Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] [Sourcerer] KIP Feature Branch Kickoff, remove config index patterns #106460

Closed
wants to merge 28 commits into from
Closed

[Security Solution] [Sourcerer] KIP Feature Branch Kickoff, remove config index patterns #106460

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
4deabab
initialize default KIP
stephmilovic Jul 19, 2021
8c452c2
rm configIndexPatterns
stephmilovic Jul 19, 2021
fde9056
no more config patterns
stephmilovic Jul 20, 2021
919a310
fix sourcerer jest
stephmilovic Jul 21, 2021
3b6cf6a
another test fix
stephmilovic Jul 21, 2021
957bb97
Merge branch 'master' into sourcerer_kip
stephmilovic Jul 21, 2021
8458b6f
more test fixes
stephmilovic Jul 21, 2021
c3df135
rm some comments
stephmilovic Jul 21, 2021
0342da6
Merge branch 'master' into sourcerer_kip
stephmilovic Jul 21, 2021
af76d50
Merge branch 'master' into sourcerer_kip
stephmilovic Jul 22, 2021
a386a11
why
stephmilovic Jul 22, 2021
d10ec88
fix cy
stephmilovic Jul 23, 2021
33d44f1
Merge branch 'master' into sourcerer_kip
stephmilovic Jul 23, 2021
e79a9b1
merge
stephmilovic Jul 26, 2021
3c13e86
k
stephmilovic Jul 26, 2021
6cc917c
move to server
stephmilovic Jul 27, 2021
343354d
rm cy com
stephmilovic Jul 27, 2021
86bc00d
ui for permissions and fix tests
stephmilovic Jul 27, 2021
255bc1f
pass as arg
stephmilovic Jul 27, 2021
434f9bb
fix mistakes
stephmilovic Jul 27, 2021
49098d4
fix types
stephmilovic Jul 27, 2021
de97889
merge master
stephmilovic Aug 3, 2021
ffc08eb
fix ml test
stephmilovic Aug 4, 2021
23fba2c
Merge branch 'master' into sourcerer_kip
stephmilovic Aug 4, 2021
11c741d
Merge branch 'master' into sourcerer_kip
kibanamachine Aug 5, 2021
32025be
Merge branch 'sourcerer_kip' of github.com:stephmilovic/kibana into s…
stephmilovic Aug 5, 2021
e986d9d
fix conflicts
stephmilovic Aug 9, 2021
19a1e9a
Merge branch 'master' into sourcerer_kip
kibanamachine Aug 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions x-pack/plugins/security_solution/common/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ export const DEFAULT_DATE_FORMAT_TZ = 'dateFormat:tz';
export const DEFAULT_DARK_MODE = 'theme:darkMode';
export const DEFAULT_INDEX_KEY = 'securitySolution:defaultIndex';
export const DEFAULT_NUMBER_FORMAT = 'format:number:defaultPattern';
export const DEFAULT_INDEX_PATTERN_ID = 'security-solution';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious, is there some standard pattern for these across Kibana? I.e. camel-case, snake-case, etc.. ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, the id is generated and looks like a855f700-f5f9-11eb-8763-01917c58cbf9 so i followed that. i think - is standard for URL which is where these are stored

export const DEFAULT_TIME_FIELD = '@timestamp';
export const DEFAULT_TIME_RANGE = 'timepicker:timeDefaults';
export const DEFAULT_REFRESH_RATE_INTERVAL = 'timepicker:refreshIntervalDefaults';
export const DEFAULT_APP_TIME_RANGE = 'securitySolution:timeDefaults';
Expand Down Expand Up @@ -236,6 +238,7 @@ export const TIMELINE_PREPACKAGED_URL = `${TIMELINE_URL}/_prepackaged`;

export const NOTE_URL = '/api/note';
export const PINNED_EVENT_URL = '/api/pinned_event';
export const SOURCERER_API_URL = '/api/sourcerer';

