[Security Solution][API testing] Move and restructures Privileges related tests and Action Throttle (#171397)

## Summary

Following the initial work in this
https://github.com/elastic/kibana/pull/166755
- Addresses part of https://github.com/elastic/kibana/issues/151902 for
Privileges related tests and Action Throttle
- Moved the utility files associated with telemetry to the new directory
`security_solution_api_integration`. Files not actively used in the
previous folder were moved, while duplicate files remained in their
original positions.
- Updated the CodeOwner file for the newly moved tests
- Old/new group details, decisions, and execution time are mentioned in
this
[document](https://docs.google.com/document/d/1CRFfDWMzw3ob03euWIvT4-IoiLXjoiPWI8mTBqP4Zks/edit)
- The **Privileges** Tests are skipped in Serverless now until the FTR
Roles [PR](https://github.com/elastic/kibana/pull/170131) gets merged

| Action | File | New Path if moved |
|--------|------|----------|
| Delete| security_and_spaces/group4| - |
|
Move|detection_engine_api_integration/security_and_spaces/group10/throttle|detections_response/default_license/action/throttle|
|
Move|detection_engine_api_integration/security_and_spaces/group1/check_privileges|detections_response/default_license/actions/check_privileges|
|
Move|detection_engine_api_integration/security_and_spaces/group10/read_privileges|detections_response/default_license/user_roles/read_privileges|

.buildkite/ftr_configs.yml

@@ -474,4 +474,6 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/ess.config.ts

.github/CODEOWNERS

@@ -1386,6 +1386,7 @@ x-pack/test/security_solution_api_integration/test_suites/detections_response/de
 x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation @elastic/security-detection-engine
 x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions @elastic/security-detection-engine
 x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts @elastic/security-detection-engine
+x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles  @elastic/security-detection-engine
 /x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users @elastic/security-detection-engine
 
 ## Security Threat Intelligence - Under Security Platform

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts

@@ -14,7 +14,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
     // action migration code. We are monitoring legacy action telemetry to clean up once we see their
     // existence being near 0.
 
-    loadTestFile(require.resolve('./check_privileges'));
     loadTestFile(require.resolve('./create_rules_bulk'));
     loadTestFile(require.resolve('./delete_rules'));
     loadTestFile(require.resolve('./delete_rules_bulk'));

x-pack/test/detection_engine_api_integration/security_and_spaces/group10/index.ts

@@ -25,7 +25,5 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
     loadTestFile(require.resolve('./perform_bulk_action'));
     loadTestFile(require.resolve('./perform_bulk_action_dry_run'));
     loadTestFile(require.resolve('./patch_rules'));
-    loadTestFile(require.resolve('./read_privileges'));
-    loadTestFile(require.resolve('./throttle'));
   });
 };

x-pack/test/detection_engine_api_integration/utils/index.ts

@@ -15,7 +15,6 @@ export * from './create_exception_list_item';
 export * from './create_legacy_rule_action';
 export * from './create_new_action';
 export * from './create_rule';
-export * from './create_rule_with_auth';
 export * from './create_rule_with_exception_entries';
 export * from './create_rule_saved_object';
 export * from './create_signals_index';

x-pack/test/security_solution_api_integration/package.json

@@ -88,7 +88,11 @@
     "rule_execution_logic:runner:serverless": "npm run run-tests:dr:default rule_execution_logic serverless serverlessEnv",
     "rule_execution_logic:qa:serverless": "npm run run-tests:dr:default rule_execution_logic serverless qaEnv",
     "rule_execution_logic:server:ess": "npm run initialize-server:dr:default rule_execution_logic ess",
-    "rule_execution_logic:runner:ess": "npm run run-tests:dr:default rule_execution_logic ess essEnv"
-
+    "rule_execution_logic:runner:ess": "npm run run-tests:dr:default rule_execution_logic ess essEnv",
+    "user_roles:server:serverless": "npm run initialize-server:dr:default user_roles serverless",
+    "user_roles:runner:serverless": "npm run run-tests:dr:default user_roles serverless serverlessEnv",
+    "user_roles:qa:serverless": "npm run run-tests:dr:default user_roles serverless qaEnv",
+    "user_roles:server:ess": "npm run initialize-server:dr:default user_roles ess",
+    "user_roles:runner:ess": "npm run run-tests:dr:default user_roles ess essEnv"
   }
 }

