[EDR Workflows] Bring back artifacts, fix tests (#166341)

2025-04-23 01:13:23 -04:00 · 2023-09-13 15:36:33 +02:00 · 2023-09-13 15:36:33 +02:00 · c7e360bcd9
commit c7e360bcd9
parent c0417f4d9d
3 changed files with 158 additions and 158 deletions
--- a/.buildkite/pipelines/pull_request/osquery_cypress.yml
+++ b/.buildkite/pipelines/pull_request/osquery_cypress.yml
@ -10,6 +10,8 @@ steps:
      automatic:
        - exit_status: '*'
          limit: 1
+    artifact_paths:
+      - "target/kibana-osquery/**/*"

  - command: .buildkite/scripts/steps/functional/osquery_cypress_burn.sh
    label: 'Osquery Cypress Tests, burning changed specs'
@ -20,6 +22,8 @@ steps:
    soft_fail: true
    retry:
      automatic: false
+    artifact_paths:
+      - "target/kibana-osquery/**/*"

  # Error: self-signed certificate in certificate chain
  # - command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh
@ -33,3 +37,5 @@ steps:
  #     automatic:
  #       - exit_status: '*'
  #         limit: 1
+  #   artifact_paths:
+  #     - "target/kibana-osquery/**/*"
--- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_liked_apps.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_liked_apps.cy.ts
@ -16,11 +16,10 @@ import {
 } from '../../tasks/live_query';
 import { closeModalIfVisible, closeToastIfVisible } from '../../tasks/integrations';
 import { RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query';
-import { ServerlessRoleName } from '../../support/roles';

 const UUID_REGEX = '[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}';

-describe('Alert Event Details', { browser: 'electron', tags: ['@ess', '@serverless'] }, () => {
+describe('Alert Event Details', { tags: ['@ess', '@serverless'] }, () => {
  let ruleId: string;
  let ruleName: string;

@ -37,7 +36,7 @@ describe('Alert Event Details', { browser: 'electron', tags: ['@ess', '@serverle
  });

  beforeEach(() => {
-    cy.login(ServerlessRoleName.SOC_MANAGER);
+    cy.login('elastic');
    cy.visit('/app/security/rules');
    clickRuleName(ruleName);
  });
--- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_response_actions_form.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_response_actions_form.cy.ts
@ -26,172 +26,167 @@ import {
  typeInECSFieldInput,
 } from '../../tasks/live_query';
 import { closeDateTabIfVisible, closeToastIfVisible } from '../../tasks/integrations';
-import { ServerlessRoleName } from '../../support/roles';

-describe(
-  'Alert Event Details - Response Actions Form',
-  { browser: 'electron', tags: ['@ess', '@serverless'] },
-  () => {
-    let multiQueryPackId: string;
-    let multiQueryPackName: string;
-    let ruleId: string;
-    let ruleName: string;
-    let packId: string;
-    let packName: string;
-    const packData = packFixture();
-    const multiQueryPackData = multiQueryPackFixture();
+describe('Alert Event Details - Response Actions Form', { tags: ['@ess', '@serverless'] }, () => {
+  let multiQueryPackId: string;
+  let multiQueryPackName: string;
+  let ruleId: string;
+  let ruleName: string;
+  let packId: string;
+  let packName: string;
+  const packData = packFixture();
+  const multiQueryPackData = multiQueryPackFixture();

-    beforeEach(() => {
-      loadPack(packData).then((data) => {
-        packId = data.saved_object_id;
-        packName = data.name;
-      });
-      loadPack(multiQueryPackData).then((data) => {
-        multiQueryPackId = data.saved_object_id;
-        multiQueryPackName = data.name;
-      });
-      loadRule().then((data) => {
-        ruleId = data.id;
-        ruleName = data.name;
-      });
-      cy.login(ServerlessRoleName.SOC_MANAGER);
+  beforeEach(() => {
+    loadPack(packData).then((data) => {
+      packId = data.saved_object_id;
+      packName = data.name;
    });
-    afterEach(() => {
-      cleanupPack(packId);
-      cleanupPack(multiQueryPackId);
-      cleanupRule(ruleId);
+    loadPack(multiQueryPackData).then((data) => {
+      multiQueryPackId = data.saved_object_id;
+      multiQueryPackName = data.name;
    });
+    loadRule().then((data) => {
+      ruleId = data.id;
+      ruleName = data.name;
+    });
+    cy.login('elastic');
+  });
+  afterEach(() => {
+    cleanupPack(packId);
+    cleanupPack(multiQueryPackId);
+    cleanupRule(ruleId);
+  });

