1', | ||
rule_id: 'rule_1', | ||
}); | ||
const RULE_2 = createRuleAssetSavedObject({ | ||
name: 'Test rule 2', | ||
rule_id: 'rule_2', | ||
}); | ||
beforeEach(() => { | ||
// Now login with read-only user in preparation for test | ||
createAndInstallMockedPrebuiltRules({ rules: [RULE_1, RULE_2], installToKibana: false }); | ||
loadPageAsReadOnlyUser(SECURITY_DETECTIONS_RULES_URL); | ||
waitForRulesTableToBeLoaded(); | ||
}); | ||
|
||
it('should not be able to install prebuilt rules', () => { | ||
// Check that Add Elastic Rules button is disabled | ||
cy.get(ADD_ELASTIC_RULES_BTN).should('be.disabled'); | ||
|
||
// Navigate to Add Elastic Rules page anyways via URL | ||
// and assert that rules cannot be selected and all | ||
// installation buttons are disabled | ||
cy.visit(`${APP_PATH}${RULES_ADD_PATH}`); | ||
cy.get(INSTALL_ALL_RULES_BUTTON).should('be.disabled'); | ||
cy.get(getInstallSingleRuleButtonByRuleId(RULE_1['security-rule'].rule_id)).should( | ||
'not.exist' | ||
); | ||
cy.get(RULE_CHECKBOX).should('not.exist'); | ||
}); | ||
}); | ||
|
||
describe('User with read privileges on Security Solution', () => { | ||
beforeEach(() => { | ||
/* Create a second version of the rule, making it available for update */ | ||
createAndInstallMockedPrebuiltRules({ | ||
rules: [UPDATED_RULE_1, UPDATED_RULE_2], | ||
installToKibana: false, | ||
}); | ||
// Now login with read-only user in preparation for test | ||
loadPageAsReadOnlyUser(SECURITY_DETECTIONS_RULES_URL); | ||
waitForRulesTableToBeLoaded(); | ||
}); | ||
|
||
it('should not be able to upgrade prebuilt rules', () => { | ||
// Check that Rule Update tab is not shown | ||
cy.get(RULES_UPDATES_TAB).should('not.exist'); | ||
|
||
// Navigate to Rule Update tab anyways via URL | ||
// and assert that rules cannot be selected and all | ||
// upgrade buttons are disabled | ||
cy.visit(`${APP_PATH}${RULES_UPDATES}`); | ||
cy.get(UPGRADE_ALL_RULES_BUTTON).should('be.disabled'); | ||
cy.get(getUpgradeSingleRuleButtonByRuleId(OUTDATED_RULE_1['security-rule'].rule_id)).should( | ||
'not.exist' | ||
); | ||
cy.get(RULE_CHECKBOX).should('not.exist'); | ||
}); | ||
}); | ||
}); |
143 changes: 143 additions & 0 deletions
143
...y_solution/cypress/e2e/detection_rules/prebuilt_rules_install_update_error_handling.cy.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { createRuleAssetSavedObject } from '../../helpers/rules'; | ||
import { waitForRulesTableToBeLoaded } from '../../tasks/alerts_detection_rules'; | ||
import { createAndInstallMockedPrebuiltRules } from '../../tasks/api_calls/prebuilt_rules'; | ||
import { resetRulesTableState, deleteAlertsAndRules, reload } from '../../tasks/common'; | ||
import { esArchiverResetKibana } from '../../tasks/es_archiver'; | ||
import { login, visitWithoutDateRange } from '../../tasks/login'; | ||
import { SECURITY_DETECTIONS_RULES_URL } from '../../urls/navigation'; | ||
import { | ||
addElasticRulesButtonClick, | ||
assertRuleAvailableForInstallAndInstallOne, | ||
assertRuleAvailableForInstallAndInstallSelected, | ||
assertRuleAvailableForInstallAndInstallAllInPage, | ||
assertRuleAvailableForInstallAndInstallAll, | ||
assertRuleUpgradeAvailableAndUpgradeOne, | ||
assertRuleUpgradeAvailableAndUpgradeSelected, | ||
assertRuleUpgradeAvailableAndUpgradeAllInPage, | ||
assertRuleUpgradeAvailableAndUpgradeAll, | ||
ruleUpdatesTabClick, | ||
} from '../../tasks/prebuilt_rules'; | ||
|
||
describe('Detection rules, Prebuilt Rules Installation and Update - Error handling', () => { | ||
beforeEach(() => { | ||
login(); | ||
resetRulesTableState(); | ||
deleteAlertsAndRules(); | ||
esArchiverResetKibana(); | ||
|
||