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/add_actions.ts

@@ -6,7 +6,7 @@
  */
 
 import expect from 'expect';
-
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
 import {
   deleteAllRules,
@@ -55,7 +55,7 @@ export default ({ getService }: FtrProviderContext) => {
         const { body } = await supertest
           .post(DETECTION_ENGINE_RULES_URL)
           .set('kbn-xsrf', 'true')
-          .set('elastic-api-version', '2023-10-31')
+          .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
           .send(
             getCustomQueryRuleParams({
               actions: [ruleAction],
@@ -74,7 +74,7 @@ export default ({ getService }: FtrProviderContext) => {
         } = await supertest
           .post(DETECTION_ENGINE_RULES_URL)
           .set('kbn-xsrf', 'true')
-          .set('elastic-api-version', '2023-10-31')
+          .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
           .send(
             getCustomQueryRuleParams({
               index: ['logs-test'],
@@ -108,7 +108,7 @@ export default ({ getService }: FtrProviderContext) => {
         } = await supertest
           .post(DETECTION_ENGINE_RULES_URL)
           .set('kbn-xsrf', 'true')
-          .set('elastic-api-version', '2023-10-31')
+          .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
           .send(
             getCustomQueryRuleParams({
               index: ['logs-test'],

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/check_privileges.ts

@@ -9,19 +9,22 @@ import expect from '@kbn/expect';
 import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
 import { ROLES } from '@kbn/security-solution-plugin/common/test';
 import { ThresholdRuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
+
 import {
-  createSignalsIndex,
+  createAlertsIndex,
   deleteAllRules,
   waitForRulePartialFailure,
-  getRuleForSignalTesting,
+  getRuleForAlertTesting,
   createRuleWithAuth,
-  getThresholdRuleForSignalTesting,
+  getThresholdRuleForAlertTesting,
   deleteAllAlerts,
 } from '../../utils';
-import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution';
+import {
+  createUserAndRole,
+  deleteUserAndRole,
+} from '../../../../../common/services/security_solution';
 
-// eslint-disable-next-line import/no-default-export
+import { FtrProviderContext } from '../../../../ftr_provider_context';
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
@@ -29,11 +32,11 @@ export default ({ getService }: FtrProviderContext) => {
   const log = getService('log');
   const es = getService('es');
 
-  describe('check_privileges', () => {
+  describe('@ess @serverless @brokenInServerless check_privileges', () => {
     before(async () => {
       await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
       await esArchiver.load('x-pack/test/functional/es_archives/security_solution/alias');
-      await createSignalsIndex(supertest, log);
+      await createAlertsIndex(supertest, log);
     });
 
     after(async () => {
@@ -60,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => {
       indexTestCases.forEach((index) => {
         it(`for KQL rule with index param: ${index}`, async () => {
           const rule = {
-            ...getRuleForSignalTesting(index),
+            ...getRuleForAlertTesting(index),
             query: 'process.executable: "/usr/bin/sudo"',
           };
           await createUserAndRole(getService, ROLES.detections_admin);
@@ -96,7 +99,7 @@ export default ({ getService }: FtrProviderContext) => {
       thresholdIndexTestCases.forEach((index) => {
         it(`for threshold rule with index param: ${index}`, async () => {
           const rule: ThresholdRuleCreateProps = {
-            ...getThresholdRuleForSignalTesting(index),
+            ...getThresholdRuleForAlertTesting(index),
             threshold: {
               field: [],
               value: 700,

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/index.ts

@@ -11,5 +11,7 @@ export default function ({ loadTestFile }: FtrProviderContext) {
     loadTestFile(require.resolve('./add_actions'));
     loadTestFile(require.resolve('./update_actions'));
     loadTestFile(require.resolve('./migrations'));
+    loadTestFile(require.resolve('./throttle'));
+    loadTestFile(require.resolve('./check_privileges'));
   });
 }

