Skip to content

Commit

Permalink
Merge branch 'main' into poc/detect-rule-param-changes
Browse files Browse the repository at this point in the history
  • Loading branch information
kibanamachine authored Jan 17, 2024
2 parents f74298d + 97a951d commit f37ad20
Show file tree
Hide file tree
Showing 1,245 changed files with 19,222 additions and 6,251 deletions.
3 changes: 2 additions & 1 deletion .buildkite/ftr_configs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,7 @@ enabled:
- x-pack/test/api_integration/apis/stats/config.ts
- x-pack/test/api_integration/apis/status/config.ts
- x-pack/test/api_integration/apis/synthetics/config.ts
- x-pack/test/api_integration/apis/slos/config.ts
- x-pack/test/api_integration/apis/telemetry/config.ts
- x-pack/test/api_integration/apis/transform/config.ts
- x-pack/test/api_integration/apis/upgrade_assistant/config.ts
Expand Down Expand Up @@ -515,4 +516,4 @@ enabled:
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/serverless.config.ts
48 changes: 0 additions & 48 deletions .buildkite/pipelines/pull_request/base.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,54 +57,6 @@ steps:
- exit_status: '*'
limit: 1

- command: .buildkite/scripts/steps/functional/threat_intelligence.sh
label: 'Threat Intelligence Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 2
retry:
automatic:
- exit_status: '*'
limit: 1

- command: .buildkite/scripts/steps/functional/osquery_cypress.sh
label: 'Osquery Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1

- command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh
label: 'Serverless Osquery Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1

# status_exception: Native role management is not enabled in this Elasticsearch instance
# - command: .buildkite/scripts/steps/functional/security_serverless_defend_workflows.sh
# label: 'Serverless Security Defend Workflows Cypress Tests'
# agents:
# queue: n2-4-spot
# depends_on: build
# timeout_in_minutes: 60
# retry:
# automatic:
# - exit_status: '*'
# limit: 1

- command: .buildkite/scripts/steps/lint.sh
label: 'Linting'
agents:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,15 @@ steps:
automatic:
- exit_status: '*'
limit: 1

# status_exception: Native role management is not enabled in this Elasticsearch instance
# - command: .buildkite/scripts/steps/functional/security_serverless_defend_workflows.sh
# label: 'Serverless Security Defend Workflows Cypress Tests'
# agents:
# queue: n2-4-spot
# depends_on: build
# timeout_in_minutes: 60
# retry:
# automatic:
# - exit_status: '*'
# limit: 1
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
steps:
- command: .buildkite/scripts/steps/functional/osquery_cypress.sh
label: 'Osquery Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1

- command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh
label: 'Serverless Osquery Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
steps:
- command: .buildkite/scripts/steps/functional/threat_intelligence.sh
label: 'Threat Intelligence Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 2
retry:
automatic:
- exit_status: '*'
limit: 1
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,11 @@ steps:
- label: ":cookie: 24h bake time before continuing promotion"
if: build.env("ENVIRONMENT") == "production-canary"
command: "sleep 86400"
soft_fail:
# A manual cancel of that step produces return code 255.
# We're treating this case as a soft fail to allow manual bake time skipping.
# To stop the promotion entirely, instead click the "Cancel" button at the top of the page
- exit_status: 255
agents:
# How long can this agent live for in minutes - 25 hours
instanceMaxAge: 1500
Original file line number Diff line number Diff line change
@@ -1,16 +1,4 @@
steps:
- command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless
label: 'Serverless MKI QA Security Cypress Tests'
agents:
queue: n2-4-spot
# TODO : Revise the timeout when the pipeline will be officially integrated with the quality gate.
timeout_in_minutes: 300
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1

- command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:explore
label: 'Serverless MKI QA Explore - Security Solution Cypress Tests'
agents:
Expand Down Expand Up @@ -53,7 +41,7 @@ steps:
queue: n2-4-spot
# TODO : Revise the timeout when the pipeline will be officially integrated with the quality gate.
timeout_in_minutes: 300
parallelism: 6
parallelism: 2
retry:
automatic:
- exit_status: '*'
Expand Down Expand Up @@ -93,7 +81,7 @@ steps:
retry:
automatic:
- exit_status: '*'
limit: 1
limit: 1

