Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Update e2e tests to work with detection rules installed from a Fleet package #142311

Merged
merged 2 commits into from
Oct 10, 2022
Merged

[Security Solution] Update e2e tests to work with detection rules installed from a Fleet package #142311

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c40a789
Tesk Kibana with prebuilt rules from a remote repository
xcrzx Sep 30, 2022
644fffe
[CI] Auto-commit changed files from 'node scripts/precommit_hook.js -…
kibanamachine Oct 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions x-pack/plugins/security_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,13 +94,13 @@ import {
getNewThreatIndicatorRule,
getNewRule,
getNewThresholdRule,
totalNumberOfPrebuiltRules,
getMachineLearningRule,
getNewTermsRule,
} from '../../objects/rule';
import { getIndicatorMatchTimelineTemplate } from '../../objects/timeline';

import { esArchiverResetKibana } from '../../tasks/es_archiver';
import { getAvailablePrebuiltRulesCount } from '../../tasks/api_calls/prebuilt_rules';

const RULE_NAME = 'Custom rule for bulk actions';

Expand Down Expand Up @@ -189,7 +189,9 @@ describe('Detection rules, bulk edit', () => {
clickAddTagsMenuItem();
waitForMixedRulesBulkEditModal(expectedNumberOfCustomRulesToBeEdited);

checkPrebuiltRulesCannotBeModified(totalNumberOfPrebuiltRules);
getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => {
checkPrebuiltRulesCannotBeModified(availablePrebuiltRulesCount);
});

// user can proceed with custom rule editing
cy.get(MODAL_CONFIRMATION_BTN)
Expand All @@ -210,7 +212,9 @@ describe('Detection rules, bulk edit', () => {
clickAddTagsMenuItem();
waitForMixedRulesBulkEditModal(expectedNumberOfCustomRulesToBeEdited);

checkPrebuiltRulesCannotBeModified(totalNumberOfPrebuiltRules);
getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => {
checkPrebuiltRulesCannotBeModified(availablePrebuiltRulesCount);
});

// user cancels action and modal disappears
cancelConfirmationModal();
Expand Down
24 changes: 15 additions & 9 deletions x-pack/plugins/security_solution/cypress/e2e/detection_rules/export_rule.cy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

import { expectedExportedRule, getNewRule, totalNumberOfPrebuiltRules } from '../../objects/rule';
import { expectedExportedRule, getNewRule } from '../../objects/rule';

import {
TOASTER_BODY,
Expand All @@ -28,6 +28,7 @@ import { cleanKibana, deleteAlertsAndRules } from '../../tasks/common';
import { login, visitWithoutDateRange } from '../../tasks/login';

import { DETECTIONS_RULE_MANAGEMENT_URL } from '../../urls/navigation';
import { getAvailablePrebuiltRulesCount } from '../../tasks/api_calls/prebuilt_rules';

const exceptionList = getExceptionList();

Expand Down Expand Up @@ -69,26 +70,31 @@ describe('Export rules', () => {

it('exports only custom rules', function () {
const expectedNumberCustomRulesToBeExported = 1;
const totalNumberOfRules = expectedNumberCustomRulesToBeExported + totalNumberOfPrebuiltRules;

loadPrebuiltDetectionRulesFromHeaderBtn();

selectAllRules();
bulkExportRules();

cy.get(MODAL_CONFIRMATION_BODY).contains(
`${totalNumberOfPrebuiltRules} prebuilt Elastic rules (exporting prebuilt rules is not supported)`
);
getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => {
cy.get(MODAL_CONFIRMATION_BODY).contains(
`${availablePrebuiltRulesCount} prebuilt Elastic rules (exporting prebuilt rules is not supported)`
);
});

// proceed with exporting only custom rules
cy.get(MODAL_CONFIRMATION_BTN)
.should('have.text', `Export ${expectedNumberCustomRulesToBeExported} custom rule`)
.click();

cy.get(TOASTER_BODY).should(
'contain',
`Successfully exported ${expectedNumberCustomRulesToBeExported} of ${totalNumberOfRules} rules. Prebuilt rules were excluded from the resulting file.`
);
getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => {
const totalNumberOfRules =
expectedNumberCustomRulesToBeExported + availablePrebuiltRulesCount;
cy.get(TOASTER_BODY).should(
'contain',
`Successfully exported ${expectedNumberCustomRulesToBeExported} of ${totalNumberOfRules} rules. Prebuilt rules were excluded from the resulting file.`
);
});
});

context('rules with exceptions', () => {
Expand Down
161 changes: 74 additions & 87 deletions x-pack/plugins/security_solution/cypress/e2e/detection_rules/prebuilt_rules.cy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,72 +5,60 @@
* 2.0.
*/

