From 998d0811156c22a2aa9659229f1e91a5ef8adf3b Mon Sep 17 00:00:00 2001 From: Subhobrata Dey Date: Fri, 15 Sep 2023 01:19:17 +0000 Subject: [PATCH] fix flaky integration tests (#581) Signed-off-by: Subhobrata Dey --- .github/workflows/ci.yml | 4 +-- .../SecurityAnalyticsPlugin.java | 19 ----------- .../securityanalytics/util/RuleIndices.java | 1 - .../SecurityAnalyticsRestTestCase.java | 33 +++++-------------- .../CorrelationEngineRestApiIT.java | 6 +++- 5 files changed, 15 insertions(+), 48 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6baadddbd..7dfd0c361 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,11 +18,11 @@ jobs: os: [ ubuntu-latest, windows-latest, macos-latest ] include: - os: windows-latest - os_build_args: -x integTest -x jacocoTestReport + os_build_args: -x jacocoTestReport working_directory: X:\ os_java_options: -Xmx4096M - os: macos-latest - os_build_args: -x integTest -x jacocoTestReport + os_build_args: -x jacocoTestReport name: Build and Test security-analytics with JDK ${{ matrix.java }} on ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java index 232b2ea97..2c60321df 100644 --- a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java +++ b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java @@ -292,24 +292,5 @@ public void onFailure(Exception e) { log.warn("Failed to initialize LogType config index and builtin log types"); } }); - // Trigger initialization of prepackaged rules by calling SearchRule API - SearchRequest searchRequest = new SearchRequest(Rule.PRE_PACKAGED_RULES_INDEX); - searchRequest.source(new SearchSourceBuilder().query(QueryBuilders.matchAllQuery()).size(0)); - searchRequest.preference(Preference.PRIMARY_FIRST.type()); - client.execute( - SearchRuleAction.INSTANCE, - new SearchRuleRequest(true, searchRequest), - new ActionListener<>() { - @Override - public void onResponse(SearchResponse searchResponse) { - log.info("Successfully initialized prepackaged rules"); - } - - @Override - public void onFailure(Exception e) { - log.warn("Failed initializing prepackaged rules", e); - } - } - ); } } \ No newline at end of file diff --git a/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java b/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java index c75bcbd70..53c0a516f 100644 --- a/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java +++ b/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java @@ -103,7 +103,6 @@ public void initRuleIndex(ActionListener actionListener, bo if (!ruleIndexExists(isPrepackaged)) { Settings indexSettings = Settings.builder() .put("index.hidden", true) - .put("index.auto_expand_replicas", "0-all") .build(); CreateIndexRequest indexRequest = new CreateIndexRequest(getRuleIndex(isPrepackaged)) .mapping(ruleMappings()) diff --git a/src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java b/src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java index 4757a23b5..2178f06d6 100644 --- a/src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java +++ b/src/test/java/org/opensearch/securityanalytics/SecurityAnalyticsRestTestCase.java @@ -224,7 +224,7 @@ protected List> searchCorrelatedFindings(String findingId, S } @Before - void setDebugLogLevel() throws IOException { + void setDebugLogLevel() throws IOException, InterruptedException { StringEntity se = new StringEntity("{\n" + " \"transient\": {\n" + " \"logger.org.opensearch.securityanalytics\":\"DEBUG\",\n" + @@ -480,30 +480,13 @@ protected Response refreshIndex(String index) throws IOException { @SuppressWarnings("unchecked") protected List getRandomPrePackagedRules() throws IOException { - String request = "{\n" + - " \"from\": 0\n," + - " \"size\": 2000\n," + - " \"query\": {\n" + - " \"nested\": {\n" + - " \"path\": \"rule\",\n" + - " \"query\": {\n" + - " \"bool\": {\n" + - " \"must\": [\n" + - " { \"match\": {\"rule.category\": \"" + TestHelpers.randomDetectorType().toLowerCase(Locale.ROOT) + "\"}}\n" + - " ]\n" + - " }\n" + - " }\n" + - " }\n" + - " }\n" + - "}"; - - Response searchResponse = makeRequest(client(), "POST", String.format(Locale.getDefault(), "%s/_search", SecurityAnalyticsPlugin.RULE_BASE_URI), Collections.singletonMap("pre_packaged", "true"), - new StringEntity(request), new BasicHeader("Content-Type", "application/json")); - Assert.assertEquals("Searching rules failed", RestStatus.OK, restStatus(searchResponse)); - - Map responseBody = asMap(searchResponse); - List> hits = ((List>) ((Map) responseBody.get("hits")).get("hits")); - return hits.stream().map(hit -> hit.get("_id").toString()).collect(Collectors.toList()); + return List.of( + "36a037c4-c228-4866-b6a3-48eb292b9955", + "c6e91a02-d771-4a6d-a700-42587e0b1095", + "5a919691-7302-437f-8e10-1fe088afa145", + "e5a6b256-3e47-40fc-89d2-7a477edd6915", + "06724b9a-52fc-11ed-bdc3-0242ac120002" + ); } protected List createAggregationRules () throws IOException { diff --git a/src/test/java/org/opensearch/securityanalytics/correlation/CorrelationEngineRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/correlation/CorrelationEngineRestApiIT.java index 4b9a9cb3f..e721e1124 100644 --- a/src/test/java/org/opensearch/securityanalytics/correlation/CorrelationEngineRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/correlation/CorrelationEngineRestApiIT.java @@ -92,7 +92,7 @@ public void testBasicCorrelationEngineWorkflow() throws IOException { } @SuppressWarnings("unchecked") - public void testListCorrelationsWorkflow() throws IOException { + public void testListCorrelationsWorkflow() throws IOException, InterruptedException { Long startTime = System.currentTimeMillis(); LogIndices indices = createIndices(); @@ -100,6 +100,7 @@ public void testListCorrelationsWorkflow() throws IOException { String testWindowsMonitorId = createTestWindowsDetector(indices.windowsIndex); createNetworkToAdLdapToWindowsRule(indices); + Thread.sleep(5000); indexDoc(indices.windowsIndex, "2", randomDoc()); Response executeResponse = executeAlertingMonitor(testWindowsMonitorId, Collections.emptyMap()); @@ -107,11 +108,14 @@ public void testListCorrelationsWorkflow() throws IOException { int noOfSigmaRuleMatches = ((List>) ((Map) executeResults.get("input_results")).get("results")).get(0).size(); Assert.assertEquals(5, noOfSigmaRuleMatches); + Thread.sleep(5000); indexDoc(indices.vpcFlowsIndex, "1", randomVpcFlowDoc()); executeResponse = executeAlertingMonitor(vpcFlowMonitorId, Collections.emptyMap()); executeResults = entityAsMap(executeResponse); noOfSigmaRuleMatches = ((List>) ((Map) executeResults.get("input_results")).get("results")).get(0).size(); Assert.assertEquals(1, noOfSigmaRuleMatches); + + Thread.sleep(5000); Long endTime = System.currentTimeMillis(); Request request = new Request("GET", "/_plugins/_security_analytics/correlations?start_timestamp=" + startTime + "&end_timestamp=" + endTime);