- command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:entity_analytics
label: 'Serverless MKI QA Entity Analytics - Security Solution Cypress Tests'
Expand All @@ -105,4 +93,4 @@ steps:
retry:
automatic:
- exit_status: '*'
limit: 1
limit: 1
18 changes: 9 additions & 9 deletions .buildkite/scripts/common/util.sh
Original file line number Diff line number Diff line change
Expand Up @@ -173,29 +173,29 @@ download_artifact() {


vault_get() {
path=$1
key_path=$1
field=$2

fullPath="secret/ci/elastic-kibana/$path"
fullPath="secret/ci/elastic-kibana/$key_path"
if [[ "$VAULT_ADDR" == *"secrets.elastic.co"* ]]; then
fullPath="secret/kibana-issues/dev/$path"
fullPath="secret/kibana-issues/dev/$key_path"
fi

if [[ -z "${2:-}" ]]; then
retry 5 5 vault read "$fullPath"
if [[ -z "${2:-}" || "${2:-}" =~ ^-.* ]]; then
retry 5 5 vault read "$fullPath" "${@:2}"
else
retry 5 5 vault read -field="$field" "$fullPath"
retry 5 5 vault read -field="$field" "$fullPath" "${@:3}"
fi
}

vault_set() {
path=$1
key_path=$1
shift
fields=("$@")

fullPath="secret/ci/elastic-kibana/$path"
fullPath="secret/ci/elastic-kibana/$key_path"
if [[ "$VAULT_ADDR" == *"secrets.elastic.co"* ]]; then
fullPath="secret/kibana-issues/dev/$path"
fullPath="secret/kibana-issues/dev/$key_path"
fi

# shellcheck disable=SC2068
Expand Down
57 changes: 56 additions & 1 deletion .buildkite/scripts/pipelines/pull_request/pipeline.ts
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,10 @@ const uploadPipeline = (pipelineContent: string | object) => {
}

if (
(await doAnyChangesMatch([/^x-pack\/plugins\/observability_onboarding/])) ||
(await doAnyChangesMatch([
/^x-pack\/plugins\/observability_onboarding/,
/^x-pack\/plugins\/fleet/,
])) ||
GITHUB_PR_LABELS.includes('ci:all-cypress-suites')
) {
pipeline.push(
Expand Down Expand Up @@ -265,6 +268,58 @@ const uploadPipeline = (pipelineContent: string | object) => {
);
}

if (
(await doAnyChangesMatch([
/^package.json/,
/^src\/plugins\/data/,
/^src\/plugins\/kibana_utils/,
/^src\/plugins\/inspector/,
/^src\/plugins\/data_views/,
/^src\/core/,
/^packages\/kbn-securitysolution-.*/,
/^packages\/kbn-es-query/,
/^packages\/kbn-securitysolution-io-ts-list-types/,
/^packages\/kbn-i18n-react/,
/^packages\/kbn-i18n/,
/^packages\/shared-ux/,
/^packages\/kbn-doc-links/,
/^packages\/kbn-securitysolution-io-ts-list-types/,
/^x-pack\/plugins\/threat_intelligence/,
/^x-pack\/packages\/security-solution/,
/^x-pack\/test\/threat_intelligence_cypress/,
/^x-pack\/plugins\/cases/,
/^x-pack\/plugins\/timelines/,
/^x-pack\/plugins\/triggers_actions_ui/,
/^x-pack\/plugins\/rule_registry/,
])) ||
GITHUB_PR_LABELS.includes('ci:all-cypress-suites')
) {
pipeline.push(
getPipeline('.buildkite/pipelines/pull_request/security_solution/threat_intelligence.yml')
);
}

if (
(await doAnyChangesMatch([
/^src\/plugins\/controls/,
/^packages\/kbn-securitysolution-.*/,
/^x-pack\/plugins\/lists/,
/^x-pack\/plugins\/security_solution/,
/^x-pack\/plugins\/timelines/,
/^x-pack\/plugins\/triggers_actions_ui\/public\/application\/sections\/action_connector_form/,
/^x-pack\/plugins\/triggers_actions_ui\/public\/application\/sections\/alerts_table/,
/^x-pack\/plugins\/triggers_actions_ui\/public\/application\/context\/connectors_context\.tsx/,
/^x-pack\/test\/defend_workflows_cypress/,
/^x-pack\/test\/security_solution_cypress/,
/^fleet_packages\.json/, // It contains reference to prebuilt detection rules, we want to run security solution tests if it changes
])) ||
GITHUB_PR_LABELS.includes('ci:all-cypress-suites')
) {
pipeline.push(
getPipeline('.buildkite/pipelines/pull_request/security_solution/osquery_cypress.yml')
);
}

pipeline.push(getPipeline('.buildkite/pipelines/pull_request/post_build.yml'));

// remove duplicated steps
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ echo "--- Serverless Security Second Quality Gate"
cd x-pack/test/security_solution_api_integration
set +e

