mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
[Security Solution] Fix flaky test: x-pack/test/detection_engine_api_integration/security_and_spaces/update_prebuilt_rules_package/update_prebuilt_rules_package·ts - update_prebuilt_rules_package should allow user to install prebuilt rules from scratch, then install new rules and upgrade existing rules from the new package (#163241)
Fixes: https://github.com/elastic/kibana/issues/162658 ## Summary - Fixes flaky test: `x-pack/test/detection_engine_api_integration/security_and_spaces/update_prebuilt_rules_package/update_prebuilt_rules_package·ts` - Test title: `update_prebuilt_rules_package should allow user to install prebuilt rules from scratch, then install new rules and upgrade existing rules from the new package` ## Passing flaky test runner 300 runs: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/2799 ## Root cause and what this PR does - On initial investigation, the flaky test runner was executed for this test with 300 iterations and all of them succeeded. This gives us great confidence that the test is not actually flaky. - Further investigation showed that @kibanamachine reported this tests as failing when running the CI for two backport PRs to `8.9`: - https://buildkite.com/elastic/kibana-on-merge/builds/33282#0189987d-3a80-49c2-8332-3105ec3c2109 - https://buildkite.com/elastic/kibana-on-merge/builds/33444#0189b1fa-4bc4-4422-9ce9-5c9a24f11ad5 - These flakiness was caused **by a race condition** between the writing of rules into indeces, and them being made available for reading. This is a known issue, already and solved for other integration test, by manually refreshing ES's indeces. - In order to reduce the probability of flakiness in a similar scenario, this PR adds code to refresh the indices after each rule installation or upgrade during the test. ## Refactor - Moves the refreshing of the indexes within the utility function that write to indexes: - `installPrebuiltRules` - `upgradePrebuiltRules` - `installPrebuiltRulesAndTimelines` (legacy, but still used) - `installPrebuiltRulesFleetPackage` - Creates 2 new utils: - `installPrebuiltRulesPackageByVersion`, which installs `security_detection_engine` package via Fleet API, with its version passed in as param - `getInstalledRules`, reusable function to fetch all installed rules - --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Juan Pablo Djeredjian
GitHub
parent
a86c016219
commit
2ba659d091
16 changed files with 249 additions and 153 deletions
|
|
@ -351,7 +351,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
threat: generateThreatArray(1),
|
||||
}),
|
||||
]);
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
const expectedRule = await createRule(supertest, log, {
|
||||
...getSimpleRule('rule-1'),
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
|||
import { FtrProviderContext } from '../../common/ftr_provider_context';
|
||||
import { deleteAllPrebuiltRuleAssets, deleteAllRules } from '../../utils';
|
||||
import { getPrebuiltRulesStatus } from '../../utils/prebuilt_rules/get_prebuilt_rules_status';
|
||||
import { installPrebuiltRulesPackageByVersion } from '../../utils/prebuilt_rules/install_fleet_package_by_url';
|
||||
|
||||
// eslint-disable-next-line import/no-default-export
|
||||
export default ({ getService }: FtrProviderContext): void => {
|
||||
|
|
@ -55,18 +56,17 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_install).toBe(0);
|
||||
expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_upgrade).toBe(0);
|
||||
|
||||
const EPM_URL = `/api/fleet/epm/packages/security_detection_engine/99.0.0`;
|
||||
|
||||
const bundledInstallResponse = await supertest
|
||||
.post(EPM_URL)
|
||||
.set('kbn-xsrf', 'xxxx')
|
||||
.type('application/json')
|
||||
.send({ force: true })
|
||||
.expect(200);
|
||||
const bundledInstallResponse = await installPrebuiltRulesPackageByVersion(
|
||||
es,
|
||||
supertest,
|
||||
'99.0.0'
|
||||
);
|
||||
|
||||
// As opposed to "registry"
|
||||
expect(bundledInstallResponse.body._meta.install_source).toBe('bundled');
|
||||
expect(bundledInstallResponse._meta.install_source).toBe('bundled');
|
||||
|
||||
// Refresh ES indices to avoid race conditions between write and reading of indeces
|
||||
// See implementation utility function at x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
|
||||
// Verify that status is updated after package installation
|
||||
|
|
|
|||
|
|
@ -4,11 +4,10 @@
|
|||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
||||
import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants';
|
||||
import expect from 'expect';
|
||||
import { FtrProviderContext } from '../../common/ftr_provider_context';
|
||||
import { deleteAllPrebuiltRuleAssets, deleteAllRules } from '../../utils';
|
||||
import { getInstalledRules } from '../../utils/prebuilt_rules/get_installed_rules';
|
||||
import { getPrebuiltRulesStatus } from '../../utils/prebuilt_rules/get_prebuilt_rules_status';
|
||||
import { installPrebuiltRules } from '../../utils/prebuilt_rules/install_prebuilt_rules';
|
||||
|
||||
|
|
@ -38,8 +37,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_install).toBe(0);
|
||||
expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_upgrade).toBe(0);
|
||||
|
||||
await installPrebuiltRules(supertest);
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Verify that status is updated after package installation
|
||||
const statusAfterPackageInstallation = await getPrebuiltRulesStatus(supertest);
|
||||
|
|
@ -48,11 +46,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusAfterPackageInstallation.stats.num_prebuilt_rules_to_upgrade).toBe(0);
|
||||
|
||||
// Get installed rules
|
||||
const { body: rulesResponse } = await supertest
|
||||
.get(DETECTION_ENGINE_RULES_URL_FIND)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send()
|
||||
.expect(200);
|
||||
const rulesResponse = await getInstalledRules(supertest);
|
||||
|
||||
// Assert that installed rules are from package 99.0.0 and not from prerelease (beta) package
|
||||
expect(rulesResponse.data.length).toBe(1);
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
* 2.0.