/**
* Default signals index key for kibana.dev.yml
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/cypress/cypress.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,10 @@
"video": false,
"videosFolder": "../../../target/kibana-security-solution/cypress/videos",
"viewportHeight": 900,
"viewportWidth": 1440
"viewportWidth": 1440,
"env": {
"protocol": "http",
"hostname": "localhost",
"configport": "5601"
}
}
186 changes: 15 additions & 171 deletions x-pack/plugins/security_solution/cypress/integration/cases/privileges.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,182 +18,26 @@ import {
filterStatusOpen,
} from '../../tasks/create_new_case';
import {
constructUrlWithUser,
getEnvAuth,
loginAndWaitForHostDetailsPage,
loginWithUserAndWaitForPageWithoutDateRange,
logout,
} from '../../tasks/login';
import {
createUsersAndRoles,
deleteUsersAndRoles,
secAll,
secAllUser,
secReadCasesAllUser,
secReadCasesAll,
} from '../../tasks/privileges';

import { CASES_URL } from '../../urls/navigation';

interface User {
username: string;
password: string;
description?: string;
roles: string[];
}

interface UserInfo {
username: string;
full_name: string;
email: string;
}

interface FeaturesPrivileges {
[featureId: string]: string[];
}

interface ElasticsearchIndices {
names: string[];
privileges: string[];
}

interface ElasticSearchPrivilege {
cluster?: string[];
indices?: ElasticsearchIndices[];
}

interface KibanaPrivilege {
spaces: string[];
base?: string[];
feature?: FeaturesPrivileges;
}

interface Role {
name: string;
privileges: {
elasticsearch?: ElasticSearchPrivilege;
kibana?: KibanaPrivilege[];
};
}

const secAll: Role = {
name: 'sec_all_role',
privileges: {
elasticsearch: {
indices: [
{
names: ['*'],
privileges: ['all'],
},
],
},
kibana: [
{
feature: {
siem: ['all'],
actions: ['all'],
actionsSimulators: ['all'],
},
spaces: ['*'],
},
],
},
};

const secAllUser: User = {
username: 'sec_all_user',
password: 'password',
roles: [secAll.name],
};

const secReadCasesAll: Role = {
name: 'sec_read_cases_all_role',
privileges: {
elasticsearch: {
indices: [
{
names: ['*'],
privileges: ['all'],
},
],
},
kibana: [
{
feature: {
siem: ['minimal_read', 'cases_all'],
actions: ['all'],
actionsSimulators: ['all'],
},
spaces: ['*'],
},
],
},
};

const secReadCasesAllUser: User = {
username: 'sec_read_cases_all_user',
password: 'password',
roles: [secReadCasesAll.name],
};

const usersToCreate = [secAllUser, secReadCasesAllUser];
const rolesToCreate = [secAll, secReadCasesAll];

const getUserInfo = (user: User): UserInfo => ({
username: user.username,
full_name: user.username.replace('_', ' '),
email: `${user.username}@elastic.co`,
});

const createUsersAndRoles = (users: User[], roles: Role[]) => {
const envUser = getEnvAuth();
for (const role of roles) {
cy.log(`Creating role: ${JSON.stringify(role)}`);
cy.request({
body: role.privileges,
headers: { 'kbn-xsrf': 'cypress-creds-via-config' },
method: 'PUT',
url: constructUrlWithUser(envUser, `/api/security/role/${role.name}`),
})
.its('status')
.should('eql', 204);
}

for (const user of users) {
const userInfo = getUserInfo(user);
cy.log(`Creating user: ${JSON.stringify(user)}`);
cy.request({
body: {
username: user.username,
password: user.password,
roles: user.roles,
full_name: userInfo.full_name,
email: userInfo.email,
},
headers: { 'kbn-xsrf': 'cypress-creds-via-config' },
method: 'POST',
url: constructUrlWithUser(envUser, `/internal/security/users/${user.username}`),
})
.its('status')
.should('eql', 200);
}
};