QA_API_KEY=$(vault_get security-solution-qg-enc-key qa_api_key)
QA_API_KEY=$(vault_get security-solution-quality-gate qa_api_key)

# Generate a random 5-digit number
random_number=$((10000 + $RANDOM % 90000))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,12 @@ export JOB=kibana-security-solution-chrome
buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true"

mkdir .ftr
retry 5 5 vault kv get -format=json -field=data secret/kibana-issues/dev/security-quality-gate/role-users > .ftr/role_users.json
vault_get security-quality-gate/role-users data -format=json > .ftr/role_users.json

cd x-pack/test/security_solution_cypress
set +e

QA_API_KEY=$(vault_get security-solution-qg-enc-key qa_api_key)
QA_API_KEY=$(vault_get security-solution-quality-gate qa_api_key)
BK_ANALYTICS_API_KEY=$(vault_get security-solution-quality-gate serverless-sec-sol-cypress-bk-api-key)

CLOUD_QA_API_KEY=$QA_API_KEY yarn $1; status=$?; yarn junit:merge || :; exit $status
BK_ANALYTICS_API_KEY=$BK_ANALYTICS_API_KEY CLOUD_QA_API_KEY=$QA_API_KEY yarn $1; status=$?; yarn junit:merge || :; exit $status
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,15 @@ import { readFileSync } from 'fs';
import { exec } from '../shared';
import { BuildkiteClient, getKibanaDir } from '#pipeline-utils';

type VersionChanges = Record<string, { from: number; to: number; emoji: string }>;

export function compareSOSnapshots(
previousSha: string,
selectedSha: string
): null | {
hasChanges: boolean;
changed: string[];
versionChanges: VersionChanges;
command: string;
} {
assertValidSha(previousSha);
Expand All @@ -33,9 +36,15 @@ export function compareSOSnapshots(
const buildkite = new BuildkiteClient({ exec });
buildkite.uploadArtifacts(outputPath);

const versionChanges = Object.keys(soComparisonResult.changes).reduce((changes, pluginId) => {
changes[pluginId] = soComparisonResult.changes[pluginId].versionChange;
return changes;
}, {} as VersionChanges);

return {
hasChanges: soComparisonResult.hasChanges,
changed: soComparisonResult.changed,
versionChanges,
command,
};
} catch (ex) {
Expand All @@ -47,14 +56,24 @@ export function compareSOSnapshots(
export function makeSOComparisonBlockHtml(comparisonResult: {
hasChanges: boolean;
changed: string[];
versionChanges: VersionChanges;
command: string;
}): string {
if (comparisonResult.hasChanges) {
const { versionChanges, changed, command } = comparisonResult;
return `<div>
<h4>Plugin Saved Object migration changes: *yes, ${comparisonResult.changed.length} plugin(s)*</h4>
<div>Changed plugins: <strong>${comparisonResult.changed.join(', ')}</strong></div>
<h4>Plugin Saved Object migration changes: *yes, ${changed.length} plugin(s)*</h4>
<div>Changed plugins:</div>
<div>
<ul>
${Object.keys(versionChanges).map((key) => {
const { from, to, emoji } = versionChanges[key];
return `<li>${emoji} ${key}: ${from} => ${to}</li>`;
})}
</ul>
</div>
<i>Find detailed info in the archived artifacts, or run the command yourself: </i>
<div><pre>${comparisonResult.command}</pre></div>
<div><pre>${command}</pre></div>
</div>`;
} else {
return `<div>
Expand Down
4 changes: 3 additions & 1 deletion .buildkite/scripts/steps/functional/defend_workflows.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,6 @@ echo "--- Defend Workflows Cypress tests"
cd x-pack/plugins/security_solution

set +e
yarn cypress:dw:run; status=$?; yarn junit:merge || :; exit $status
BK_ANALYTICS_API_KEY=$(vault_get security-solution-ci defend-workflows-bk-api-key)

BK_ANALYTICS_API_KEY=$BK_ANALYTICS_API_KEY yarn cypress:dw:run; status=$?; yarn junit:merge || :; exit $status
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,6 @@ echo "--- Defend Workflows Cypress tests on Serverless"
cd x-pack/plugins/security_solution

set +e
yarn cypress:dw:serverless:run; status=$?; yarn junit:merge || :; exit $status
BK_ANALYTICS_API_KEY=$(vault_get security-solution-ci defend-workflows-bk-api-key)

BK_ANALYTICS_API_KEY=$BK_ANALYTICS_API_KEY yarn cypress:dw:serverless:run; status=$?; yarn junit:merge || :; exit $status
Loading

0 comments on commit f37ad20

Please sign in to comment.