|
||||
*/
|
||||
import expect from 'expect';
|
||||
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
||||
import { FtrProviderContext } from '../../common/ftr_provider_context';
|
||||
import { deleteAllRules, getPrebuiltRulesAndTimelinesStatus } from '../../utils';
|
||||
import { deleteAllPrebuiltRuleAssets } from '../../utils/prebuilt_rules/delete_all_prebuilt_rule_assets';
|
||||
|
|
@ -36,8 +35,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusBeforePackageInstallation.rules_not_updated).toBe(0);
|
||||
|
||||
// Install the package with 15000 prebuilt historical version of rules rules and 750 unique rules
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Verify that status is updated after package installation
|
||||
const statusAfterPackageInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
* 2.0.
|
||||
*/
|
||||
import expect from 'expect';
|
||||
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
||||
import { FtrProviderContext } from '../../common/ftr_provider_context';
|
||||
import {
|
||||
deleteAllRules,
|
||||
|
|
@ -43,24 +42,11 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusBeforePackageInstallation.rules_not_updated).toBe(0);
|
||||
|
||||
await installPrebuiltRulesFleetPackage({
|
||||
es,
|
||||
supertest,
|
||||
overrideExistingPackage: true,
|
||||
});
|
||||
|
||||
// Before we proceed, we need to refresh saved object indices. This comment will explain why.
|
||||
// At the previous step we installed the Fleet package with prebuilt detection rules.
|
||||
// Prebuilt rules are assets that Fleet indexes as saved objects of a certain type.
|
||||
// Fleet does this via a savedObjectsClient.import() call with explicit `refresh: false`.
|
||||
// So, despite of the fact that the endpoint waits until the prebuilt rule assets will be
|
||||
// successfully indexed, it doesn't wait until they become "visible" for subsequent read
|
||||
// operations. Which is what we do next: we read these SOs in getPrebuiltRulesAndTimelinesStatus().
|
||||
// Now, the time left until the next refresh can be anything from 0 to the default value, and
|
||||
// it depends on the time when savedObjectsClient.import() call happens relative to the time of
|
||||
// the next refresh. Also, probably the refresh time can be delayed when ES is under load?
|
||||
// Anyway, here we have a race condition between a write and subsequent read operation, and to
|
||||
// fix it deterministically we have to refresh saved object indices and wait until it's done.
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
|
||||
// Verify that status is updated after package installation
|
||||
const statusAfterPackageInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
expect(statusAfterPackageInstallation.rules_installed).toBe(0);
|
||||
|
|
@ -68,19 +54,10 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusAfterPackageInstallation.rules_not_updated).toBe(0);
|
||||
|
||||
// Verify that all previously not installed rules were installed
|
||||
const response = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const response = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
expect(response.rules_installed).toBe(statusAfterPackageInstallation.rules_not_installed);
|
||||
expect(response.rules_updated).toBe(0);
|
||||
|
||||
// Similar to the previous refresh, we need to do it again between the two operations:
|
||||
// - previous write operation: install prebuilt rules and timelines
|
||||
// - subsequent read operation: get prebuilt rules and timelines status
|
||||
// You may ask why? I'm not sure, probably because the write operation can install the Fleet
|
||||
// package under certain circumstances, and it all works with `refresh: false` again.
|
||||
// Anyway, there were flaky runs failing specifically at one of the next assertions,
|
||||
// which means some kind of the same race condition we have here too.
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
|
||||
// Verify that status is updated after rules installation
|
||||
const statusAfterRuleInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
expect(statusAfterRuleInstallation.rules_installed).toBe(response.rules_installed);
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should return the number of installed prebuilt rules after installing them', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
const { stats } = await getPrebuiltRulesStatus(supertest);
|
||||
expect(stats).toMatchObject({
|
||||
|
|
@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should notify the user again that a rule is available for install after it is deleted', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
await deleteRule(supertest, 'rule-1');
|
||||
|
||||
const { stats } = await getPrebuiltRulesStatus(supertest);
|
||||
|
|
@ -110,7 +110,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should return available rule updates', async () => {
|
||||
const ruleAssetSavedObjects = getRuleAssetSavedObjects();
|
||||
await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -130,7 +130,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should not return any available update if rule has been successfully upgraded', async () => {
|
||||
const ruleAssetSavedObjects = getRuleAssetSavedObjects();
|
||||
await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
ruleAssetSavedObjects[0]['security-rule'].version += 1;
|
||||
await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
|
||||
// Upgrade all rules
|
||||
await upgradePrebuiltRules(supertest);
|
||||
await upgradePrebuiltRules(es, supertest);
|
||||
|
||||
const { stats } = await getPrebuiltRulesStatus(supertest);
|
||||
expect(stats).toMatchObject({
|
||||
|
|
@ -152,7 +152,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should not return any updates if none are available', async () => {
|
||||
const ruleAssetSavedObjects = getRuleAssetSavedObjects();
|
||||
await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -193,7 +193,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should return the number of installed prebuilt rules after installing them', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
const { stats } = await getPrebuiltRulesStatus(supertest);
|
||||
expect(stats).toMatchObject({
|
||||
|
|
@ -206,7 +206,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should notify the user again that a rule is available for install after it is deleted', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
await deleteRule(supertest, 'rule-1');
|
||||
|
||||
const { stats } = await getPrebuiltRulesStatus(supertest);
|
||||
|
|