-    it('adds response actions with osquery with proper validation and form values', () => {
-      cy.visit('/app/security/rules');
-      clickRuleName(ruleName);
-      cy.getBySel('editRuleSettingsLink').click();
-      cy.getBySel('globalLoadingIndicator').should('not.exist');
-      closeDateTabIfVisible();
-      cy.getBySel('edit-rule-actions-tab').click();
-      cy.contains('Response actions are run on each rule execution.');
-      cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
-        cy.contains('Query is a required field');
-        inputQuery('select * from uptime1');
-      });
-      cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
-        cy.contains('Run a set of queries in a pack').click();
-      });
-      cy.contains('Save changes').click();
-      cy.getBySel('response-actions-error')
-        .within(() => {
-          cy.contains('Pack is a required field');
-        })
-        .should('exist');
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+  it('adds response actions with osquery with proper validation and form values', () => {
+    cy.visit('/app/security/rules');
+    clickRuleName(ruleName);
+    cy.getBySel('editRuleSettingsLink').click();
+    cy.getBySel('globalLoadingIndicator').should('not.exist');
+    closeDateTabIfVisible();
+    cy.getBySel('edit-rule-actions-tab').click();
+    cy.contains('Response actions are run on each rule execution.');
+    cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('Query is a required field');
+      inputQuery('select * from uptime1');
+    });
+    cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains('Run a set of queries in a pack').click();
+    });
+    cy.contains('Save changes').click();
+    cy.getBySel('response-actions-error')
+      .within(() => {
        cy.contains('Pack is a required field');
-        cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
-      });
+      })
+      .should('exist');
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains('Pack is a required field');
+      cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
+    });

-      cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
+    cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();

-      cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
-        cy.contains('Query is a required field');
-        inputQuery('select * from uptime');
-        cy.contains('Advanced').click();
-        typeInECSFieldInput('message{downArrow}{enter}');
-        cy.getBySel('osqueryColumnValueSelect').type('days{downArrow}{enter}');
-        cy.wait(1000); // wait for the validation to trigger - cypress is way faster than users ;)
-      });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
+      cy.contains('Query is a required field');
+      inputQuery('select * from uptime');
+      cy.contains('Advanced').click();
+      typeInECSFieldInput('message{downArrow}{enter}');
+      cy.getBySel('osqueryColumnValueSelect').type('days{downArrow}{enter}');
+      cy.wait(1000); // wait for the validation to trigger - cypress is way faster than users ;)
+    });

-      cy.getBySel('ruleEditSubmitButton').click();
-      cy.contains(`${ruleName} was saved`).should('exist');
-      closeToastIfVisible();
+    cy.getBySel('ruleEditSubmitButton').click();
+    cy.contains(`${ruleName} was saved`).should('exist');
+    closeToastIfVisible();

-      cy.getBySel('editRuleSettingsLink').click();
-      cy.getBySel('globalLoadingIndicator').should('not.exist');
-      cy.getBySel('edit-rule-actions-tab').click();
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
-        cy.contains('select * from uptime1');
-      });
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
-        cy.contains('select * from uptime');
-        cy.contains('Log message optimized for viewing in a log viewer');
-        cy.contains('Days of uptime');
-      });
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
-        cy.contains(packName);
-        cy.getBySel('comboBoxInput').type('{backspace}{enter}');
-      });
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
-        cy.contains('select * from uptime1');
-        cy.getBySel('remove-response-action').click();
-      });
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
-        cy.contains('Search for a pack to run');
-        cy.contains('Pack is a required field');
-        cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
-      });
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
-        cy.contains('select * from uptime');
-        cy.contains('Log message optimized for viewing in a log viewer');
-        cy.contains('Days of uptime');
-      });
-      cy.intercept('PUT', '/api/detection_engine/rules').as('saveRuleSingleQuery');
-      cy.getBySel('ruleEditSubmitButton').click();
-      cy.wait('@saveRuleSingleQuery').should(({ request }) => {
-        const oneQuery = [
-          {
-            interval: 3600,
-            query: 'select * from uptime;',
-            id: Object.keys(packData.queries)[0],
-          },
-        ];
-        expect(request.body.response_actions[0].params.queries).to.deep.equal(oneQuery);
-      });
+    cy.getBySel('editRuleSettingsLink').click();
+    cy.getBySel('globalLoadingIndicator').should('not.exist');
+    cy.getBySel('edit-rule-actions-tab').click();
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('select * from uptime1');
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
+      cy.contains('select * from uptime');
+      cy.contains('Log message optimized for viewing in a log viewer');
+      cy.contains('Days of uptime');
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains(packName);
+      cy.getBySel('comboBoxInput').type('{backspace}{enter}');
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('select * from uptime1');
+      cy.getBySel('remove-response-action').click();
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('Search for a pack to run');
+      cy.contains('Pack is a required field');
+      cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains('select * from uptime');
+      cy.contains('Log message optimized for viewing in a log viewer');
+      cy.contains('Days of uptime');
+    });
+    cy.intercept('PUT', '/api/detection_engine/rules').as('saveRuleSingleQuery');
+    cy.getBySel('ruleEditSubmitButton').click();
+    cy.wait('@saveRuleSingleQuery').should(({ request }) => {
+      const oneQuery = [
+        {
+          interval: 3600,
+          query: 'select * from uptime;',
+          id: Object.keys(packData.queries)[0],
+        },
+      ];
+      expect(request.body.response_actions[0].params.queries).to.deep.equal(oneQuery);
+    });

