[Security Solution] Adds basic test for rule data view #136822
Conversation
MadameSheema
added
release_note:skip
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
...ns/security_solution/cypress/integration/detection_rules/custom_query_rule_data_view.spec.ts
Show resolved
Hide resolved
…na into cypress/data-view-rule
|
Thanks for the review @banderror!! The PR is ready to be reviewed again 😊 |
...ns/security_solution/cypress/integration/detection_rules/custom_query_rule_data_view.spec.ts
Outdated
Show resolved
Hide resolved
...ns/security_solution/cypress/integration/detection_rules/custom_query_rule_data_view.spec.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
Outdated
Show resolved
Hide resolved
| @@ -41,7 +45,7 @@ export const createCustomRule = (rule: CustomRule, ruleId = 'rule_testing', inte | |||
| severity: rule.severity.toLocaleLowerCase(), | |||
| type: 'query', | |||
| from: 'now-50000h', | |||
| index: rule.index, | |||
| index: rule.dataSource.type === 'indexPatterns' ? rule.dataSource.index : '', | |||
There was a problem hiding this comment.
Hmm, why default value for the index is an empty string and why don't we support posting a dataView if it's in the test data?
index: rule.dataSource.type === 'indexPatterns' ? rule.dataSource.index : undefined,
dataView: rule.dataSource.type === 'dataView' ? rule.dataSource.dataView : undefined,There was a problem hiding this comment.
I would follow up this in a different/follow up PR, adding the capability of creating also a rule with data view at first glance is more complex, since first, we need to get the data view id.
| headers: { 'kbn-xsrf': 'cypress-creds' }, | ||
| }); | ||
| export const createEventCorrelationRule = (rule: CustomRule, ruleId = 'rule_testing') => { | ||
| if (rule.dataSource.type === 'indexPatterns') { |
There was a problem hiding this comment.
Instead of having this condition, let's support both index patterns and data views here as in createCustomRule.
There was a problem hiding this comment.
I would prefer to do this on a different PR, since it could be a bit complex and at least we will have a test for data views already in main.
There was a problem hiding this comment.
That sounds good to me, thanks @MadameSheema 👍
| failOnStatusCode: false, | ||
| }); | ||
| export const createCustomIndicatorRule = (rule: ThreatIndicatorRule, ruleId = 'rule_testing') => { | ||
| if (rule.dataSource.type === 'indexPatterns') { |
There was a problem hiding this comment.
Instead of having this condition, let's support both index patterns and data views here as in createCustomRule.
| failOnStatusCode: false, | ||
| }); | ||
| ) => { | ||
| if (rule.dataSource.type === 'indexPatterns') { |
There was a problem hiding this comment.
Instead of having this condition, let's support both index patterns and data views here as in createCustomRule.
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Thank you for addressing my annoying comments @MadameSheema ❤️
🚀
| cy.request({ | ||
| method: 'POST', | ||
| url: `/api/index_patterns/index_pattern`, | ||
| body: { | ||
| index_pattern: { | ||
| fieldAttrs: '{}', | ||
| title: indexPattern, | ||
| title: dataSource, |
There was a problem hiding this comment.
Nit: dataViewTitle or just leave it as it was before - indexPattern?
|
@banderror your comments were not annoying! Lots of thanks for helping to deliver the best solution :) |
Summary
In this PR we are adding a basic rule data view test in order to use it as a template/inspiration to extend the current coverage.
The test and the code are similar to the current one for creating another type of rule. These are the modifications introduced:
To the
CustomRulestructure we have addeddataViewas optional and we've madeindexoptional instead of mandatory, since a rule might have one thing or the other. Also, some adjustments to the current code have been done in order to deal with this new structure.On the method that fills the define step when creating a new rule, we check if the rule we are passing has a dataview, if so, we click on the data view selector and we fill that value. If not, we proceed as usual since our tests does not fill the index patterns input and uses the default ones.
On the test that creates a rule using a data view, we don't call
cleanKibanamethod on the before hook, instead we callesArchiverReseKibanaon the before each one. This is because we are creating a data view we'll use after andcleanKibanadoes not delete all the data views created,esArchiverReseKibanadoes. We don't useesArchiverReseKibanain all the tests because is a time-consuming method and we don't need to perform an exhaustive cleaning in all the other tests.The test is the same as the other
Custom query ruletest but: we are creating a rule with a data view and we check that the data view displayed on the rule details is the expected instead of checking for the index patterns.