Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EDR workflows] Osquery serverless tests #163795

Merged
merged 93 commits into from
Aug 23, 2023
Merged

[EDR workflows] Osquery serverless tests #163795

merged 93 commits into from
Aug 23, 2023

Conversation

tomsonpl
Copy link
Contributor

@tomsonpl tomsonpl commented Aug 14, 2023
edited
Loading

This PR:

  • adds TIER tests for response actions in serverless
  • change the way we login users in osquery cypress tests
  • enable passing role config and built-in roles to login
  • run osquery tests (reuse osquery cypress test suites) in serverless

patrykkopycinski
patrykkopycinski reviewed Aug 16, 2023
View reviewed changes
x-pack/test_serverless/functional/test_suites/security/cypress/package.json Outdated
@@ -7,7 +7,8 @@
"scripts": {
"cypress": "../../../../../../node_modules/.bin/cypress",
"cypress:open": "node ../../../../../plugins/security_solution/scripts/start_cypress_parallel open --config-file ../../../x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts --ftr-config-file ../../../../../../x-pack/test_serverless/functional/test_suites/security/cypress/security_config",
"cypress:run": "node ../../../../../plugins/security_solution/scripts/start_cypress_parallel run --browser chrome --config-file ../../../x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts --ftr-config-file ../../../../../../x-pack/test_serverless/functional/test_suites/security/cypress/security_config --reporter ../../../../../../node_modules/cypress-multi-reporters --reporter-options configFile=./reporter_config.json; status=$?; yarn junit:merge && exit $status",
"cypress:run": "node ../../../../../plugins/security_solution/scripts/start_cypress_parallel run --browser chrome --config-file ../../../x-pack/test_serverless/functional/test_suites/security/cypress/cypress.config.ts --ftr-config-file ../../../../../../x-pack/test_serverless/functional/test_suites/security/cypress/security_config --reporter ../../../../../../node_modules/cypress-multi-reporters --reporter-options configFile=./reporter_config.json --concurrency=1 ; status=$?; yarn junit:merge && exit $status",
"osquery:cypress:open": "node ../../../../../plugins/security_solution/scripts/start_cypress_parallel open --config-file ../../../x-pack/test_serverless/functional/test_suites/security/cypress/cypress_osquery.config.ts --ftr-config-file ../../../../../../x-pack/test_serverless/functional/test_suites/security/cypress/osquery_security_config",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need that here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved to osquery plugin 👍

patrykkopycinski
patrykkopycinski reviewed Aug 16, 2023
View reviewed changes
x-pack/test/osquery_cypress/artifact_manager.ts
@@ -6,5 +6,5 @@
*/

export async function getLatestVersion(): Promise<string> {
return '8.9.0-SNAPSHOT';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙇

@tomsonpl tomsonpl changed the title [EDR workflows] osquery tests (approach 2) [EDR workflows] Osquery serverless tests Aug 16, 2023
patrykkopycinski
patrykkopycinski reviewed Aug 22, 2023
View reviewed changes
x-pack/plugins/osquery/cypress.config.ts Outdated
},
numTestsKeptInMemory: 3,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need that on CI?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added this because of failing tests (chrome renderer). But might be not needed. I'll remove it and test.

x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts Outdated
@@ -72,10 +73,10 @@ describe('Alert Event Details - Cases', () => {
cy.getBySel('expand-event').first().click({ force: true });
cy.getBySel('take-action-dropdown-btn').click();
cy.getBySel('osquery-action-item').click();
// here
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment

x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts
@@ -91,7 +92,8 @@ describe('Alert Event Details - Cases', () => {
});
});

describe('Case', () => {
// verify why calling new action doesnt add to response actions list
describe.skip('Case', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we could use tags instead of skipping it fully?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this tests fails on both envs, I'll have to take a look into why that functionality broke on new flyout.

jbudz
jbudz reviewed Aug 22, 2023
View reviewed changes
.buildkite/scripts/steps/functional/security_serverless_osquery.sh

set -euo pipefail

source .buildkite/scripts/common/util.sh
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can replace this with

Suggested change
source .buildkite/scripts/common/util.sh
source .buildkite/scripts/steps/functional/common.sh

and remove lines 8 and 9. Sorry about the earlier suggestion, I got the abstraction layers mixed up.