@ -220,7 +220,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should return available rule updates when previous historical versions available', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Add a new version of one of the installed rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, [
|
||||
|
|
@ -238,7 +238,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should return available rule updates when previous historical versions unavailable', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Delete the previous versions of rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -261,7 +261,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should not return available rule updates after rule has been upgraded', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Delete the previous versions of rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
]);
|
||||
|
||||
// Upgrade the rule
|
||||
await upgradePrebuiltRules(supertest);
|
||||
await upgradePrebuiltRules(es, supertest);
|
||||
|
||||
const { stats } = await getPrebuiltRulesStatus(supertest);
|
||||
expect(stats).toMatchObject({
|
||||
|
|
@ -339,7 +339,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should return the number of installed prebuilt rules after installing them', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
const body = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
expect(body).toMatchObject({
|
||||
|
|
@ -352,7 +352,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should notify the user again that a rule is available for install after it is deleted', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
await deleteRule(supertest, 'rule-1');
|
||||
|
||||
const body = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
|
|
@ -367,7 +367,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should return available rule updates', async () => {
|
||||
const ruleAssetSavedObjects = getRuleAssetSavedObjects();
|
||||
await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -387,7 +387,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should not return any updates if none are available', async () => {
|
||||
const ruleAssetSavedObjects = getRuleAssetSavedObjects();
|
||||
await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -428,7 +428,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should return the number of installed prebuilt rules after installing them', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
const body = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
expect(body).toMatchObject({
|
||||
|
|
@ -441,7 +441,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should notify the user again that a rule is available for install after it is deleted', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
await deleteRule(supertest, 'rule-1');
|
||||
|
||||
const body = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
|
|
@ -455,7 +455,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should return available rule updates when previous historical versions available', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Add a new version of one of the installed rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, [
|
||||
|
|
@ -473,7 +473,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should return available rule updates when previous historical versions unavailable', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Delete the previous versions of rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
});
|
||||
|
||||
it('should return the number of installed timeline templates after installing them', async () => {
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
const body = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
expect(body).toMatchObject({
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@
|
|||
*/
|
||||
|
||||
import expect from 'expect';
|
||||
import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants';
|
||||
import { FtrProviderContext } from '../../common/ftr_provider_context';
|
||||
import {
|
||||
deleteAllRules,
|
||||
|
|
@ -24,6 +23,7 @@ import { installPrebuiltRulesAndTimelines } from '../../utils/prebuilt_rules/ins
|
|||
import { installPrebuiltRules } from '../../utils/prebuilt_rules/install_prebuilt_rules';
|
||||
import { getPrebuiltRulesStatus } from '../../utils/prebuilt_rules/get_prebuilt_rules_status';
|
||||
import { upgradePrebuiltRules } from '../../utils/prebuilt_rules/upgrade_prebuilt_rules';
|
||||
import { getInstalledRules } from '../../utils/prebuilt_rules/get_installed_rules';
|
||||
|
||||
// eslint-disable-next-line import/no-default-export
|
||||
export default ({ getService }: FtrProviderContext): void => {
|
||||
|
|
@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
describe('using legacy endpoint', () => {
|
||||
it('should install prebuilt rules', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
const body = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const body = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
expect(body.rules_installed).toBe(RULES_COUNT);
|
||||
expect(body.rules_updated).toBe(0);
|
||||
|
|
@ -58,14 +58,10 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should install correct prebuilt rule versions', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Get installed rules
|
||||
const { body: rulesResponse } = await supertest
|
||||
.get(DETECTION_ENGINE_RULES_URL_FIND)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send()
|
||||
.expect(200);
|
||||
const rulesResponse = await getInstalledRules(supertest);
|
||||
|
||||
// Check that all prebuilt rules were actually installed and their versions match the latest
|
||||
expect(rulesResponse.total).toBe(RULES_COUNT);
|
||||
|
|
@ -82,7 +78,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should install missing prebuilt rules', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Delete one of the installed rules
|
||||
await deleteRule(supertest, 'rule-1');
|
||||
|
|
@ -92,7 +88,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.rules_not_installed).toBe(1);
|
||||
|
||||
// Call the install prebuilt rules again and check that the missing rule was installed
|
||||
const response = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const response = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
expect(response.rules_installed).toBe(1);
|
||||
expect(response.rules_updated).toBe(0);
|
||||
});
|
||||
|
|
@ -101,7 +97,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
// Install all prebuilt detection rules
|
||||
const ruleAssetSavedObjects = getRuleAssetSavedObjects();
|
||||
await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -114,7 +110,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.rules_not_updated).toBe(1);
|
||||
|
||||
// Call the install prebuilt rules again and check that the outdated rule was updated