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/throttle.ts

@@ -13,20 +13,24 @@ import {
   NOTIFICATION_THROTTLE_NO_ACTIONS,
   NOTIFICATION_THROTTLE_RULE,
 } from '@kbn/security-solution-plugin/common/constants';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
 import {
-  createSignalsIndex,
+  ELASTIC_HTTP_VERSION_HEADER,
+  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
+} from '@kbn/core-http-common';
+import {
+  createAlertsIndex,
   deleteAllRules,
   deleteAllAlerts,
   getWebHookAction,
   getRuleWithWebHookAction,
   createRule,
   getSimpleRule,
-  getRule,
+  fetchRule,
   updateRule,
 } from '../../utils';
 
-// eslint-disable-next-line import/no-default-export
+import { FtrProviderContext } from '../../../../ftr_provider_context';
+
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const log = getService('log');
@@ -45,10 +49,10 @@ export default ({ getService }: FtrProviderContext) => {
    * https://www.elastic.co/guide/en/kibana/current/mute-all-alerts-api.html
    * https://www.elastic.co/guide/en/security/current/rules-api-create.html
    */
-  describe('throttle', () => {
+  describe('@ess @serverless throttle', () => {
     describe('adding actions', () => {
       beforeEach(async () => {
-        await createSignalsIndex(supertest, log);
+        await createAlertsIndex(supertest, log);
       });
 
       afterEach(async () => {
@@ -62,13 +66,17 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
           const rule = await createRule(supertest, log, getRuleWithWebHookAction(hookAction.id));
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen, actions },
-          } = await supertest.get(`/api/alerting/rule/${rule.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${rule.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(actions.length).to.eql(1);
           expect(actions[0].frequency).to.eql({
@@ -87,7 +95,9 @@ export default ({ getService }: FtrProviderContext) => {
           const rule = await createRule(supertest, log, ruleWithThrottle);
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen },
-          } = await supertest.get(`/api/alerting/rule/${rule.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${rule.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(notifyWhen).to.eql(null);
         });
@@ -97,6 +107,7 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
@@ -107,7 +118,9 @@ export default ({ getService }: FtrProviderContext) => {
           const rule = await createRule(supertest, log, ruleWithThrottle);
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen },
-          } = await supertest.get(`/api/alerting/rule/${rule.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${rule.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(notifyWhen).to.eql(null);
         });
@@ -120,7 +133,9 @@ export default ({ getService }: FtrProviderContext) => {
           const rule = await createRule(supertest, log, ruleWithThrottle);
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen },
-          } = await supertest.get(`/api/alerting/rule/${rule.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${rule.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(notifyWhen).to.eql(null);
         });
@@ -140,6 +155,8 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
@@ -150,7 +167,9 @@ export default ({ getService }: FtrProviderContext) => {
           const rule = await createRule(supertest, log, ruleWithThrottle);
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen, actions },
-          } = await supertest.get(`/api/alerting/rule/${rule.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${rule.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(actions.length).to.eql(1);
           expect(actions[0].frequency).to.eql({
@@ -169,7 +188,9 @@ export default ({ getService }: FtrProviderContext) => {
           const rule = await createRule(supertest, log, ruleWithThrottle);
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen },
-          } = await supertest.get(`/api/alerting/rule/${rule.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${rule.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(notifyWhen).to.eql(null);
         });
@@ -179,6 +200,8 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
@@ -189,7 +212,9 @@ export default ({ getService }: FtrProviderContext) => {
           const rule = await createRule(supertest, log, ruleWithThrottle);
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen, actions },
-          } = await supertest.get(`/api/alerting/rule/${rule.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${rule.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(actions.length).to.eql(1);
           expect(actions[0].frequency).to.eql({
@@ -207,11 +232,13 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
           const rule = await createRule(supertest, log, getRuleWithWebHookAction(hookAction.id));
-          const readRule = await getRule(supertest, log, rule.rule_id);
+          const readRule = await fetchRule(supertest, { ruleId: rule.rule_id });
           expect(readRule.throttle).to.eql(undefined);
         });
 
