Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Defend Workflows][E2E]Endpoint e2e response console #155605

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
64 commits
Select commit Hold shift + click to select a range
2f884d5
avatar aria label
szwarckonrad Apr 4, 2023
704886c
isolate command e2e coverage
szwarckonrad Apr 5, 2023
feab480
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 5, 2023
5db6e07
typings
szwarckonrad Apr 6, 2023
51b63c3
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 6, 2023
4de9906
typings
szwarckonrad Apr 6, 2023
67eb92c
cleanup
szwarckonrad Apr 17, 2023
12874a1
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 17, 2023
fcc702f
use custom document generator
szwarckonrad Apr 17, 2023
25674ff
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 17, 2023
7c9043f
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 18, 2023
c54509b
manualy refresh result list
szwarckonrad Apr 18, 2023
d2fbb5d
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 18, 2023
9415935
remove artifacts after endpoints.cy.ts test
szwarckonrad Apr 18, 2023
ac9e110
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 18, 2023
193968b
backport isolate e2e tests to multipass
szwarckonrad Apr 20, 2023
f84233b
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 20, 2023
b3a7460
cleanup
szwarckonrad Apr 20, 2023
345c733
Merge branch 'endpoint-isolate-e2e-coverage' into endpoint-isolate-e2…
szwarckonrad Apr 20, 2023
b5b6941
tweaks
szwarckonrad Apr 21, 2023
62fa777
Merge branch 'main' into endpoint-isolate-e2e-coverage
szwarckonrad Apr 21, 2023
5157dda
Merge branch 'endpoint-isolate-e2e-coverage' into endpoint-isolate-e2…
szwarckonrad Apr 21, 2023
7c13a7e
cleanup
szwarckonrad Apr 21, 2023
890c52c
test isolate and processes commands
szwarckonrad Apr 21, 2023
678aaa7
Merge branch 'main' into endpoint-e2e-coverage-multipass
szwarckonrad Apr 24, 2023
7aea2b5
Merge branch 'main' into endpoint-isolate-e2e-coverage-multipass
szwarckonrad Apr 24, 2023
2b07574
type returns of helper functions
szwarckonrad Apr 24, 2023
7b8fe2a
Merge branch 'endpoint-isolate-e2e-coverage-multipass' into endpoint-…
szwarckonrad Apr 24, 2023
12b16d2
tweaks
szwarckonrad Apr 24, 2023
aef3b55
Merge branch 'main' into endpoint-e2e-coverage-multipass
szwarckonrad Apr 24, 2023
c6c32bd
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 25, 2023
68f07c9
test
szwarckonrad Apr 25, 2023
7d03f5c
Merge branch 'main' into endpoint-e2e-coverage-multipass
szwarckonrad Apr 25, 2023
d588d6d
fix action
patrykkopycinski Apr 25, 2023
f5ce24d
divide endpoint list checking function
szwarckonrad Apr 25, 2023
9a6c19d
Merge branch 'endpoint-e2e-coverage-multipass' into endpoint-e2e-resp…
szwarckonrad Apr 25, 2023
71a138e
e2e coverage
szwarckonrad Apr 25, 2023
44e0b5c
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 25, 2023
28e459e
Merge branch 'main' into endpoint-e2e-coverage-multipass
szwarckonrad Apr 25, 2023
02d2c1c
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 25, 2023
2a2ed44
Merge branch 'main' into endpoint-e2e-coverage-multipass
szwarckonrad Apr 25, 2023
983e5dc
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 26, 2023
9f74e8f
Merge branch 'main' into endpoint-e2e-coverage-multipass
szwarckonrad Apr 26, 2023
dc61a76
cleanup
szwarckonrad Apr 26, 2023
c0f3f24
naming
szwarckonrad Apr 26, 2023
7f0526f
naming
szwarckonrad Apr 26, 2023
d826943
explicit types
szwarckonrad Apr 26, 2023
bdce83f
Merge branch 'main' into endpoint-e2e-coverage-multipass
szwarckonrad Apr 26, 2023
513c616
Merge branch 'endpoint-e2e-coverage-multipass' into endpoint-e2e-resp…
szwarckonrad Apr 26, 2023
9fef80e
Merge remote-tracking branch 'origin/endpoint-e2e-response-console' i…
szwarckonrad Apr 26, 2023
4090b64
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 27, 2023
6e7e9b5
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 27, 2023
15c4521
explicit types
szwarckonrad Apr 27, 2023
6b4639f
check for spawned endpoint on the endpoint list as there might be dan…
szwarckonrad Apr 27, 2023
4f8b8a1
move response actions out of emulator scope
szwarckonrad Apr 28, 2023
bedfb41
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 28, 2023
03cdf43
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 28, 2023
c8ff5be
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 28, 2023
ede434a
Merge branch 'main' into endpoint-e2e-response-console
patrykkopycinski Apr 29, 2023
8d1d1b3
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 30, 2023
4d5b6aa
Merge branch 'main' into endpoint-e2e-response-console
szwarckonrad Apr 30, 2023
377e23d
Merge branch 'main' into endpoint-e2e-response-console
patrykkopycinski May 1, 2023
e62eaaf
Merge branch 'main' into endpoint-e2e-response-console
patrykkopycinski May 1, 2023
857ee2e
Merge branch 'main' into endpoint-e2e-response-console
patrykkopycinski May 2, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