-      cy.contains(`${ruleName} was saved`).should('exist');
-      closeToastIfVisible();
+    cy.contains(`${ruleName} was saved`).should('exist');
+    closeToastIfVisible();

-      cy.getBySel('editRuleSettingsLink').click();
-      cy.getBySel('globalLoadingIndicator').should('not.exist');
-      cy.getBySel('edit-rule-actions-tab').click();
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
-        cy.contains(packName);
-        cy.getBySel('comboBoxInput').type(`${multiQueryPackName}{downArrow}{enter}`);
-        checkActionItemsInResults({
-          cases: false,
-          lens: false,
-          discover: false,
-          timeline: false,
-        });
-      });
-      cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
-        cy.contains('select * from uptime');
-        cy.contains('Log message optimized for viewing in a log viewer');
-        cy.contains('Days of uptime');
-      });
-      cy.intercept('PUT', '/api/detection_engine/rules').as('saveRuleMultiQuery');
-
-      cy.contains('Save changes').click();
-      cy.wait('@saveRuleMultiQuery').should(({ request }) => {
-        const threeQueries = [
-          {
-            interval: 3600,
-            query: 'SELECT * FROM memory_info;',
-            platform: 'linux',
-            id: Object.keys(multiQueryPackData.queries)[0],
-          },
-          {
-            interval: 3600,
-            query: 'SELECT * FROM system_info;',
-            id: Object.keys(multiQueryPackData.queries)[1],
-          },
-          {
-            interval: 10,
-            query: 'select opera_extensions.* from users join opera_extensions using (uid);',
-            id: Object.keys(multiQueryPackData.queries)[2],
-          },
-        ];
-        expect(request.body.response_actions[0].params.queries).to.deep.equal(threeQueries);
+    cy.getBySel('editRuleSettingsLink').click();
+    cy.getBySel('globalLoadingIndicator').should('not.exist');
+    cy.getBySel('edit-rule-actions-tab').click();
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains(packName);
+      cy.getBySel('comboBoxInput').type(`${multiQueryPackName}{downArrow}{enter}`);
+      checkActionItemsInResults({
+        cases: false,
+        lens: false,
+        discover: false,
+        timeline: false,
      });
    });
-  }
-);
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains('select * from uptime');
+      cy.contains('Log message optimized for viewing in a log viewer');
+      cy.contains('Days of uptime');
+    });
+    cy.intercept('PUT', '/api/detection_engine/rules').as('saveRuleMultiQuery');
+
+    cy.contains('Save changes').click();
+    cy.wait('@saveRuleMultiQuery').should(({ request }) => {
+      const threeQueries = [
+        {
+          interval: 3600,
+          query: 'SELECT * FROM memory_info;',
+          platform: 'linux',
+          id: Object.keys(multiQueryPackData.queries)[0],
+        },
+        {
+          interval: 3600,
+          query: 'SELECT * FROM system_info;',
+          id: Object.keys(multiQueryPackData.queries)[1],
+        },
+        {
+          interval: 10,
+          query: 'select opera_extensions.* from users join opera_extensions using (uid);',
+          id: Object.keys(multiQueryPackData.queries)[2],
+        },
+      ];
+      expect(request.body.response_actions[0].params.queries).to.deep.equal(threeQueries);
+    });
+  });
+});