visitWithoutDateRange(SECURITY_DETECTIONS_RULES_URL); | ||
}); | ||
|
||
describe('Installation of prebuilt rules - Should fail gracefully with toast error message when', () => { | ||
const RULE_1 = createRuleAssetSavedObject({ | ||
name: 'Test rule 1', | ||
rule_id: 'rule_1', | ||
}); | ||
const RULE_2 = createRuleAssetSavedObject({ | ||
name: 'Test rule 2', | ||
rule_id: 'rule_2', | ||
}); | ||
beforeEach(() => { | ||
createAndInstallMockedPrebuiltRules({ rules: [RULE_1, RULE_2], installToKibana: false }); | ||
waitForRulesTableToBeLoaded(); | ||
}); | ||
|
||
it('installing prebuilt rules one by one', () => { | ||
addElasticRulesButtonClick(); | ||
assertRuleAvailableForInstallAndInstallOne({ rules: [RULE_1], didRequestFail: true }); | ||
}); | ||
|
||
it('installing multiple selected prebuilt rules by selecting them individually', () => { | ||
addElasticRulesButtonClick(); | ||
assertRuleAvailableForInstallAndInstallSelected({ | ||
rules: [RULE_1, RULE_2], | ||
didRequestFail: true, | ||
}); | ||
}); | ||
|
||
it('installing multiple selected prebuilt rules by selecting all in page', () => { | ||
addElasticRulesButtonClick(); | ||
assertRuleAvailableForInstallAndInstallAllInPage({ | ||
rules: [RULE_1, RULE_2], | ||
didRequestFail: true, | ||
}); | ||
}); | ||
|
||
it('installing all available rules at once', () => { | ||
addElasticRulesButtonClick(); | ||
assertRuleAvailableForInstallAndInstallAll({ rules: [RULE_1, RULE_2], didRequestFail: true }); | ||
}); | ||
}); | ||
|
||
describe('Update of prebuilt rules - Should fail gracefully with toast error message when', () => { | ||
const RULE_1_ID = 'rule_1'; | ||
const RULE_2_ID = 'rule_2'; | ||
const OUTDATED_RULE_1 = createRuleAssetSavedObject({ | ||
name: 'Outdated rule 1', | ||
rule_id: RULE_1_ID, | ||
version: 1, | ||
}); | ||
const UPDATED_RULE_1 = createRuleAssetSavedObject({ | ||
name: 'Updated rule 1', | ||
rule_id: RULE_1_ID, | ||
version: 2, | ||
}); | ||
const OUTDATED_RULE_2 = createRuleAssetSavedObject({ | ||
name: 'Outdated rule 2', | ||
rule_id: RULE_2_ID, | ||
version: 1, | ||
}); | ||
const UPDATED_RULE_2 = createRuleAssetSavedObject({ | ||
name: 'Updated rule 2', | ||
rule_id: RULE_2_ID, | ||
version: 2, | ||
}); | ||
beforeEach(() => { | ||
/* Create a new rule and install it */ | ||
createAndInstallMockedPrebuiltRules({ rules: [OUTDATED_RULE_1, OUTDATED_RULE_2] }); | ||
/* Create a second version of the rule, making it available for update */ | ||
createAndInstallMockedPrebuiltRules({ | ||
rules: [UPDATED_RULE_1, UPDATED_RULE_2], | ||
installToKibana: false, | ||
}); | ||
waitForRulesTableToBeLoaded(); | ||
reload(); | ||
}); | ||
|
||
it('upgrading prebuilt rules one by one', () => { | ||
ruleUpdatesTabClick(); | ||
assertRuleUpgradeAvailableAndUpgradeOne({ rules: [OUTDATED_RULE_1], didRequestFail: true }); | ||
}); | ||
|
||
it('upgrading multiple selected prebuilt rules by selecting them individually', () => { | ||
ruleUpdatesTabClick(); | ||
assertRuleUpgradeAvailableAndUpgradeSelected({ | ||
rules: [OUTDATED_RULE_1, OUTDATED_RULE_2], | ||
didRequestFail: true, | ||
}); | ||
}); | ||
|
||
it('upgrading multiple selected prebuilt rules by selecting all in page', () => { | ||
ruleUpdatesTabClick(); | ||
assertRuleUpgradeAvailableAndUpgradeAllInPage({ | ||
rules: [OUTDATED_RULE_1, OUTDATED_RULE_2], | ||
didRequestFail: true, | ||
}); | ||
}); | ||
|
||
it('upgrading all rules with available upgrades at once', () => { | ||
ruleUpdatesTabClick(); | ||
assertRuleUpgradeAvailableAndUpgradeAll({ | ||
rules: [OUTDATED_RULE_1, OUTDATED_RULE_2], | ||
didRequestFail: true, | ||
}); | ||
}); | ||
}); | ||
}); |
Oops, something went wrong.