import { getEndpointListPath } from '../../../common/routing';
import {
checkEndpointListForOnlyIsolatedHosts,
checkEndpointIsIsolated,
checkFlyoutEndpointIsolation,
filterOutIsolatedHosts,
interceptActionRequests,
Expand All @@ -32,14 +32,19 @@ describe('Isolate command', () => {
describe('from Manage', () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;
let isolatedEndpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;

let isolatedEndpointHostnames: [string, string];
let endpointHostnames: [string, string];
before(() => {
indexEndpointHosts({
count: 2,
withResponseActions: false,
isolation: false,
}).then((indexEndpoints) => {
endpointData = indexEndpoints;
endpointHostnames = [
endpointData.data.hosts[0].host.name,
endpointData.data.hosts[1].host.name,
];
});

indexEndpointHosts({
Expand All @@ -48,6 +53,10 @@ describe('Isolate command', () => {
isolation: true,
}).then((indexEndpoints) => {
isolatedEndpointData = indexEndpoints;
isolatedEndpointHostnames = [
isolatedEndpointData.data.hosts[0].host.name,
isolatedEndpointData.data.hosts[1].host.name,
];
});
});

Expand All @@ -67,13 +76,15 @@ describe('Isolate command', () => {
beforeEach(() => {
login();
});
// FLAKY: https://github.com/elastic/security-team/issues/6518
it.skip('should allow filtering endpoint by Isolated status', () => {

it('should allow filtering endpoint by Isolated status', () => {
cy.visit(APP_PATH + getEndpointListPath({ name: 'endpointList' }));
closeAllToasts();
filterOutIsolatedHosts();
cy.contains('Showing 2 endpoints');
checkEndpointListForOnlyIsolatedHosts();
isolatedEndpointHostnames.forEach(checkEndpointIsIsolated);
endpointHostnames.forEach((hostname) => {
cy.contains(hostname).should('not.exist');
});
});
});

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,230 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { ActionDetails } from '../../../../../common/endpoint/types';
import type { ReturnTypeFromChainable } from '../../types';
import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
import {
checkReturnedProcessesTable,
inputConsoleCommand,
openResponseConsoleFromEndpointList,
performCommandInputChecks,
submitCommand,
waitForEndpointListPageToBeLoaded,
} from '../../tasks/response_console';
import {
checkEndpointIsIsolated,
checkEndpointIsNotIsolated,
interceptActionRequests,
sendActionResponse,
} from '../../tasks/isolate';
import { login } from '../../tasks/login';

describe('Response console', () => {
beforeEach(() => {
login();
});

describe('Isolate command', () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;
let endpointHostname: string;
let isolateRequestResponse: ActionDetails;

before(() => {
indexEndpointHosts({ withResponseActions: false, isolation: false }).then(
(indexEndpoints) => {
endpointData = indexEndpoints;
endpointHostname = endpointData.data.hosts[0].host.name;
}
);
});

after(() => {
if (endpointData) {
endpointData.cleanup();
// @ts-expect-error ignore setting to undefined
endpointData = undefined;
}
});

it('should isolate host from response console', () => {
waitForEndpointListPageToBeLoaded(endpointHostname);
checkEndpointIsNotIsolated(endpointHostname);
openResponseConsoleFromEndpointList();
performCommandInputChecks('isolate');
interceptActionRequests((responseBody) => {
isolateRequestResponse = responseBody;
}, 'isolate');

submitCommand();
cy.contains('Action pending.').should('exist');
cy.wait('@isolate').then(() => {
sendActionResponse(isolateRequestResponse);
});
cy.contains('Action completed.', { timeout: 120000 }).should('exist');
waitForEndpointListPageToBeLoaded(endpointHostname);
checkEndpointIsIsolated(endpointHostname);
});
});

