[Security Solution][Detections] fixes tests related to prebuilt rules update (#138625)

## Summary fixes tests related to prebuilt rules update tests failures(https://github.com/elastic/kibana/pull/138574#issuecomment-1211348195): - removed hardcoded rule version value - required_fields are not tested agains empty array, but agains actual immutable rule value
2025-04-24 01:38:56 -04:00 · 2022-08-12 17:02:18 +01:00 · 2022-08-12 17:02:18 +01:00 · 800cc727e4
commit 800cc727e4
parent 0b8d2edc17
2 changed files with 23 additions and 9 deletions
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/update_actions.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/update_actions.ts
@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => {
        await waitForRuleSuccessOrStatus(supertest, log, updatedRule.id);
      });

-      it('should be able to create a new webhook action and attach it to an immutable rule', async () => {
+      it('should not change properties of immutable rule when applying actions to it', async () => {
        await installPrePackagedRules(supertest, log);
        // Rule id of "9a1a2dae-0b5f-4c3d-8305-a268d404c306" is from the file:
        // x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint.json
@ -120,10 +120,27 @@ export default ({ getService }: FtrProviderContext) => {
          rule_id: immutableRule.rule_id, // Rule id should match the same as the immutable rule
          version: immutableRule.version, // This version number should not change when an immutable rule is updated
          immutable: true, // It should stay immutable true when returning
+          required_fields: immutableRule.required_fields, // required_fields cannot be modified, so newRuleToUpdate will have required_fields from immutable rule
        };
        expect(bodyToCompare).to.eql(expected);
      });

+      it('should be able to create a new webhook action and attach it to an immutable rule', async () => {
+        await installPrePackagedRules(supertest, log);
+        // Rule id of "9a1a2dae-0b5f-4c3d-8305-a268d404c306" is from the file:
+        // x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint.json
+        const immutableRule = await getRule(supertest, log, '9a1a2dae-0b5f-4c3d-8305-a268d404c306');
+        const hookAction = await createNewAction(supertest, log);
+        const newRuleToUpdate = getSimpleRule(immutableRule.rule_id);
+        const ruleToUpdate = getRuleWithWebHookAction(hookAction.id, false, newRuleToUpdate);
+        const updatedRule = await updateRule(supertest, log, ruleToUpdate);
+        const bodyToCompare = removeServerGeneratedProperties(updatedRule);
+
+        const expected = getSimpleRuleOutputWithWebHookAction(`${bodyToCompare.actions?.[0].id}`);
+
+        expect(bodyToCompare.actions).to.eql(expected.actions);
+      });
+
      it('should be able to create a new webhook action, attach it to an immutable rule and the count of prepackaged rules should not increase. If this fails, suspect the immutable tags are not staying on the rule correctly.', async () => {
        await installPrePackagedRules(supertest, log);
        // Rule id of "9a1a2dae-0b5f-4c3d-8305-a268d404c306" is from the file:
@ -155,13 +172,10 @@ export default ({ getService }: FtrProviderContext) => {

        expect(body.data.length).to.eql(1); // should have only one length to the data set, otherwise we have duplicates or the tags were removed and that is incredibly bad.
        const bodyToCompare = removeServerGeneratedProperties(body.data[0]);
-        const expected = {
-          ...getSimpleRuleOutputWithWebHookAction(`${bodyToCompare.actions?.[0].id}`),
-          rule_id: immutableRule.rule_id, // Rule id should match the same as the immutable rule
-          version: immutableRule.version, // This version number should not change when an immutable rule is updated
-          immutable: true, // It should stay immutable true when returning
-        };
-        expect(bodyToCompare).to.eql(expected);
+        const expected = getSimpleRuleOutputWithWebHookAction(`${bodyToCompare.actions?.[0].id}`);
+
+        expect(bodyToCompare.actions).to.eql(expected.actions);
+        expect(bodyToCompare.immutable).to.be(true);
      });
    });
  });
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rules.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rules.ts
@ -1315,12 +1315,12 @@ export default ({ getService }: FtrProviderContext) => {
            created_on: createdOn,
            updated_on: updatedOn,
            rule_id: ruleId,
+            rule_version: ruleVersion,
            ...omittedFields
          } = foundRule;
          expect(omittedFields).to.eql({
            rule_name: 'Endpoint Security',
            rule_type: 'query',
-            rule_version: 3,
            enabled: true,
            elastic_rule: true,
            alert_count_daily: 0,