Skip to content

Commit

Permalink
fix flaky integration tests
Browse files Browse the repository at this point in the history
Signed-off-by: Subhobrata Dey <[email protected]>
  • Loading branch information
sbcd90 committed Sep 15, 2023
1 parent 907ed64 commit b84224d
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 48 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ jobs:
os: [ ubuntu-latest, windows-latest, macos-latest ]
include:
- os: windows-latest
os_build_args: -x integTest -x jacocoTestReport
os_build_args: -x jacocoTestReport
working_directory: X:\
os_java_options: -Xmx4096M
- os: macos-latest
os_build_args: -x integTest -x jacocoTestReport
os_build_args: -x jacocoTestReport

name: Build and Test security-analytics with JDK ${{ matrix.java }} on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -292,24 +292,5 @@ public void onFailure(Exception e) {
log.warn("Failed to initialize LogType config index and builtin log types");
}
});
// Trigger initialization of prepackaged rules by calling SearchRule API
SearchRequest searchRequest = new SearchRequest(Rule.PRE_PACKAGED_RULES_INDEX);
searchRequest.source(new SearchSourceBuilder().query(QueryBuilders.matchAllQuery()).size(0));
searchRequest.preference(Preference.PRIMARY_FIRST.type());
client.execute(
SearchRuleAction.INSTANCE,
new SearchRuleRequest(true, searchRequest),
new ActionListener<>() {
@Override
public void onResponse(SearchResponse searchResponse) {
log.info("Successfully initialized prepackaged rules");
}

@Override
public void onFailure(Exception e) {
log.warn("Failed initializing prepackaged rules", e);
}
}
);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,6 @@ public void initRuleIndex(ActionListener<CreateIndexResponse> actionListener, bo
if (!ruleIndexExists(isPrepackaged)) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.auto_expand_replicas", "0-all")
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(getRuleIndex(isPrepackaged))
.mapping(ruleMappings())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ protected List<Map<String, Object>> searchCorrelatedFindings(String findingId, S
}

@Before
void setDebugLogLevel() throws IOException {
void setDebugLogLevel() throws IOException, InterruptedException {
StringEntity se = new StringEntity("{\n" +
" \"transient\": {\n" +
" \"logger.org.opensearch.securityanalytics\":\"DEBUG\",\n" +
Expand Down Expand Up @@ -480,30 +480,13 @@ protected Response refreshIndex(String index) throws IOException {

@SuppressWarnings("unchecked")
protected List<String> getRandomPrePackagedRules() throws IOException {
String request = "{\n" +
" \"from\": 0\n," +
" \"size\": 2000\n," +
" \"query\": {\n" +
" \"nested\": {\n" +
" \"path\": \"rule\",\n" +
" \"query\": {\n" +
" \"bool\": {\n" +
" \"must\": [\n" +
" { \"match\": {\"rule.category\": \"" + TestHelpers.randomDetectorType().toLowerCase(Locale.ROOT) + "\"}}\n" +
" ]\n" +
" }\n" +
" }\n" +
" }\n" +
" }\n" +
"}";

Response searchResponse = makeRequest(client(), "POST", String.format(Locale.getDefault(), "%s/_search", SecurityAnalyticsPlugin.RULE_BASE_URI), Collections.singletonMap("pre_packaged", "true"),
new StringEntity(request), new BasicHeader("Content-Type", "application/json"));
Assert.assertEquals("Searching rules failed", RestStatus.OK, restStatus(searchResponse));

Map<String, Object> responseBody = asMap(searchResponse);
List<Map<String, Object>> hits = ((List<Map<String, Object>>) ((Map<String, Object>) responseBody.get("hits")).get("hits"));
return hits.stream().map(hit -> hit.get("_id").toString()).collect(Collectors.toList());
return List.of(
"36a037c4-c228-4866-b6a3-48eb292b9955",
"c6e91a02-d771-4a6d-a700-42587e0b1095",
"5a919691-7302-437f-8e10-1fe088afa145",
"e5a6b256-3e47-40fc-89d2-7a477edd6915",
"06724b9a-52fc-11ed-bdc3-0242ac120002"
);
}

protected List<String> createAggregationRules () throws IOException {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -92,26 +92,30 @@ public void testBasicCorrelationEngineWorkflow() throws IOException {
}

@SuppressWarnings("unchecked")
public void testListCorrelationsWorkflow() throws IOException {
public void testListCorrelationsWorkflow() throws IOException, InterruptedException {
Long startTime = System.currentTimeMillis();
LogIndices indices = createIndices();

String vpcFlowMonitorId = createVpcFlowDetector(indices.vpcFlowsIndex);
String testWindowsMonitorId = createTestWindowsDetector(indices.windowsIndex);

createNetworkToAdLdapToWindowsRule(indices);
Thread.sleep(5000);

indexDoc(indices.windowsIndex, "2", randomDoc());
Response executeResponse = executeAlertingMonitor(testWindowsMonitorId, Collections.emptyMap());
Map<String, Object> executeResults = entityAsMap(executeResponse);
int noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(5, noOfSigmaRuleMatches);

Thread.sleep(5000);
indexDoc(indices.vpcFlowsIndex, "1", randomVpcFlowDoc());
executeResponse = executeAlertingMonitor(vpcFlowMonitorId, Collections.emptyMap());
executeResults = entityAsMap(executeResponse);
noOfSigmaRuleMatches = ((List<Map<String, Object>>) ((Map<String, Object>) executeResults.get("input_results")).get("results")).get(0).size();
Assert.assertEquals(1, noOfSigmaRuleMatches);

Thread.sleep(5000);
Long endTime = System.currentTimeMillis();

Request request = new Request("GET", "/_plugins/_security_analytics/correlations?start_timestamp=" + startTime + "&end_timestamp=" + endTime);
Expand Down

0 comments on commit b84224d

Please sign in to comment.