@@ -221,7 +248,7 @@ export default ({ getService }: FtrProviderContext) => {
             throttle: NOTIFICATION_THROTTLE_NO_ACTIONS,
           };
           const rule = await createRule(supertest, log, ruleWithThrottle);
-          const readRule = await getRule(supertest, log, rule.rule_id);
+          const readRule = await fetchRule(supertest, { ruleId: rule.rule_id });
           expect(readRule.throttle).to.eql(undefined);
         });
 
@@ -232,7 +259,7 @@ export default ({ getService }: FtrProviderContext) => {
             throttle: NOTIFICATION_THROTTLE_RULE,
           };
           const rule = await createRule(supertest, log, ruleWithThrottle);
-          const readRule = await getRule(supertest, log, rule.rule_id);
+          const readRule = await fetchRule(supertest, { ruleId: rule.rule_id });
           expect(readRule.throttle).to.eql(undefined);
         });
 
@@ -241,6 +268,8 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
@@ -248,9 +277,11 @@ export default ({ getService }: FtrProviderContext) => {
           await supertest
             .post(`/api/alerting/rule/${rule.id}/_mute_all`)
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send()
             .expect(204);
-          const readRule = await getRule(supertest, log, rule.rule_id);
+          const readRule = await fetchRule(supertest, { ruleId: rule.rule_id });
           expect(readRule.throttle).to.eql(undefined);
         });
       });
@@ -261,13 +292,15 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
           const ruleWithWebHookAction = getRuleWithWebHookAction(hookAction.id);
           await createRule(supertest, log, ruleWithWebHookAction);
           ruleWithWebHookAction.name = 'some other name';
-          const updated = await updateRule(supertest, log, ruleWithWebHookAction);
+          const updated = await updateRule(supertest, ruleWithWebHookAction);
           expect(updated.throttle).to.eql(undefined);
         });
 
@@ -276,16 +309,20 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
           const ruleWithWebHookAction = getRuleWithWebHookAction(hookAction.id);
           await createRule(supertest, log, ruleWithWebHookAction);
           ruleWithWebHookAction.name = 'some other name';
-          const updated = await updateRule(supertest, log, ruleWithWebHookAction);
+          const updated = await updateRule(supertest, ruleWithWebHookAction);
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen },
-          } = await supertest.get(`/api/alerting/rule/${updated.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${updated.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(notifyWhen).to.eql(null);
         });
@@ -296,13 +333,15 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
           const ruleWithWebHookAction = getRuleWithWebHookAction(hookAction.id);
           await createRule(supertest, log, ruleWithWebHookAction);
           ruleWithWebHookAction.actions = [];
-          const updated = await updateRule(supertest, log, ruleWithWebHookAction);
+          const updated = await updateRule(supertest, ruleWithWebHookAction);
           expect(updated.throttle).to.eql(undefined);
         });
       });
@@ -313,6 +352,8 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
@@ -322,10 +363,11 @@ export default ({ getService }: FtrProviderContext) => {
           await supertest
             .patch(DETECTION_ENGINE_RULES_URL)
             .set('kbn-xsrf', 'true')
-            .set('elastic-api-version', '2023-10-31')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send({ rule_id: rule.rule_id, name: 'some other name' })
             .expect(200);
-          const readRule = await getRule(supertest, log, rule.rule_id);
+          const readRule = await fetchRule(supertest, { ruleId: rule.rule_id });
           expect(readRule.throttle).to.eql(undefined);
         });
 