import { DETECTION_ENGINE_RULES_URL_FIND } from '../../../common/constants';
import { rawRules } from '../../../server/lib/detection_engine/rules/prepackaged_rules';
import {
COLLAPSED_ACTION_BTN,
ELASTIC_RULES_BTN,
pageSelector,
RELOAD_PREBUILT_RULES_BTN,
RULES_EMPTY_PROMPT,
RULE_SWITCH,
RULES_MONITORING_TABLE,
RULES_ROW,
RULES_TABLE,
RULE_SWITCH,
SELECT_ALL_RULES_ON_PAGE_CHECKBOX,
RULE_NAME,
} from '../../screens/alerts_detection_rules';
import {
confirmRulesDelete,
deleteFirstRule,
deleteSelectedRules,
disableSelectedRules,
enableSelectedRules,
loadPrebuiltDetectionRules,
reloadDeletedRules,
selectAllRules,
selectNumberOfRules,
waitForPrebuiltDetectionRulesToBeLoaded,
selectAllRules,
confirmRulesDelete,
enableSelectedRules,
waitForRuleToChangeStatus,
disableSelectedRules,
changeRowsPerPageTo,
waitForRuleToUpdate,
} from '../../tasks/alerts_detection_rules';
import { getAvailablePrebuiltRulesCount } from '../../tasks/api_calls/prebuilt_rules';
import { cleanKibana, deleteAlertsAndRules } from '../../tasks/common';
import { login, visitWithoutDateRange } from '../../tasks/login';

import { DETECTIONS_RULE_MANAGEMENT_URL } from '../../urls/navigation';

import { totalNumberOfPrebuiltRules } from '../../objects/rule';
import { cleanKibana } from '../../tasks/common';

describe('Prebuilt rules', () => {
before(() => {
cleanKibana();
login();
});

beforeEach(() => {
deleteAlertsAndRules();
visitWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
loadPrebuiltDetectionRules();
waitForPrebuiltDetectionRulesToBeLoaded();
});
Comment on lines +43 to +48
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍


describe('Alerts rules, prebuilt rules', () => {
it('Loads prebuilt rules', () => {
const rowsPerPage = 100;
const expectedNumberOfRules = totalNumberOfPrebuiltRules;
const expectedNumberOfPages = Math.ceil(totalNumberOfPrebuiltRules / rowsPerPage);
const expectedElasticRulesBtnText = `Elastic rules (${expectedNumberOfRules})`;

visitWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
loadPrebuiltDetectionRules();
waitForPrebuiltDetectionRulesToBeLoaded();

cy.get(ELASTIC_RULES_BTN).should('have.text', expectedElasticRulesBtnText);

changeRowsPerPageTo(rowsPerPage);

cy.request({ url: DETECTION_ENGINE_RULES_URL_FIND }).then(({ body }) => {
// Assert the total number of loaded rules equals the expected number of in-memory rules
expect(body.total).to.equal(rawRules.length);
// Assert the table was refreshed with the rules returned by the API request
const ruleNames = rawRules.map((rule) => rule.name);
cy.get(RULE_NAME).each(($item) => {
expect($item.text()).to.be.oneOf(ruleNames);
});
});
// Check that the rules table contains rules
cy.get(RULES_TABLE).find(RULES_ROW).should('have.length.gte', 1);

cy.get(pageSelector(expectedNumberOfPages)).should('exist');
// Check the correct count of prebuilt rules is displayed
getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => {
cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${availablePrebuiltRulesCount})`
);
});
});

context('Rule monitoring table', () => {
Expand All @@ -79,31 +67,27 @@ describe('Prebuilt rules', () => {

cy.get(SELECT_ALL_RULES_ON_PAGE_CHECKBOX).click();
enableSelectedRules();
waitForRuleToChangeStatus();
waitForRuleToUpdate();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Offtopic, but... I'm curious how this test called Allows to enable/disable all rules at once ended up being a part of the Rule monitoring table set which is in turn a part of the test suite for prebuilt rules. How all that is related?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤷‍♂️ I don't think there's a good reason for that. This code is probably overdue for refactoring.

cy.get(RULE_SWITCH).should('have.attr', 'aria-checked', 'true');

selectAllRules();
disableSelectedRules();
waitForRuleToChangeStatus();
waitForRuleToUpdate();
cy.get(RULE_SWITCH).should('have.attr', 'aria-checked', 'false');
});
});
});

describe('Actions with prebuilt rules', () => {
before(() => {
visitWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
});

context('Rules table', () => {
it('Allows to enable/disable all rules at once', () => {
selectAllRules();
enableSelectedRules();
waitForRuleToChangeStatus();
waitForRuleToUpdate();
cy.get(RULE_SWITCH).should('have.attr', 'aria-checked', 'true');

disableSelectedRules();
waitForRuleToChangeStatus();
waitForRuleToUpdate();
cy.get(RULE_SWITCH).should('have.attr', 'aria-checked', 'false');
});