const deleteUsersAndRoles = (users: User[], roles: Role[]) => {
const envUser = getEnvAuth();
for (const user of users) {
cy.log(`Deleting user: ${JSON.stringify(user)}`);
cy.request({
headers: { 'kbn-xsrf': 'cypress-creds-via-config' },
method: 'DELETE',
url: constructUrlWithUser(envUser, `/internal/security/users/${user.username}`),
failOnStatusCode: false,
})
.its('status')
.should('oneOf', [204, 404]);
}

for (const role of roles) {
cy.log(`Deleting role: ${JSON.stringify(role)}`);
cy.request({
headers: { 'kbn-xsrf': 'cypress-creds-via-config' },
method: 'DELETE',
url: constructUrlWithUser(envUser, `/api/security/role/${role.name}`),
failOnStatusCode: false,
})
.its('status')
.should('oneOf', [204, 404]);
}
// needed to generate index pattern
const visitSecuritySolution = () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worth moving into a util? If you end up moving it to a util, should probably rename it to something like loadSecuritySolutionIndexPatterns

loginAndWaitForHostDetailsPage();
logout();
};

const testCase: TestCaseWithoutTimeline = {
Expand All @@ -203,11 +47,11 @@ const testCase: TestCaseWithoutTimeline = {
reporter: 'elastic',
owner: 'securitySolution',
};

describe('Cases privileges', () => {
before(() => {
cleanKibana();
createUsersAndRoles(usersToCreate, rolesToCreate);
visitSecuritySolution();
});

after(() => {
Expand Down
39 changes: 30 additions & 9 deletions x-pack/plugins/security_solution/cypress/integration/data_sources/sourcerer.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@
* 2.0.
*/

import { loginAndWaitForPage } from '../../tasks/login';
import {
loginAndWaitForPage,
loginWithUserAndWaitForPageWithoutDateRange,
} from '../../tasks/login';

import { HOSTS_URL } from '../../urls/navigation';
import { waitForAllHostsToBeLoaded } from '../../tasks/hosts/all_hosts';
Expand All @@ -28,20 +31,33 @@ import { openTimelineUsingToggle } from '../../tasks/security_main';
import { populateTimeline } from '../../tasks/timeline';
import { SERVER_SIDE_EVENT_COUNT } from '../../screens/timeline';
import { cleanKibana } from '../../tasks/common';
import { createUsersAndRoles, secReadCasesAll, secReadCasesAllUser } from '../../tasks/privileges';
import { TOASTER } from '../../screens/configure_cases';

const usersToCreate = [secReadCasesAllUser];
const rolesToCreate = [secReadCasesAll];
// Skipped at the moment as this has flake due to click handler issues. This has been raised with team members
// and the code is being re-worked and then these tests will be unskipped
describe.skip('Sourcerer', () => {
before(() => {
describe('Sourcerer', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for cleaning this up!

beforeEach(() => {
cleanKibana();
});

beforeEach(() => {
cy.clearLocalStorage();
loginAndWaitForPage(HOSTS_URL);
describe('permissions', () => {
before(() => {
createUsersAndRoles(usersToCreate, rolesToCreate);
});
it(`role(s) ${secReadCasesAllUser.roles.join()} shows error when user does not have permissions`, () => {
loginWithUserAndWaitForPageWithoutDateRange(HOSTS_URL, secReadCasesAllUser);
cy.get(TOASTER).should('have.text', 'Write role required to generate data');
});
});

describe('Default scope', () => {
describe.skip('Default scope', () => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these were already skipped if thats confusing

beforeEach(() => {
cy.clearLocalStorage();
loginAndWaitForPage(HOSTS_URL);
});

it('has SIEM index patterns selected on initial load', () => {
openSourcerer();
isSourcererSelection(`auditbeat-*`);
Expand Down Expand Up @@ -76,7 +92,12 @@ describe.skip('Sourcerer', () => {
});
});

describe('Timeline scope', () => {
describe.skip('Timeline scope', () => {
beforeEach(() => {
cy.clearLocalStorage();
loginAndWaitForPage(HOSTS_URL);
});

const alertPatterns = ['.siem-signals-default'];
const rawPatterns = ['auditbeat-*'];
const allPatterns = [...alertPatterns, ...rawPatterns];
Expand Down
Loading