describe('Release command', () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;
let endpointHostname: string;
let releaseRequestResponse: ActionDetails;

before(() => {
indexEndpointHosts({ withResponseActions: false, isolation: true }).then((indexEndpoints) => {
endpointData = indexEndpoints;
endpointHostname = endpointData.data.hosts[0].host.name;
});
});

after(() => {
if (endpointData) {
endpointData.cleanup();
// @ts-expect-error ignore setting to undefined
endpointData = undefined;
}
});

it('should release host from response console', () => {
waitForEndpointListPageToBeLoaded(endpointHostname);
checkEndpointIsIsolated(endpointHostname);
openResponseConsoleFromEndpointList();
performCommandInputChecks('release');
interceptActionRequests((responseBody) => {
releaseRequestResponse = responseBody;
}, 'release');
submitCommand();
cy.contains('Action pending.').should('exist');
cy.wait('@release').then(() => {
sendActionResponse(releaseRequestResponse);
});
cy.contains('Action completed.', { timeout: 120000 }).should('exist');
waitForEndpointListPageToBeLoaded(endpointHostname);
checkEndpointIsNotIsolated(endpointHostname);
});
});

describe('Processes command', () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;
let endpointHostname: string;
let processesRequestResponse: ActionDetails;

before(() => {
indexEndpointHosts({ withResponseActions: false, isolation: false }).then(
(indexEndpoints) => {
endpointData = indexEndpoints;
endpointHostname = endpointData.data.hosts[0].host.name;
}
);
});

after(() => {
if (endpointData) {
endpointData.cleanup();
// @ts-expect-error ignore setting to undefined
endpointData = undefined;
}
});

it('should return processes from response console', () => {
waitForEndpointListPageToBeLoaded(endpointHostname);
openResponseConsoleFromEndpointList();
performCommandInputChecks('processes');
interceptActionRequests((responseBody) => {
processesRequestResponse = responseBody;
}, 'processes');
submitCommand();
cy.contains('Action pending.').should('exist');
cy.wait('@processes').then(() => {
sendActionResponse(processesRequestResponse);
});
cy.getByTestSubj('getProcessesSuccessCallout', { timeout: 120000 }).within(() => {
checkReturnedProcessesTable();
});
});
});

describe('Kill process command', () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;
let endpointHostname: string;
let killProcessRequestResponse: ActionDetails;

before(() => {
indexEndpointHosts({ withResponseActions: false, isolation: false }).then(
(indexEndpoints) => {
endpointData = indexEndpoints;
endpointHostname = endpointData.data.hosts[0].host.name;
}
);
});

after(() => {
if (endpointData) {
endpointData.cleanup();
// @ts-expect-error ignore setting to undefined
endpointData = undefined;
}
});

it('should kill process from response console', () => {
waitForEndpointListPageToBeLoaded(endpointHostname);
openResponseConsoleFromEndpointList();
inputConsoleCommand(`kill-process --pid 1`);

interceptActionRequests((responseBody) => {
killProcessRequestResponse = responseBody;
}, 'kill-process');
submitCommand();
cy.contains('Action pending.').should('exist');
cy.wait('@kill-process').then(() => {
sendActionResponse(killProcessRequestResponse);
});
cy.contains('Action completed.', { timeout: 120000 }).should('exist');
});
});

describe('Suspend process command', () => {
let endpointData: ReturnTypeFromChainable<typeof indexEndpointHosts>;
let endpointHostname: string;
let suspendProcessRequestResponse: ActionDetails;

before(() => {
indexEndpointHosts({ withResponseActions: false, isolation: false }).then(
(indexEndpoints) => {
endpointData = indexEndpoints;
endpointHostname = endpointData.data.hosts[0].host.name;
}
);
});

after(() => {
if (endpointData) {
endpointData.cleanup();
// @ts-expect-error ignore setting to undefined
endpointData = undefined;
}
});

it('should suspend process from response console', () => {
waitForEndpointListPageToBeLoaded(endpointHostname);
openResponseConsoleFromEndpointList();
inputConsoleCommand(`suspend-process --pid 1`);

interceptActionRequests((responseBody) => {
suspendProcessRequestResponse = responseBody;
}, 'suspend-process');
submitCommand();
cy.contains('Action pending.').should('exist');
cy.wait('@suspend-process').then(() => {
sendActionResponse(suspendProcessRequestResponse);
});
cy.contains('Action completed.', { timeout: 120000 }).should('exist');
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@
// / <reference types="cypress" />