Expand All @@ -117,55 +101,58 @@ describe('Prebuilt rules', () => {
});

it('Deletes and recovers one rule', () => {
const expectedNumberOfRulesAfterDeletion = totalNumberOfPrebuiltRules - 1;
const expectedNumberOfRulesAfterRecovering = totalNumberOfPrebuiltRules;
getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => {
const expectedNumberOfRulesAfterDeletion = availablePrebuiltRulesCount - 1;
const expectedNumberOfRulesAfterRecovering = availablePrebuiltRulesCount;

visitWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
deleteFirstRule();
deleteFirstRule();

cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${expectedNumberOfRulesAfterDeletion})`
);
cy.get(RELOAD_PREBUILT_RULES_BTN).should('exist');
cy.get(RELOAD_PREBUILT_RULES_BTN).should('have.text', 'Install 1 Elastic prebuilt rule ');
cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${expectedNumberOfRulesAfterDeletion})`
);
cy.get(RELOAD_PREBUILT_RULES_BTN).should('exist');
cy.get(RELOAD_PREBUILT_RULES_BTN).should('have.text', 'Install 1 Elastic prebuilt rule ');

reloadDeletedRules();
reloadDeletedRules();

cy.get(RELOAD_PREBUILT_RULES_BTN).should('not.exist');
cy.get(RELOAD_PREBUILT_RULES_BTN).should('not.exist');

cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${expectedNumberOfRulesAfterRecovering})`
);
cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${expectedNumberOfRulesAfterRecovering})`
);
});
});

it('Deletes and recovers more than one rule', () => {
const numberOfRulesToBeSelected = 2;
const expectedNumberOfRulesAfterDeletion = totalNumberOfPrebuiltRules - 2;
const expectedNumberOfRulesAfterRecovering = totalNumberOfPrebuiltRules;

selectNumberOfRules(numberOfRulesToBeSelected);
deleteSelectedRules();

cy.get(RELOAD_PREBUILT_RULES_BTN).should('exist');
cy.get(RELOAD_PREBUILT_RULES_BTN).should(
'have.text',
`Install ${numberOfRulesToBeSelected} Elastic prebuilt rules `
);
cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${expectedNumberOfRulesAfterDeletion})`
);

reloadDeletedRules();

cy.get(RELOAD_PREBUILT_RULES_BTN).should('not.exist');

cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${expectedNumberOfRulesAfterRecovering})`
);
getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => {
const numberOfRulesToBeSelected = 2;
const expectedNumberOfRulesAfterDeletion = availablePrebuiltRulesCount - 2;
const expectedNumberOfRulesAfterRecovering = availablePrebuiltRulesCount;

selectNumberOfRules(numberOfRulesToBeSelected);
deleteSelectedRules();

cy.get(RELOAD_PREBUILT_RULES_BTN).should('exist');
cy.get(RELOAD_PREBUILT_RULES_BTN).should(
'have.text',
`Install ${numberOfRulesToBeSelected} Elastic prebuilt rules `
);
cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${expectedNumberOfRulesAfterDeletion})`
);

reloadDeletedRules();

cy.get(RELOAD_PREBUILT_RULES_BTN).should('not.exist');

cy.get(ELASTIC_RULES_BTN).should(
'have.text',
`Elastic rules (${expectedNumberOfRulesAfterRecovering})`
);
});
});

it('Allows to delete all rules at once', () => {
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/security_solution/cypress/e2e/detection_rules/related_integrations.cy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ import {
goToTheRuleDetailsOf,
openIntegrationsPopover,
waitForRulesTableToShow,
waitForRuleToChangeStatus,
waitForRuleToUpdate,
} from '../../tasks/alerts_detection_rules';

/*
Expand Down Expand Up @@ -184,7 +184,7 @@ describe('Related integrations', () => {
'{"package":"system","version":"1.17.0"}{"package":"aws","integration":"cloudtrail","version":"1.17.0"}{"package":"aws","integration":"cloudfront","version":"1.17.0"}{"package":"aws","integration":"unknown","version":"1.17.0"}';

enableRule(firstRule);
waitForRuleToChangeStatus();
waitForRuleToUpdate();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

goToTheRuleDetailsOf(rule.name);
waitForAlertsToPopulate();
expandFirstAlert();
Expand Down
Loading