|
||||
const response = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const response = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
expect(response.rules_installed).toBe(0);
|
||||
expect(response.rules_updated).toBe(1);
|
||||
});
|
||||
|
|
@ -122,7 +118,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should not install prebuilt rules if they are up to date', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Check that all prebuilt rules were installed
|
||||
const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
|
|
@ -130,7 +126,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.rules_not_updated).toBe(0);
|
||||
|
||||
// Call the install prebuilt rules again and check that no rules were installed
|
||||
const response = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const response = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
expect(response.rules_installed).toBe(0);
|
||||
expect(response.rules_updated).toBe(0);
|
||||
});
|
||||
|
|
@ -139,7 +135,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
describe('using current endpoint', () => {
|
||||
it('should install prebuilt rules', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
const body = await installPrebuiltRules(supertest);
|
||||
const body = await installPrebuiltRules(es, supertest);
|
||||
|
||||
expect(body.summary.succeeded).toBe(RULES_COUNT);
|
||||
expect(body.summary.failed).toBe(0);
|
||||
|
|
@ -148,7 +144,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should install correct prebuilt rule versions', async () => {
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
const body = await installPrebuiltRules(supertest);
|
||||
const body = await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Check that all prebuilt rules were actually installed and their versions match the latest
|
||||
expect(body.results.created).toEqual(
|
||||
|
|
@ -164,7 +160,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should install missing prebuilt rules', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Delete one of the installed rules
|
||||
await deleteRule(supertest, 'rule-1');
|
||||
|
|
@ -174,7 +170,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1);
|
||||
|
||||
// Call the install prebuilt rules again and check that the missing rule was installed
|
||||
const response = await installPrebuiltRules(supertest);
|
||||
const response = await installPrebuiltRules(es, supertest);
|
||||
expect(response.summary.succeeded).toBe(1);
|
||||
});
|
||||
|
||||
|
|
@ -182,7 +178,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
// Install all prebuilt detection rules
|
||||
const ruleAssetSavedObjects = getRuleAssetSavedObjects();
|
||||
await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -196,7 +192,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.stats.num_prebuilt_rules_to_upgrade).toBe(1);
|
||||
|
||||
// Call the install prebuilt rules again and check that the outdated rule was updated
|
||||
const response = await upgradePrebuiltRules(supertest);
|
||||
const response = await upgradePrebuiltRules(es, supertest);
|
||||
expect(response.summary.succeeded).toBe(1);
|
||||
expect(response.summary.skipped).toBe(0);
|
||||
});
|
||||
|
|
@ -204,7 +200,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should not install prebuilt rules if they are up to date', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Check that all prebuilt rules were installed
|
||||
const statusResponse = await getPrebuiltRulesStatus(supertest);
|
||||
|
|
@ -212,12 +208,12 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.stats.num_prebuilt_rules_to_upgrade).toBe(0);
|
||||
|
||||
// Call the install prebuilt rules again and check that no rules were installed
|
||||
const installResponse = await installPrebuiltRules(supertest);
|
||||
const installResponse = await installPrebuiltRules(es, supertest);
|
||||
expect(installResponse.summary.succeeded).toBe(0);
|
||||
expect(installResponse.summary.skipped).toBe(0);
|
||||
|
||||
// Call the upgrade prebuilt rules endpoint and check that no rules were updated
|
||||
const upgradeResponse = await upgradePrebuiltRules(supertest);
|
||||
const upgradeResponse = await upgradePrebuiltRules(es, supertest);
|
||||
expect(upgradeResponse.summary.succeeded).toBe(0);
|
||||
expect(upgradeResponse.summary.skipped).toBe(0);
|
||||
});
|
||||
|
|
@ -237,7 +233,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
describe('using legacy endpoint', () => {
|
||||
it('should install prebuilt rules', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
const body = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const body = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
expect(body.rules_installed).toBe(RULES_COUNT);
|
||||
expect(body.rules_updated).toBe(0);
|
||||
|
|
@ -245,14 +241,10 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
it('should install correct prebuilt rule versions', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Get installed rules
|
||||
const { body: rulesResponse } = await supertest
|
||||
.get(DETECTION_ENGINE_RULES_URL_FIND)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send()
|
||||
.expect(200);
|
||||
const rulesResponse = await getInstalledRules(supertest);
|
||||
|
||||
// Check that all prebuilt rules were actually installed and their versions match the latest
|
||||
expect(rulesResponse.total).toBe(RULES_COUNT);
|
||||
|
|
@ -267,14 +259,14 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should not install prebuilt rules if they are up to date', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Check that all prebuilt rules were installed
|
||||
const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest);
|
||||
expect(statusResponse.rules_not_installed).toBe(0);
|
||||
|
||||
// Call the install prebuilt rules again and check that no rules were installed
|
||||
const response = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const response = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
expect(response.rules_installed).toBe(0);
|
||||
expect(response.rules_updated).toBe(0);
|
||||
});
|
||||
|
|
@ -282,7 +274,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should install missing prebuilt rules', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Delete one of the installed rules
|
||||
await deleteRule(supertest, 'rule-1');
|
||||
|
|
@ -292,7 +284,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.rules_not_installed).toBe(1);
|
||||
|
||||
// Call the install prebuilt rules endpoint again and check that the missing rule was installed
|
||||
const response = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const response = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