jbudz
jbudz approved these changes Aug 22, 2023
View reviewed changes
Copy link
Member

@jbudz jbudz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small comment above, overall LGTM

@kibana-ci
Copy link
Collaborator

kibana-ci commented Aug 23, 2023
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #5 / Agents "before all" hook in "Agents"

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id before after diff
osquery 110 114 +4

Total ESLint disabled count

id before after diff
osquery 111 115 +4

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @tomsonpl

@tomsonpl tomsonpl merged commit 054cdba into elastic:main Aug 23, 2023
@kibanamachine kibanamachine mentioned this pull request Aug 23, 2023
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.10

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Aug 23, 2023
@tomsonpl
[EDR workflows] Osquery serverless tests (elastic#163795)
e347562 
(cherry picked from commit 054cdba)
kibanamachine added a commit that referenced this pull request Aug 23, 2023
@kibanamachine @tomsonpl
[8.10] [EDR workflows] Osquery serverless tests (#163795) (#164545)
79136c2 
# Backport

This will backport the following commits from `main` to `8.10`:
- [[EDR workflows] Osquery serverless tests
(#163795)](#163795)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Tomasz
Ciecierski","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-08-23T09:53:14Z","message":"[EDR
workflows] Osquery serverless tests
(#163795)","sha":"054cdbaf1e030f887953681abaa72dccac633480","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","release_note:skip","Team:Defend
Workflows","Feature:Osquery","v8.10.0","v8.11.0"],"number":163795,"url":"https://github.com/elastic/kibana/pull/163795","mergeCommit":{"message":"[EDR
workflows] Osquery serverless tests
(#163795)","sha":"054cdbaf1e030f887953681abaa72dccac633480"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/163795","number":163795,"mergeCommit":{"message":"[EDR
workflows] Osquery serverless tests
(#163795)","sha":"054cdbaf1e030f887953681abaa72dccac633480"}}]}]
BACKPORT-->

Co-authored-by: Tomasz Ciecierski <[email protected]>
jloleysens added a commit to jloleysens/kibana that referenced this pull request Aug 23, 2023
@jloleysens
Merge branch 'main' into zdt-test-harness
fab26f8 
* main: (150 commits)
  Fixes unnecessary autocompletes on HTTP methods (elastic#163233)
  [Defend Workflows] Convert filterQuery to kql  (elastic#161806)
  [Fleet] copy `inactivity_timeout` when duplicating agent policy (elastic#164544)
  Fix 7.17 forward compatibility with 8.2+ (elastic#164274)
  [ML] Fixes dark mode in flyouts and modals (elastic#164399)
  [Defend Workflows]Changes to policy settings are not persistent until a refresh (elastic#164403)
  [Security Solution][Endpoint] Fixes kibana crash when going back to policy details page (elastic#164329)
  Prepare the Security domain HTTP APIs for Serverless (elastic#162087)
  skip failing test suite (elastic#160986)
  [Security Solution] Fix flaky Event Filters test (elastic#164473)
  [EDR workflows] Osquery serverless tests (elastic#163795)
  [Fleet] Only show agent dashboard links if there is more than one non-server agent and if the dashboards exist (elastic#164469)
  [Chrome UI] Fix background color in serverless (elastic#164419)
  [DOCS] Saved objects - resolve import errors API (elastic#162825)
  Remove 'Create Rule' button from Rule Group page (elastic#164167)
  [Security Solution] expandable flyout - fix infinite loop in correlations (elastic#163450)
  [Remote Clusters] Update copy about port help text (elastic#164442)
  [api-docs] 2023-08-23 Daily api_docs build (elastic#164524)
  [data views] Disable scripted fields in serverless environment (elastic#163228)
  [Reporting] Fix - show diagnostic only when image reporting is enabled (elastic#164336)
  ...
This was referenced Oct 1, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patrykkopycinski patrykkopycinski patrykkopycinski left review comments

@jbudz jbudz jbudz approved these changes

@gergoabraham gergoabraham gergoabraham approved these changes

Assignees

@tomsonpl tomsonpl

Labels
chore Feature:Osquery Security Solution Osquery feature release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.10.0 v8.11.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@tomsonpl @elasticmachine @kibana-ci @kibanamachine @jbudz @patrykkopycinski @gergoabraham