[Security Solution][Detections] fixes tests related to prebuilt rules update #138625
Conversation
vitaliidm
added
Team:Detections and Resp
vitaliidm
requested review from
a team and
banderror
and removed request for
a team
vitaliidm
added
the
backport:prev-minor
💚 Build Succeeded
Metrics [docs]
To update your PR or re-run it, just comment with: cc @vitaliidm |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
| @@ -120,10 +120,27 @@ export default ({ getService }: FtrProviderContext) => { | |||
| rule_id: immutableRule.rule_id, // Rule id should match the same as the immutable rule | |||
| version: immutableRule.version, // This version number should not change when an immutable rule is updated | |||
| immutable: true, // It should stay immutable true when returning | |||
| required_fields: immutableRule.required_fields, // required_fields cannot be modified, so newRuleToUpdate will have required_fields from immutable rule | |||
There was a problem hiding this comment.
Why required_fields are special so that we need to check them explicitly? What about other rule fields like related_integrations, index, etc? It feels like this expected object should be built based on immutableRule. Something like this:
const expected = {
...immutableRule,
immutable: true,
actions: ...
// and other properties that we expect to be changedThere was a problem hiding this comment.
It feels like this expected object should be built based on immutableRule
Agree on that. Here is a quick explanation why it's done like this
Scenarios written in this file are using immutable rule, fetching it by hardcoded ruleId.
const immutableRule = await getRule(supertest, log, '9a1a2dae-0b5f-4c3d-8305-a268d404c306');
const hookAction = await createNewAction(supertest, log);
Then rule mock data is created from getSimpleRule, that uses immutable rule id,
Existing immutable rule is getting updated with that mock, and then assertions are made against it.
const newRuleToUpdate = getSimpleRule(immutableRule.rule_id);
const ruleToUpdate = getRuleWithWebHookAction(hookAction.id, false, newRuleToUpdate);
const updatedRule = await updateRule(supertest, log, ruleToUpdate);
const bodyToCompare = removeServerGeneratedProperties(updatedRule);
I'm not sure, what is rationale for doing this. But I didn't want for a fix that unblocks another PR, start refactoring tests there, given BC4 soon.
We may look further, after release, as current implementation is not obvious for me, at least.
If you prefer I can look to refactor it now, but I'm not sure if no side effects will be discovered
There was a problem hiding this comment.
@vitaliidm We should definitely unblock #138574 as soon as we can, so yea, let's merge this PR as is.
However, I think we should fix this test and make it more robust so it doesn't fail in the future for similar reasons. The fix could be safely backported to the 8.4 branch because it's a test 🙂 We don't have to wait for the release to happen, the test can be reworked in a follow-up PR right away.
There was a problem hiding this comment.
thanks @banderror
Here is a ticket to track it: #138757
I think it would make to schedule it in the next release, so next prebuilt update won't cause similar failures
There was a problem hiding this comment.
@vitaliidm Thank you for taking over this PR with rule updates (#138574) 🙏 My suggestion is to merge this PR as is and rework the test in a follow-up one.
| @@ -120,10 +120,27 @@ export default ({ getService }: FtrProviderContext) => { | |||
| rule_id: immutableRule.rule_id, // Rule id should match the same as the immutable rule | |||
| version: immutableRule.version, // This version number should not change when an immutable rule is updated | |||
| immutable: true, // It should stay immutable true when returning | |||
| required_fields: immutableRule.required_fields, // required_fields cannot be modified, so newRuleToUpdate will have required_fields from immutable rule | |||
There was a problem hiding this comment.
@vitaliidm We should definitely unblock #138574 as soon as we can, so yea, let's merge this PR as is.
However, I think we should fix this test and make it more robust so it doesn't fail in the future for similar reasons. The fix could be safely backported to the 8.4 branch because it's a test 🙂 We don't have to wait for the release to happen, the test can be reworked in a follow-up PR right away.
vitaliidm
deleted the
detections/fix-tests-related-prebuilt-rules-update
branch
… update (elastic#138625) ## Summary fixes tests related to prebuilt rules update tests failures(elastic#138574 (comment)): - removed hardcoded rule version value - required_fields are not tested agains empty array, but agains actual immutable rule value (cherry picked from commit 800cc72)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
… update (elastic#138625) (elastic#138754) ## Summary fixes tests related to prebuilt rules update tests failures(elastic#138574 (comment)): - removed hardcoded rule version value - required_fields are not tested agains empty array, but agains actual immutable rule value (cherry picked from commit 800cc72) Co-authored-by: Vitalii Dmyterko <[email protected]>
… update (elastic#138625) ## Summary fixes tests related to prebuilt rules update tests failures(elastic#138574 (comment)): - removed hardcoded rule version value - required_fields are not tested agains empty array, but agains actual immutable rule value
Summary
fixes tests related to prebuilt rules update tests failures(#138574 (comment)):