expect(response.rules_installed).toBe(1);
|
||||
expect(response.rules_updated).toBe(0);
|
||||
});
|
||||
|
|
@ -300,7 +292,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should update outdated prebuilt rules when previous historical versions available', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Add a new version of one of the installed rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, [
|
||||
|
|
@ -312,7 +304,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.rules_not_updated).toBe(1);
|
||||
|
||||
// Call the install prebuilt rules again and check that the outdated rule was updated
|
||||
const response = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const response = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
expect(response.rules_installed).toBe(0);
|
||||
expect(response.rules_updated).toBe(1);
|
||||
|
||||
|
|
@ -324,7 +316,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should update outdated prebuilt rules when previous historical versions unavailable', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRulesAndTimelines(supertest);
|
||||
await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -340,7 +332,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.rules_not_installed).toBe(0);
|
||||
|
||||
// Call the install prebuilt rules again and check that the outdated rule was updated
|
||||
const response = await installPrebuiltRulesAndTimelines(supertest);
|
||||
const response = await installPrebuiltRulesAndTimelines(es, supertest);
|
||||
expect(response.rules_installed).toBe(0);
|
||||
expect(response.rules_updated).toBe(1);
|
||||
|
||||
|
|
@ -353,14 +345,14 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
describe('using current endpoint', () => {
|
||||
it('should install prebuilt rules', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
const body = await installPrebuiltRules(supertest);
|
||||
const body = await installPrebuiltRules(es, supertest);
|
||||
|
||||
expect(body.summary.succeeded).toBe(RULES_COUNT);
|
||||
});
|
||||
|
||||
it('should install correct prebuilt rule versions', async () => {
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
const response = await installPrebuiltRules(supertest);
|
||||
const response = await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Check that all prebuilt rules were actually installed and their versions match the latest
|
||||
expect(response.summary.succeeded).toBe(RULES_COUNT);
|
||||
|
|
@ -375,14 +367,14 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should not install prebuilt rules if they are up to date', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Check that all prebuilt rules were installed
|
||||
const statusResponse = await getPrebuiltRulesStatus(supertest);
|
||||
expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0);
|
||||
|
||||
// Call the install prebuilt rules again and check that no rules were installed
|
||||
const response = await installPrebuiltRules(supertest);
|
||||
const response = await installPrebuiltRules(es, supertest);
|
||||
expect(response.summary.succeeded).toBe(0);
|
||||
expect(response.summary.total).toBe(0);
|
||||
});
|
||||
|
|
@ -390,7 +382,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should install missing prebuilt rules', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Delete one of the installed rules
|
||||
await deleteRule(supertest, 'rule-1');
|
||||
|
|
@ -400,7 +392,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1);
|
||||
|
||||
// Call the install prebuilt rules endpoint again and check that the missing rule was installed
|
||||
const response = await installPrebuiltRules(supertest);
|
||||
const response = await installPrebuiltRules(es, supertest);
|
||||
expect(response.summary.succeeded).toBe(1);
|
||||
expect(response.summary.total).toBe(1);
|
||||
});
|
||||
|
|
@ -408,7 +400,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should update outdated prebuilt rules when previous historical versions available', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Add a new version of one of the installed rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, [
|
||||
|
|
@ -420,7 +412,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.stats.num_prebuilt_rules_to_upgrade).toBe(1);
|
||||
|
||||
// Call the upgrade prebuilt rules endpoint and check that the outdated rule was updated
|
||||
const response = await upgradePrebuiltRules(supertest);
|
||||
const response = await upgradePrebuiltRules(es, supertest);
|
||||
expect(response.summary.succeeded).toBe(1);
|
||||
expect(response.summary.total).toBe(1);
|
||||
|
||||
|
|
@ -432,7 +424,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
it('should update outdated prebuilt rules when previous historical versions unavailable', async () => {
|
||||
// Install all prebuilt detection rules
|
||||
await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
|
||||
await installPrebuiltRules(supertest);
|
||||
await installPrebuiltRules(es, supertest);
|
||||
|
||||
// Clear previous rule assets
|
||||
await deleteAllPrebuiltRuleAssets(es);
|
||||
|
|
@ -448,7 +440,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0);
|
||||
|
||||
// Call the upgrade prebuilt rules endpoint and check that the outdated rule was updated
|
||||
const response = await upgradePrebuiltRules(supertest);
|
||||
const response = await upgradePrebuiltRules(es, supertest);
|
||||
expect(response.summary.succeeded).toBe(1);
|
||||
expect(response.summary.total).toBe(1);
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import { REPO_ROOT } from '@kbn/repo-info';
|
|||
import JSON5 from 'json5';
|
||||
import expect from 'expect';
|
||||
import { PackageSpecManifest } from '@kbn/fleet-plugin/common';
|
||||
import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants';
|
||||
import { FtrProviderContext } from '../../common/ftr_provider_context';
|
||||
import {
|
||||
deleteAllPrebuiltRuleAssets,
|
||||
|
|
@ -24,6 +23,8 @@ import {
|
|||
} from '../../utils';
|
||||
import { reviewPrebuiltRulesToInstall } from '../../utils/prebuilt_rules/review_install_prebuilt_rules';
|
||||
import { reviewPrebuiltRulesToUpgrade } from '../../utils/prebuilt_rules/review_upgrade_prebuilt_rules';
|
||||
import { installPrebuiltRulesPackageByVersion } from '../../utils/prebuilt_rules/install_fleet_package_by_url';
|
||||
import { getInstalledRules } from '../../utils/prebuilt_rules/get_installed_rules';
|
||||
|
||||
// eslint-disable-next-line import/no-default-export
|
||||
export default ({ getService }: FtrProviderContext): void => {
|
||||
|
|
@ -103,17 +104,14 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_upgrade).toBe(0);
