Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Case] Fix patch cases integration test with alerts #88311

Merged
merged 2 commits into from
Jan 18, 2021

Conversation

cnasikas
Copy link
Member

@cnasikas cnasikas commented Jan 14, 2021

Summary

I unskiped the tests and performed a stress test. Results: Executions: 42, Failures: 3.

This showed that a change in the status of an alert takes time to be populated across all ES nodes.

When there is a status change on a case and the sync alerts option is on, then all alerts attach to a case must change their status to match the case's status. This is done as:

await this.esClient!.asScoped(request).asCurrentUser.updateByQuery({
      index,
      conflicts: 'abort',
      body: {
        script: {
          source: `ctx._source.signal.status = '${status}'`,
          lang: 'painless',
        },
        query: { ids: { values: ids } },
      },
      ignore_unavailable: true,
    });

Because we do not set the refresh option, for example refresh: 'true', the request is fulfilled but changes made by this request will be made visible at some point after the request returns.

Because setting the refresh to true could lead to a poor performance we decided to skip the tests and find a better solution to tackle the problem.

I performing another stress test with those tests skipped. Results: Executions: 42, Failures: 0

Fixes: #87988
Fixes: #88130

Reference: #88432

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@cnasikas cnasikas changed the title [Security Solution][Case][skip-ci] Fix patch cases integration test with alerts [Security Solution][Case] Fix patch cases integration test with alerts Jan 15, 2021
@cnasikas cnasikas added v7.11.0 v7.12.0 v8.0.0 bug Fixes for quality problems that affect the customer experience release_note:skip Skip the PR/issue when compiling release notes labels Jan 15, 2021
@cnasikas cnasikas self-assigned this Jan 15, 2021
@cnasikas cnasikas added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team labels Jan 15, 2021
@cnasikas cnasikas marked this pull request as ready for review January 15, 2021 08:41
Copy link
Contributor

@spalger spalger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cnasikas
Copy link
Member Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@cnasikas cnasikas merged commit f7fdda5 into elastic:master Jan 18, 2021
@cnasikas cnasikas deleted the fix_failing_test branch January 18, 2021 07:59
cnasikas added a commit to cnasikas/kibana that referenced this pull request Jan 18, 2021
cnasikas added a commit to cnasikas/kibana that referenced this pull request Jan 18, 2021
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jan 18, 2021
* master: (33 commits)
  [Security Solution][Case] Fix patch cases integration test with alerts (elastic#88311)
  [Security Solutions][Detection Engine] Removes duplicate API calls (elastic#88420)
  Fix log msg (elastic#88370)
  [Test] Add tag cloud visualization to dashboard in functional test for reporting (elastic#87600)
  removing kibana-core-ui from codeowners (elastic#88111)
  [Alerting] Migrate Event Log plugin to TS project references (elastic#81557)
  [Maps] fix zooming while drawing shape filter logs errors in console (elastic#88413)
  Porting fixes 1 (elastic#88477)
  [APM] Explicitly set environment for cross-service links (elastic#87481)
  chore(NA): remove mocha junit ci integrations (elastic#88129)
  [APM] Only display relevant sections for rum agent in service overview (elastic#88410)
  [Enterprise Search] Automatically mock shared logic files (elastic#88494)
  [APM] Disable Create custom link button on Transaction details page for read-only users
  [Docs] clean-up vega map reference documenation (elastic#88487)
  [Security Solution] Fix Timeline event details layout (elastic#88377)
  Change DELETE to POST for _bulk_delete to avoid incompatibility issues (elastic#87914)
  [Monitoring] Change cloud messaging on no data page (elastic#88375)
  [Uptime] clear ping state when PingList component in unmounted (elastic#88321)
  [APM] Consistent terminology for latency and throughput (elastic#88452)
  fix copy (elastic#88481)
  ...
cnasikas added a commit that referenced this pull request Jan 19, 2021
…h alerts (#88311) (#88573)

Co-authored-by: Kibana Machine <[email protected]>

Co-authored-by: Kibana Machine <[email protected]>
cnasikas added a commit that referenced this pull request Jan 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v7.11.0 v7.12.0 v8.0.0
Projects
None yet
3 participants