@@ -334,6 +376,8 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
@@ -343,12 +387,15 @@ export default ({ getService }: FtrProviderContext) => {
           await supertest
             .patch(DETECTION_ENGINE_RULES_URL)
             .set('kbn-xsrf', 'true')
-            .set('elastic-api-version', '2023-10-31')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send({ rule_id: rule.rule_id, name: 'some other name' })
             .expect(200);
           const {
             body: { mute_all: muteAll, notify_when: notifyWhen },
-          } = await supertest.get(`/api/alerting/rule/${rule.id}`);
+          } = await supertest
+            .get(`/api/alerting/rule/${rule.id}`)
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
           expect(muteAll).to.eql(false);
           expect(notifyWhen).to.eql(null);
         });
@@ -359,6 +406,8 @@ export default ({ getService }: FtrProviderContext) => {
           const { body: hookAction } = await supertest
             .post('/api/actions/action')
             .set('kbn-xsrf', 'true')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send(getWebHookAction())
             .expect(200);
 
@@ -368,10 +417,11 @@ export default ({ getService }: FtrProviderContext) => {
           await supertest
             .patch(DETECTION_ENGINE_RULES_URL)
             .set('kbn-xsrf', 'true')
-            .set('elastic-api-version', '2023-10-31')
+            .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+            .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
             .send({ rule_id: rule.rule_id, actions: [] })
             .expect(200);
-          const readRule = await getRule(supertest, log, rule.rule_id);
+          const readRule = await fetchRule(supertest, { ruleId: rule.rule_id });
           expect(readRule.throttle).to.eql(undefined);
         });
       });

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/ess.config.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName: 'Detection Engine ESS - User roles API Integration Tests',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/serverless.config.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createTestConfig } from '../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName: 'Detection Engine Serverless - User roles API Integration Tests',
+  },
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/index.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { FtrProviderContext } from '../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  describe('Detection User Roles APIs', function () {
+    loadTestFile(require.resolve('./read_privileges'));
+  });
+};

x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/read_privileges.ts

@@ -9,15 +9,17 @@ import expect from '@kbn/expect';
 import { DETECTION_ENGINE_PRIVILEGES_URL } from '@kbn/security-solution-plugin/common/constants';
 
 import { ROLES } from '@kbn/security-solution-plugin/common/test';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
-import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution';
+import {
+  createUserAndRole,
+  deleteUserAndRole,
+} from '../../../../../common/services/security_solution';
+import { FtrProviderContext } from '../../../../ftr_provider_context';
 
-// eslint-disable-next-line import/no-default-export
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
 
-  describe('read_privileges', () => {
+  describe('@ess @serverless @brokenInServerless read_privileges', () => {
     it('should return expected privileges for elastic admin', async () => {
       const { body } = await supertest.get(DETECTION_ENGINE_PRIVILEGES_URL).send().expect(200);
       expect(body).to.eql({

x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/actions/create_new_action.ts

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common';
 import { RuleAction } from '@kbn/security-solution-plugin/common/api/detection_engine';
 import type SuperTest from 'supertest';
 
@@ -23,7 +24,7 @@ export const createWebHookRuleAction = async (
     await supertest
       .post('/api/actions/action')
       .set('kbn-xsrf', 'true')
-      .set('x-elastic-internal-origin', 'foo')
+      .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'foo')
       .send(getWebHookAction())
       .expect(200)
   ).body;

x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/create_rule.ts

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import type { ToolingLog } from '@kbn/tooling-log';
 import type SuperTest from 'supertest';
 import type {
@@ -35,7 +36,7 @@ export const createRule = async (
   const response = await supertest
     .post(route)
     .set('kbn-xsrf', 'true')
-    .set('elastic-api-version', '2023-10-31')
+    .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
     .send(rule);
   if (response.status === 409) {
     if (rule.rule_id != null) {

x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts

@@ -31,8 +31,10 @@ export * from './get_saved_query_rule_for_alert_testing';
 export * from './get_rule_so_by_id';
 export * from './create_rule_saved_object';
 export * from './get_rule_with_legacy_investigation_fields';
+export * from './create_rule_with_auth';
 export * from './preview_rule';
 export * from './preview_rule_with_exception_entries';
 export * from './patch_rule';
 export * from './generate_event';
+
 export * from './prebuilt_rules';