|
||||
expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_total_in_package).toBe(0);
|
||||
|
||||
const EPM_URL_FOR_PREVIOUS_VERSION = `/api/fleet/epm/packages/security_detection_engine/${previousVersion}`;
|
||||
const installPreviousPackageResponse = await installPrebuiltRulesPackageByVersion(
|
||||
es,
|
||||
supertest,
|
||||
previousVersion
|
||||
);
|
||||
|
||||
const installPreviousPackageResponse = await supertest
|
||||
.post(EPM_URL_FOR_PREVIOUS_VERSION)
|
||||
.set('kbn-xsrf', 'xxxx')
|
||||
.type('application/json')
|
||||
.send({ force: true })
|
||||
.expect(200);
|
||||
|
||||
expect(installPreviousPackageResponse.body._meta.install_source).toBe('registry');
|
||||
expect(installPreviousPackageResponse.body.items.length).toBeGreaterThan(0);
|
||||
expect(installPreviousPackageResponse._meta.install_source).toBe('registry');
|
||||
expect(installPreviousPackageResponse.items.length).toBeGreaterThan(0);
|
||||
|
||||
// Verify that status is updated after the installation of package "N-1"
|
||||
const statusAfterPackageInstallation = await getPrebuiltRulesStatus(supertest);
|
||||
|
|
@ -132,7 +130,8 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
|
||||
// Verify that the _perform endpoint returns the same number of installed rules as the status endpoint
|
||||
// and the _review endpoint
|
||||
const installPrebuiltRulesResponse = await installPrebuiltRules(supertest);
|
||||
const installPrebuiltRulesResponse = await installPrebuiltRules(es, supertest);
|
||||
|
||||
expect(installPrebuiltRulesResponse.summary.succeeded).toBe(
|
||||
statusAfterPackageInstallation.stats.num_prebuilt_rules_to_install
|
||||
);
|
||||
|
|
@ -141,11 +140,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
);
|
||||
|
||||
// Get installed rules
|
||||
const { body: rulesResponse } = await supertest
|
||||
.get(`${DETECTION_ENGINE_RULES_URL_FIND}?per_page=10000`)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send()
|
||||
.expect(200);
|
||||
const rulesResponse = await getInstalledRules(supertest);
|
||||
|
||||
// Check that all prebuilt rules were actually installed
|
||||
expect(rulesResponse.total).toBe(installPrebuiltRulesResponse.summary.succeeded);
|
||||
|
|
@ -160,16 +155,13 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
);
|
||||
|
||||
// PART 2: Now install the lastest (current) package, defined in fleet_packages.json
|
||||
const EPM_URL_FOR_CURRENT_VERSION = `/api/fleet/epm/packages/security_detection_engine/${currentVersion}`;
|
||||
|
||||
const installLatestPackageResponse = await supertest
|
||||
.post(EPM_URL_FOR_CURRENT_VERSION)
|
||||
.set('kbn-xsrf', 'xxxx')
|
||||
.type('application/json')
|
||||
.send({ force: true })
|
||||
.expect(200);
|
||||
|
||||
expect(installLatestPackageResponse.body.items.length).toBeGreaterThanOrEqual(0);
|
||||
const installLatestPackageResponse = await installPrebuiltRulesPackageByVersion(
|
||||
es,
|
||||
supertest,
|
||||
currentVersion
|
||||
);
|
||||
expect(installLatestPackageResponse.items.length).toBeGreaterThanOrEqual(0);
|
||||
|
||||
// Verify status after intallation of the latest package
|
||||
const statusAfterLatestPackageInstallation = await getPrebuiltRulesStatus(supertest);
|
||||
|
|
@ -196,8 +188,10 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
// Install available rules and verify that the _perform endpoint returns the same number of
|
||||
// installed rules as the status endpoint and the _review endpoint
|
||||
const installPrebuiltRulesResponseAfterLatestPackageInstallation = await installPrebuiltRules(
|
||||
es,
|
||||
supertest
|
||||
);
|
||||
|
||||
expect(installPrebuiltRulesResponseAfterLatestPackageInstallation.summary.succeeded).toBe(
|
||||
statusAfterLatestPackageInstallation.stats.num_prebuilt_rules_to_install
|
||||
);
|
||||
|
|
@ -208,11 +202,7 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
);
|
||||
|
||||
// Get installed rules
|
||||
const { body: rulesResponseAfterPackageUpdate } = await supertest
|
||||
.get(`${DETECTION_ENGINE_RULES_URL_FIND}?per_page=10000`)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send()
|
||||
.expect(200);
|
||||
const rulesResponseAfterPackageUpdate = await getInstalledRules(supertest);
|
||||
|
||||
// Check that the expected new prebuilt rules from the latest package were actually installed
|
||||
expect(
|
||||
|
|
@ -239,8 +229,10 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
// Call the upgrade _perform endpoint and verify that the number of upgraded rules is the same as the one
|
||||
// returned by the _review endpoint and the status endpoint
|
||||
const upgradePrebuiltRulesResponseAfterLatestPackageInstallation = await upgradePrebuiltRules(
|
||||
es,
|
||||
supertest
|
||||
);
|
||||
|
||||
expect(upgradePrebuiltRulesResponseAfterLatestPackageInstallation.summary.succeeded).toEqual(
|
||||
statusAfterLatestPackageInstallation.stats.num_prebuilt_rules_to_upgrade
|
||||
);
|
||||
|
|
@ -249,11 +241,8 @@ export default ({ getService }: FtrProviderContext): void => {
|
|||
);
|
||||
|
||||
// Get installed rules
|
||||
const { body: rulesResponseAfterPackageUpdateAndRuleUpgrades } = await supertest
|
||||
.get(`${DETECTION_ENGINE_RULES_URL_FIND}?per_page=10000`)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send()
|
||||
.expect(200);
|
||||
|
||||
const rulesResponseAfterPackageUpdateAndRuleUpgrades = await getInstalledRules(supertest);
|
||||
|
||||
// Check that the expected new prebuilt rules from the latest package were actually installed
|
||||
expect(
|
||||
|
|
|
|||
|
|
@ -0,0 +1,30 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
import type SuperTest from 'supertest';
|
||||
import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants';
|
||||
import { FindRulesResponse } from '@kbn/security-solution-plugin/common/api/detection_engine';
|
||||
|
||||
/**
|
||||
* Get all installed security rules (both prebuilt + custom)
|
||||
*
|
||||
* @param es Elasticsearch client
|
||||
* @param supertest SuperTest instance
|
||||
* @param version Semver version of the `security_detection_engine` package to install
|
||||
* @returns Fleet install package response
|
||||
*/
|
||||
|
||||
export const getInstalledRules = async (
|
||||
supertest: SuperTest.SuperTest<SuperTest.Test>
|
||||
): Promise<FindRulesResponse> => {
|
||||
const { body: rulesResponse } = await supertest
|
||||
.get(`${DETECTION_ENGINE_RULES_URL_FIND}?per_page=10000`)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send()
|
||||
.expect(200);
|
||||
|
||||
return rulesResponse;
|
||||
};
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0; you may not use this file except in compliance with the Elastic License
|
||||
* 2.0.