import type { CasePostRequest } from '@kbn/cases-plugin/common/api';
import { sendEndpointActionResponse } from '../../../../scripts/endpoint/agent_emulator/services/endpoint_response_actions';
import {
sendEndpointActionResponse,
sendFleetActionResponse,
} from '../../../../scripts/endpoint/common/response_actions';
import type { DeleteAllEndpointDataResponse } from '../../../../scripts/endpoint/common/delete_all_endpoint_data';
import { deleteAllEndpointData } from '../../../../scripts/endpoint/common/delete_all_endpoint_data';
import { waitForEndpointToStreamData } from '../../../../scripts/endpoint/common/endpoint_metadata_services';
Expand All @@ -21,11 +24,7 @@ import {
deleteIndexedEndpointPolicyResponse,
indexEndpointPolicyResponse,
} from '../../../../common/endpoint/data_loaders/index_endpoint_policy_response';
import type {
ActionDetails,
HostPolicyResponse,
LogsEndpointActionResponse,
} from '../../../../common/endpoint/types';
import type { ActionDetails, HostPolicyResponse } from '../../../../common/endpoint/types';
import type { IndexEndpointHostsCyTaskOptions } from '../types';
import type {
IndexedEndpointRuleAlerts,
Expand Down Expand Up @@ -162,9 +161,17 @@ export const dataLoaders = (
sendHostActionResponse: async (data: {
action: ActionDetails;
state: { state?: 'success' | 'failure' };
}): Promise<LogsEndpointActionResponse> => {
}): Promise<null> => {
const { esClient } = await stackServicesPromise;
return sendEndpointActionResponse(esClient, data.action, { state: data.state.state });
const fleetResponse = await sendFleetActionResponse(esClient, data.action, {
state: data.state.state,
});

if (!fleetResponse.error) {
await sendEndpointActionResponse(esClient, data.action, { state: data.state.state });
}

return null;
},

deleteAllEndpointData: async ({
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -143,3 +143,18 @@ export const checkEndpointListForOnlyUnIsolatedHosts = (): void =>
checkEndpointListForIsolatedHosts(false);
export const checkEndpointListForOnlyIsolatedHosts = (): void =>
checkEndpointListForIsolatedHosts(true);

export const checkEndpointIsolationStatus = (
endpointHostname: string,
expectIsolated: boolean
): void => {
const chainer = expectIsolated ? 'contain.text' : 'not.contain.text';

cy.contains(endpointHostname).parents('td').siblings('td').eq(0).should(chainer, 'Isolated');
};

export const checkEndpointIsIsolated = (endpointHostname: string): void =>
checkEndpointIsolationStatus(endpointHostname, true);

export const checkEndpointIsNotIsolated = (endpointHostname: string): void =>
checkEndpointIsolationStatus(endpointHostname, false);
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

import { closeAllToasts } from './close_all_toasts';
import { APP_ENDPOINTS_PATH } from '../../../../common/constants';
import Chainable = Cypress.Chainable;

export const waitForEndpointListPageToBeLoaded = (endpointHostname: string): void => {
cy.visit(APP_ENDPOINTS_PATH);
Expand Down Expand Up @@ -56,3 +57,16 @@ export const performCommandInputChecks = (command: string) => {
selectCommandFromHelpMenu(command);
checkInputForCommandPresence(command);
};

export const checkReturnedProcessesTable = (): Chainable<JQuery<HTMLTableRowElement>> => {
['USER', 'PID', 'ENTITY ID', 'COMMAND'].forEach((header) => {
cy.contains(header);
});

return cy
.get('tbody')
.find('tr')
.then((rows) => {
expect(rows.length).to.be.greaterThan(0);
});
};
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,9 @@ import { set } from '@kbn/safer-lodash-set';
import type { Client } from '@elastic/elasticsearch';
import type { ToolingLog } from '@kbn/tooling-log';
import type { KbnClient } from '@kbn/test';
import { sendEndpointActionResponse, sendFleetActionResponse } from '../../common/response_actions';
import { BaseRunningService } from '../../common/base_running_service';
import {
fetchEndpointActionList,
sendEndpointActionResponse,
sendFleetActionResponse,
} from './endpoint_response_actions';
import { fetchEndpointActionList } from './endpoint_response_actions';
import type { ActionDetails } from '../../../../common/endpoint/types';

/**
Expand Down
Loading