|
||||
*/
|
||||
import type { Client } from '@elastic/elasticsearch';
|
||||
import type SuperTest from 'supertest';
|
||||
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
||||
import { InstallPackageResponse } from '@kbn/fleet-plugin/common/types';
|
||||
|
||||
/**
|
||||
* Installs prebuilt rules package `security_detection_engine` by version.
|
||||
*
|
||||
* @param es Elasticsearch client
|
||||
* @param supertest SuperTest instance
|
||||
* @param version Semver version of the `security_detection_engine` package to install
|
||||
* @returns Fleet install package response
|
||||
*/
|
||||
|
||||
export const installPrebuiltRulesPackageByVersion = async (
|
||||
es: Client,
|
||||
supertest: SuperTest.SuperTest<SuperTest.Test>,
|
||||
version: string
|
||||
): Promise<InstallPackageResponse> => {
|
||||
const fleetResponse = await supertest
|
||||
.post(`/api/fleet/epm/packages/security_detection_engine/${version}`)
|
||||
.set('kbn-xsrf', 'xxxx')
|
||||
.type('application/json')
|
||||
.send({ force: true })
|
||||
.expect(200);
|
||||
|
||||
// Before we proceed, we need to refresh saved object indices.
|
||||
// At the previous step we installed the Fleet package with prebuilt detection rules.
|
||||
// Prebuilt rules are assets that Fleet indexes as saved objects of a certain type.
|
||||
// Fleet does this via a savedObjectsClient.import() call with explicit `refresh: false`.
|
||||
// So, despite of the fact that the endpoint waits until the prebuilt rule assets will be
|
||||
// successfully indexed, it doesn't wait until they become "visible" for subsequent read
|
||||
// operations.
|
||||
// And this is usually what we do next in integration tests: we read these SOs with utility
|
||||
// function such as getPrebuiltRulesAndTimelinesStatus().
|
||||
// Now, the time left until the next refresh can be anything from 0 to the default value, and
|
||||
// it depends on the time when savedObjectsClient.import() call happens relative to the time of
|
||||
// the next refresh. Also, probably the refresh time can be delayed when ES is under load?
|
||||
// Anyway, this can cause race condition between a write and subsequent read operation, and to
|
||||
// fix it deterministically we have to refresh saved object indices and wait until it's done.
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
|
||||
return fleetResponse.body as InstallPackageResponse;
|
||||
};
|
||||
|
|
@ -24,5 +24,5 @@ export const installMockPrebuiltRules = async (
|
|||
): Promise<InstallPrebuiltRulesAndTimelinesResponse> => {
|
||||
// Ensure there are prebuilt rule saved objects before installing rules
|
||||
await createPrebuiltRuleAssetSavedObjects(es);
|
||||
return installPrebuiltRulesAndTimelines(supertest);
|
||||
return installPrebuiltRulesAndTimelines(es, supertest);
|
||||
};
|
||||
|
|
|
|||
|
|
@ -10,7 +10,9 @@ import {
|
|||
RuleVersionSpecifier,
|
||||
PerformRuleInstallationResponseBody,
|
||||
} from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules';
|
||||
import type { Client } from '@elastic/elasticsearch';
|
||||
import type SuperTest from 'supertest';
|
||||
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
||||
|
||||
/**
|
||||
* Installs available prebuilt rules in Kibana. Rules are
|
||||
|
|
@ -27,6 +29,7 @@ import type SuperTest from 'supertest';
|
|||
* @returns Install prebuilt rules response
|
||||
*/
|
||||
export const installPrebuiltRules = async (
|
||||
es: Client,
|
||||
supertest: SuperTest.SuperTest<SuperTest.Test>,
|
||||
rules?: RuleVersionSpecifier[]
|
||||
): Promise<PerformRuleInstallationResponseBody> => {
|
||||
|
|
@ -42,5 +45,17 @@ export const installPrebuiltRules = async (
|
|||
.send(payload)
|
||||
.expect(200);
|
||||
|
||||
// Before we proceed, we need to refresh saved object indices.
|
||||
// At the previous step we installed the prebuilt detection rules SO of type 'security-rule'.
|
||||
// The savedObjectsClient does this with a call with explicit `refresh: false`.
|
||||
// So, despite of the fact that the endpoint waits until the prebuilt rule will be
|
||||
// successfully indexed, it doesn't wait until they become "visible" for subsequent read
|
||||
// operations.
|
||||
// And this is usually what we do next in integration tests: we read these SOs with utility
|
||||
// function such as getPrebuiltRulesAndTimelinesStatus().
|
||||
// This can cause race conditions between a write and subsequent read operation, and to
|
||||
// fix it deterministically we have to refresh saved object indices and wait until it's done.
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
|
||||
return response.body;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -9,7 +9,9 @@ import {
|
|||
InstallPrebuiltRulesAndTimelinesResponse,
|
||||
PREBUILT_RULES_URL,
|
||||
} from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules';
|
||||
import type { Client } from '@elastic/elasticsearch';
|
||||
import type SuperTest from 'supertest';
|
||||
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
||||
|
||||
/**
|
||||
* (LEGACY)
|
||||
|
|
@ -28,6 +30,7 @@ import type SuperTest from 'supertest';
|
|||
* @returns Install prebuilt rules response
|
||||
*/
|
||||
export const installPrebuiltRulesAndTimelines = async (
|
||||
es: Client,
|
||||
supertest: SuperTest.SuperTest<SuperTest.Test>
|
||||
): Promise<InstallPrebuiltRulesAndTimelinesResponse> => {
|
||||
const response = await supertest
|
||||
|
|
@ -36,5 +39,17 @@ export const installPrebuiltRulesAndTimelines = async (
|
|||
.send()
|
||||
.expect(200);
|
||||
|
||||
// Before we proceed, we need to refresh saved object indices.
|
||||
// At the previous step we installed the prebuilt detection rules SO of type 'security-rule'.
|
||||
// The savedObjectsClient does this with a call with explicit `refresh: false`.
|
||||
// So, despite of the fact that the endpoint waits until the prebuilt rule will be
|
||||
// successfully indexed, it doesn't wait until they become "visible" for subsequent read
|
||||
// operations.
|
||||
// And this is usually what we do next in integration tests: we read these SOs with utility
|
||||
// function such as getPrebuiltRulesAndTimelinesStatus().
|
||||
// This can cause race condition between a write and subsequent read operation, and to
|
||||
// fix it deterministically we have to refresh saved object indices and wait until it's done.
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
|
||||
return response.body;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -5,7 +5,9 @@
|
|||
* 2.0.
|
||||
*/
|
||||
|
||||
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
||||
import { epmRouteService } from '@kbn/fleet-plugin/common';
|
||||
import type { Client } from '@elastic/elasticsearch';
|
||||
import type SuperTest from 'supertest';
|
||||
|
||||
/**
|
||||
|
|
@ -17,10 +19,12 @@ import type SuperTest from 'supertest';
|
|||
* @param overrideExistingPackage Whether or not to force the install
|
||||
*/
|
||||
export const installPrebuiltRulesFleetPackage = async ({
|
||||
es,
|
||||
supertest,
|
||||
version,
|
||||
overrideExistingPackage,
|
||||
}: {
|
||||
es: Client;
|
||||
supertest: SuperTest.SuperTest<SuperTest.Test>;
|
||||
version?: string;
|
||||
overrideExistingPackage: boolean;
|
||||
|
|
@ -46,6 +50,22 @@ export const installPrebuiltRulesFleetPackage = async ({
|
|||
})
|
||||
.expect(200);
|
||||
}
|
||||
|
||||
// Before we proceed, we need to refresh saved object indices.
|
||||
// At the previous step we installed the Fleet package with prebuilt detection rules.
|
||||
// Prebuilt rules are assets that Fleet indexes as saved objects of a certain type.
|
||||
// Fleet does this via a savedObjectsClient.import() call with explicit `refresh: false`.
|
||||
// So, despite of the fact that the endpoint waits until the prebuilt rule assets will be
|
||||
// successfully indexed, it doesn't wait until they become "visible" for subsequent read
|
||||
// operations.
|
||||
// And this is usually what we do next in integration tests: we read these SOs with utility
|
||||
// function such as getPrebuiltRulesAndTimelinesStatus().
|
||||
// Now, the time left until the next refresh can be anything from 0 to the default value, and
|
||||
// it depends on the time when savedObjectsClient.import() call happens relative to the time of
|
||||
// the next refresh. Also, probably the refresh time can be delayed when ES is under load?
|
||||
// Anyway, this can cause race condition between a write and subsequent read operation, and to
|
||||
// fix it deterministically we have to refresh saved object indices and wait until it's done.
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -10,7 +10,9 @@ import {
|
|||
RuleVersionSpecifier,
|
||||
PerformRuleUpgradeResponseBody,
|
||||
} from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules';
|
||||
import type { Client } from '@elastic/elasticsearch';
|
||||
import type SuperTest from 'supertest';
|
||||
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
|
||||
|
||||
/**
|
||||
* Upgrades available prebuilt rules in Kibana.
|
||||
|
|
@ -23,6 +25,7 @@ import type SuperTest from 'supertest';
|
|||
* @returns Upgrade prebuilt rules response
|
||||
*/
|
||||
export const upgradePrebuiltRules = async (
|
||||
es: Client,
|
||||
supertest: SuperTest.SuperTest<SuperTest.Test>,
|
||||
rules?: RuleVersionSpecifier[]
|
||||
): Promise<PerformRuleUpgradeResponseBody> => {
|
||||
|
|
@ -38,5 +41,18 @@ export const upgradePrebuiltRules = async (
|
|||
.send(payload)
|
||||
.expect(200);
|
||||
|
||||
// Before we proceed, we need to refresh saved object indices.
|
||||
// At the previous step we upgraded the prebuilt rules, which, under the hoods, installs new versions
|
||||
// of the prebuilt detection rules SO of type 'security-rule'.
|
||||
// The savedObjectsClient does this with a call with explicit `refresh: false`.
|
||||
// So, despite of the fact that the endpoint waits until the prebuilt rule will be
|
||||
// successfully indexed, it doesn't wait until they become "visible" for subsequent read
|
||||
// operations.
|
||||
// And this is usually what we do next in integration tests: we read these SOs with utility
|
||||
// function such as getPrebuiltRulesAndTimelinesStatus().
|
||||
// This can cause race conditions between a write and subsequent read operation, and to
|
||||
// fix it deterministically we have to refresh saved object indices and wait until it's done.
|
||||
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
|
||||
|
||||
return response.body;
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue